diff --git a/CVE-2009/CVE-2009-24xx/CVE-2009-2466.json b/CVE-2009/CVE-2009-24xx/CVE-2009-2466.json index 82adbb396e3..d10d9699b2b 100644 --- a/CVE-2009/CVE-2009-24xx/CVE-2009-2466.json +++ b/CVE-2009/CVE-2009-24xx/CVE-2009-2466.json @@ -2,8 +2,8 @@ "id": "CVE-2009-2466", "sourceIdentifier": "secalert@redhat.com", "published": "2009-07-22T18:30:00.297", - "lastModified": "2025-04-09T00:30:58.490", - "vulnStatus": "Deferred", + "lastModified": "2025-06-25T16:56:21.430", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "CWE-399" + "value": "CWE-787" } ] } @@ -62,585 +62,16 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, + "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.12", + "matchCriteriaId": "9C5F57C5-621B-44C2-93E1-244C813A3E62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.0.11", - "matchCriteriaId": "CFF3C1ED-A009-4168-B928-F186006139BC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "7C7AA88B-638A-451A-B235-A1A1444BE417" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "9C01AD7C-8470-47AB-B8AE-670E3A381E89" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "7E43F2F1-9252-4B44-8A61-D05305915A5F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "3BB9D48B-DC7B-4D92-BB26-B6DE629A2506" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "A360D595-A829-4DDE-932E-9995626917E5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "6E9B5349-FAA7-4CDA-9533-1AD1ACDFAC4E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*", - "matchCriteriaId": "07243837-C353-4C25-A5B1-4DA32807E97D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "B832C034-F793-415F-BFC8-D97A18BA6BC7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*", - "matchCriteriaId": "83CD1A13-66CB-49CC-BD84-5D8334DB774A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", - "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", - "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", - "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", - "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*", - "matchCriteriaId": "E15536D0-B6A3-4106-8196-021724324CAD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", - "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", - "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*", - "matchCriteriaId": "438AACF8-006F-4522-853F-30DBBABD8C15" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*", - "matchCriteriaId": "659F5DAF-D54F-43FB-AB2A-3FC7D456B434" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F18A45C0-419C-4723-AB7D-5880EF668CE9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", - "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", - "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", - "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "A524A94E-F19B-42B9-AA8E-171751C339AA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*", - "matchCriteriaId": "F71436CF-F756-44E0-8E69-6951F6B3E54A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*", - "matchCriteriaId": "582EE839-B83F-4908-9780-D0C92DC44FD0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*", - "matchCriteriaId": "824369CF-00A0-434E-94BC-71CA1317012C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*", - "matchCriteriaId": "BCB35099-B04E-4796-A25D-953329FE62F3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*", - "matchCriteriaId": "5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*", - "matchCriteriaId": "C30ACBCA-4FA1-46DE-8F15-4830BC27E160" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*", - "matchCriteriaId": "9453EF65-7C69-449E-BF7C-4FECFB56713E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*", - "matchCriteriaId": "4AA75825-21CF-475B-8040-126A13FA2216" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*", - "matchCriteriaId": "CA97C80E-17FA-4866-86CE-29886145ED80" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*", - "matchCriteriaId": "7DE24BED-202E-416D-B5F2-8207D97B9939" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*", - "matchCriteriaId": "04198E04-CE1D-4A5A-A20C-D1E135B45F94" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*", - "matchCriteriaId": "717DB967-F658-4699-A224-5B261BFEC10A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*", - "matchCriteriaId": "F61EA4A1-1916-48A5-8196-E3CDEF3108F6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*", - "matchCriteriaId": "A956C036-1E47-49B2-A971-69868A510B75" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*", - "matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*", - "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", - "matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", - "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", - "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", - "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", - "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*", - "matchCriteriaId": "38CD049A-5333-4FF7-AD34-6B74E19BADCB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*", - "matchCriteriaId": "0066576D-D66A-4B59-B5C3-471EEBEE8B9A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*", - "matchCriteriaId": "60ED6DAA-9194-4829-BC1A-00F04BE7930A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*", - "matchCriteriaId": "13BEB9A6-EFD5-4793-9603-84DB84F1CF7D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*", - "matchCriteriaId": "461163C6-4CA8-4BA9-95A1-136E612CBA6B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*", - "matchCriteriaId": "275E9D96-1290-44AB-BF9B-E9E4A803F593" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*", - "matchCriteriaId": "140EFF03-09CB-436E-AF3F-1CEEFF4D3F1D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*", - "matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*", - "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*", - "matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "52624B41-AB34-40AD-8709-D9646B618AB0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "917E9856-9556-4FD6-A834-858F8837A6B4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "98BBD74D-930C-4D80-A91B-0D61347BAA63" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "FAF2E696-883D-4DE5-8B79-D8E5D9470253" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", - "matchCriteriaId": "94E04FD9-38E8-462D-82C2-729F7F7F0465" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "CFC60781-766B-4B9C-B68D-45D51C5E5D20" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "745C2CBA-4824-441B-A6BC-E80959C2E035" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*", - "matchCriteriaId": "8C6A7D00-A203-4891-96CE-20C91FCBF048" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "0A8CB480-0595-4BC1-998E-3638E85DB367" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "AC7EAB8D-CA40-4C29-99DF-24FF1753BCF9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*", - "matchCriteriaId": "5C9218A9-DA27-436A-AC93-F465FC14ECF3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*", - "matchCriteriaId": "E66503D7-72CB-42A5-8C85-D9579EF2C0A5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*", - "matchCriteriaId": "5CD7D204-3EBA-4D9E-B95A-86524B4C03D6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*", - "matchCriteriaId": "1FBBF526-7A28-436B-9B01-EADE913602B6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*", - "matchCriteriaId": "B373B409-0939-4707-99F1-95B121BFF7FC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*", - "matchCriteriaId": "75A0BCE3-38E7-4318-9A7E-3D895171129A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*", - "matchCriteriaId": "E80CA1DE-B920-4E28-BEFC-574148D19A0D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*", - "matchCriteriaId": "2303104C-4A91-4704-A9CB-8C83A859090E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*", - "matchCriteriaId": "4DCDAA51-4AA3-4EC4-B441-71FB3C3304F7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*", - "matchCriteriaId": "04CA7AD2-79BA-4A73-ADAB-E3BCA3FD7F73" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*", - "matchCriteriaId": "D54ACD07-FAB7-4513-A707-18FAF7D565C2" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*", - "matchCriteriaId": "7260CE1F-501D-44FF-A3FA-2137CA01733B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*", - "matchCriteriaId": "55D3DD1B-64DF-46C8-80A3-99D2E34B665F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*", - "matchCriteriaId": "6DF479C3-95A0-414F-B47B-C94BE95713D1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*", - "matchCriteriaId": "48702EEB-C272-46ED-9C61-6F44D6964DDE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*", - "matchCriteriaId": "AC650D89-CEEC-4A90-B3B9-5F0ADCEFCBB9" + "matchCriteriaId": "9567AD15-F32C-48CA-9345-FD5D1EC9FC3E" } ] } @@ -650,24 +81,37 @@ "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2009-1163.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/35914", "source": "secalert@redhat.com", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, @@ -675,6 +119,7 @@ "url": "http://secunia.com/advisories/35943", "source": "secalert@redhat.com", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, @@ -682,6 +127,7 @@ "url": "http://secunia.com/advisories/35944", "source": "secalert@redhat.com", "tags": [ + "Not Applicable", "Patch", "Vendor Advisory" ] @@ -690,24 +136,37 @@ "url": "http://secunia.com/advisories/35947", "source": "secalert@redhat.com", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/36005", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/36145", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html", @@ -718,16 +177,23 @@ }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/35758", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Patch" ] }, @@ -735,67 +201,105 @@ "url": "http://www.vupen.com/english/advisories/2009/1972", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2009/2152", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.vupen.com/english/advisories/2010/0650", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=454704", "source": "secalert@redhat.com", "tags": [ - "Exploit" + "Exploit", + "Issue Tracking", + "Vendor Advisory" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=465980", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Exploit" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=493281", "source": "secalert@redhat.com", "tags": [ - "Patch" + "Issue Tracking", + "Patch", + "Vendor Advisory" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=494445", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9820", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2009-1163.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/35914", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, @@ -803,6 +307,7 @@ "url": "http://secunia.com/advisories/35943", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, @@ -810,6 +315,7 @@ "url": "http://secunia.com/advisories/35944", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Not Applicable", "Patch", "Vendor Advisory" ] @@ -818,24 +324,37 @@ "url": "http://secunia.com/advisories/35947", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Not Applicable", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/36005", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Not Applicable" + ] }, { "url": "http://secunia.com/advisories/36145", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Not Applicable" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html", @@ -846,16 +365,23 @@ }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/35758", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Broken Link", "Patch" ] }, @@ -863,46 +389,71 @@ "url": "http://www.vupen.com/english/advisories/2009/1972", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2009/2152", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.vupen.com/english/advisories/2010/0650", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=454704", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Exploit" + "Exploit", + "Issue Tracking", + "Vendor Advisory" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=465980", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link", + "Exploit" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=493281", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Patch" + "Issue Tracking", + "Patch", + "Vendor Advisory" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=494445", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9820", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2010/CVE-2010-12xx/CVE-2010-1233.json b/CVE-2010/CVE-2010-12xx/CVE-2010-1233.json index d8d7c576165..a84274e811f 100644 --- a/CVE-2010/CVE-2010-12xx/CVE-2010-1233.json +++ b/CVE-2010/CVE-2010-12xx/CVE-2010-1233.json @@ -2,8 +2,8 @@ "id": "CVE-2010-1233", "sourceIdentifier": "cve@mitre.org", "published": "2010-04-01T22:30:00.657", - "lastModified": "2025-04-11T00:51:21.963", - "vulnStatus": "Deferred", + "lastModified": "2025-06-25T16:55:51.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,7 +49,7 @@ "description": [ { "lang": "en", - "value": "CWE-189" + "value": "CWE-190" } ] } @@ -62,430 +62,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, + "vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", - "versionEndIncluding": "4.1.249.1035", - "matchCriteriaId": "DED9A20C-F0D6-4979-B778-3D728E345CAF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*", - "matchCriteriaId": "D55D5075-D233-42D6-B1D6-77B7599650EB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*", - "matchCriteriaId": "5B8FF77A-7802-4963-B532-3F16C7BB012C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*", - "matchCriteriaId": "D73576CF-76EE-42A3-9955-D7991384B8C1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*", - "matchCriteriaId": "DD4A2AB1-6F90-4D0B-A673-C6310514CE63" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*", - "matchCriteriaId": "66A4FEB5-11D8-4FFC-972D-A3B991176040" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*", - "matchCriteriaId": "A6313614-FC3C-488C-B80B-191797319A56" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*", - "matchCriteriaId": "9CDF3DAB-73C4-48E8-9B0B-DADABF217555" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*", - "matchCriteriaId": "7B2FAE50-4CA3-46F6-B533-C599011A9ED5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*", - "matchCriteriaId": "B0D94F22-37B6-4938-966A-E1830D83FBC3" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*", - "matchCriteriaId": "D8B7164E-7A4F-4959-9E6D-EF614EDD4C3C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*", - "matchCriteriaId": "0C0F9D75-B10D-468F-84D8-61B6A1230556" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*", - "matchCriteriaId": "5D2CAE29-3F1E-4374-B82C-B60B7BB4AEAE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*", - "matchCriteriaId": "173D539E-045E-4429-80C9-5749BECC6CD5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*", - "matchCriteriaId": "D2052352-FECC-4990-B0F4-A715694AD816" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*", - "matchCriteriaId": "BCBC80CB-4AB8-4EDF-9940-D2D7124D7549" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*", - "matchCriteriaId": "E37938BB-8368-46D6-A8E4-F99F5CB9B82E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*", - "matchCriteriaId": "6659833E-E309-4797-84D4-A782237714A9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*", - "matchCriteriaId": "FE4C0D93-0308-48D4-A953-9398B88E2868" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*", - "matchCriteriaId": "FE5094C4-1338-4189-B5FD-C9AFFF091D6B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*", - "matchCriteriaId": "51A8C3D2-82E6-453E-90B7-BA5C5D2CDF54" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*", - "matchCriteriaId": "67C0798F-CC7F-4069-810E-B81F8BB77CCD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*", - "matchCriteriaId": "A2F95770-F36F-43C0-986F-5C819648271E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*", - "matchCriteriaId": "ECCE1FD3-8D27-4304-97F9-6F9689F2498D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*", - "matchCriteriaId": "0F6CA696-49AA-4445-B978-96C1D8CE58DF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*", - "matchCriteriaId": "D9CFA3BF-6C07-448B-8C83-AD4C524A6577" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*", - "matchCriteriaId": "E8497F93-D88A-4FFA-B988-7210608530A8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*", - "matchCriteriaId": "49FB50A3-FFDA-4BB9-A2C1-DA6DACC2DAAB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*", - "matchCriteriaId": "59F93BC8-FE87-4CEC-B28A-4B0B5A468EDE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*", - "matchCriteriaId": "02D459C7-2555-42FA-9C68-619E410D7CBA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*", - "matchCriteriaId": "E5CDF938-2998-403F-B343-29B620E05D44" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*", - "matchCriteriaId": "64F89EA6-B411-4887-90A1-FF3A054424F6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*", - "matchCriteriaId": "10D2BA3B-1C69-470C-9C40-001FAE82DDB4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*", - "matchCriteriaId": "3583995C-CD74-401F-905D-65B73CFC4595" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*", - "matchCriteriaId": "A0A621B1-3186-4CE2-8BCC-916027CC74CF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*", - "matchCriteriaId": "B4A9B50D-5B0F-41C9-8FAF-B78CD21A0554" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*", - "matchCriteriaId": "4F5223F1-85CD-4DF9-9665-BDF7B554A784" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*", - "matchCriteriaId": "8DD7AFBA-A9A2-4EE9-B652-78D25EFBB690" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*", - "matchCriteriaId": "6B9D6ED9-D5C5-4CA9-84EA-8007F48CF597" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*", - "matchCriteriaId": "0E7F7897-ECD1-499E-81CD-E224241B6607" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*", - "matchCriteriaId": "C7422307-271F-4953-9CA4-C50238D27BAE" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*", - "matchCriteriaId": "9DCC3490-5B06-4992-8E31-CA46E18607B7" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*", - "matchCriteriaId": "C2F85551-EDB5-4790-8095-EFFA7DEC7F98" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.195.21:*:*:*:*:*:*:*", - "matchCriteriaId": "6FEBB1A8-295B-4AF7-996D-F7E415B91ECB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.195.24:*:*:*:*:*:*:*", - "matchCriteriaId": "50995718-0F70-44CA-863B-4AFB4C7AF3CD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.195.32:*:*:*:*:*:*:*", - "matchCriteriaId": "31D2B04D-ECEB-4B9B-9DC7-FE17C13DD72A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*", - "matchCriteriaId": "F7460B03-A658-4507-8D9E-E0234940BD71" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*", - "matchCriteriaId": "764825B3-75C2-4FF1-93B6-C6E696C05058" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:*", - "matchCriteriaId": "8CD2980F-A2B4-4EEE-90ED-5CFF4C29AA99" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:4.0.249.78:*:*:*:*:*:*:*", - "matchCriteriaId": "BDE39270-209E-45B8-B574-AF508EAB9474" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:4.0.249.78:beta:*:*:*:*:*:*", - "matchCriteriaId": "2F56327D-C34E-476F-873A-F83E75913FE4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:google:chrome:4.0.249.89:*:*:*:*:*:*:*", - "matchCriteriaId": "3840D6BD-B496-459B-8C3C-E44B20E769AF" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1:beta:*:*:*:*:*:*", - "matchCriteriaId": "063DAA53-81C5-47D1-9E3F-AFBB299176EA" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.0:*:*:*:*:*:*:*", - "matchCriteriaId": "E11634AF-F6A8-4BFB-AEBD-108B604685E6" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1001:*:*:*:*:*:*:*", - "matchCriteriaId": "FCC8EAD9-A771-488F-AF77-CD1DE9B4711D" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1004:*:*:*:*:*:*:*", - "matchCriteriaId": "623C878C-3922-48DE-B59E-FB7031DB48D3" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1006:*:*:*:*:*:*:*", - "matchCriteriaId": "E6946EE5-2892-4353-B5D8-AA2E22F249D8" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1007:*:*:*:*:*:*:*", - "matchCriteriaId": "6AD148D0-B4A8-4941-8567-43A7D0625D60" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1008:*:*:*:*:*:*:*", - "matchCriteriaId": "FD6F3ABA-C313-43D1-8B4F-94956079A7EB" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1009:*:*:*:*:*:*:*", - "matchCriteriaId": "A66FEFF4-B2DF-4F0C-83A3-20D5FD731176" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1010:*:*:*:*:*:*:*", - "matchCriteriaId": "63F5DE2D-94F6-4AD0-A1EE-50B3FF3F6838" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1011:*:*:*:*:*:*:*", - "matchCriteriaId": "07C5E8DE-CE20-44DE-BBA7-C78B0F633F2B" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1012:*:*:*:*:*:*:*", - "matchCriteriaId": "FEAC3DE1-6CBB-41B5-A1E2-758066212B24" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1013:*:*:*:*:*:*:*", - "matchCriteriaId": "30139360-B0CD-40EA-8BF1-1CA378FE4592" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1014:*:*:*:*:*:*:*", - "matchCriteriaId": "6E96DFCC-658F-4A59-ACB4-5ABC5ADB9EFC" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1015:*:*:*:*:*:*:*", - "matchCriteriaId": "A41983FB-84DC-4225-9A4D-006817B27440" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1016:*:*:*:*:*:*:*", - "matchCriteriaId": "87D8F8AB-8AA5-4CF6-9F16-D334D4C7919C" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1017:*:*:*:*:*:*:*", - "matchCriteriaId": "E11C83A9-A7D7-4C6A-9787-2206F24A9216" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1018:*:*:*:*:*:*:*", - "matchCriteriaId": "6D252FB8-0D05-4F30-B488-F12BC3889CDC" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1019:*:*:*:*:*:*:*", - "matchCriteriaId": "8275B3A8-6F86-4EA4-97EC-5A0F341D7F53" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1020:*:*:*:*:*:*:*", - "matchCriteriaId": "2166ED0B-D470-41B6-8405-0C1C7BF55C79" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1021:*:*:*:*:*:*:*", - "matchCriteriaId": "2A20B815-5A5C-49C4-BD6F-2219F0921188" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1022:*:*:*:*:*:*:*", - "matchCriteriaId": "4C20763A-985D-49EA-B2CE-87484BACEC43" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1023:*:*:*:*:*:*:*", - "matchCriteriaId": "01591BD1-5860-4B94-B874-31DB0649AB95" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1024:*:*:*:*:*:*:*", - "matchCriteriaId": "2E1630C3-8D5B-4356-96BD-A09CE19DEF29" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1025:*:*:*:*:*:*:*", - "matchCriteriaId": "ECD4B7B4-6980-4843-AC27-9A7AD960C283" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1026:*:*:*:*:*:*:*", - "matchCriteriaId": "CB3C8BD4-C9BF-449C-A3D2-F65A02CCBC63" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1027:*:*:*:*:*:*:*", - "matchCriteriaId": "B9BAF28C-0FF7-4814-A7B5-E6CD128831A9" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1028:*:*:*:*:*:*:*", - "matchCriteriaId": "948460B6-B929-4818-9475-FF45BB7B1406" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1029:*:*:*:*:*:*:*", - "matchCriteriaId": "244F512F-8199-49F6-8E6A-87ED2EADB749" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1030:*:*:*:*:*:*:*", - "matchCriteriaId": "870EBE96-613E-4F6D-98DE-E61B0A09F97D" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1031:*:*:*:*:*:*:*", - "matchCriteriaId": "BA1A130D-6DDA-417B-A833-09B63367DFD7" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1032:*:*:*:*:*:*:*", - "matchCriteriaId": "1863C21A-438B-45DE-B6C0-5AA875FDC96D" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1033:*:*:*:*:*:*:*", - "matchCriteriaId": "A85CDC6D-0CAB-4E3C-8350-43B883869C5D" - }, - { - "vulnerable": false, - "criteria": "cpe:2.3:a:google:chrome:4.1.249.1034:*:*:*:*:*:*:*", - "matchCriteriaId": "6E473A91-F955-41A3-A94F-5B24908DE629" + "versionEndExcluding": "4.1.249.1036", + "matchCriteriaId": "300EAF6A-9668-4AD0-BF20-BC0F72969B1C" } ] } @@ -497,55 +77,87 @@ "url": "http://code.google.com/p/chromium/issues/detail?id=35724", "source": "cve@mitre.org", "tags": [ - "Exploit" + "Exploit", + "Permissions Required" ] }, { "url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://secunia.com/advisories/43068", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.vupen.com/english/advisories/2011/0212", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14023", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://code.google.com/p/chromium/issues/detail?id=35724", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Exploit" + "Exploit", + "Permissions Required" ] }, { "url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://secunia.com/advisories/43068", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.vupen.com/english/advisories/2011/0212", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14023", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json b/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json index 72f79ac81f3..56eedcc16ee 100644 --- a/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json +++ b/CVE-2014/CVE-2014-62xx/CVE-2014-6274.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Git-annex ten\u00eda un error en los servidores remotos S3 y Glacier: si se configuraba embedcreds=yes y el servidor remoto usaba encrypted=pubkey o encrypted=hybrid, las credenciales de AWS integradas se almacenaban en el repositorio Git en texto plano (en la pr\u00e1ctica), no cifradas como deb\u00edan. Este problema afecta a Git-annex desde la versi\u00f3n 3.20121126 hasta la versi\u00f3n 5.20140919." + "value": "git-annex ten\u00eda un error en los servidores remotos S3 y Glacier: si se configuraba embedcreds=yes y el servidor remoto usaba encrypted=pubkey o encrypted=hybrid, las credenciales de AWS integradas se almacenaban en el repositorio git en texto plano (en la pr\u00e1ctica), no cifradas como deb\u00edan. Este problema afecta a git-annex desde la versi\u00f3n 3.20121126 hasta la versi\u00f3n 5.20140919.\n" } ], "metrics": { diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16536.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16536.json index f71956572ff..f1ef36c0b6c 100644 --- a/CVE-2019/CVE-2019-165xx/CVE-2019-16536.json +++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16536.json @@ -2,8 +2,8 @@ "id": "CVE-2019-16536", "sourceIdentifier": "browser-security@yandex-team.ru", "published": "2025-05-21T08:15:26.233", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:33:42.690", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -73,10 +95,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.14.3.3", + "matchCriteriaId": "A535E755-6FEF-4851-987A-827717769D2D" + } + ] + } + ] + } + ], "references": [ { "url": "https://clickhouse.com/docs/whats-new/security-changelog", - "source": "browser-security@yandex-team.ru" + "source": "browser-security@yandex-team.ru", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-166xx/CVE-2019-16639.json b/CVE-2019/CVE-2019-166xx/CVE-2019-16639.json index 652866b14ce..c6672185231 100644 --- a/CVE-2019/CVE-2019-166xx/CVE-2019-16639.json +++ b/CVE-2019/CVE-2019-166xx/CVE-2019-16639.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T17:15:10.430", "lastModified": "2024-11-21T04:30:51.677", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-166xx/CVE-2019-16640.json b/CVE-2019/CVE-2019-166xx/CVE-2019-16640.json index 09349df61e4..40e51c361a7 100644 --- a/CVE-2019/CVE-2019-166xx/CVE-2019-16640.json +++ b/CVE-2019/CVE-2019-166xx/CVE-2019-16640.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T17:15:10.513", "lastModified": "2024-11-21T04:30:51.883", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2019/CVE-2019-166xx/CVE-2019-16641.json b/CVE-2019/CVE-2019-166xx/CVE-2019-16641.json index 85fbd756986..5a6aaed74e4 100644 --- a/CVE-2019/CVE-2019-166xx/CVE-2019-16641.json +++ b/CVE-2019/CVE-2019-166xx/CVE-2019-16641.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T17:15:10.600", "lastModified": "2024-11-21T04:30:52.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json b/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json index eda07df593b..711f67b7151 100644 --- a/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json +++ b/CVE-2020/CVE-2020-257xx/CVE-2020-25720.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json index f75538f247e..410b743a118 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36771.json @@ -2,7 +2,7 @@ "id": "CVE-2020-36771", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-22T14:15:07.530", - "lastModified": "2024-11-21T05:30:16.320", + "lastModified": "2025-06-20T19:15:20.827", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", @@ -52,13 +72,23 @@ }, { "source": "nvd@nist.gov", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1470.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1470.json index 212007ce47f..efa06d40111 100644 --- a/CVE-2021/CVE-2021-14xx/CVE-2021-1470.json +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1470.json @@ -2,8 +2,8 @@ "id": "CVE-2021-1470", "sourceIdentifier": "psirt@cisco.com", "published": "2024-11-15T17:15:07.977", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:35:38.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,18 +61,284 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "A0D5F32C-BFC1-49CC-BE96-920FCBE567B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "F621202C-3851-4D7E-BFA2-DABB08E73DB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "38132BE5-528B-472E-9249-B226C0DE1C80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "37C817B2-DDB9-4CAF-96C9-776482A8597D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "AC5D29FD-0917-4C1F-AE75-2D63F5C9C58D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*", + "matchCriteriaId": "1E3090C4-15E6-4746-B0D2-27665AB91B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*", + "matchCriteriaId": "04E924CC-3161-436D-93F0-066F76172F55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7ED059CD-AD0A-4748-8390-8CDCF4C4D1CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6990E97D-30E9-42A9-AE6A-CC597DF75B0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "15B60BA4-EA02-4D0D-82C3-1B08016EF5AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E9DC51F7-72D4-4593-8DDE-8AA3955BB826" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B047A011-1C27-4D86-99C1-BFCDC7F04A9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DADEA8FB-3298-4534-B65E-81060E3DB45A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "F4C6DF1F-4995-4486-8F90-9EFD6417ABA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "6D249954-93E0-4124-B9BA-84B9F34D7CB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "5B24396C-3732-4CF8-B01A-62C77D20E7FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B7F20EBE-DFDF-4996-93D1-28EE776BC777" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "3DF09CAB-CA1B-428E-9A0B-AADACE9201A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D99ED480-C206-48DD-9DF3-FC60D91B98A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4DC515B6-27A3-4723-9792-2BA42EF63E44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DEC0BBDA-FAE5-4AF7-81C8-83041A58E8E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "7A066E28-31B0-46C7-ABB8-F5D1F3A303C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C8F536CC-29D6-401E-92C5-964FDBDCCE65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9139593A-9414-488D-AA3A-5560C643587D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "07BFB47E-F456-4782-98D7-68D02500FDD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:*:*:*:*:*:*:*", + "matchCriteriaId": "57F0D358-54BE-4A47-8B76-D23B5CCC4BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*", + "matchCriteriaId": "33BEBE47-AF47-4994-871D-5969270EE5AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*", + "matchCriteriaId": "A27094E7-E6F3-47CA-A90A-86FEA2F1BE33" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:*:*:*:*:*:*:*", + "matchCriteriaId": "9B8958D8-389F-4FB6-8F29-621608FB2B32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "37B66141-99E6-4D7D-8D11-18E9B34B002D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "40177056-0438-4BFF-ABD3-2328FE585800" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6D6D47A0-43A2-4F9F-830B-B2FB79E779A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "87E7B932-950A-4573-832F-8477FABA5929" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A1711A70-5931-4C1F-B522-46AD2E5D7C51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "FE41B8AE-8F1E-4116-BDDC-65B913AD448E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "7EC80219-C760-4CA8-B360-7B6545F502C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*", + "matchCriteriaId": "F9E425CF-5773-4C17-B284-588DDCE8DE43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.32:*:*:*:*:*:*:*", + "matchCriteriaId": "D89DEB9F-1F0A-4190-A9A7-2DE3949E5034" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*", + "matchCriteriaId": "34886EDF-1C10-4F57-A82D-FF1AF668E2C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EE5ECA-5D13-4C29-9396-95FFBEC4236A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*", + "matchCriteriaId": "1D7B3B10-6936-4352-9EE7-561BB1918769" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*", + "matchCriteriaId": "1EB69F8B-67CB-4296-893A-7A35B155EBEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "491BD04C-85BE-4766-9965-59744D2639CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "545F75A3-451C-4993-98AE-51C23EF49927" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB0DD6B-6C4D-4FF4-97AB-815A4566320F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "5D144CB1-0AD1-4C8A-A709-52C26965675F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2_937:*:*:*:*:*:*:*", + "matchCriteriaId": "7D25B8C8-93E0-4ADF-B398-2071432B7012" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*", + "matchCriteriaId": "482DC851-7E33-4487-8219-6675091FD7C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "BAFBFE36-6913-4122-A537-F2AA1562FE69" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX", - "source": "psirt@cisco.com" + "source": "psirt@cisco.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC", - "source": "psirt@cisco.com" + "source": "psirt@cisco.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB", - "source": "psirt@cisco.com" + "source": "psirt@cisco.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json b/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json index 7ea70b7403a..33c26ce0513 100644 --- a/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json +++ b/CVE-2021/CVE-2021-313xx/CVE-2021-31314.json @@ -2,7 +2,7 @@ "id": "CVE-2021-31314", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-20T01:15:07.770", - "lastModified": "2024-11-21T06:05:24.550", + "lastModified": "2025-06-20T19:15:21.077", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-434" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-322xx/CVE-2021-32292.json b/CVE-2021/CVE-2021-322xx/CVE-2021-32292.json index 79ec8bf5fb8..86fd7ded4b0 100644 --- a/CVE-2021/CVE-2021-322xx/CVE-2021-32292.json +++ b/CVE-2021/CVE-2021-322xx/CVE-2021-32292.json @@ -2,7 +2,7 @@ "id": "CVE-2021-32292", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:20.350", - "lastModified": "2025-04-02T10:41:06.000", + "lastModified": "2025-06-25T16:55:47.280", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json index 14c373668ea..cbf9f301f49 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42141.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42141", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T23:15:08.120", - "lastModified": "2024-11-21T06:27:20.747", + "lastModified": "2025-06-20T19:15:21.277", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-755" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42143.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42143.json index ef442f1d67f..67216aa6897 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42143.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42143.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42143", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T18:15:08.080", - "lastModified": "2024-11-21T06:27:21.117", + "lastModified": "2025-06-20T20:15:21.900", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-835" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42144.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42144.json index 546418526d4..a9cbf8d62e3 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42144.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42144.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42144", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T18:15:08.150", - "lastModified": "2024-11-21T06:27:21.267", + "lastModified": "2025-06-20T20:15:22.800", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json index 342b9025fe3..0d02d1562fc 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42145.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42145", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T19:15:08.420", - "lastModified": "2024-11-21T06:27:21.413", + "lastModified": "2025-06-20T20:15:22.943", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-755" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-421xx/CVE-2021-42146.json b/CVE-2021/CVE-2021-421xx/CVE-2021-42146.json index a52d3d0a45c..793af61e399 100644 --- a/CVE-2021/CVE-2021-421xx/CVE-2021-42146.json +++ b/CVE-2021/CVE-2021-421xx/CVE-2021-42146.json @@ -2,7 +2,7 @@ "id": "CVE-2021-42146", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T19:15:08.483", - "lastModified": "2024-11-21T06:27:21.553", + "lastModified": "2025-06-20T20:15:23.110", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-755" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-303" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-436xx/CVE-2021-43635.json b/CVE-2021/CVE-2021-436xx/CVE-2021-43635.json index 7a0a24b596f..79d6c439072 100644 --- a/CVE-2021/CVE-2021-436xx/CVE-2021-43635.json +++ b/CVE-2021/CVE-2021-436xx/CVE-2021-43635.json @@ -2,8 +2,8 @@ "id": "CVE-2021-43635", "sourceIdentifier": "cve@mitre.org", "published": "2022-02-04T18:15:07.287", - "lastModified": "2024-11-21T06:29:32.877", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T20:06:20.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -85,9 +85,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:codex_project:codex:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:codexnotes:codex:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.0", - "matchCriteriaId": "A43C505F-D811-4731-880F-45CDDAC636AF" + "matchCriteriaId": "42AD3568-29D4-42CF-8511-21128C0B9281" } ] } diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4457.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4457.json index 566efec8687..ad83c52f32f 100644 --- a/CVE-2021/CVE-2021-44xx/CVE-2021-4457.json +++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4457.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2025-06-25T15:15:21.100", "lastModified": "2025-07-01T19:15:24.787", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json b/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json index 149367b61c8..cdba9adb774 100644 --- a/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json +++ b/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the OpenFileDescriptor action before the VerifyCanWrite action is performed." + }, + { + "lang": "es", + "value": "En WhiteBeam 0.2.0 a 0.2.1 antes de 0.2.2, un usuario con acceso local a un servidor puede omitir la funcionalidad de lista blanca porque un archivo se puede truncar en la acci\u00f3n OpenFileDescriptor antes de que se realice la acci\u00f3n VerifyCanWrite." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20685.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20685.json index 7182b0b6ff9..34ca477d794 100644 --- a/CVE-2022/CVE-2022-206xx/CVE-2022-20685.json +++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20685.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20685", "sourceIdentifier": "psirt@cisco.com", "published": "2024-11-15T16:15:21.910", - "lastModified": "2025-01-27T18:15:29.790", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:47:25.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -81,14 +81,572 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3297323C-B263-45EA-90CE-2B8415C9E498" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "797AD8A4-083B-4A9E-A49D-65EE828E1637" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "4EB16212-A9DC-4C8C-B220-9619C65436EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "9C64043F-1F0D-47F7-AEEE-309B239891DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "7605B088-A708-40D3-806B-D7E460AE53DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E1F7F871-C211-4DC6-8020-1075405BAE17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "30E42800-B7C9-4006-8B7A-5A9A5F5EB234" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EE33F541-232E-4432-AB41-EC0500A85E6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8D5B5FDC-79B2-447E-816F-1F630508A889" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B806EAC6-E1B2-40FB-9B2F-6AFB4A16AF89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D7BAC55C-C114-4E64-BC9E-9000B8C016CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "925E6B9B-F7F1-4ED8-8431-282A1061B527" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.2.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A10EDC3E-0EF6-47DD-834D-51C5BBCC13EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "BB5F799E-6696-4391-9B58-06715FA4086A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:3.2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "EE31D26B-CD47-4853-B1C3-2E50B0882AFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2758714C-4E9A-4442-9AD1-82D8E43995C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:cyber_vision:4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0F63C0E4-99A9-4D4F-BCF9-EF5F5455C04C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0FAD2427-82A3-4E64-ADB5-FA4F40B568F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "08D5A647-AC21-40AC-8B3C-EE5D3EDA038A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "0BAE999A-5244-46CF-8C12-D68E789BDEE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D6468D3D-C5A7-4FAE-B4B9-AD862CD11055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D6E4808D-592E-46A6-A83A-A46227D817B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1AB45136-ACCD-4230-8975-0EBB30D5B375" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "B2C39AC1-1B96-4253-9FC8-4CC26D6261F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "DE9102C8-F211-4E50-967F-FD51C7FC904F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "B4933642-89E5-4909-AD3C-862CD3B77790" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.10:*:*:*:*:*:*:*", + "matchCriteriaId": "A9A6C776-79B3-47ED-B013-100B8F08E1C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "E504F28A-44CE-4B3E-9330-6A98728E3AEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.12:*:*:*:*:*:*:*", + "matchCriteriaId": "FEA0DD43-D206-4C1C-8B17-DA47F96B3BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "1983172D-4F52-479F-BF14-A84B92D36864" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*", + "matchCriteriaId": "4122D982-A57A-4249-A8DC-CE9FC6C98803" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.15:*:*:*:*:*:*:*", + "matchCriteriaId": "96464380-F665-4266-B0AD-693E078C9F82" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.16:*:*:*:*:*:*:*", + "matchCriteriaId": "4C230B8A-570D-4F58-83E1-AFA50B813EA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.17:*:*:*:*:*:*:*", + "matchCriteriaId": "FD3F39CB-C4C2-4B13-94F0-9E44322314BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.18:*:*:*:*:*:*:*", + "matchCriteriaId": "59A71873-0EB2-418F-AE33-8474A1010FA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6E6BD0EE-649E-4ED6-A09C-8364335DEF52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "1AE11554-FE3C-4C8B-8986-5D88E4967342" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "E1C11983-22A8-4859-A240-571A7815FF54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "24CD0B0A-2B91-45DD-9522-8D1D3850CC9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B7026F0E-72A7-4CDF-BADC-E34FE6FADC51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "63B85369-FBAE-456C-BC99-5418B043688A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "86434346-D5F0-49BA-803E-244C3266E361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.8:*:*:*:*:*:*:*", + "matchCriteriaId": "D2FA7B3C-002D-4755-B323-CA24B770A5B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "F1CB7EBC-F3D5-4855-A8D8-BA5AB21FD719" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.10:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A5530C-DF29-421B-9712-3454C1769446" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.11:*:*:*:*:*:*:*", + "matchCriteriaId": "41170977-FEEA-4B51-BF98-8493096CD691" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0.12:*:*:*:*:*:*:*", + "matchCriteriaId": "B05791F9-0B31-4C4C-A9BA-9268CAA45FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "20AE4051-FA3B-4F0B-BD3D-083A14269FF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "46A42D07-FF3E-41B4-BA39-3A5BDA4E0E61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "3985EA37-2B77-45F2-ABA5-5CCC7B35CA2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "67FB5ABE-3C40-4C58-B91F-0621C2180FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "53909FD6-EC74-4D2F-99DA-26E70400B53F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "828E3DE1-B62E-4FEC-AAD3-EB0E452C9CBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "596EC5DD-D7F4-44C8-B4B5-E2DC142FC486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "C356E0E6-5B87-40CF-996E-6FFEDFD82A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F3C12D3-7662-46C5-9E88-D1BE6CF605E0" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:3.17.0s:*:*:*:*:*:*:*", + "matchCriteriaId": "CE3E6C71-2A80-45CE-8113-38AE35749E6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:3.17.1s:*:*:*:*:*:*:*", + "matchCriteriaId": "9D6BEE46-D928-4214-A2C9-88AC63DFE2FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "12C50D98-0CAE-4E61-BFFC-8E91A97BED35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.5:*:*:*:*:*:*:*", + "matchCriteriaId": "162956CE-1B24-41C6-A7C5-BCA214587CD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.6:*:*:*:*:*:*:*", + "matchCriteriaId": "146D7432-4357-409A-8E6D-C9D04CF43ADC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.7a:*:*:*:*:*:*:*", + "matchCriteriaId": "540DBCF6-3733-4E0C-94C9-58B98D13E35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.9:*:*:*:*:*:*:*", + "matchCriteriaId": "68BB8A38-693D-4768-A917-81FF9E898AEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.6.10:*:*:*:*:*:*:*", + "matchCriteriaId": "90BCC057-5064-4FE5-B2C8-2EB14A59D763" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "0D7C20FF-6587-4E62-9318-03B4C61AC70C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.2:*:*:*:*:*:*:*", + "matchCriteriaId": "FA0536C6-5F9E-48A7-A004-F0F5FE9C83E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.3:*:*:*:*:*:*:*", + "matchCriteriaId": "11FF3577-FC7E-4CAE-8B06-CAFAB97D7D7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9F8DC147-FB97-4364-9520-6E69C282424F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.5:*:*:*:*:*:*:*", + "matchCriteriaId": "88D51165-6AF2-4E61-83DC-D04EC90ED435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:16.12.6:*:*:*:*:*:*:*", + "matchCriteriaId": "CC483F1B-D09E-486A-99FF-D7C0872C5CA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "AFA2C618-C2DA-4194-869D-1F0198A361B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.2.1r:*:*:*:*:*:*:*", + "matchCriteriaId": "2FEB2A57-CF8F-4E87-939A-5B3EF7E5E0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.3.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "7BA9E488-2A54-4226-B413-89D141362350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.3.2:*:*:*:*:*:*:*", + "matchCriteriaId": "359EDE5C-4017-487A-B3D3-F22A42165E89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "D024AF06-DCB5-44B4-A985-07EDC093DBB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "373F1DDC-E1A7-496F-A86D-3724266D3143" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.3.4a:*:*:*:*:*:*:*", + "matchCriteriaId": "A28594C9-139A-4EE4-81D9-C7E96A1DD886" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.4.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "018F06B0-1486-4822-B2EA-4449652919EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.4.1b:*:*:*:*:*:*:*", + "matchCriteriaId": "ADEC96FA-5B14-43AD-B83A-AA630941DD5F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6D3B1688-5301-4799-9AAC-DC7ED4497AAE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8B5FDEDF-B870-4204-BADC-92805F431BAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.5.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "B0A61788-FA7B-4506-90DF-17ED5053C3A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.6.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "245ED9C3-4B16-4CC1-BC78-B4AED938C0B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:17.7.1a:*:*:*:*:*:*:*", + "matchCriteriaId": "D39700C2-E83C-4ECE-9640-CEFBDD18DC4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:denali-16.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2CC7F6B1-FD0C-4D68-9DA2-B34096899C0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:denali-16.3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "39C52FF5-F2A8-41DD-A584-FD16CE143329" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:denali-16.3.5:*:*:*:*:*:*:*", + "matchCriteriaId": "A629FCAF-0F3C-43C9-8BDB-68D9EE675A43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:denali-16.3.7:*:*:*:*:*:*:*", + "matchCriteriaId": "0E8F55F7-9FF4-4A97-925C-F828701BA18E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:denali-16.3.9:*:*:*:*:*:*:*", + "matchCriteriaId": "ACE7D048-0D0B-4E48-8E57-192B02F5CD1D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:everest-16.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2E7B2DC4-3971-4D60-B9F9-282332E6CBEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:everest-16.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "8B88058B-F68D-4901-8BB0-30E8BE9A98B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:everest-16.6.4:*:*:*:*:*:*:*", + "matchCriteriaId": "7271541D-6563-4DE7-9085-E6CB66583C2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "C956E85E-B778-43E3-ABBE-4C373FF474A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A31CEA23-B824-4D43-9FED-16071985C822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.4:*:*:*:*:*:*:*", + "matchCriteriaId": "E59FDC96-71AC-4FC7-BA0A-1EAC301362D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.5:*:*:*:*:*:*:*", + "matchCriteriaId": "DADBCC11-AF7D-41EA-B88F-F4B72F90B258" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "32867BBF-E973-4B9E-895A-4E75C5F7F35F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.7:*:*:*:*:*:*:*", + "matchCriteriaId": "9B13ACF4-20B5-4DC8-BDDA-144AFA1DFD55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:unified_threat_defense_snort_intrusion_prevention_system_engine:fuji-16.9.8:*:*:*:*:*:*:*", + "matchCriteriaId": "6D94B404-B1F4-42D4-ACF6-4F84F2B34F80" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ", - "source": "psirt@cisco.com" + "source": "psirt@cisco.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj", - "source": "psirt@cisco.com" + "source": "psirt@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json b/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json index 7cece954ace..a59c29c6077 100644 --- a/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json +++ b/CVE-2022/CVE-2022-432xx/CVE-2022-43216.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43216", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-08T12:15:08.017", - "lastModified": "2025-06-18T18:34:07.987", + "lastModified": "2025-06-20T18:56:22.150", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -60,9 +60,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:abrhil:lista_de_asistenci:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:abrhil:lista_de_asistencia:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.6.2", - "matchCriteriaId": "C87E0702-92E1-4AE1-A140-663508A414EC" + "matchCriteriaId": "C4444846-0287-48F8-9061-2833B3597D05" } ] } diff --git a/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json b/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json index 1653da10da0..83236f5e826 100644 --- a/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json +++ b/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json @@ -2,7 +2,7 @@ "id": "CVE-2022-48174", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:31.080", - "lastModified": "2025-02-05T18:02:49.267", + "lastModified": "2025-06-25T14:24:41.033", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ @@ -57,8 +57,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", - "versionEndIncluding": "1.35.0", - "matchCriteriaId": "50324EB3-E070-4585-A2F4-DE7C0D1932B3" + "versionEndIncluding": "1.36.1", + "matchCriteriaId": "82CC192B-C581-4846-AB6D-107055763145" } ] } diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json index 0da00ab00c8..50ccad0b3ef 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49934.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix UAF in ieee80211_scan_rx()\n\nieee80211_scan_rx() tries to access scan_req->flags after a\nnull check, but a UAF is observed when the scan is completed\nand __ieee80211_scan_completed() executes, which then calls\ncfg80211_scan_done() leading to the freeing of scan_req.\n\nSince scan_req is rcu_dereference()'d, prevent the racing in\n__ieee80211_scan_completed() by ensuring that from mac80211's\nPOV it is no longer accessed from an RCU read critical section\nbefore we call cfg80211_scan_done()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: Se ha corregido el UAF en ieee80211_scan_rx(). ieee80211_scan_rx() intenta acceder a scan_req->flags tras una comprobaci\u00f3n nula, pero se observa un UAF al finalizar el escaneo y se ejecuta __ieee80211_scan_completed(), que a su vez llama a cfg80211_scan_done(), lo que libera scan_req. Dado que scan_req est\u00e1 desreferenciado mediante rcu_dereference(), se debe evitar la aceleraci\u00f3n en __ieee80211_scan_completed() asegur\u00e1ndose de que, desde el punto de vista de mac80211, ya no se acceda a \u00e9l desde una secci\u00f3n cr\u00edtica de lectura de RCU antes de llamar a cfg80211_scan_done()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json index fbf819b86ad..c3b877716d1 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49935.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf/dma-resv: comprobar si la nueva valla es realmente posterior. Anteriormente, al a\u00f1adir una valla a un objeto dma_resv, siempre supon\u00edamos que era m\u00e1s reciente que todas las vallas existentes. Gracias al trabajo de Jason para a\u00f1adir una UAPI a la exportaci\u00f3n/importaci\u00f3n expl\u00edcita, esto ya no es necesario. Por lo tanto, sin esta comprobaci\u00f3n, permitir\u00edamos que el espacio de usuario forzara al kernel a un error de Use-After-Free. Dado que el cambio es muy peque\u00f1o y defensivo, probablemente sea buena idea retroportarlo tambi\u00e9n a los kernels estables, por si acaso otros utilizan el objeto dma_resv de la misma manera." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json index d2d61674a22..afd1d3a8004 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49936.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt. That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best. However, the bug report points out that the USB\ncore does not have any protection against nested resets. Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: n\u00facleo: evitar llamadas de reinicio de dispositivo anidadas. El fuzzing autom\u00e1tico del kernel revel\u00f3 una violaci\u00f3n de bloqueo recursivo en usb-storage: ============================================== ADVERTENCIA: posible bloqueo recursivo detectado 5.18.0 #3 No contaminado -------------------------------------------- kworker/1:3/1205 est\u00e1 intentando adquirir el bloqueo: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, en: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 pero la tarea ya est\u00e1 manteniendo el bloqueo: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, en: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... seguimiento de pila: CPU: 1 PID: 1205 Comm: kworker/1:3 No contaminado 5.18.0 #3 Nombre de hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Cola de trabajo: usb_hub_wq hub_event Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2988 [inline] check_deadlock kernel/locking/lockdep.c:3031 [inline] validate_chain kernel/locking/lockdep.c:3816 [inline] __lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5665 [inline] lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747 usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 usb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109 r871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622 usb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:545 [inline] device_remove+0x11f/0x170 drivers/base/dd.c:537 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248 usb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627 usb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118 usb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114 Result\u00f3 que esto no era un error en usb-storage sino m\u00e1s bien un intento de reinicio de dispositivo anidado. Es decir, como el controlador rtl8712 se estaba desvinculando de un dispositivo compuesto en preparaci\u00f3n para un reinicio USB no relacionado (ese controlador no tiene devoluciones de llamada pre_reset o post_reset), su rutina ->remove llam\u00f3 a usb_reset_device() - anidando as\u00ed una llamada de reinicio dentro de otra. Realizar un reinicio como parte del procesamiento de desconexi\u00f3n es una pr\u00e1ctica cuestionable en el mejor de los casos. Sin embargo, el informe de errores se\u00f1ala que el n\u00facleo USB no tiene ninguna protecci\u00f3n contra reinicios anidados. Agregar un indicador reset_in_progress y probarlo evitar\u00e1 tales errores en el futuro. " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json index 3c7780f67fb..a163a604263 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49937.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mceusb: Use new usb_control_msg_*() routines\n\nAutomatic kernel fuzzing led to a WARN about invalid pipe direction in\nthe mceusb driver:\n\n------------[ cut here ]------------\nusb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40\nWARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410\nusb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nCode: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8\n44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b\ne9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41\nRSP: 0018:ffffc900032becf0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000\nRDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90\nRBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000\nR10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000\nR13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500\nFS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0\nCall Trace:\n\nusb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58\nusb_internal_control_msg drivers/usb/core/message.c:102 [inline]\nusb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153\nmceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]\nmceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807\n\nThe reason for the warning is clear enough; the driver sends an\nunusual read request on endpoint 0 but does not set the USB_DIR_IN bit\nin the bRequestType field.\n\nMore importantly, the whole situation can be avoided and the driver\nsimplified by converting it over to the relatively new\nusb_control_msg_recv() and usb_control_msg_send() routines. That's\nwhat this fix does." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mceusb: Utilizar nuevas rutinas usb_control_msg_*() El fuzzing autom\u00e1tico del kernel provoc\u00f3 una ADVERTENCIA sobre una direcci\u00f3n de tuber\u00eda no v\u00e1lida en el controlador mceusb: ------------[ cortar aqu\u00ed ]------------ usb 6-1: directorio de control FALSO, la tuber\u00eda 80000380 no coincide con bRequestType 40 ADVERTENCIA: CPU: 0 PID: 2465 en drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 M\u00f3dulos vinculados: CPU: 0 PID: 2465 Comm: kworker/0:2 No contaminado 5.19.0-rc4-00208-g69cb6c6556ad #1 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Cola de trabajo: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 C\u00f3digo: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 y siguientes 41 RSP: 0018:ffffc900032becf0 EFLAGS: 00010282 RAX: 000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000 RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90 RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 000000000000000 R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000 R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0 Seguimiento de llamadas: usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153 mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline] mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807 El motivo de la advertencia es bastante claro; el controlador env\u00eda una solicitud de lectura inusual en el endpoint 0 pero no establece el bit USB_DIR_IN en el campo bRequestType. M\u00e1s importante a\u00fan, se puede evitar toda la situaci\u00f3n y simplificar el controlador al convertirlo a las relativamente nuevas rutinas usb_control_msg_recv() y usb_control_msg_send(). Esto es lo que hace esta correcci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json index e2cbc109bf7..c9608943974 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49938.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: corrige una peque\u00f1a p\u00e9rdida de mempool en SMB2_negotiate() En algunos casos de falla (desajustes de dialecto) en SMB2_negotiate(), despu\u00e9s de enviar la solicitud, las verificaciones devolver\u00edan -EIO cuando deber\u00edan establecer rc = -EIO y saltar a neg_exit para liberar el b\u00fafer de respuesta de mempool." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json index 693b37e86bd..51c3aa11746 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49939.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF of ref->proc caused by race condition\n\nA transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the\nreference for a node. In this case, the target proc normally releases\nthe failed reference upon close as expected. However, if the target is\ndying in parallel the call will race with binder_deferred_release(), so\nthe target could have released all of its references by now leaving the\ncleanup of the new failed reference unhandled.\n\nThe transaction then ends and the target proc gets released making the\nref->proc now a dangling pointer. Later on, ref->node is closed and we\nattempt to take spin_lock(&ref->proc->inner_lock), which leads to the\nuse-after-free bug reported below. Let's fix this by cleaning up the\nfailed reference on the spot instead of relying on the target to do so.\n\n ==================================================================\n BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150\n Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590\n\n CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10\n Hardware name: linux,dummy-virt (DT)\n Workqueue: events binder_deferred_func\n Call trace:\n dump_backtrace.part.0+0x1d0/0x1e0\n show_stack+0x18/0x70\n dump_stack_lvl+0x68/0x84\n print_report+0x2e4/0x61c\n kasan_report+0xa4/0x110\n kasan_check_range+0xfc/0x1a4\n __kasan_check_write+0x3c/0x50\n _raw_spin_lock+0xa8/0x150\n binder_deferred_func+0x5e0/0x9b0\n process_one_work+0x38c/0x5f0\n worker_thread+0x9c/0x694\n kthread+0x188/0x190\n ret_from_fork+0x10/0x20" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: arreglo UAF de ref->proc causado por condici\u00f3n de ejecuci\u00f3n Una transacci\u00f3n de tipo BINDER_TYPE_WEAK_HANDLE puede fallar al incrementar la referencia para un nodo. En este caso, el proc objetivo normalmente libera la referencia fallida al cerrar como se espera. Sin embargo, si el objetivo est\u00e1 muriendo en paralelo la llamada competir\u00e1 con binder_deferred_release(), por lo que el objetivo podr\u00eda haber liberado todas sus referencias por ahora dejando la limpieza de la nueva referencia fallida sin manejar. La transacci\u00f3n entonces termina y el proc objetivo se libera haciendo que ref->proc ahora sea un puntero colgante. M\u00e1s tarde, ref->node se cierra e intentamos tomar spin_lock(&ref->proc->inner_lock), lo que lleva al error de Use-After-Free reportado a continuaci\u00f3n. Vamos a arreglar esto limpiando la referencia fallida en el acto en lugar de depender de que el objetivo lo haga. ====================================================================== ERROR: KASAN: Use-After-Free en _raw_spin_lock+0xa8/0x150 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff5ca207094238 por la tarea kworker/1:0/590 CPU: 1 PID: 590 Comm: kworker/1:0 No contaminado 5.19.0-rc8 #10 Nombre del hardware: linux,dummy-virt (DT) Cola de trabajo: eventos binder_deferred_func Rastreo de llamadas: dump_backtrace.part.0+0x1d0/0x1e0 show_stack+0x18/0x70 dump_stack_lvl+0x68/0x84 print_report+0x2e4/0x61c kasan_report+0xa4/0x110 kasan_check_range+0xfc/0x1a4 __kasan_check_write+0x3c/0x50 _raw_spin_lock+0xa8/0x150 binder_deferred_func+0x5e0/0x9b0 process_one_work+0x38c/0x5f0 worker_thread+0x9c/0x694 kthread+0x188/0x190 ret_from_fork+0x10/0x20 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json index 1853fc0e32b..2ce296e557d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49940.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n \n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: a\u00f1adir comprobaci\u00f3n de validez para gsm->receive en gsm_receive_buf(). Se puede producir una desreferencia de puntero nulo al intentar acceder a la funci\u00f3n \"gsm->receive()\" en gsmld_receive_buf(). Actualmente, el c\u00f3digo asume que gsm->recieve solo se llama despu\u00e9s de la activaci\u00f3n del MUX. Dado que se puede acceder a la funci\u00f3n gsmld_receive_buf() sin necesidad de inicializar el MUX, esta funci\u00f3n no se activar\u00e1 y se producir\u00e1 una desreferencia de puntero nulo. Para solucionar esto, se debe evitar la llamada a \"gsm->receive()\" si la funci\u00f3n no se inicializa mediante una comprobaci\u00f3n de validez. Rastreo de llamadas: gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861 tiocsti drivers/tty/tty_io.c:2293 [en l\u00ednea] tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:870 [en l\u00ednea] __se_sys_ioctl fs/ioctl.c:856 [en l\u00ednea] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json index e83e57d4d5b..5d9b1b597ae 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49942.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel \"switch\"\nannouncement doesn't make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: No finalizar la CSA en modo IBSS si el estado es desconectado. Cuando no estamos conectados a un canal, enviar el anuncio de cambio de canal no tiene sentido. En ese caso, la lista BSS est\u00e1 vac\u00eda. Esto provoca que se omita el bucle for en cfg80211_get_bss(), por lo que la funci\u00f3n devuelve NULL (consulte la l\u00ednea 1424 de net/wireless/scan.c), lo que provoca la activaci\u00f3n de WARN_ON() en ieee80211_ibss_csa_beacon() (consulte la l\u00ednea 500 de net/mac80211/ibss.c), lo que se inform\u00f3 en el panel de control de syzkaller. Por lo tanto, se debe comprobar si existe una conexi\u00f3n antes de generar la baliza CSA en ieee80211_ibss_finish_csa()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json index 316cf52de95..d72d0743477 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49943.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation. In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (kn->active#4){++++}-{0:0}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __kernfs_remove+0x268/0x380\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kernfs_remove_by_name_ns+0x58/0xac\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sysfs_remove_file_ns+0x18/0x24\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_del+0x15c/0x440\n\n-> #2 (device_links_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_link_remove+0x3c/0xa0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 _regulator_put.part.0+0x168/0x190\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_put+0x3c/0x54\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 devm_regulator_release+0x14/0x20\n\n-> #1 (regulator_list_mutex){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_lock_dependent+0x54/0x284\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_enable+0x34/0x80\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 phy_power_on+0x24/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __dwc2_lowlevel_hw_enable+0x100/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_lowlevel_hw_enable+0x18/0x40\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_hsotg_udc_start+0x6c/0x2f0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 gadget_bind_driver+0x124/0x1f4\n\n-> #0 (udc_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __lock_acquire+0x1298/0x20cc\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire.part.0+0xe0/0x230\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc->driver along with a few other\nthings. As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's ->bind or ->unbind\nroutine, or while a UDC is being started or stopped. (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' ->disconnect callbacks are problematic. Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the ->bind callback is invoked. If a disconnect occurred\nduring that window, we could call the driver's ->disconnect routine\nbefore its ->bind routine. To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver. This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this. Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc->driver at arbitrary times since it is a\nsysfs callback. The solution here is to acquire the gadget's device\nlock rather than the udc_mutex. Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc->driver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc->driver. The missing lock and\nunlock calls are added." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: gadget: Se corrige una oscura violaci\u00f3n de lockdep para udc_mutex. Una confirmaci\u00f3n reciente que expandi\u00f3 el alcance del mutex udc_lock en el n\u00facleo del gadget logr\u00f3 causar una oscura y ligeramente extra\u00f1a violaci\u00f3n de lockdep. En forma abreviada: ======================================================== ADVERTENCIA: posible dependencia de bloqueo circular detectada 5.19.0-rc7+ #12510 No contaminado ------------------------------------------------------ udevadm/312 est\u00e1 intentando adquirir el bloqueo: ffff80000aae1058 (udc_lock){+.+.}-{3:3}, en: usb_udc_uevent+0x54/0xe0 pero la tarea ya tiene el bloqueo: ffff000002277548 (kn->active#4){++++}-{0:0}, en: kernfs_seq_start+0x34/0xe0 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -> #3 (kn->active#4){++++}-{0:0}: lock_acquire+0x68/0x84 __kernfs_remove+0x268/0x380 kernfs_remove_by_name_ns+0x58/0xac sysfs_remove_file_ns+0x18/0x24 device_del+0x15c/0x440 -> #2 (device_links_lock){+.+.}-{3:3}: lock_acquire+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 device_link_remove+0x3c/0xa0 _regulator_put.part.0+0x168/0x190 regulator_put+0x3c/0x54 devm_regulator_release+0x14/0x20 -> #1 (mutex_lista_regulador){+.+.}-{3:3}: adquisici\u00f3n_bloqueo+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 regulator_lock_dependent+0x54/0x284 regulator_enable+0x34/0x80 phy_power_on+0x24/0x130 __dwc2_lowlevel_hw_enable+0x100/0x130 dwc2_lowlevel_hw_enable+0x18/0x40 dwc2_hsotg_udc_start+0x6c/0x2f0 gadget_bind_driver+0x124/0x1f4 -> #0 (udc_lock){+.+.}-{3:3}: __lock_acquire+0x1298/0x20cc lock_acquire.part.0+0xe0/0x230 lock_acquire+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 usb_udc_uevent+0x54/0xe0 Evidentemente, esto se debi\u00f3 a que el alcance de udc_mutex era demasiado grande. El mutex solo protege udc->driver, entre otras cosas. Hasta donde s\u00e9, no hay raz\u00f3n para que el mutex se mantenga mientras el n\u00facleo del gadget llama a la rutina ->bind o ->unbind de un controlador de gadget, ni mientras se inicia o detiene un UDC. (Esto explica el enlace n.\u00ba 1 de la cadena anterior, donde el mutex se mantiene mientras se inicia dwc2_hsotg_udc como parte del sondeo del controlador). Las devoluciones de llamada ->disconnect de los controladores de gadget son problem\u00e1ticas. Aunque usb_gadget_disconnect() ahora adquirir\u00e1 el udc_mutex, existe un margen en usb_gadget_bind_driver() entre el momento en que se libera el mutex y se invoca la devolucion de llamada ->bind. Si se produjera una desconexi\u00f3n durante ese margen, podr\u00edamos llamar a la rutina ->disconnect del controlador antes que a su rutina ->bind. Para evitarlo, ser\u00e1 necesario impedir que un UDC se conecte mientras no tenga un controlador de gadget. Esto ya deber\u00eda estar hecho, pero no parece estarlo; actualmente, usb_gadget_connect() no lo comprueba. Esta comprobaci\u00f3n deber\u00e1 a\u00f1adirse m\u00e1s adelante. Se requiere cierto grado de exclusi\u00f3n mutua en soft_connect_store(), que puede desreferenciar udc->driver en cualquier momento, ya que es una devoluci\u00f3n de llamada de sysfs. La soluci\u00f3n es adquirir el bloqueo del dispositivo del gadget en lugar del udc_mutex. Dado que el n\u00facleo del controlador garantiza que el bloqueo del dispositivo se mantenga siempre durante la vinculaci\u00f3n y desvinculaci\u00f3n del controlador, esto har\u00e1 que los accesos en soft_connect_store() sean mutuamente excluyentes con cualquier cambio en udc->driver. Por \u00faltimo, resulta que hay un lugar que deber\u00eda contener el udc_mutex, pero actualmente no lo hace: la rutina function_show() necesita protecci\u00f3n mientras desreferencia udc->driver. Se a\u00f1aden las llamadas de bloqueo y desbloqueo que faltan." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json index 6f2053ffcfe..44ffae83334 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49944.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: typec: ucsi: add a common function ucsi_unregister_connectors()\"\n\nThe recent commit 87d0e2f41b8c (\"usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()\") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs. It's a\nstale sysfs entry that should have been removed but remains with NULL\nops. The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"usb: typec: ucsi: a\u00f1adir una funci\u00f3n com\u00fan ucsi_unregister_connectors()\". La reciente confirmaci\u00f3n 87d0e2f41b8c (\"usb: typec: ucsi: a\u00f1adir una funci\u00f3n com\u00fan ucsi_unregister_connectors()\") introdujo una regresi\u00f3n que provocaba una desreferencia nula al leer el archivo sysfs de la fuente de alimentaci\u00f3n. Se trata de una entrada obsoleta del archivo sysfs que deber\u00eda haberse eliminado, pero que permanece con operaciones nulas. el commit modific\u00f3 la gesti\u00f3n de errores para omitir las entradas despu\u00e9s de un comando con->wq nulo, lo que deja el dispositivo de alimentaci\u00f3n sin liberar. Para solucionar la regresi\u00f3n, se aplica la reversi\u00f3n directa. Se pueden realizar mejoras de c\u00f3digo desde cero." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json index 0d8e413a0aa..c1fffc4617b 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49945.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (gpio-fan) Fix array out of bounds access\n\nThe driver does not check if the cooling state passed to\ngpio_fan_set_cur_state() exceeds the maximum cooling state as\nstored in fan_data->num_speeds. Since the cooling state is later\nused as an array index in set_fan_speed(), an array out of bounds\naccess can occur.\nThis can be exploited by setting the state of the thermal cooling device\nto arbitrary values, causing for example a kernel oops when unavailable\nmemory is accessed this way.\n\nExample kernel oops:\n[ 807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064\n[ 807.987369] Mem abort info:\n[ 807.987398] ESR = 0x96000005\n[ 807.987428] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 807.987477] SET = 0, FnV = 0\n[ 807.987507] EA = 0, S1PTW = 0\n[ 807.987536] FSC = 0x05: level 1 translation fault\n[ 807.987570] Data abort info:\n[ 807.987763] ISV = 0, ISS = 0x00000005\n[ 807.987801] CM = 0, WnR = 0\n[ 807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000\n[ 807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[ 807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G C 5.15.56-v8+ #1575\n[ 807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[ 807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.988691] sp : ffffffc008cf3bd0\n[ 807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000\n[ 807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920\n[ 807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c\n[ 807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000\n[ 807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70\n[ 807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c\n[ 807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009\n[ 807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8\n[ 807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060\n[ 807.989084] Call trace:\n[ 807.989091] set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.989113] gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.989199] cur_state_store+0x84/0xd0\n[ 807.989221] dev_attr_store+0x20/0x38\n[ 807.989262] sysfs_kf_write+0x4c/0x60\n[ 807.989282] kernfs_fop_write_iter+0x130/0x1c0\n[ 807.989298] new_sync_write+0x10c/0x190\n[ 807.989315] vfs_write+0x254/0x378\n[ 807.989362] ksys_write+0x70/0xf8\n[ 807.989379] __arm64_sys_write+0x24/0x30\n[ 807.989424] invoke_syscall+0x4c/0x110\n[ 807.989442] el0_svc_common.constprop.3+0xfc/0x120\n[ 807.989458] do_el0_svc+0x2c/0x90\n[ 807.989473] el0_svc+0x24/0x60\n[ 807.989544] el0t_64_sync_handler+0x90/0xb8\n[ 807.989558] el0t_64_sync+0x1a0/0x1a4\n[ 807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416)\n[ 807.989627] ---[ end t\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (gpio-fan) Correcci\u00f3n de acceso fuera de los l\u00edmites a una matriz. El controlador no comprueba si el estado de refrigeraci\u00f3n transferido a gpio_fan_set_cur_state() supera el estado de refrigeraci\u00f3n m\u00e1ximo almacenado en fan_data->num_speeds. Dado que el estado de refrigeraci\u00f3n se utiliza posteriormente como \u00edndice de matriz en set_fan_speed(), puede producirse un acceso fuera de los l\u00edmites a una matriz. Esto se puede explotar configurando el estado del dispositivo de refrigeraci\u00f3n t\u00e9rmica con valores arbitrarios, lo que provoca, por ejemplo, un error en el kernel al acceder a memoria no disponible de esta forma. Ejemplo de error de kernel: [807.987276] No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual ffffff80d0588064 [807.987369] Informaci\u00f3n de aborto de memoria: [807.987398] ESR = 0x96000005 [807.987428] EC = 0x25: DABT (EL actual), IL = 32 bits [807.987477] SET = 0, FnV = 0 [807.987507] EA = 0, S1PTW = 0 [807.987536] FSC = 0x05: error de traducci\u00f3n de nivel 1 [807.987570] Informaci\u00f3n de aborto de datos: [ 807.987398] ESR = 0x96000005 [ 807.987428] EC = 0x25: DABT (current EL), IL = 32 bits [ 807.987477] SET = 0, FnV = 0 [ 807.987507] EA = 0, S1PTW = 0 [ 807.987536] FSC = 0x05: level 1 translation fault [ 807.987570] Data abort info: [ 807.987763] ISV = 0, ISS = 0x00000005 [ 807.987801] CM = 0, WnR = 0 [ 807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000 [ 807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G C 5.15.56-v8+ #1575 [ 807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan] [ 807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan] [ 807.988691] sp : ffffffc008cf3bd0 [ 807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000 [ 807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920 [ 807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c [ 807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000 [ 807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70 [ 807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c [ 807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009 [ 807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8 [ 807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060 [ 807.989084] Call trace: [ 807.989091] set_fan_speed.part.5+0x34/0x80 [gpio_fan] [ 807.989113] gpio_fan_set_cur_state+0x34/0x50 [gpio_fan] [ 807.989199] cur_state_store+0x84/0xd0 [ 807.989221] dev_attr_store+0x20/0x38 [ 807.989262] sysfs_kf_write+0x4c/0x60 [ 807.989282] kernfs_fop_write_iter+0x130/0x1c0 [ 807.989298] new_sync_write+0x10c/0x190 [ 807.989315] vfs_write+0x254/0x378 [ 807.989362] ksys_write+0x70/0xf8 [ 807.989379] __arm64_sys_write+0x24/0x30 [ 807.989424] invoke_syscall+0x4c/0x110 [ 807.989442] ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json index 150a47820fe..d94ed58afa8 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49946.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Prevent out-of-bounds access\n\nThe while loop in raspberrypi_discover_clocks() relies on the assumption\nthat the id of the last clock element is zero. Because this data comes\nfrom the Videocore firmware and it doesn't guarantuee such a behavior\nthis could lead to out-of-bounds access. So fix this by providing\na sentinel element." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: bcm: rpi: Impedir acceso fuera de los l\u00edmites. El bucle while en raspberrypi_discover_clocks() asume que el ID del \u00faltimo elemento de reloj es cero. Dado que estos datos provienen del firmware de Videocore y no garantizan dicho comportamiento, esto podr\u00eda provocar un acceso fuera de los l\u00edmites. Para solucionarlo, se debe proporcionar un elemento centinela." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json index ab182108e45..e5b7ec1352e 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49947.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix alloc->vma_vm_mm null-ptr dereference\n\nSyzbot reported a couple issues introduced by commit 44e602b4e52f\n(\"binder_alloc: add missing mmap_lock calls when using the VMA\"), in\nwhich we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not\nbeen initialized yet.\n\nThis can happen if a binder_proc receives a transaction without having\npreviously called mmap() to setup the binder_proc->alloc space in [1].\nAlso, a similar issue occurs via binder_alloc_print_pages() when we try\nto dump the debugfs binder stats file in [2].\n\nSample of syzbot's crash report:\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\n CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0\n syz-executor229[3755] cmdline: ./syz-executor2294415195\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923\n [...]\n Call Trace:\n \n lock_acquire kernel/locking/lockdep.c:5666 [inline]\n lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631\n down_read+0x98/0x450 kernel/locking/rwsem.c:1499\n mmap_read_lock include/linux/mmap_lock.h:117 [inline]\n binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline]\n binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593\n binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199\n binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986\n binder_ioctl_write_read drivers/android/binder.c:5036 [inline]\n binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n ==================================================================\n\nFix these issues by setting up alloc->vma_vm_mm pointer during open()\nand caching directly from current->mm. This guarantees we have a valid\nreference to take the mmap_lock during scenarios described above.\n\n[1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459\n[2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: correcci\u00f3n de la desreferencia alloc->vma_vm_mm null-ptr. Syzbot inform\u00f3 de un par de problemas introducidos por el commit 44e602b4e52f (\"binder_alloc: a\u00f1adir llamadas mmap_lock faltantes al usar la VMA\"), en el que se intenta adquirir mmap_lock cuando alloc->vma_vm_mm a\u00fan no se ha inicializado. Esto puede ocurrir si un binder_proc recibe una transacci\u00f3n sin haber llamado previamente a mmap() para configurar el espacio binder_proc->alloc en [1]. Adem\u00e1s, se produce un problema similar mediante binder_alloc_print_pages() al intentar volcar el archivo de estad\u00edsticas de binder debugfs en [2]. Ejemplo de informe de fallos de syzbot: ======================================================================= KASAN: null-ptr-deref en el rango [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 3755 Comm: syz-executor229 No contaminado 6.0.0-rc1-next-20220819-syzkaller #0 syz-executor229[3755] cmdline: ./syz-executor2294415195 Nombre del hardware: Google Google Compute Engine/Google Compute Motor, BIOS Google 22/07/2022 RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923 [...] Rastreo de llamadas: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593 binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199 binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986 binder_ioctl_write_read drivers/android/binder.c:5036 [inline] binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] ================================================================== Solucione estos problemas configurando el puntero alloc->vma_vm_mm durante la operaci\u00f3n open() y almacenando en cach\u00e9 directamente desde current->mm. Esto garantiza una referencia v\u00e1lida para tomar mmap_lock en los escenarios descritos anteriormente.. [1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459 [2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json index 67bfdc03a54..ecfabf85988 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49948.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: Clear selection before changing the font\n\nWhen changing the console font with ioctl(KDFONTOP) the new font size\ncan be bigger than the previous font. A previous selection may thus now\nbe outside of the new screen size and thus trigger out-of-bounds\naccesses to graphics memory if the selection is removed in\nvc_do_resize().\n\nPrevent such out-of-memory accesses by dropping the selection before the\nvarious con_font_set() console handlers are called." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vt: Borrar la selecci\u00f3n antes de cambiar la fuente. Al cambiar la fuente de la consola con ioctl(KDFONTOP), el nuevo tama\u00f1o de fuente puede ser mayor que el anterior. Por lo tanto, una selecci\u00f3n anterior podr\u00eda quedar fuera del nuevo tama\u00f1o de pantalla y, por lo tanto, provocar accesos fuera de los l\u00edmites a la memoria gr\u00e1fica si se elimina la selecci\u00f3n en vc_do_resize(). Para evitar estos accesos fuera de memoria, elimine la selecci\u00f3n antes de llamar a los controladores de consola con_font_set()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json index 62872901d40..b2caae7fb66 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49949.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix memory leak in firmware upload\n\nIn the case of firmware-upload, an instance of struct fw_upload is\nallocated in firmware_upload_register(). This data needs to be freed\nin fw_dev_release(). Create a new fw_upload_free() function in\nsysfs_upload.c to handle the firmware-upload specific memory frees\nand incorporate the missing kfree call for the fw_upload structure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware_loader: Se corrige una fuga de memoria durante la carga de firmware. En la carga de firmware, se asigna una instancia de la estructura fw_upload en firmware_upload_register(). Estos datos deben liberarse en fw_dev_release(). Cree una nueva funci\u00f3n fw_upload_free() en sysfs_upload.c para gestionar las liberaciones de memoria espec\u00edficas de la carga de firmware e incorpore la llamada kfree que falta para la estructura fw_upload." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json index 42da389a2b2..42c2d654aba 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49950.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on open\n\nThe probe session-duplication overflow check incremented the session\ncount also when there were no more available sessions so that memory\nbeyond the fixed-size slab-allocated session array could be corrupted in\nfastrpc_session_alloc() on open()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corrige corrupci\u00f3n de memoria al abrir La comprobaci\u00f3n de desbordamiento de duplicaci\u00f3n de sesi\u00f3n de la sonda increment\u00f3 el recuento de sesiones tambi\u00e9n cuando no hab\u00eda m\u00e1s sesiones disponibles, de modo que la memoria m\u00e1s all\u00e1 de la matriz de sesiones asignadas en bloques de tama\u00f1o fijo pod\u00eda corromperse en fastrpc_session_alloc() al abrir()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json index c071346e941..271d6ea45c2 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49951.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix use-after-free during unregister\n\nIn the following code within firmware_upload_unregister(), the call to\ndevice_unregister() could result in the dev_release function freeing the\nfw_upload_priv structure before it is dereferenced for the call to\nmodule_put(). This bug was found by the kernel test robot using\nCONFIG_KASAN while running the firmware selftests.\n\n device_unregister(&fw_sysfs->dev);\n module_put(fw_upload_priv->module);\n\nThe problem is fixed by copying fw_upload_priv->module to a local variable\nfor use when calling device_unregister()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware_loader: Se corrige el error \"use-after-free\" durante la anulaci\u00f3n del registro. En el siguiente c\u00f3digo, dentro de firmware_upload_unregister(), la llamada a device_unregister() podr\u00eda provocar que la funci\u00f3n dev_release libere la estructura fw_upload_priv antes de que se desreferenciara para la llamada a module_put(). Este error fue detectado por el robot de pruebas del kernel mediante CONFIG_KASAN al ejecutar las autopruebas del firmware. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); El problema se corrige copiando fw_upload_priv->module a una variable local para su uso al llamar a device_unregister()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json index c637d07912a..a6ba5e780ec 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49952.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on probe\n\nAdd the missing sanity check on the probed-session count to avoid\ncorrupting memory beyond the fixed-size slab-allocated session array\nwhen there are more than FASTRPC_MAX_SESSIONS sessions defined in the\ndevicetree." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: corregir corrupci\u00f3n de memoria en la sonda Agregue la verificaci\u00f3n de cordura faltante en el recuento de sesiones sondeadas para evitar corromper la memoria m\u00e1s all\u00e1 de la matriz de sesiones asignadas por bloques de tama\u00f1o fijo cuando hay m\u00e1s de FASTRPC_MAX_SESSIONS sesiones definidas en el \u00e1rbol de dispositivos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json index a67f0b119da..4bc42ccb7ce 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49953.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: cm3605: Fix an error handling path in cm3605_probe()\n\nThe commit in Fixes also introduced a new error handling path which should\ngoto the existing error handling path.\nOtherwise some resources leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: light: cm3605: Se corrige una ruta de gesti\u00f3n de errores en cm3605_probe(). El commit en Fixes (correcciones) tambi\u00e9n introdujo una nueva ruta de gesti\u00f3n de errores que deber\u00eda enlazar con la ruta de gesti\u00f3n de errores existente. De lo contrario, se producir\u00edan fugas de recursos.\n" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json index a6dc633f4d2..a1a7b830ddf 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49954.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 (\"Input:\niforce - wait for command completion when closing the device\") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: iforce - reactivar tras borrar el indicador IFORCE_XMIT_RUNNING. syzbot informa que la tarea est\u00e1 bloqueada en __input_unregister_device() [1], ya que iforce_close() espera en wait_event_interruptible() con dev->mutex retenido, lo que bloquea input_disconnect_device() desde __input_unregister_device(). Parece que la causa es simplemente que el commit c2b27ef672992a20 (\"Entrada: iforce - esperar a que se complete el comando al cerrar el dispositivo\") olvid\u00f3 llamar a wake_up() despu\u00e9s de clear_bit(). Se soluciona este problema mediante un asistente que llame a clear_bit() seguido de wake_up_all()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json index a019c71a1d0..72e7fd677e3 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49955.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0x2fff01a8\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207\n NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)\n MSR: 0000000008001002 CR: 00000000 XER: 20000000\n ...\n NIP 0x2fff01a8\n LR 0x32608\n Call Trace:\n 0xc00000000143c5f8 (unreliable)\n .rtas_call+0x224/0x320\n .rtas_get_boot_time+0x70/0x150\n .read_persistent_clock64+0x114/0x140\n .read_persistent_wall_and_boot_offset+0x24/0x80\n .timekeeping_init+0x40/0x29c\n .start_kernel+0x674/0x8f0\n start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/rtas: Correcci\u00f3n del manejo de MSR[HV] de RTAS para Cell. Los cambios recientes en el manejo de MSR al ingresar RTAS (firmware) provocan bloqueos en las m\u00e1quinas IBM Cell. Ejemplo de rastreo: el kernel intent\u00f3 ejecutar la p\u00e1gina de usuario (2fff01a8): \u00bfintento de explotaci\u00f3n? (uid: 0) ERROR: No se puede controlar la obtenci\u00f3n de instrucciones del n\u00facleo Direcci\u00f3n de instrucci\u00f3n err\u00f3nea: 0x2fff01a8 Oops: Acceso del n\u00facleo al \u00e1rea defectuosa, firma: 11 [#1] BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 M\u00f3dulos de celda NUMA vinculados: CPU: 0 PID: 0 Comm: swapper/0 Contaminado: GW 6.0.0-rc2-00433-gede0a8d3307a #207 NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 000000000000000 REGS: c0000000015236b0 TRAP: 0400 Contaminado: GW (6.0.0-rc2-00433-gede0a8d3307a) MSR: 0000000008001002 CR: 00000000 XER: 20000000 ... NIP 0x2fff01a8 LR 0x32608 Rastreo de llamadas: 0xc00000000143c5f8 (no confiable) .rtas_call+0x224/0x320 .rtas_get_boot_time+0x70/0x150 .read_persistent_clock64+0x114/0x140 .read_persistent_wall_and_boot_offset+0x24/0x80 .timekeeping_init+0x40/0x29c A diferencia de las plataformas PAPR, donde RTAS solo se usa en hu\u00e9spedes, en las m\u00e1quinas IBM Cell, Linux se ejecuta con MSR[HV] activado, pero tambi\u00e9n usa RTAS, proporcionado por SLOF. Para solucionarlo, copie el bit MSR[HV] del valor MSR que acabamos de leer con mfmsr al valor usado para RTAS. Parece que tambi\u00e9n podr\u00edamos solucionarlo usando un #ifdef CELL para activar MSR[HV], pero esto no funciona, ya que es posible crear una \u00fanica imagen de kernel que funcione tanto en Cell nativo como en pseries." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json index 04a22e88570..94e9c6ea2cd 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49956.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix use after free bugs\n\n_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()\nfunctions don't do anything except free the \"pcmd\" pointer. It\nresults in a use after free. Delete them." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: rtl8712: se corrige el error \"use after free\". Las devoluciones de llamada _Read/Write_MACREG son nulas, por lo que las funciones read/write_macreg_hdl() solo liberan el puntero \"pcmd\". Esto genera un error \"use after free\". Elim\u00ednelas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json index e95681fa890..a61c0e5130f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49957.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kcm: correcci\u00f3n del orden y la limpieza de strp_init(). strp_init() se llama solo unas l\u00edneas por encima de la comprobaci\u00f3n csk->sk_user_data; tambi\u00e9n inicializa strp->work, etc., por lo que no es necesario llamar a strp_done() para cancelar el trabajo reci\u00e9n inicializado. Si KCM ya utiliza sk_user_data, no se debe modificar psock->strp, en particular el estado strp->work, por lo que es necesario mover strp_init() despu\u00e9s de la comprobaci\u00f3n csk->sk_user_data. Esto tambi\u00e9n elimina la advertencia de lockdep reportada por syzbot." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json index 2054ac0d689..7b49e97755b 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49958.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix netdevice reference leaks in attach_default_qdiscs()\n\nIn attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails\nto attach qdisc because there is no memory in attach_one_default_qdisc().\nThen dev->qdisc will be noop_qdisc by default. But the other queues may be\nable to successfully attach to default qdisc.\n\nIn this case, the fallback to noqueue process will be triggered. If the\noriginal attached qdisc is not released and a new one is directly\nattached, this will cause netdevice reference leaks.\n\nThe following is the bug log:\n\nveth0: default qdisc (fq_codel) fail, fallback to noqueue\nunregister_netdevice: waiting for veth0 to become free. Usage count = 32\nleaked reference.\n qdisc_alloc+0x12e/0x210\n qdisc_create_dflt+0x62/0x140\n attach_one_default_qdisc.constprop.41+0x44/0x70\n dev_activate+0x128/0x290\n __dev_open+0x12a/0x190\n __dev_change_flags+0x1a2/0x1f0\n dev_change_flags+0x23/0x60\n do_setlink+0x332/0x1150\n __rtnl_newlink+0x52f/0x8e0\n rtnl_newlink+0x43/0x70\n rtnetlink_rcv_msg+0x140/0x3b0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1bb/0x290\n netlink_sendmsg+0x37c/0x4e0\n sock_sendmsg+0x5f/0x70\n ____sys_sendmsg+0x208/0x280\n\nFix this bug by clearing any non-noop qdiscs that may have been assigned\nbefore trying to re-attach." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: corrige fugas de referencia de netdevice en attached_default_qdiscs() En attached_default_qdiscs(), si un dev tiene varias colas y la cola 0 no puede adjuntar qdisc porque no hay memoria en attached_one_default_qdisc(). Entonces dev->qdisc ser\u00e1 noop_qdisc por defecto. Pero las otras colas pueden ser capaces de adjuntar con \u00e9xito a la qdisc predeterminada. En este caso, se activar\u00e1 el proceso de retorno a noqueue. Si la qdisc adjunta original no se libera y se adjunta una nueva directamente, esto causar\u00e1 fugas de referencia de netdevice. El siguiente es el registro de errores: veth0: falla de qdisc predeterminada (fq_codel), retorno a noqueue unregister_netdevice: esperando a que veth0 se libere. Recuento de uso = 32 referencias filtradas. qdisc_alloc+0x12e/0x210 qdisc_create_dflt+0x62/0x140 attach_one_default_qdisc.constprop.41+0x44/0x70 dev_activate+0x128/0x290 __dev_open+0x12a/0x190 __dev_change_flags+0x1a2/0x1f0 dev_change_flags+0x23/0x60 do_setlink+0x332/0x1150 __rtnl_newlink+0x52f/0x8e0 rtnl_newlink+0x43/0x70 rtnetlink_rcv_msg+0x140/0x3b0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x1bb/0x290 netlink_sendmsg+0x37c/0x4e0 sock_sendmsg+0x5f/0x70 ____sys_sendmsg+0x208/0x280 Corrija este error borrando cualquier qdisc que no sea noop que pueda haberse asignado antes de intentar volver a conectar." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json index 2c0a58522c2..8ac8782f755 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49959.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp->upcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n hex dump (first 32 bytes):\n 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8.....\n 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(...\n backtrace:\n [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0\n [<000000000187d8bd>] ovs_dp_change+0x63/0xe0\n [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380\n [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150\n [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0\n [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100\n [<000000004959cece>] genl_rcv+0x24/0x40\n [<000000004699ac7f>] netlink_unicast+0x23e/0x360\n [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0\n [<000000006f4aa380>] sock_sendmsg+0x62/0x70\n [<00000000d0068654>] ____sys_sendmsg+0x230/0x270\n [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0\n [<0000000011776020>] __sys_sendmsg+0x59/0xa0\n [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90\n [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: openvswitch: se corrige una fuga de memoria al crear una ruta de datos fallida. ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() asigna una matriz mediante kmalloc. Si por alguna raz\u00f3n new_vport() falla durante ovs_dp_cmd_new(), se debe liberar dp->upcall_portids. Se a\u00f1ade la falta de kfree. Ejemplo de Kmemleak: objeto sin referencia 0xffff88800c382500 (tama\u00f1o 64): comm \"dump_state\", pid 323, jiffies 4294955418 (edad 104.347s) volcado hexadecimal (primeros 32 bytes): 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8..... 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(... backtrace: [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0 [<000000000187d8bd>] ovs_dp_change+0x63/0xe0 [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380 [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150 [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0 [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100 [<000000004959cece>] genl_rcv+0x24/0x40 [<000000004699ac7f>] netlink_unicast+0x23e/0x360 [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0 [<000000006f4aa380>] sock_sendmsg+0x62/0x70 [<00000000d0068654>] ____sys_sendmsg+0x230/0x270 [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0 [<0000000011776020>] __sys_sendmsg+0x59/0xa0 [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90 [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json index 91d37157fe3..dae7a954a01 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49960.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[ 2.554467] Call Trace:\n[ 2.554467] \n[ 2.554467] intel_bw_init_hw+0x14a/0x434\n[ 2.554467] ? _printk+0x59/0x73\n[ 2.554467] ? _dev_err+0x77/0x91\n[ 2.554467] i915_driver_hw_probe+0x329/0x33e\n[ 2.554467] i915_driver_probe+0x4c8/0x638\n[ 2.554467] i915_pci_probe+0xf8/0x14e\n[ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[ 2.554467] pci_device_probe+0xaa/0x142\n[ 2.554467] really_probe+0x13f/0x2f4\n[ 2.554467] __driver_probe_device+0x9e/0xd3\n[ 2.554467] driver_probe_device+0x24/0x7c\n[ 2.554467] __driver_attach+0xba/0xcf\n[ 2.554467] ? driver_attach+0x1f/0x1f\n[ 2.554467] bus_for_each_dev+0x8c/0xc0\n[ 2.554467] bus_add_driver+0x11b/0x1f7\n[ 2.554467] driver_register+0x60/0xea\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] i915_init+0x2c/0xb9\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] do_one_initcall+0x12e/0x2b3\n[ 2.554467] do_initcall_level+0xd6/0xf3\n[ 2.554467] do_initcalls+0x4e/0x79\n[ 2.554467] kernel_init_freeable+0xed/0x14d\n[ 2.554467] ? rest_init+0xc1/0xc1\n[ 2.554467] kernel_init+0x1a/0x120\n[ 2.554467] ret_from_fork+0x1f/0x30\n[ 2.554467] \n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915: se corrige la desreferencia de puntero nulo. La Chromebook Asus CX550 se bloquea durante el arranque en el kernel v5.17-rc1. La causa principal es la desreferencia de puntero nulo de bi_next en tgl_get_bw_info() en drivers/gpu/drm/i915/display/intel_bw.c. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Contaminado: GU 5.17.0-rc1 Nombre del hardware: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 14/05/2021 RIP: 0010:tgl_get_bw_info+0x2de/0x510 ... [ 2.554467] Seguimiento de llamadas: [ 2.554467] [ 2.554467] intel_bw_init_hw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _dev_err+0x77/0x91 [ 2.554467] i915_driver_hw_probe+0x329/0x33e [ 2.554467] i915_driver_probe+0x4c8/0x638 [ 2.554467] i915_pci_probe+0xf8/0x14e [ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c [ 2.554467] pci_device_probe+0xaa/0x142 [ 2.554467] really_probe+0x13f/0x2f4 [ 2.554467] __driver_probe_device+0x9e/0xd3 [ 2.554467] driver_probe_device+0x24/0x7c [ 2.554467] __driver_attach+0xba/0xcf [ 2.554467] ? driver_attach+0x1f/0x1f [ 2.554467] bus_for_each_dev+0x8c/0xc0 [ 2.554467] bus_add_driver+0x11b/0x1f7 [ 2.554467] driver_register+0x60/0xea [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] i915_init+0x2c/0xb9 [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] do_one_initcall+0x12e/0x2b3 [ 2.554467] do_initcall_level+0xd6/0xf3 [ 2.554467] do_initcalls+0x4e/0x79 [ 2.554467] kernel_init_freeable+0xed/0x14d [ 2.554467] ? rest_init+0xc1/0xc1 [ 2.554467] kernel_init+0x1a/0x120 [ 2.554467] ret_from_fork+0x1f/0x30 [ 2.554467] ... P\u00e1nico del kernel - no sincroniza: Excepci\u00f3n fatal (seleccionada de el commit c247cd03898c4c43c3bce6d4014730403bc13032)" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json index 99117fe70f2..e910dd319f9 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49961.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg->precise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 :\n 0: r2 = *(u32 *)(r1 + 80)\n 1: r1 = *(u32 *)(r1 + 76)\n 2: r3 = r1\n 3: r3 += 4\n 4: if r3 > r2 goto +18 \n 5: w2 = 0\n 6: *(u32 *)(r1 + 0) = r2\n 7: r1 = *(u32 *)(r1 + 0)\n 8: r2 = 1\n 9: if w1 == 0 goto +1 \n 10: r2 = -1\n\n0000000000000058 :\n 11: r1 = 0 ll\n 13: r3 = 0\n 14: call bpf_ringbuf_reserve\n 15: if r0 == 0 goto +7 \n 16: r1 = r0\n 17: r1 += 16777215\n 18: w2 = 0\n 19: *(u8 *)(r1 + 0) = r2\n 20: r1 = r0\n 21: r2 = 0\n 22: call bpf_ringbuf_submit\n\n00000000000000b8 :\n 23: w0 = 0\n 24: exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg->precise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg->precise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Hacer mark_chain_precision para ARG_CONST_ALLOC_SIZE_OR_ZERO Los marcadores de precisi\u00f3n deben propagarse siempre que tengamos un argumento de estilo ARG_CONST_*, ya que el verificador no puede considerar que los escalares imprecisos sean equivalentes para los fines de la comprobaci\u00f3n states_equal cuando dichos argumentos refinan el valor de retorno (en este caso, establecer mem_size para PTR_TO_MEM). El mem_size resultante para el R0 se deriva del valor constante, y si el verificador poda incorrectamente los estados consider\u00e1ndolos equivalentes donde existen dichos argumentos (al ver que ambos registros tienen reg->precise como falso en regsafe), podemos terminar con programas no v\u00e1lidos que pasan el verificador que pueden hacer acceso m\u00e1s all\u00e1 de lo que deber\u00eda haber sido el mem_size correcto en ese estado explorado. Para mostrar un ejemplo concreto del problema: 0000000000000000 : 0: r2 = *(u32 *)(r1 + 80) 1: r1 = *(u32 *)(r1 + 76) 2: r3 = r1 3: r3 += 4 4: si r3 > r2 goto +18 5: w2 = 0 6: *(u32 *)(r1 + 0) = r2 7: r1 = *(u32 *)(r1 + 0) 8: r2 = 1 9: si w1 == 0 goto +1 10: r2 = -1 0000000000000058 : 11: r1 = 0 ll 13: r3 = 0 14: llamar a bpf_ringbuf_reserve 15: si r0 == 0 goto +7 16: r1 = r0 17: r1 += 16777215 18: w2 = 0 19: *(u8 *)(r1 + 0) = r2 20: r1 = r0 21: r2 = 0 22: llamar a bpf_ringbuf_submit 00000000000000b8 : 23: w0 = 0 24: salir Para el primer caso, la exploraci\u00f3n de la ejecuci\u00f3n de una sola l\u00ednea podar\u00e1 la b\u00fasqueda en insn 14 para la segunda rama de la rama insn 9, ya que se verificar\u00e1 primero utilizando r2 = -1 (UINT_MAX), mientras que como w1 en insn 9 siempre ser\u00e1 0, por lo que en tiempo de ejecuci\u00f3n no obtenemos un error por ser mayor que UINT_MAX/4 de bpf_ringbuf_reserve. El verificador durante regsafe solo ve reg->precise como falso para ambos registros r2 en ambos estados, por lo tanto, los considera iguales para fines de states_equal. Si propag\u00e1ramos marcadores precisos utilizando el soporte de retroceso, usar\u00edamos el marcado preciso para asegurarnos de que el antiguo r2 (UINT_MAX) estuviera dentro del nuevo r2 (1) y esto nunca ser\u00eda verdadero, por lo que la verificaci\u00f3n fallar\u00eda leg\u00edtimamente. El resultado final es que el acceso fuera de los l\u00edmites en la instrucci\u00f3n 19 se permitir\u00eda sin esta correcci\u00f3n. Tenga en cuenta que reg->precise siempre se establece en verdadero cuando el usuario no tiene CAP_BPF (o cuando el recuento de subprocesos es mayor que 1 (es decir, uso de cualquier funci\u00f3n est\u00e1tica o global)), por lo tanto, esto solo es un problema cuando las marcas de precisi\u00f3n deben propagarse expl\u00edcitamente (es decir, usuarios privilegiados con CAP_BPF). Se ha incluido un caso de prueba simplificado en el pr\u00f3ximo parche para evitar futuras regresiones." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json index 4773fb54b53..d9bfb3add6e 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49962.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference in remove if xHC has only one roothub\n\nThe remove path in xhci platform driver tries to remove and put both main\nand shared hcds even if only a main hcd exists (one roothub)\n\nThis causes a null pointer dereference in reboot for those controllers.\n\nCheck that the shared_hcd exists before trying to remove it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xhci: Se corrige la desreferencia de puntero nulo al eliminar si xHC solo tiene un concentrador ra\u00edz. La ruta de eliminaci\u00f3n en el controlador de la plataforma xhci intenta eliminar e instalar los discos duros principal y compartido, incluso si solo existe un disco duro principal (un concentrador ra\u00edz). Esto provoca una desreferencia de puntero nulo al reiniciar esos controladores. Compruebe que el disco duro compartido exista antes de intentar eliminarlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json index 00147cac76d..f691ce7408c 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49963.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: fix CCS handling\n\nCrucible + recent Mesa seems to sometimes hit:\n\nGEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)\n\nAnd it looks like we can also trigger this with gem_lmem_swapping, if we\nmodify the test to use slightly larger object sizes.\n\nLooking closer it looks like we have the following issues in\nmigrate_copy():\n\n - We are using plain integer in various places, which we can easily\n overflow with a large object.\n\n - We pass the entire object size (when the src is lmem) into\n emit_pte() and then try to copy it, which doesn't work, since we\n only have a few fixed sized windows in which to map the pages and\n perform the copy. With an object > 8M we therefore aren't properly\n copying the pages. And then with an object > 64M we trigger the\n GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER).\n\nSo it looks like our copy handling for any object > 8M (which is our\nCHUNK_SZ) is currently broken on DG2.\n\nTestcase: igt@gem_lmem_swapping\n(cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/ttm: correcci\u00f3n del manejo de CCS Crucible + Mesa reciente parece a veces afectar: GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER) Y parece que tambi\u00e9n podemos activar esto con gem_lmem_swapping, si modificamos la prueba para usar tama\u00f1os de objeto ligeramente mayores. Mirando m\u00e1s de cerca, parece que tenemos los siguientes problemas en migration_copy(): - Estamos usando un entero simple en varios lugares, que podemos desbordar f\u00e1cilmente con un objeto grande. - Pasamos el tama\u00f1o completo del objeto (cuando el src es lmem) a emit_pte() y luego intentamos copiarlo, lo cual no funciona, ya que solo tenemos unas pocas ventanas de tama\u00f1o fijo en las que mapear las p\u00e1ginas y realizar la copia. Con un objeto > 8M, por lo tanto, no estamos copiando correctamente las p\u00e1ginas. Y luego, con un objeto > 64M, activamos GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER). Por lo tanto, parece que nuestra gesti\u00f3n de copias para cualquier objeto > 8M (que es nuestro CHUNK_SZ) est\u00e1 actualmente inactiva en DG2. Caso de prueba: igt@gem_lmem_swapping (seleccionado de el commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json index dab6031c628..5425e982226 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49964.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n | Modules linked in:\n | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : __alloc_pages+0x74/0x314\n | lr : alloc_pages+0xe8/0x318\n | Call trace:\n | __alloc_pages+0x74/0x314\n | alloc_pages+0xe8/0x318\n | kmalloc_order_trace+0x68/0x1dc\n | __kmalloc+0x240/0x338\n | detect_cache_attributes+0xe0/0x56c\n | update_siblings_masks+0x38/0x284\n | store_cpu_topology+0x78/0x84\n | smp_prepare_cpus+0x48/0x134\n | kernel_init_freeable+0xc4/0x14c\n | kernel_init+0x2c/0x1b4\n | ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: cacheinfo: Se corrige la asignaci\u00f3n incorrecta de un valor de error con signo a unsigned fw_level. Aunque acpi_find_last_cache_level() siempre devolv\u00eda un valor con signo y el documento indica que devolver\u00e1 cualquier error causado por la falta de una tabla PPTT, nunca antes devolv\u00eda valores negativos. Sin embargo, el commit 0c80f9e165f8 (\"ACPI: PPTT: Dejar la tabla asignada para el uso en tiempo de ejecuci\u00f3n\") la modific\u00f3 devolviendo -ENOENT si no se encontraba PPTT. El valor devuelto por acpi_find_last_cache_level() se asigna entonces a unsigned fw_level. Esto provocar\u00e1 que el n\u00famero de hojas de cach\u00e9 se calcule incorrectamente como un valor enorme, lo que provocar\u00e1 la siguiente advertencia de __alloc_pages, ya que el orden ser\u00eda mayor que MAX_ORDER debido a un valor incorrecto y enorme de hojas de cach\u00e9. ADVERTENCIA: CPU: 0 PID: 1 en mm/page_alloc.c:5407 __alloc_pages+0x74/0x314 | M\u00f3dulos vinculados: | CPU: 0 PID: 1 Comm: swapper/0 No contaminado 5.19.0-10393-g7c2a8d3ac4c0 #73 | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : __alloc_pages+0x74/0x314 | lr : alloc_pages+0xe8/0x318 | Rastreo de llamadas: | __alloc_pages+0x74/0x314 | alloc_pages+0xe8/0x318 | kmalloc_order_trace+0x68/0x1dc | Corrija el mismo problema cambiando fw_level para que sea un entero con signo y devuelva el error de init_cache_level() de manera temprana en caso de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json index fb6542959e2..9fe28e18b53 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49965.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics\n\nWithout these, potential memory leak may be induced." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: agregar interfaces ->fini_xxxx faltantes para algunos ASIC SMU13. Sin estas, se puede inducir una posible p\u00e9rdida de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json index b4c912d8246..9d6f503a903 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49966.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid\n\nTo avoid any potential memory leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: agregar la interfaz ->fini_microcode faltante para Sienna Cichlid para evitar cualquier posible p\u00e9rdida de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json index ea37af20aa4..6a7ca1f6df5 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49967.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se corrige una ejecuci\u00f3n de datos en torno a bpf_jit_limit. Al leer bpf_jit_limit, se puede modificar simult\u00e1neamente mediante sysctl, WRITE_ONCE() en __do_proc_doulongvec_minmax(). El tama\u00f1o de bpf_jit_limit es grande, por lo que es necesario a\u00f1adir un par de READ_ONCE() para evitar la fragmentaci\u00f3n de la carga." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json index 6f593267fc8..0fa870d210f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49968.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n (FREE) | (USE)\n adf7242_remove | adf7242_channel\n cancel_delayed_work_sync |\n destroy_workqueue (1) | adf7242_cmd_rx\n | mod_delayed_work (2)\n |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ieee802154/adf7242: aplazar la llamada a destroy_workqueue Existe una posible condici\u00f3n de ejecuci\u00f3n (use-after-free) como la siguiente (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | La causa ra\u00edz de esta ejecuci\u00f3n es que la capa superior (ieee802154) desconoce este evento de desconexi\u00f3n y la funci\u00f3n adf7242_channel se puede llamar sin ninguna comprobaci\u00f3n. Para solucionar esto, podemos a\u00f1adir una escritura de bandera al principio de adf7242_remove y a\u00f1adir la comprobaci\u00f3n de bandera en adf7242_channel. O podemos simplemente aplazar la operaci\u00f3n destructiva como en el commit 3e0588c291d6 (\"hamradio: defer ax25 kfree after unregister_netdev\"), que permite que ieee802154_unregister_hw() gestione la sincronizaci\u00f3n. Este parche utiliza la segunda opci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json index 7c35b9ac414..0fc5822300e 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49969.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: clear optc underflow before turn off odm clock\n\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n\n[How]\nClear that if have when clock off." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: eliminar el subdesbordamiento de OPC antes de desactivar el reloj ODM [Por qu\u00e9] Tras desactivar el reloj ODM, el bit de subdesbordamiento de OPC se mantendr\u00e1 all\u00ed y la eliminaci\u00f3n no funcionar\u00e1. Necesitamos eliminarlo antes de desactivar el reloj. [C\u00f3mo] Eliminarlo si se produce al desactivar el reloj." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json index ff3749136a3..5b18a88a836 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49970.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cgroup: Fix kernel BUG in purge_effective_progs\n\nSyzkaller reported a triggered kernel BUG as follows:\n\n ------------[ cut here ]------------\n kernel BUG at kernel/bpf/cgroup.c:925!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0\n Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84\n 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48\n 8b 0c5\n RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578\n RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000\n R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00\n FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0\n Call Trace:\n \n cgroup_bpf_prog_detach+0xcc/0x100\n __sys_bpf+0x2273/0x2a00\n __x64_sys_bpf+0x17/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f68214dbcb9\n Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff8\n RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9\n RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009\n RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003\n R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20\n R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n\nRepetition steps:\n\nFor the following cgroup tree,\n\n root\n |\n cg1\n |\n cg2\n\n 1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs\n attach type is NONE or OVERRIDE.\n 2. write 1 to /proc/thread-self/fail-nth for failslab.\n 3. detach prog1 for cg1, and then kernel BUG occur.\n\nFailslab injection will cause kmalloc fail and fall back to\npurge_effective_progs. The problem is that cg2 have attached another prog,\nso when go through cg2 layer, iteration will add pos to 1, and subsequent\noperations will be skipped by the following condition, and cg will meet\nNULL in the end.\n\n `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))`\n\nThe NULL cg means no link or prog match, this is as expected, and it's not\na bug. So here just skip the no match situation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, cgroup: Se corrige el error del kernel en purge_effective_progs Syzkaller inform\u00f3 un error del kernel activado de la siguiente manera: ------------[ cortar aqu\u00ed ]------------ \u00a1Error del kernel en kernel/bpf/cgroup.c:925! C\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 194 Comm: detach No contaminado 5.19.0-14184-g69dac8e431af #8 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0 C\u00f3digo: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48 8b 0c5 RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246 RAX: 000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578 RBP: 000000000000000 R08: ffff888100ec0800 R09: 0000000000000040 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000 R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00 FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0 Rastreo de llamadas: cgroup_bpf_prog_detach+0xcc/0x100 __sys_bpf+0x2273/0x2a00 __x64_sys_bpf+0x17/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f68214dbcb9 C\u00f3digo: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff8 RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9 RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009 RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003 R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20 R13: 000000000000004 R14: 000000000000001 R15: 000055f74a1011b0 M\u00f3dulos vinculados en: ---[ fin del seguimiento 0000000000000000 ]--- Pasos de repetici\u00f3n: Para el siguiente \u00e1rbol de cgroup, root | cg1 | cg2: 1. Adjuntar prog2 a cg2 y, a continuaci\u00f3n, prog1 a cg1. El tipo de conexi\u00f3n de ambos programas bpf es NONE o OVERRIDE. 2. Escribir 1 en /proc/thread-self/fail-nth para failslab. 3. Desconectar prog1 de cg1 y, a continuaci\u00f3n, se produce un error en el n\u00facleo. La inyecci\u00f3n de failslab provocar\u00e1 un fallo en kmalloc y volver\u00e1 a purge_effective_progs. El problema radica en que cg2 ha adjuntado otro programa, por lo que, al pasar por la capa cg2, la iteraci\u00f3n a\u00f1adir\u00e1 pos a 1, y las operaciones posteriores se omitir\u00e1n por la siguiente condici\u00f3n, y cg cumplir\u00e1 con NULL al final. `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))` El cg NULL significa que no hay coincidencia de enlace o programa, esto es como se esperaba y no es un error. Por lo tanto, aqu\u00ed simplemente omita la situaci\u00f3n de no coincidencia." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json index aeafd7a85f8..6641e0f5e06 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49971.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in\nsmu_v13_0_4_init_smc_tables(), but not freed in\nsmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Se corrige una posible fuga de memoria en gpu_metrics_table. La memoria se asigna para gpu_metrics_table en smu_v13_0_4_init_smc_tables(), pero no se libera en smu_v13_0_4_fini_smc_tables(). Esto puede causar fugas de memoria; corr\u00edjalo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json index 30c1f502954..88903d463fb 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49972.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: corrige paquetes da\u00f1ados para XDP_SHARED_UMEM Corrige un problema en el modo XDP_SHARED_UMEM junto con el modo alineado donde los paquetes se corrompen para el segundo socket y cualquier socket posterior vinculado al mismo umem. En otras palabras, esto no afecta al primer socket vinculado al umem. El culpable de este error es que la inicializaci\u00f3n de las direcciones DMA para las entradas del grupo de b\u00faferes xsk pre-rellenadas no se realiz\u00f3 para ning\u00fan socket excepto el primero vinculado al umem. Solo se rellen\u00f3 la matriz lineal de direcciones DMA. Corrige esto rellenando las direcciones DMA en el grupo de b\u00faferes xsk para cada socket vinculado al mismo umem." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json index 3e69c876023..3af0df3af34 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49973.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Fix wrong last sg check in sk_msg_recvmsg()\n\nFix one kernel NULL pointer dereference as below:\n\n[ 224.462334] Call Trace:\n[ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380\n[ 224.462441] ? sock_has_perm+0x78/0xa0\n[ 224.462463] tcp_bpf_recvmsg+0x12e/0x220\n[ 224.462494] inet_recvmsg+0x5b/0xd0\n[ 224.462534] __sys_recvfrom+0xc8/0x130\n[ 224.462574] ? syscall_trace_enter+0x1df/0x2e0\n[ 224.462606] ? __do_page_fault+0x2de/0x500\n[ 224.462635] __x64_sys_recvfrom+0x24/0x30\n[ 224.462660] do_syscall_64+0x5d/0x1d0\n[ 224.462709] entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nIn commit 9974d37ea75f (\"skmsg: Fix invalid last sg check in\nsk_msg_recvmsg()\"), we change last sg check to sg_is_last(),\nbut in sockmap redirection case (without stream_parser/stream_verdict/\nskb_verdict), we did not mark the end of the scatterlist. Check the\nsk_msg_alloc, sk_msg_page_add, and bpf_msg_push_data functions, they all\ndo not mark the end of sg. They are expected to use sg.end for end\njudgment. So the judgment of '(i != msg_rx->sg.end)' is added back here." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: skmsg: Corrige la \u00faltima comprobaci\u00f3n sg incorrecta en sk_msg_recvmsg() Corrige una desreferencia de puntero NULL del kernel como se muestra a continuaci\u00f3n: [224.462334] Seguimiento de llamadas: [224.462394] __tcp_bpf_recvmsg+0xd3/0x380 [224.462441] ? syscall_trace_enter+0x1df/0x2e0 [ 224.462606] ? __do_page_fault+0x2de/0x500 [ 224.462635] __x64_sys_recvfrom+0x24/0x30 [ 224.462660] do_syscall_64+0x5d/0x1d0 [ 224.462709] entry_SYSCALL_64_after_hwframe+0x65/0xca En el commit 9974d37ea75f (\"skmsg: Corregir la \u00faltima comprobaci\u00f3n de sg no v\u00e1lida en sk_msg_recvmsg()\"), cambiamos la \u00faltima comprobaci\u00f3n de sg a sg_is_last(), pero en el caso de redirecci\u00f3n de sockmap (sin stream_parser/stream_verdict/skb_verdict), no marcamos el final de la lista de dispersi\u00f3n. Verifique las funciones sk_msg_alloc, sk_msg_page_add y bpf_msg_push_data; ninguna marca el final de sg. Se espera que usen sg.end para la determinaci\u00f3n del final. Por lo tanto, se a\u00f1ade aqu\u00ed la determinaci\u00f3n de '(i != msg_rx->sg.end)'." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json index ec6fd735c4e..c2f7fcf0a62 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49974.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: Nintendo: correcci\u00f3n de la desreferencia del puntero nulo del trabajador de rumble. Podemos desreferenciar un puntero nulo que intenta poner en cola trabajo a una cola de trabajo destruida. Si el dispositivo se desconecta, se llama a nintendo_hid_remove, lo que destruye la cola de rumble. Evite usar esa cola para aplazar el trabajo de rumble una vez que el estado del mando se establezca en JOYCON_CTLR_STATE_REMOVED. Esto elimina la desreferencia del puntero nulo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json index e1e9b618312..cd7d6d62862 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49975.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow->head is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: No redirigir paquetes con pkt_len no v\u00e1lidos. Syzbot encontr\u00f3 un problema [1]: fq_codel_drop() intenta descartar un flujo sin skbs, es decir, el flujo->head es nulo. La causa principal, como se indica en [2], es que bpf_prog_test_run_skb() ejecuta un programa bpf que redirige skbs vac\u00edos. Por lo tanto, debemos determinar si la longitud del paquete modificado por el programa bpf u otros como bpf_prog_test es v\u00e1lida antes de reenviarlo directamente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json index 03f89977c21..1fb782b7f6d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49976.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS\n\nThe x86-android-tablets handling for the Chuwi Hi8 is only necessary with\nthe Android BIOS and it is causing problems with the Windows BIOS version.\n\nSpecifically when trying to register the already present touchscreen\nx86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks\nthe working of the touchscreen and also leads to an oops:\n\n[ 14.248946] ------------[ cut here ]------------\n[ 14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00'\n[ 14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry\n...\n[ 14.249293] unregister_irq_proc+0xe0/0x100\n[ 14.249305] free_desc+0x29/0x70\n[ 14.249312] irq_free_descs+0x4b/0x80\n[ 14.249320] mp_unmap_irq+0x5c/0x60\n[ 14.249329] acpi_unregister_gsi_ioapic+0x2a/0x40\n[ 14.249338] x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets]\n[ 14.249355] x86_android_tablet_init+0x178/0xe34 [x86_android_tablets]\n\nAdd an init callback for the Chuwi Hi8, which detects when the Windows BIOS\nis in use and exits with -ENODEV in that case, fixing this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86: x86-android-tablets: Reparar la pantalla t\u00e1ctil rota en Chuwi Hi8 con BIOS de Windows El manejo de x86-android-tablets para Chuwi Hi8 solo es necesario con el BIOS de Android y est\u00e1 causando problemas con la versi\u00f3n del BIOS de Windows. Espec\u00edficamente cuando se intenta registrar la pantalla t\u00e1ctil ya presente, x86_acpi_irq_helper_get() llama a acpi_unregister_gsi(), esto interrumpe el funcionamiento de la pantalla t\u00e1ctil y tambi\u00e9n conduce a un error: [ 14.248946] ------------[ cortar aqu\u00ed ]------------ [ 14.248954] remove_proc_entry: eliminando el directorio no vac\u00edo 'irq/75', filtrando al menos 'MSSL0001:00' [ 14.248983] ADVERTENCIA: CPU: 3 PID: 440 en fs/proc/generic.c:718 remove_proc_entry ... [ 14.249293] unregister_irq_proc+0xe0/0x100 [ 14.249305] free_desc+0x29/0x70 [ 14.249312] irq_free_descs+0x4b/0x80 [ 14.249320] mp_unmap_irq+0x5c/0x60 [ 14.249329] acpi_unregister_gsi_ioapic+0x2a/0x40 [ 14.249338] x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets] [ 14.249355] x86_android_tablet_init+0x178/0xe34 [x86_android_tablets] Agregue una devoluci\u00f3n de llamada de inicio para Chuwi Hi8, que detecta cuando el BIOS de Windows est\u00e1 en uso y sale con -ENODEV en ese caso, solucionando esto." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json index ff8b9433aea..1563b319774 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49977.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead\n\nftrace_startup does not remove ops from ftrace_ops_list when\nftrace_startup_enable fails:\n\nregister_ftrace_function\n ftrace_startup\n __register_ftrace_function\n ...\n add_ftrace_ops(&ftrace_ops_list, ops)\n ...\n ...\n ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1\n ...\n return 0 // ops is in the ftrace_ops_list.\n\nWhen ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:\nunregister_ftrace_function\n ftrace_shutdown\n if (unlikely(ftrace_disabled))\n return -ENODEV; // return here, __unregister_ftrace_function is not executed,\n // as a result, ops is still in the ftrace_ops_list\n __unregister_ftrace_function\n ...\n\nIf ops is dynamically allocated, it will be free later, in this case,\nis_ftrace_trampoline accesses NULL pointer:\n\nis_ftrace_trampoline\n ftrace_ops_trampoline\n do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!\n\nSyzkaller reports as follows:\n[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b\n[ 1203.508039] #PF: supervisor read access in kernel mode\n[ 1203.508798] #PF: error_code(0x0000) - not-present page\n[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0\n[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI\n[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8\n[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0\n[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00\n[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246\n[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866\n[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b\n[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07\n[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399\n[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008\n[ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000\n[ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0\n[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nTherefore, when ftrace_startup_enable fails, we need to rollback registration\nprocess and remove ops from ftrace_ops_list." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Se corrige la desreferencia del puntero NULL en is_ftrace_trampoline cuando ftrace est\u00e1 inactivo ftrace_startup no elimina las operaciones de ftrace_ops_list cuando ftrace_startup_enable falla: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // si ftrace no se modific\u00f3, ftrace_disabled se establece en 1 ... return 0 // las operaciones est\u00e1n en ftrace_ops_list. Cuando ftrace_disabled = 1, unregister_ftrace_function simplemente regresa sin hacer nada: unregister_ftrace_function ftrace_shutdown if (unlikely(ftrace_disabled)) return -ENODEV; // regresa aqu\u00ed, __unregister_ftrace_function no se ejecuta, // como resultado, ops todav\u00eda est\u00e1 en ftrace_ops_list __unregister_ftrace_function ... Si ops se asigna din\u00e1micamente, estar\u00e1 libre m\u00e1s tarde, en este caso, is_ftrace_trampoline accede al puntero NULL: is_ftrace_trampoline ftrace_ops_trampoline do_for_each_ftrace_op(op, ftrace_ops_list) // \u00a1UPS! \u00a1op puede ser NULL! Syzkaller informa lo siguiente: [ 1203.506103] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 000000000000010b [ 1203.508039] #PF: acceso de lectura del supervisor en modo kernel [ 1203.508798] #PF: error_code(0x0000) - p\u00e1gina no presente [ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0 [ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI [ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Contaminado: GBW 5.10.0 #8 [1203.512324] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 01/04/2014 [1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0 [1203.514644] C\u00f3digo: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00 [ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246 [ 1203.520092] RAX: 000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866 [ 1203.521469] RDX: 00000000000000000 RSI: 0000000000000008 RDI: 0000000000000010b [ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07 [ 1203.523550] R10: fffffbfff1be3160 R11: 000000000000001 R12: 0000000000478399 [ 1203.524596] R13: 000000000000000 R14: ffff888145088000 R15: 0000000000000008 [ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1203.527626] CR2: 00000000000010b CR3: 0000000170e1e001 CR4: 000000000003706e0 [ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Por lo tanto, cuando ftrace_startup_enable falla, debemos revertir el proceso de registro y eliminar las operaciones de ftrace_ops_list." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json index 6eaa8aca375..c91a691d884 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49978.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var->pixclock` won't be modified. This function checks\nwhether reciprocal of `var->pixclock` is too high. If `var->pixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n \n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: fb_pm2fb: Evitar posible error de divisi\u00f3n por cero En `do_fb_ioctl()` de fbmem.c, si cmd es FBIOPUT_VSCREENINFO, var se copiar\u00e1 del usuario, luego pasar\u00e1 por `fb_set_var()` e `info->fbops->fb_check_var()` que podr\u00edan ser `pm2fb_check_var()`. A lo largo de la ruta, `var->pixclock` no se modificar\u00e1. Esta funci\u00f3n verifica si el rec\u00edproco de `var->pixclock` es demasiado alto. Si `var->pixclock` es cero, habr\u00e1 un error de divisi\u00f3n por cero. Por lo tanto, es necesario verificar si el denominador es cero para evitar un bloqueo. Como Syzkaller encontr\u00f3 este error, los registros se enumeran a continuaci\u00f3n. Error de divisi\u00f3n en el seguimiento de llamadas pm2fb_check_var: fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json index a97aa136676..75dac7b6549 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49979.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n \n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n \n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: corrige error de recuento de referencias en sk_psock_get (2) Syzkaller informa el siguiente error de recuento de referencias: ------------[ cortar aqu\u00ed ]------------ refcount_t: saturado; p\u00e9rdida de memoria. ADVERTENCIA: CPU: 1 PID: 3605 en lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19 M\u00f3dulos vinculados: CPU: 1 PID: 3605 Comm: syz-executor208 No contaminado 5.18.0-syzkaller-03023-g7e062cda7d90 #0 __refcount_add_not_zero include/linux/refcount.h:163 [en l\u00ednea] __refcount_inc_not_zero include/linux/refcount.h:227 [en l\u00ednea] refcount_inc_not_zero include/linux/refcount.h:245 [en l\u00ednea] sk_psock_get+0x3bc/0x410 incluir/linux/skmsg.h:439 tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091 tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983 tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057 tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659 tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682 sk_backlog_rcv incluir/net/sock.h:1061 [en l\u00ednea] __release_sock+0x134/0x3b0 net/core/sock.c:2849 release_sock+0x54/0x1b0 net/core/sock.c:3404 inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909 __sys_shutdown_sock net/socket.c:2331 [en l\u00ednea] __sys_shutdown_sock net/socket.c:2325 [en l\u00ednea] __sys_shutdown+0xf1/0x1b0 net/socket.c:2343 __do_sys_shutdown net/socket.c:2351 [en l\u00ednea] __se_sys_shutdown net/socket.c:2349 [en l\u00ednea] Durante el proceso de respaldo de SMC en la llamada al sistema de conexi\u00f3n, el kernel reemplaza TCP con SMC. Para reenviar la cola de espera del socket SMC de activaci\u00f3n despu\u00e9s del respaldo, el kernel establece clcsk->sk_user_data en el socket SMC de origen en smc_fback_replace_callbacks(). Posteriormente, en la llamada al sistema de apagado, el kernel llamar\u00e1 a sk_psock_get(), que trata clcsk->sk_user_data como de tipo psock, lo que activa la advertencia refcnt. Por lo tanto, la causa principal es que tanto smc como psock utilizan el campo sk_user_data, por lo que es f\u00e1cil que no coincidan con este campo. Este parche soluciona este problema utilizando otro bit (definido como SK_USER_DATA_PSOCK) en PTRMASK para indicar si sk_user_data apunta a un objeto psock. Este parche depende de una PTRMASK introducida en el commit f1ff5ce2cd5e (\"net, sk_msg: Borrar el puntero sk_user_data al clonar si est\u00e1 etiquetado\"). Dado que posiblemente haya m\u00e1s indicadores en el campo sk_user_data, este parche tambi\u00e9n refactoriza el c\u00f3digo de indicadores sk_user_data para que sea m\u00e1s gen\u00e9rico y mejore su mantenimiento." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json index 34c25642ac2..88678cb606d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49980.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc->driver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield. If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: gadget: Correcci\u00f3n de lectura de Use-After-Free en usb_udc_uevent() El analizador de vulnerabilidades syzbot encontr\u00f3 una ejecuci\u00f3n entre las devoluciones de llamadas de uevent y la anulaci\u00f3n del registro del controlador del gadget que puede causar un error de Use-After-Free: --------------------------------------------------------------- ERROR: KASAN: Use-After-Free en usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888078ce2050 por la tarea udevd/2968 CPU: 1 PID: 2968 Comm: udevd No contaminado 5.19.0-rc4-next-20220628-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 29/06/2022 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report+0xbe/0x1f0 mm/kasan/report.c:495 usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 dev_uevent+0x290/0x770 drivers/base/core.c:2424 --------------------------------------------------------------- El error ocurre porque usb_udc_uevent() desreferencia udc->driver pero lo hace sin adquirir el Mutex udc_lock, que protege este campo. Si el controlador del gadget se desvincula del udc simult\u00e1neamente con el procesamiento de uevent, se puede acceder a la estructura del controlador despu\u00e9s de su desasignaci\u00f3n. Para evitar la competencia, nos aseguramos de que la rutina mantenga el mutex en los accesos de competencia." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json index 20fd34a6ade..54d3091fa4d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49981.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hidraw: fix memory leak in hidraw_release()\n\nFree the buffered reports before deleting the list entry.\n\nBUG: memory leak\nunreferenced object 0xffff88810e72f180 (size 32):\n comm \"softirq\", pid 0, jiffies 4294945143 (age 16.080s)\n hex dump (first 32 bytes):\n 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kmemdup+0x23/0x50 mm/util.c:128\n [] kmemdup include/linux/fortify-string.h:440 [inline]\n [] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521\n [] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992\n [] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065\n [] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284\n [] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670\n [] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747\n [] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n [] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474\n [] expire_timers kernel/time/timer.c:1519 [inline]\n [] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790\n [] __run_timers kernel/time/timer.c:1768 [inline]\n [] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803\n [] __do_softirq+0xe6/0x2ea kernel/softirq.c:571\n [] invoke_softirq kernel/softirq.c:445 [inline]\n [] __irq_exit_rcu kernel/softirq.c:650 [inline]\n [] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662\n [] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106\n [] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649\n [] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]\n [] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]\n [] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]\n [] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: hidraw: corrige p\u00e9rdida de memoria en hidraw_release() Libera los informes almacenados en b\u00fafer antes de eliminar la entrada de la lista. ERROR: Fuga de memoria, objeto no referenciado 0xffff88810e72f180 (tama\u00f1o 32): comm \"softirq\", pid 0, jiffies 4294945143 (edad 16.080s) volcado hexadecimal (primeros 32 bytes): 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 00 d..j............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemdup+0x23/0x50 mm/util.c:128 [] kmemdup include/linux/fortify-string.h:440 [inline] [] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521 [] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992 [] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065 [] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284 [] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670 [] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747 [] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988 [] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474 [] expire_timers kernel/time/timer.c:1519 [inline] [] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790 [] __run_timers kernel/time/timer.c:1768 [inline] [] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803 [] __do_softirq+0xe6/0x2ea kernel/softirq.c:571 [] invoke_softirq kernel/softirq.c:445 [inline] [] __irq_exit_rcu kernel/softirq.c:650 [inline] [] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662 [] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106 [] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649 [] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] [] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] [] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] [] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json index 97750cf3182..ebe50bd89f1 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49982.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix memory leak in pvr_probe\n\nThe error handling code in pvr2_hdw_create forgets to unregister the\nv4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,\nit calls pvr2_context_destroy to destroy context, but mp->hdw is NULL,\nwhich leads to that pvr2_hdw_destroy directly returns.\n\nFix this by adding v4l2_device_unregister to decrease the refcount of\nusb interface." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: pvrusb2: se corrige una fuga de memoria en pvr_probe. El c\u00f3digo de gesti\u00f3n de errores en pvr2_hdw_create olvida anular el registro del dispositivo v4l2. Cuando pvr2_hdw_create regresa a pvr2_context_create, llama a pvr2_context_destroy para destruir el contexto, pero mp->hdw es NULL, lo que provoca que pvr2_hdw_destroy regrese directamente. Para solucionar esto, agregue v4l2_device_unregister para reducir el recuento de referencias de la interfaz USB." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json index 5f0aa3e23cf..b5b6f87e27e 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49983.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: Set the DMA mask for the udmabuf device (v2)\n\nIf the DMA mask is not set explicitly, the following warning occurs\nwhen the userspace tries to access the dma-buf via the CPU as\nreported by syzbot here:\n\nWARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188\n__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nModules linked in:\nCPU: 0 PID: 3595 Comm: syz-executor249 Not tainted\n5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nRIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nCode: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0\n83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45\n 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00\nRSP: 0018:ffffc90002a07d68 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408\nRBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f\nR10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002\nR13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000\nFS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264\n get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72\n begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126\n dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164\n dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f62fcf530f9\nCode: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9\nRDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006\nRBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n\nv2: Dont't forget to deregister if DMA mask setup fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udmabuf: Establezca la m\u00e1scara DMA para el dispositivo udmabuf (v2) Si la m\u00e1scara DMA no se establece expl\u00edcitamente, se produce la siguiente advertencia cuando el espacio de usuario intenta acceder a dma-buf a trav\u00e9s de la CPU, como lo informa syzbot aqu\u00ed: ADVERTENCIA: CPU: 1 PID: 3595 en kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 M\u00f3dulos vinculados en: CPU: 0 PID: 3595 Comm: syz-executor249 No contaminado 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 C\u00f3digo: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0 83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00 RSP: 0018:ffffc90002a07d68 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00000000000000000 RCX: 0000000000000000 RDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408 RBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f R10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002 R13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000 FS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 000000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264 get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72 begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126 dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164 dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f62fcf530f9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9 RDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006 RBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 v2: No olvide cancelar el registro si falla la configuraci\u00f3n de la m\u00e1scara DMA." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json index f3112617dc3..d375176e539 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49984.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report\n\nIt is possible for a malicious device to forgo submitting a Feature\nReport. The HID Steam driver presently makes no prevision for this\nand de-references the 'struct hid_report' pointer obtained from the\nHID devices without first checking its validity. Let's change that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: Steam: Impedir la desreferencia de puntero nulo en steam_{recv,send}_report. Es posible que un dispositivo malicioso no env\u00ede un Informe de Caracter\u00edsticas. El controlador HID Steam no prev\u00e9 esto actualmente y desreferencia el puntero 'struct hid_report' obtenido de los dispositivos HID sin verificar primero su validez. Vamos a corregir esto." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json index d893494cd1b..f76f5aac36a 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49985.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't use tnum_range on array range checking for poke descriptors\n\nHsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which\nis based on a customized syzkaller:\n\n BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0\n Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489\n CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x9c/0xc9\n print_address_description.constprop.0+0x1f/0x1f0\n ? bpf_int_jit_compile+0x1257/0x13f0\n kasan_report.cold+0xeb/0x197\n ? kvmalloc_node+0x170/0x200\n ? bpf_int_jit_compile+0x1257/0x13f0\n bpf_int_jit_compile+0x1257/0x13f0\n ? arch_prepare_bpf_dispatcher+0xd0/0xd0\n ? rcu_read_lock_sched_held+0x43/0x70\n bpf_prog_select_runtime+0x3e8/0x640\n ? bpf_obj_name_cpy+0x149/0x1b0\n bpf_prog_load+0x102f/0x2220\n ? __bpf_prog_put.constprop.0+0x220/0x220\n ? find_held_lock+0x2c/0x110\n ? __might_fault+0xd6/0x180\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_is_held_type+0xa6/0x120\n ? __might_fault+0x147/0x180\n __sys_bpf+0x137b/0x6070\n ? bpf_perf_link_attach+0x530/0x530\n ? new_sync_read+0x600/0x600\n ? __fget_files+0x255/0x450\n ? lock_downgrade+0x6e0/0x6e0\n ? fput+0x30/0x1a0\n ? ksys_write+0x1a8/0x260\n __x64_sys_bpf+0x7a/0xc0\n ? syscall_enter_from_user_mode+0x21/0x70\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f917c4e2c2d\n\nThe problem here is that a range of tnum_range(0, map->max_entries - 1) has\nlimited ability to represent the concrete tight range with the tnum as the\nset of resulting states from value + mask can result in a superset of the\nactual intended range, and as such a tnum_in(range, reg->var_off) check may\nyield true when it shouldn't, for example tnum_range(0, 2) would result in\n00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here\nrepresented by a less precise superset of {0, 1, 2, 3}. As the register is\nknown const scalar, really just use the concrete reg->var_off.value for the\nupper index check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: No use tnum_range en la comprobaci\u00f3n del rango de matriz para los descriptores de poke Hsin-Wei inform\u00f3 un splat de KASAN activado por su fuzzer de tiempo de ejecuci\u00f3n BPF que se basa en un syzkaller personalizado: ERROR: KASAN: slab-out-of-bounds en bpf_int_jit_compile+0x1257/0x13f0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888004e90b58 por la tarea syz-executor.0/1489 CPU: 1 PID: 1489 Comm: syz-executor.0 No contaminado 5.19.0 #1 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x9c/0xc9 print_address_description.constprop.0+0x1f/0x1f0 ? bpf_int_jit_compile+0x1257/0x13f0 kasan_report.cold+0xeb/0x197 ? kvmalloc_node+0x170/0x200 ? bpf_int_jit_compile+0x1257/0x13f0 bpf_int_jit_compile+0x1257/0x13f0 ? arch_prepare_bpf_dispatcher+0xd0/0xd0 ? rcu_read_lock_sched_held+0x43/0x70 bpf_prog_select_runtime+0x3e8/0x640 ? bpf_obj_name_cpy+0x149/0x1b0 bpf_prog_load+0x102f/0x2220 ? __bpf_prog_put.constprop.0+0x220/0x220 ? find_held_lock+0x2c/0x110 ? __might_fault+0xd6/0x180 ? lock_downgrade+0x6e0/0x6e0 ? lock_is_held_type+0xa6/0x120 ? __might_fault+0x147/0x180 __sys_bpf+0x137b/0x6070 ? bpf_perf_link_attach+0x530/0x530 ? new_sync_read+0x600/0x600 ? __fget_files+0x255/0x450 ? lock_downgrade+0x6e0/0x6e0 ? fput+0x30/0x1a0 ? ksys_write+0x1a8/0x260 __x64_sys_bpf+0x7a/0xc0 ? syscall_enter_from_user_mode+0x21/0x70 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f917c4e2c2d El problema aqu\u00ed es que un rango de tnum_range(0, map->max_entries - 1) tiene una capacidad limitada para representar el rango estrecho concreto con el tnum como el conjunto de estados resultantes de value + mask puede resultar en un superconjunto del rango real deseado, y como tal una comprobaci\u00f3n tnum_in(range, reg->var_off) puede dar como resultado verdadero cuando no deber\u00eda, por ejemplo tnum_range(0, 2) dar\u00eda como resultado 00XX -> v = 0000, m = 0011 de modo que el conjunto deseado de {0, 1, 2} est\u00e1 representado aqu\u00ed por un superconjunto menos preciso de {0, 1, 2, 3}. Como el registro es un escalar constante, simplemente use el valor concreto reg->var_off.value para la verificaci\u00f3n del \u00edndice superior." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json index 3c6263727a5..ab46c91ab7b 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49986.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\n\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure. Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue. In the current state it causes the following\nwarning:\n\n[ 14.506347] ------------[ cut here ]------------\n[ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n\t\t<-snip->\n[ 14.506408] Call Trace:\n[ 14.506412] __flush_work+0xf1/0x1c0\n[ 14.506414] __cancel_work_timer+0x12f/0x1b0\n[ 14.506417] ? kernfs_put+0xf0/0x190\n[ 14.506418] cancel_delayed_work_sync+0x13/0x20\n[ 14.506420] disk_block_events+0x78/0x80\n[ 14.506421] del_gendisk+0x3d/0x2f0\n[ 14.506423] sr_remove+0x28/0x70\n[ 14.506427] device_release_driver_internal+0xef/0x1c0\n[ 14.506428] device_release_driver+0x12/0x20\n[ 14.506429] bus_remove_device+0xe1/0x150\n[ 14.506431] device_del+0x167/0x380\n[ 14.506432] __scsi_remove_device+0x11d/0x150\n[ 14.506433] scsi_remove_device+0x26/0x40\n[ 14.506434] storvsc_remove_lun+0x40/0x60\n[ 14.506436] process_one_work+0x209/0x400\n[ 14.506437] worker_thread+0x34/0x400\n[ 14.506439] kthread+0x121/0x140\n[ 14.506440] ? process_one_work+0x400/0x400\n[ 14.506441] ? kthread_park+0x90/0x90\n[ 14.506443] ret_from_fork+0x35/0x40\n[ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: storvsc: Eliminar WQ_MEM_RECLAIM de storvsc_error_wq. La cola de trabajo storvsc_error_wq no debe marcarse como WQ_MEM_RECLAIM, ya que no necesita avanzar bajo presi\u00f3n de memoria. Marcar esta cola de trabajo como WQ_MEM_RECLAIM puede causar un bloqueo al vaciar una cola de trabajo que no sea WQ_MEM_RECLAIM. En el estado actual, provoca la siguiente advertencia: [ 14.506347] ------------[ cortar aqu\u00ed ]------------ [ 14.506354] cola de trabajo: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun se est\u00e1 vaciando !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn [ 14.506360] ADVERTENCIA: CPU: 0 PID: 8 en <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130 [ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 No contaminado 5.4.0-1086-azure #91~18.04.1-Ubuntu [ 14.506391] Nombre del hardware: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI versi\u00f3n v4.1 09/05/2022 [ 14.506393] Cola de trabajo: storvsc_error_wq_0 storvsc_remove_lun [ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130 <-snip-> [ 14.506408] Seguimiento de llamadas: [ 14.506412] __flush_work+0xf1/0x1c0 [ 14.506414] __cancel_work_timer+0x12f/0x1b0 [ 14.506417] ? kernfs_put+0xf0/0x190 [ 14.506418] cancel_delayed_work_sync+0x13/0x20 [ 14.506420] disk_block_events+0x78/0x80 [ 14.506421] del_gendisk+0x3d/0x2f0 [ 14.506423] sr_remove+0x28/0x70 [ 14.506427] device_release_driver_internal+0xef/0x1c0 [ 14.506428] device_release_driver+0x12/0x20 [ 14.506429] bus_remove_device+0xe1/0x150 [ 14.506431] device_del+0x167/0x380 [ 14.506432] __scsi_remove_device+0x11d/0x150 [ 14.506433] scsi_remove_device+0x26/0x40 [ 14.506434] storvsc_remove_lun+0x40/0x60 [ 14.506436] process_one_work+0x209/0x400 [ 14.506437] worker_thread+0x34/0x400 [ 14.506439] kthread+0x121/0x140 [ 14.506440] ? process_one_work+0x400/0x400 [ 14.506441] ? kthread_park+0x90/0x90 [ 14.506443] ret_from_fork+0x35/0x40 [ 14.506445] ---[ fin de seguimiento 2d9633159fdc6ee7 ]---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json index fc4d85a8b48..64b5d08b32c 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49987.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: call __md_stop_writes in md_stop\n\nFrom the link [1], we can see raid1d was running even after the path\nraid_dtr -> md_stop -> __md_stop.\n\nLet's stop write first in destructor to align with normal md-raid to\nfix the KASAN issue.\n\n[1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: llamada a __md_stop_writes en md_stop. En el enlace [1], podemos ver que raid1d se ejecutaba incluso despu\u00e9s de la ruta raid_dtr -> md_stop -> __md_stop. Primero detengamos la escritura en el destructor para alinearla con el comando md-raid normal y solucionar el problema de KASAN. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json index 08dd853f9b3..13701647f1e 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49989.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix error exit of privcmd_ioctl_dm_op()\n\nThe error exit of privcmd_ioctl_dm_op() is calling unlock_pages()\npotentially with pages being NULL, leading to a NULL dereference.\n\nAdditionally lock_pages() doesn't check for pin_user_pages_fast()\nhaving been completely successful, resulting in potentially not\nlocking all pages into memory. This could result in sporadic failures\nwhen using the related memory in user mode.\n\nFix all of that by calling unlock_pages() always with the real number\nof pinned pages, which will be zero in case pages being NULL, and by\nchecking the number of pages pinned by pin_user_pages_fast() matching\nthe expected number of pages." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/privcmd: correcci\u00f3n del error de salida de privcmd_ioctl_dm_op(). La salida de error de privcmd_ioctl_dm_op() est\u00e1 llamando a unlock_pages() potencialmente con p\u00e1ginas NULL, lo que lleva a una desreferencia NULL. Adem\u00e1s, lock_pages() no comprueba si pin_user_pages_fast() ha sido completamente exitoso, lo que resulta en que potencialmente no se bloqueen todas las p\u00e1ginas en la memoria. Esto podr\u00eda resultar en fallos espor\u00e1dicos al usar la memoria relacionada en modo de usuario. Corrija todo esto llamando a unlock_pages() siempre con el n\u00famero real de p\u00e1ginas ancladas, que ser\u00e1 cero en caso de que pages sea NULL, y comprobando que el n\u00famero de p\u00e1ginas ancladas por pin_user_pages_fast() coincida con el n\u00famero esperado de p\u00e1ginas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json index b569a5324a0..3075bd24a93 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49990.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: fix double free of GS and RI CBs on fork() failure\n\nThe pointers for guarded storage and runtime instrumentation control\nblocks are stored in the thread_struct of the associated task. These\npointers are initially copied on fork() via arch_dup_task_struct()\nand then cleared via copy_thread() before fork() returns. If fork()\nhappens to fail after the initial task dup and before copy_thread(),\nthe newly allocated task and associated thread_struct memory are\nfreed via free_task() -> arch_release_task_struct(). This results in\na double free of the guarded storage and runtime info structs\nbecause the fields in the failed task still refer to memory\nassociated with the source task.\n\nThis problem can manifest as a BUG_ON() in set_freepointer() (with\nCONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled)\nwhen running trinity syscall fuzz tests on s390x. To avoid this\nproblem, clear the associated pointer fields in\narch_dup_task_struct() immediately after the new task is copied.\nNote that the RI flag is still cleared in copy_thread() because it\nresides in thread stack memory and that is where stack info is\ncopied." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390: se corrige la doble liberaci\u00f3n de los bloques de control de instrumentaci\u00f3n de GS y RI en el fallo de fork() Los punteros para los bloques de control de instrumentaci\u00f3n de almacenamiento protegido y tiempo de ejecuci\u00f3n se almacenan en el thread_struct de la tarea asociada. Estos punteros se copian inicialmente en fork() mediante arch_dup_task_struct() y luego se borran mediante copy_thread() antes de que fork() regrese. Si fork() falla despu\u00e9s del dup de la tarea inicial y antes de copy_thread(), la tarea reci\u00e9n asignada y la memoria thread_struct asociada se liberan mediante free_task() -> arch_release_task_struct(). Esto resulta en una doble liberaci\u00f3n de las estructuras de informaci\u00f3n de almacenamiento protegido y tiempo de ejecuci\u00f3n porque los campos en la tarea fallida todav\u00eda hacen referencia a la memoria asociada con la tarea de origen. Este problema puede manifestarse como un BUG_ON() en set_freepointer() (con CONFIG_SLAB_FREELIST_HARDENED habilitado) o un error de KASAN (si est\u00e1 habilitado) al ejecutar pruebas de fuzzing de llamadas al sistema de Trinity en s390x. Para evitar este problema, borre los campos de puntero asociados en arch_dup_task_struct() inmediatamente despu\u00e9s de copiar la nueva tarea. Tenga en cuenta que el indicador RI permanece borrado en copy_thread() porque reside en la memoria de la pila de subprocesos, donde se copia la informaci\u00f3n de la pila." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json index 57ef09c28b3..69e686afc98 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49991.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte\n\nIn MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page\ncache are installed in the ptes. But hugepage_add_new_anon_rmap is called\nfor them mistakenly because they're not vm_shared. This will corrupt the\npage->mapping used by page cache code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/hugetlb: evitar la corrupci\u00f3n del mapeo de p\u00e1ginas en hugetlb_mcopy_atomic_pte. En el caso de MCOPY_ATOMIC_CONTINUE con un VMA no compartido, las p\u00e1ginas de la cach\u00e9 de p\u00e1ginas se instalan en los ptes. Sin embargo, se llama a hugepage_add_new_anon_rmap por error porque no son vm_shared. Esto corromper\u00e1 el mapeo de p\u00e1ginas utilizado por el c\u00f3digo de la cach\u00e9 de p\u00e1ginas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json index ccad946077a..fce411e6afa 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49992.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mprotect: only reference swap pfn page if type match\n\nYu Zhao reported a bug after the commit \"mm/swap: Add swp_offset_pfn() to\nfetch PFN from swap entry\" added a check in swp_offset_pfn() for swap type [1]:\n\n kernel BUG at include/linux/swapops.h:117!\n CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2\n RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0\n Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6\n c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b\n 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48\n RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282\n RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000\n RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b\n RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000\n R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738\n R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a\n FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n change_pte_range+0x36e/0x880\n change_p4d_range+0x2e8/0x670\n change_protection_range+0x14e/0x2c0\n mprotect_fixup+0x1ee/0x330\n do_mprotect_pkey+0x34c/0x440\n __x64_sys_mprotect+0x1d/0x30\n\nIt triggers because pfn_swap_entry_to_page() could be called upon e.g. a\ngenuine swap entry.\n\nFix it by only calling it when it's a write migration entry where the page*\nis used.\n\n[1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mprotect: solo hace referencia a la p\u00e1gina pfn de intercambio si coincide el tipo Yu Zhao inform\u00f3 un error despu\u00e9s de el commit \"mm/swap: Agregar swp_offset_pfn() para obtener PFN de la entrada de intercambio\" agreg\u00f3 una verificaci\u00f3n en swp_offset_pfn() para el tipo de intercambio [1]: \u00a1ERROR del kernel en include/linux/swapops.h:117! CPU: 46 PID: 5245 Com: EventManager_De Contaminado: GSOL 6.0.0-dbg-DEV #2 RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0 C\u00f3digo: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6 c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48 RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282 RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000 RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000 R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738 R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: change_pte_range+0x36e/0x880 change_p4d_range+0x2e8/0x670 change_protection_range+0x14e/0x2c0 mprotect_fixup+0x1ee/0x330 do_mprotect_pkey+0x34c/0x440 __x64_sys_mprotect+0x1d/0x30 Se activa porque pfn_swap_entry_to_page() podr\u00eda invocarse, por ejemplo, en una entrada de intercambio genuina. Para solucionarlo, invoque solo cuando se trate de una entrada de migraci\u00f3n de escritura donde se use page*. [1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json index 496ccb59a7c..8be1057f226 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49993.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Check for overflow while configuring loop\n\nThe userspace can configure a loop using an ioctl call, wherein\na configuration of type loop_config is passed (see lo_ioctl()'s\ncase on line 1550 of drivers/block/loop.c). This proceeds to call\nloop_configure() which in turn calls loop_set_status_from_info()\n(see line 1050 of loop.c), passing &config->info which is of type\nloop_info64*. This function then sets the appropriate values, like\nthe offset.\n\nloop_device has lo_offset of type loff_t (see line 52 of loop.c),\nwhich is typdef-chained to long long, whereas loop_info64 has\nlo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h).\n\nThe function directly copies offset from info to the device as\nfollows (See line 980 of loop.c):\n\tlo->lo_offset = info->lo_offset;\n\nThis results in an overflow, which triggers a warning in iomap_iter()\ndue to a call to iomap_iter_done() which has:\n\tWARN_ON_ONCE(iter->iomap.offset > iter->pos);\n\nThus, check for negative value during loop_set_status_from_info().\n\nBug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: loop: Comprobar si hay desbordamiento al configurar loop El espacio de usuario puede configurar un bucle mediante una llamada ioctl, en la que se pasa una configuraci\u00f3n de tipo loop_config (consulte el caso de lo_ioctl() en la l\u00ednea 1550 de drivers/block/loop.c). Esto procede a llamar a loop_configure() que a su vez llama a loop_set_status_from_info() (consulte la l\u00ednea 1050 de loop.c), pasando &config->info que es de tipo loop_info64*. Esta funci\u00f3n luego establece los valores apropiados, como el desplazamiento. loop_device tiene lo_offset de tipo loff_t (consulte la l\u00ednea 52 de loop.c), que est\u00e1 encadenado por typdef a long long, mientras que loop_info64 tiene lo_offset de tipo __u64 (consulte la l\u00ednea 56 de include/uapi/linux/loop.h). La funci\u00f3n copia directamente el desplazamiento de info al dispositivo como se indica a continuaci\u00f3n (v\u00e9ase la l\u00ednea 980 de loop.c): lo->lo_offset = info->lo_offset; Esto genera un desbordamiento que genera una advertencia en iomap_iter() debido a una llamada a iomap_iter_done() que tiene: WARN_ON_ONCE(iter->iomap.offset > iter->pos); Por lo tanto, se debe verificar si hay un valor negativo durante loop_set_status_from_info(). Informe de error: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json index 941645e41b9..19d4072d0af 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49994.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbootmem: remove the vmemmap pages from kmemleak in put_page_bootmem\n\nThe vmemmap pages is marked by kmemleak when allocated from memblock. \nRemove it from kmemleak when freeing the page. Otherwise, when we reuse\nthe page, kmemleak may report such an error and then stop working.\n\n kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)\n kmemleak: Kernel memory leak detector disabled\n kmemleak: Object 0xffff98fb6be00000 (size 335544320):\n kmemleak: comm \"swapper\", pid 0, jiffies 4294892296\n kmemleak: min_count = 0\n kmemleak: count = 0\n kmemleak: flags = 0x1\n kmemleak: checksum = 0\n kmemleak: backtrace:" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bootmem: eliminar las p\u00e1ginas vmemmap de kmemleak en put_page_bootmem. Las p\u00e1ginas vmemmap est\u00e1n marcadas por kmemleak cuando se asignan desde memblock. Elim\u00ednelas de kmemleak al liberar la p\u00e1gina. De lo contrario, al reutilizar la p\u00e1gina, kmemleak podr\u00eda informar dicho error y dejar de funcionar. kmemleak: No se puede insertar 0xffff98fb6eab3d40 en el \u00e1rbol de b\u00fasqueda de objetos (se superpone a los existentes) kmemleak: Detector de fugas de memoria del kernel deshabilitado kmemleak: Objeto 0xffff98fb6be00000 (tama\u00f1o 335544320): kmemleak: comm \"swapper\", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json index ea5bb424a3b..6de654b2384 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49995.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: avoid use-after-free after removing device\n\nWhen a disk is removed, bdi_unregister gets called to stop further\nwriteback and wait for associated delayed work to complete. However,\nwb_inode_writeback_end() may schedule bandwidth estimation dwork after\nthis has completed, which can result in the timer attempting to access the\njust freed bdi_writeback.\n\nFix this by checking if the bdi_writeback is alive, similar to when\nscheduling writeback work.\n\nSince this requires wb->work_lock, and wb_inode_writeback_end() may get\ncalled from interrupt, switch wb->work_lock to an irqsafe lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: writeback: evitar el Use-After-Free tras retirar un dispositivo. Al retirar un disco, se llama a bdi_unregister para detener la escritura diferida y esperar a que se complete el trabajo retrasado asociado. Sin embargo, wb_inode_writeback_end() puede programar la estimaci\u00f3n de ancho de banda dwork despu\u00e9s de que esto se haya completado, lo que puede provocar que el temporizador intente acceder al bdi_writeback reci\u00e9n liberado. Para solucionar esto, verifique si bdi_writeback est\u00e1 activo, de forma similar a cuando se programa la escritura diferida. Dado que esto requiere wb->work_lock y wb_inode_writeback_end() puede ser llamado desde una interrupci\u00f3n, cambie wb->work_lock a un bloqueo irqsafe." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json index 572e8f78a88..920b2da1cdc 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49996.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix possible memory leak in btrfs_get_dev_args_from_path()\n\nIn btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if\nthe path is invalid. In this case, btrfs_get_dev_args_from_path()\nreturns directly without freeing args->uuid and args->fsid allocated\nbefore, which causes memory leak.\n\nTo fix these possible leaks, when btrfs_get_bdev_and_sb() fails,\nbtrfs_put_dev_args_from_path() is called to clean up the memory." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige una posible p\u00e9rdida de memoria en btrfs_get_dev_args_from_path(). En btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() puede fallar si la ruta no es v\u00e1lida. En este caso, btrfs_get_dev_args_from_path() retorna directamente sin liberar los argumentos args->uuid y args->fsid asignados previamente, lo que provoca una p\u00e9rdida de memoria. Para corregir estas posibles p\u00e9rdidas, cuando btrfs_get_bdev_and_sb() falla, se llama a btrfs_put_dev_args_from_path() para limpiar la memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json index 33324acec01..a5c6f13f2bb 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49997.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq_xrx200: restore buffer if memory allocation failed\n\nIn a situation where memory allocation fails, an invalid buffer address\nis stored. When this descriptor is used again, the system panics in the\nbuild_skb() function when accessing memory." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: lantiq_xrx200: restaurar el b\u00fafer si falla la asignaci\u00f3n de memoria. En caso de fallo en la asignaci\u00f3n de memoria, se almacena una direcci\u00f3n de b\u00fafer no v\u00e1lida. Al volver a utilizar este descriptor, el sistema entra en p\u00e1nico en la funci\u00f3n build_skb() al acceder a la memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json index 82a0c8e357f..44fc0b8c6b3 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49998.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix locking in rxrpc's sendmsg\n\nFix three bugs in the rxrpc's sendmsg implementation:\n\n (1) rxrpc_new_client_call() should release the socket lock when returning\n an error from rxrpc_get_call_slot().\n\n (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex\n held in the event that we're interrupted by a signal whilst waiting\n for tx space on the socket or relocking the call mutex afterwards.\n\n Fix this by: (a) moving the unlock/lock of the call mutex up to\n rxrpc_send_data() such that the lock is not held around all of\n rxrpc_wait_for_tx_window*() and (b) indicating to higher callers\n whether we're return with the lock dropped. Note that this means\n recvmsg() will not block on this call whilst we're waiting.\n\n (3) After dropping and regaining the call mutex, rxrpc_send_data() needs\n to go and recheck the state of the tx_pending buffer and the\n tx_total_len check in case we raced with another sendmsg() on the same\n call.\n\nThinking on this some more, it might make sense to have different locks for\nsendmsg() and recvmsg(). There's probably no need to make recvmsg() wait\nfor sendmsg(). It does mean that recvmsg() can return MSG_EOR indicating\nthat a call is dead before a sendmsg() to that call returns - but that can\ncurrently happen anyway.\n\nWithout fix (2), something like the following can be induced:\n\n\tWARNING: bad unlock balance detected!\n\t5.16.0-rc6-syzkaller #0 Not tainted\n\t-------------------------------------\n\tsyz-executor011/3597 is trying to release lock (&call->user_mutex) at:\n\t[] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\tbut there are no more locks to release!\n\n\tother info that might help us debug this:\n\tno locks held by syz-executor011/3597.\n\t...\n\tCall Trace:\n\t \n\t __dump_stack lib/dump_stack.c:88 [inline]\n\t dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n\t print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]\n\t __lock_release kernel/locking/lockdep.c:5306 [inline]\n\t lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657\n\t __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900\n\t rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\t rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561\n\t sock_sendmsg_nosec net/socket.c:704 [inline]\n\t sock_sendmsg+0xcf/0x120 net/socket.c:724\n\t ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n\t ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n\t __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n\t do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n\t do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n\t entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thanks to Hawkins Jiawei and Khalid Masum for their attempts to fix this]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rxrpc: Arreglar el bloqueo en sendmsg de rxrpc Corrige tres errores en la implementaci\u00f3n de sendmsg de rxrpc: (1) rxrpc_new_client_call() deber\u00eda liberar el bloqueo del socket al devolver un error de rxrpc_get_call_slot(). (2) rxrpc_wait_for_tx_window_intr() retornar\u00e1 sin el mutex de llamada retenido en caso de que seamos interrumpidos por una se\u00f1al mientras esperamos espacio de transmisi\u00f3n en el socket o volvemos a bloquear el mutex de llamada posteriormente. Corrige esto mediante: (a) mover el desbloqueo/bloqueo del mutex de llamada hasta rxrpc_send_data() de modo que el bloqueo no se mantenga alrededor de todo rxrpc_wait_for_tx_window*() y (b) indicar a los llamadores superiores si retornamos con el bloqueo eliminado. Tenga en cuenta que esto significa que recvmsg() no se bloquear\u00e1 en esta llamada mientras esperamos. (3) Despu\u00e9s de eliminar y recuperar el mutex de llamada, rxrpc_send_data() debe volver a verificar el estado del b\u00fafer tx_pending y la comprobaci\u00f3n de tx_total_len en caso de que hayamos utilizado otro sendmsg() en la misma llamada. Pens\u00e1ndolo bien, podr\u00eda tener sentido tener bloqueos diferentes para sendmsg() y recvmsg(). Probablemente no sea necesario que recvmsg() espere a sendmsg(). Esto significa que recvmsg() puede devolver MSG_EOR, lo que indica que una llamada est\u00e1 inactiva antes de que un sendmsg() a esa llamada regrese, pero eso puede ocurrir de todos modos. Sin la correcci\u00f3n (2), se puede inducir algo como lo siguiente: \u00a1ADVERTENCIA: se detect\u00f3 un saldo de desbloqueo incorrecto! 5.16.0-rc6-syzkaller #0 No contaminado ------------------------------------- syz-executor011/3597 est\u00e1 intentando liberar el bloqueo (&call->user_mutex) en: [] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748 \u00a1pero no hay m\u00e1s bloqueos para liberar! Otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: syz-executor011/3597 no tiene bloqueos. ... Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_unlock_imbalance_bug include/trace/events/lock.h:58 [en l\u00ednea] __lock_release kernel/locking/lockdep.c:5306 [en l\u00ednea] lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657 __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900 rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748 rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561 sock_sendmsg_nosec net/socket.c:704 [en l\u00ednea] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae [Gracias a Hawkins Jiawei y Khalid Masum por sus intentos de solucionar este problema]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json index a27e23bf0be..bb12265c674 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49999.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix space cache corruption and potential double allocations\n\nWhen testing space_cache v2 on a large set of machines, we encountered a\nfew symptoms:\n\n1. \"unable to add free space :-17\" (EEXIST) errors.\n2. Missing free space info items, sometimes caught with a \"missing free\n space info for X\" error.\n3. Double-accounted space: ranges that were allocated in the extent tree\n and also marked as free in the free space tree, ranges that were\n marked as allocated twice in the extent tree, or ranges that were\n marked as free twice in the free space tree. If the latter made it\n onto disk, the next reboot would hit the BUG_ON() in\n add_new_free_space().\n4. On some hosts with no on-disk corruption or error messages, the\n in-memory space cache (dumped with drgn) disagreed with the free\n space tree.\n\nAll of these symptoms have the same underlying cause: a race between\ncaching the free space for a block group and returning free space to the\nin-memory space cache for pinned extents causes us to double-add a free\nrange to the space cache. This race exists when free space is cached\nfrom the free space tree (space_cache=v2) or the extent tree\n(nospace_cache, or space_cache=v1 if the cache needs to be regenerated).\nstruct btrfs_block_group::last_byte_to_unpin and struct\nbtrfs_block_group::progress are supposed to protect against this race,\nbut commit d0c2f4fa555e (\"btrfs: make concurrent fsyncs wait less when\nwaiting for a transaction commit\") subtly broke this by allowing\nmultiple transactions to be unpinning extents at the same time.\n\nSpecifically, the race is as follows:\n\n1. An extent is deleted from an uncached block group in transaction A.\n2. btrfs_commit_transaction() is called for transaction A.\n3. btrfs_run_delayed_refs() -> __btrfs_free_extent() runs the delayed\n ref for the deleted extent.\n4. __btrfs_free_extent() -> do_free_extent_accounting() ->\n add_to_free_space_tree() adds the deleted extent back to the free\n space tree.\n5. do_free_extent_accounting() -> btrfs_update_block_group() ->\n btrfs_cache_block_group() queues up the block group to get cached.\n block_group->progress is set to block_group->start.\n6. btrfs_commit_transaction() for transaction A calls\n switch_commit_roots(). It sets block_group->last_byte_to_unpin to\n block_group->progress, which is block_group->start because the block\n group hasn't been cached yet.\n7. The caching thread gets to our block group. Since the commit roots\n were already switched, load_free_space_tree() sees the deleted extent\n as free and adds it to the space cache. It finishes caching and sets\n block_group->progress to U64_MAX.\n8. btrfs_commit_transaction() advances transaction A to\n TRANS_STATE_SUPER_COMMITTED.\n9. fsync calls btrfs_commit_transaction() for transaction B. Since\n transaction A is already in TRANS_STATE_SUPER_COMMITTED and the\n commit is for fsync, it advances.\n10. btrfs_commit_transaction() for transaction B calls\n switch_commit_roots(). This time, the block group has already been\n cached, so it sets block_group->last_byte_to_unpin to U64_MAX.\n11. btrfs_commit_transaction() for transaction A calls\n btrfs_finish_extent_commit(), which calls unpin_extent_range() for\n the deleted extent. It sees last_byte_to_unpin set to U64_MAX (by\n transaction B!), so it adds the deleted extent to the space cache\n again!\n\nThis explains all of our symptoms above:\n\n* If the sequence of events is exactly as described above, when the free\n space is re-added in step 11, it will fail with EEXIST.\n* If another thread reallocates the deleted extent in between steps 7\n and 11, then step 11 will silently re-add that space to the space\n cache as free even though it is actually allocated. Then, if that\n space is allocated *again*, the free space tree will be corrupted\n (namely, the wrong item will be deleted).\n* If we don't catch this free space tree corr\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: correcci\u00f3n de corrupci\u00f3n de cach\u00e9 de espacio y posibles asignaciones dobles. Al probar space_cache v2 en un conjunto grande de m\u00e1quinas, encontramos algunos s\u00edntomas: 1. Errores \"no se puede agregar espacio libre :-17\" (EEXIST). 2. Falta de informaci\u00f3n de espacio libre, a veces detectados con el error \"falta informaci\u00f3n de espacio libre para X\". 3. Espacio contabilizado dos veces: rangos asignados en el \u00e1rbol de extensiones y marcados como libres en dicho \u00e1rbol, rangos marcados como asignados dos veces en el \u00e1rbol de extensiones o rangos marcados como libres dos veces en dicho \u00e1rbol. Si estos \u00faltimos se almacenaban en el disco, el siguiente reinicio generar\u00eda el error BUG_ON() en add_new_free_space(). 4. En algunos hosts sin corrupci\u00f3n en disco ni mensajes de error, la cach\u00e9 de espacio en memoria (volcada con drgn) no coincid\u00eda con el \u00e1rbol de espacio libre. Todos estos s\u00edntomas tienen la misma causa subyacente: una competencia entre el almacenamiento en cach\u00e9 del espacio libre de un grupo de bloques y su devoluci\u00f3n a la cach\u00e9 de espacio en memoria para las extensiones fijadas provoca la duplicaci\u00f3n de un rango libre en la cach\u00e9 de espacio. Esta competencia se produce cuando se almacena en cach\u00e9 el espacio libre del \u00e1rbol de espacio libre (space_cache=v2) o del \u00e1rbol de extensiones (nospace_cache, o space_cache=v1 si es necesario regenerar la cach\u00e9). Se supone que struct btrfs_block_group::last_byte_to_unpin y struct btrfs_block_group::progress protegen contra esta competencia, pero el commit d0c2f4fa555e (\"btrfs: hacer que las sincronizaciones simult\u00e1neas esperen menos al esperar el commit de una transacci\u00f3n\") interrumpi\u00f3 esto sutilmente al permitir que varias transacciones desanclaran extensiones simult\u00e1neamente. Espec\u00edficamente, la ejecuci\u00f3n es la siguiente: 1. Se elimina una extensi\u00f3n de un grupo de bloques no almacenados en cach\u00e9 en la transacci\u00f3n A. 2. Se llama a btrfs_commit_transaction() para la transacci\u00f3n A. 3. btrfs_run_delayed_refs() -> __btrfs_free_extent() ejecuta la referencia retrasada para la extensi\u00f3n eliminada. 4. __btrfs_free_extent() -> do_free_extent_accounting() -> add_to_free_space_tree() agrega la extensi\u00f3n eliminada nuevamente al \u00e1rbol de espacio libre. 5. do_free_extent_accounting() -> btrfs_update_block_group() -> btrfs_cache_block_group() pone en cola el grupo de bloques para almacenar en cach\u00e9. block_group->progress se establece en block_group->start. 6. btrfs_commit_transaction() para la transacci\u00f3n A llama a switch_commit_roots(). Establece block_group->last_byte_to_unpin en block_group->progress, que es block_group->start porque el grupo de bloques a\u00fan no se ha almacenado en cach\u00e9. 7. El hilo de cach\u00e9 accede a nuestro grupo de bloques. Dado que las ra\u00edces de las confirmaciones ya se han cambiado, load_free_space_tree() detecta la extensi\u00f3n eliminada como libre y la a\u00f1ade a la cach\u00e9 de espacio. Finaliza el almacenamiento en cach\u00e9 y establece block_group->progress en U64_MAX. 8. btrfs_commit_transaction() avanza la transacci\u00f3n A a TRANS_STATE_SUPER_COMMITTED. 9. fsync llama a btrfs_commit_transaction() para la transacci\u00f3n B. Dado que la transacci\u00f3n A ya est\u00e1 en TRANS_STATE_SUPER_COMMITTED y el commit es para fsync, avanza. 10. btrfs_commit_transaction() para la transacci\u00f3n B llama a switch_commit_roots(). Esta vez, el grupo de bloques ya se ha almacenado en cach\u00e9, por lo que establece block_group->last_byte_to_unpin en U64_MAX. 11. btrfs_commit_transaction() para la transacci\u00f3n A llama a btrfs_finish_extent_commit(), que llama a unpin_extent_range() para la extensi\u00f3n eliminada. Ve que last_byte_to_unpin est\u00e1 establecido en U64_MAX (\u00a1por la transacci\u00f3n B!), por lo que vuelve a a\u00f1adir la extensi\u00f3n eliminada a la cach\u00e9 de espacio. Esto explica todos nuestros s\u00edntomas anteriores: * Si la secuencia de eventos es exactamente la descrita anteriormente, cuando se vuelve a a\u00f1adir el espacio libre en el paso 11, fallar\u00e1 con EEXIST. * ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json index 26ecc682d45..a0aa81c0589 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4964.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4964", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-24T01:15:07.977", - "lastModified": "2024-11-21T07:36:20.560", + "lastModified": "2025-06-20T20:15:23.290", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -69,6 +69,16 @@ "value": "CWE-276" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json index 5eba5f178ba..331a6763077 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50000.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: fix stuck flows on cleanup due to pending work\n\nTo clear the flow table on flow table free, the following sequence\nnormally happens in order:\n\n 1) gc_step work is stopped to disable any further stats/del requests.\n 2) All flow table entries are set to teardown state.\n 3) Run gc_step which will queue HW del work for each flow table entry.\n 4) Waiting for the above del work to finish (flush).\n 5) Run gc_step again, deleting all entries from the flow table.\n 6) Flow table is freed.\n\nBut if a flow table entry already has pending HW stats or HW add work\nstep 3 will not queue HW del work (it will be skipped), step 4 will wait\nfor the pending add/stats to finish, and step 5 will queue HW del work\nwhich might execute after freeing of the flow table.\n\nTo fix the above, this patch flushes the pending work, then it sets the\nteardown flag to all flows in the flowtable and it forces a garbage\ncollector run to queue work to remove the flows from hardware, then it\nflushes this new pending work and (finally) it forces another garbage\ncollector run to remove the entry from the software flowtable.\n\nStack trace:\n[47773.882335] BUG: KASAN: use-after-free in down_read+0x99/0x460\n[47773.883634] Write of size 8 at addr ffff888103b45aa8 by task kworker/u20:6/543704\n[47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 Not tainted 5.12.0-rc7+ #2\n[47773.886745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n[47773.888438] Workqueue: nf_ft_offload_del flow_offload_work_handler [nf_flow_table]\n[47773.889727] Call Trace:\n[47773.890214] dump_stack+0xbb/0x107\n[47773.890818] print_address_description.constprop.0+0x18/0x140\n[47773.892990] kasan_report.cold+0x7c/0xd8\n[47773.894459] kasan_check_range+0x145/0x1a0\n[47773.895174] down_read+0x99/0x460\n[47773.899706] nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table]\n[47773.907137] flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table]\n[47773.913372] process_one_work+0x8ac/0x14e0\n[47773.921325]\n[47773.921325] Allocated by task 592159:\n[47773.922031] kasan_save_stack+0x1b/0x40\n[47773.922730] __kasan_kmalloc+0x7a/0x90\n[47773.923411] tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct]\n[47773.924363] tcf_ct_init+0x71c/0x1156 [act_ct]\n[47773.925207] tcf_action_init_1+0x45b/0x700\n[47773.925987] tcf_action_init+0x453/0x6b0\n[47773.926692] tcf_exts_validate+0x3d0/0x600\n[47773.927419] fl_change+0x757/0x4a51 [cls_flower]\n[47773.928227] tc_new_tfilter+0x89a/0x2070\n[47773.936652]\n[47773.936652] Freed by task 543704:\n[47773.937303] kasan_save_stack+0x1b/0x40\n[47773.938039] kasan_set_track+0x1c/0x30\n[47773.938731] kasan_set_free_info+0x20/0x30\n[47773.939467] __kasan_slab_free+0xe7/0x120\n[47773.940194] slab_free_freelist_hook+0x86/0x190\n[47773.941038] kfree+0xce/0x3a0\n[47773.941644] tcf_ct_flow_table_cleanup_work\n\nOriginal patch description and stack trace by Paul Blakey." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: flowtable: arreglo de flujos atascados en la limpieza debido a trabajo pendiente Para limpiar la tabla de flujo cuando est\u00e1 libre, normalmente ocurre la siguiente secuencia en orden: 1) Se detiene el trabajo de gc_step para deshabilitar cualquier solicitud de estad\u00edsticas/del. 2) Todas las entradas de la tabla de flujo se establecen en estado de desmontaje. 3) Se ejecuta gc_step, que pondr\u00e1 en cola el trabajo de del de HW para cada entrada de la tabla de flujo. 4) Se espera a que finalice el trabajo del del anterior (vaciado). 5) Se vuelve a ejecutar gc_step, eliminando todas las entradas de la tabla de flujo. 6) Se libera la tabla de flujo. Pero si una entrada de la tabla de flujo ya tiene estad\u00edsticas de HW pendientes o trabajo de adici\u00f3n de HW, el paso 3 no pondr\u00e1 en cola el trabajo de del de HW (se omitir\u00e1), el paso 4 esperar\u00e1 a que finalicen las adiciones/estad\u00edsticas pendientes y el paso 5 pondr\u00e1 en cola el trabajo de del de HW que podr\u00eda ejecutarse despu\u00e9s de liberar la tabla de flujo. Para solucionar lo anterior, este parche limpia el trabajo pendiente, luego establece el indicador de desmontaje en todos los flujos en la tabla de flujo y fuerza la ejecuci\u00f3n de un recolector de basura para poner en cola el trabajo para eliminar los flujos del hardware, luego limpia este nuevo trabajo pendiente y (finalmente) fuerza la ejecuci\u00f3n de otro recolector de basura para eliminar la entrada de la tabla de flujo del software. Rastreo de pila: [47773.882335] ERROR: KASAN: Use-After-Free en down_read+0x99/0x460 [47773.883634] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff888103b45aa8 por la tarea kworker/u20:6/543704 [47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 No contaminado 5.12.0-rc7+ #2 [47773.886745] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009) [47773.888438] Cola de trabajo: nf_ft_offload_del flow_offload_work_handler [nf_flow_table] [47773.889727] Rastreo de llamadas: [47773.890214] dump_stack+0xbb/0x107 [47773.890818] print_address_description.constprop.0+0x18/0x140 [47773.892990] kasan_report.cold+0x7c/0xd8 [47773.894459] kasan_check_range+0x145/0x1a0 [47773.895174] down_read+0x99/0x460 [47773.899706] nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table] [47773.907137] flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table] [47773.913372] process_one_work+0x8ac/0x14e0 [47773.921325] [47773.921325] Allocated by task 592159: [47773.922031] kasan_save_stack+0x1b/0x40 [47773.922730] __kasan_kmalloc+0x7a/0x90 [47773.923411] tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct] [47773.924363] tcf_ct_init+0x71c/0x1156 [act_ct] [47773.925207] tcf_action_init_1+0x45b/0x700 [47773.925987] tcf_action_init+0x453/0x6b0 [47773.926692] tcf_exts_validate+0x3d0/0x600 [47773.927419] fl_change+0x757/0x4a51 [cls_flower] [47773.928227] tc_new_tfilter+0x89a/0x2070 [47773.936652] [47773.936652] Freed by task 543704: [47773.937303] kasan_save_stack+0x1b/0x40 [47773.938039] kasan_set_track+0x1c/0x30 [47773.938731] kasan_set_free_info+0x20/0x30 [47773.939467] __kasan_slab_free+0xe7/0x120 [47773.940194] slab_free_freelist_hook+0x86/0x190 [47773.941038] kfree+0xce/0x3a0 [47773.941644] tcf_ct_flow_table_cleanup_work Descripci\u00f3n del parche original y seguimiento de la pila por Paul Blakey." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json index 6a17296b19f..7d5c345bea7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50001.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tproxy: restrict to prerouting hook\n\nTPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.\nThis fixes a crash (null dereference) when using tproxy from e.g. output." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_tproxy: restricci\u00f3n al gancho de preenrutamiento. TPROXY solo se permite desde el preenrutamiento, pero nft_tproxy no lo comprueba. Esto corrige un fallo (desreferencia nula) al usar tproxy desde la salida, por ejemplo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json index 103be6b5883..d60f47a1b22 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50002.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY\n\nOnly set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered.\nDoing so guarantees that both ldev->pf[MLX5_LAG_P0].dev and\nldev->pf[MLX5_LAG_P1].dev have valid pointers when\nMLX5_LAG_FLAG_NDEVS_READY is set.\n\nThe core issue is asymmetry in setting MLX5_LAG_FLAG_NDEVS_READY and\nclearing it. Setting it is done wrongly when both\nldev->pf[MLX5_LAG_P0].dev and ldev->pf[MLX5_LAG_P1].dev are set;\nclearing it is done right when either of ldev->pf[i].netdev is cleared.\n\nConsider the following scenario:\n1. PF0 loads and sets ldev->pf[MLX5_LAG_P0].dev to a valid pointer\n2. PF1 loads and sets both ldev->pf[MLX5_LAG_P1].dev and\n ldev->pf[MLX5_LAG_P1].netdev with valid pointers. This results in\n MLX5_LAG_FLAG_NDEVS_READY is set.\n3. PF0 is unloaded before setting dev->pf[MLX5_LAG_P0].netdev.\n MLX5_LAG_FLAG_NDEVS_READY remains set.\n\nFurther execution of mlx5_do_bond() will result in null pointer\ndereference when calling mlx5_lag_is_multipath()\n\nThis patch fixes the following call trace actually encountered:\n\n[ 1293.475195] BUG: kernel NULL pointer dereference, address: 00000000000009a8\n[ 1293.478756] #PF: supervisor read access in kernel mode\n[ 1293.481320] #PF: error_code(0x0000) - not-present page\n[ 1293.483686] PGD 0 P4D 0\n[ 1293.484434] Oops: 0000 [#1] SMP PTI\n[ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 Not tainted 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1\n[ 1293.488039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 1293.490836] Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n[ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core]\n[ 1293.494044] Code: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8\n[ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202\n[ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000\n[ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000\n[ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c\n[ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0\n[ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858\n[ 1293.508753] FS: 0000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000\n[ 1293.510782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0\n[ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: LAG, corregir la l\u00f3gica sobre MLX5_LAG_FLAG_NDEVS_READY Solo establezca MLX5_LAG_FLAG_NDEVS_READY si ambos dispositivos de red est\u00e1n registrados. Hacerlo garantiza que tanto ldev->pf[MLX5_LAG_P0].dev como ldev->pf[MLX5_LAG_P1].dev tengan punteros v\u00e1lidos cuando MLX5_LAG_FLAG_NDEVS_READY est\u00e9 establecido. El problema principal es la asimetr\u00eda en la configuraci\u00f3n de MLX5_LAG_FLAG_NDEVS_READY y su borrado. La configuraci\u00f3n se realiza incorrectamente cuando tanto ldev->pf[MLX5_LAG_P0].dev como ldev->pf[MLX5_LAG_P1].dev est\u00e1n establecidos; Se borra correctamente cuando se borra ldev->pf[i].netdev. Considere el siguiente escenario: 1. PF0 carga y asigna un puntero v\u00e1lido a ldev->pf[MLX5_LAG_P0].dev. 2. PF1 carga y asigna punteros v\u00e1lidos a ldev->pf[MLX5_LAG_P1].dev y ldev->pf[MLX5_LAG_P1].netdev. Esto da como resultado que MLX5_LAG_FLAG_NDEVS_READY se configure. 3. PF0 se descarga antes de asignar dev->pf[MLX5_LAG_P0].netdev. MLX5_LAG_FLAG_NDEVS_READY permanece configurado. La ejecuci\u00f3n posterior de mlx5_do_bond() dar\u00e1 como resultado una desreferencia de puntero nulo al llamar a mlx5_lag_is_multipath(). Este parche corrige el siguiente seguimiento de llamada encontrado: [ 1293.475195] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000000009a8 [ 1293.478756] #PF: acceso de lectura del supervisor en modo kernel [ 1293.481320] #PF: error_code(0x0000) - p\u00e1gina no presente [ 1293.483686] PGD 0 P4D 0 [ 1293.484434] Oops: 0000 [#1] SMP PTI [ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 No contaminado 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1 [ 1293.488039] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 [ 1293.490836] Cola de trabajo: mlx5_lag mlx5_do_bond_work [mlx5_core] [ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core] [ 1293.494044] C\u00f3digo: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8 [ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202 [ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000 [ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000 [ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c [ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0 [ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858 [ 1293.508753] FS: 000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000 [ 1293.510782] CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 [ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0 [ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json index c0e5f601f61..274bdcb02d9 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50003.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: prohibit usage of non-balanced queue id\n\nFix the following scenario:\n1. ethtool -L $IFACE rx 8 tx 96\n2. xdpsock -q 10 -t -z\n\nAbove refers to a case where user would like to attach XSK socket in\ntxonly mode at a queue id that does not have a corresponding Rx queue.\nAt this moment ice's XSK logic is tightly bound to act on a \"queue pair\",\ne.g. both Tx and Rx queues at a given queue id are disabled/enabled and\nboth of them will get XSK pool assigned, which is broken for the presented\nqueue configuration. This results in the splat included at the bottom,\nwhich is basically an OOB access to Rx ring array.\n\nTo fix this, allow using the ids only in scope of \"combined\" queues\nreported by ethtool. However, logic should be rewritten to allow such\nconfigurations later on, which would end up as a complete rewrite of the\ncontrol path, so let us go with this temporary fix.\n\n[420160.558008] BUG: kernel NULL pointer dereference, address: 0000000000000082\n[420160.566359] #PF: supervisor read access in kernel mode\n[420160.572657] #PF: error_code(0x0000) - not-present page\n[420160.579002] PGD 0 P4D 0\n[420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G OE 5.19.0-rc7+ #10\n[420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice]\n[420160.616968] Code: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85\n[420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282\n[420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8\n[420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000\n[420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000\n[420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a\n[420160.683833] R13: 000000000000000a R14: 0000000000000000 R15: ffff888117611828\n[420160.693211] FS: 00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000\n[420160.703645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[420160.711783] CR2: 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0\n[420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[420160.740707] PKRU: 55555554\n[420160.745960] Call Trace:\n[420160.750962] \n[420160.755597] ? kmalloc_large_node+0x79/0x90\n[420160.762703] ? __kmalloc_node+0x3f5/0x4b0\n[420160.769341] xp_assign_dev+0xfd/0x210\n[420160.775661] ? shmem_file_read_iter+0x29a/0x420\n[420160.782896] xsk_bind+0x152/0x490\n[420160.788943] __sys_bind+0xd0/0x100\n[420160.795097] ? exit_to_user_mode_prepare+0x20/0x120\n[420160.802801] __x64_sys_bind+0x16/0x20\n[420160.809298] do_syscall_64+0x38/0x90\n[420160.815741] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[420160.823731] RIP: 0033:0x7fa86a0dd2fb\n[420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48\n[420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031\n[420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb\n[420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003\n[420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000\n[420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0\n[420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000\n[420160.919817] \n[420160.925659] Modules linked in: ice(OE) af_packet binfmt_misc\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: xsk: prohibir el uso de un id de cola no balanceado Corrija el siguiente escenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Lo anterior se refiere a un caso en el que el usuario desea adjuntar un socket XSK en modo txonly a un id de cola que no tiene una cola Rx correspondiente. En este momento, la l\u00f3gica XSK de ice est\u00e1 estrechamente ligada a actuar en un \"par de colas\", por ejemplo, las colas Tx y Rx en un id de cola dado est\u00e1n deshabilitadas/habilitadas y a ambas se les asignar\u00e1 un grupo XSK, lo cual no funciona para la configuraci\u00f3n de cola presentada. Esto da como resultado el splat incluido en la parte inferior, que es b\u00e1sicamente un acceso OOB a la matriz de anillo Rx. Para solucionar esto, permita el uso de los id solo en el \u00e1mbito de las colas \"combinadas\" reportadas por ethtool. Sin embargo, la l\u00f3gica debe reescribirse para permitir tales configuraciones m\u00e1s adelante, lo que terminar\u00eda como una reescritura completa de la ruta de control, as\u00ed que sigamos con esta soluci\u00f3n temporal. [420160.558008] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000082 [420160.566359] #PF: acceso de lectura del supervisor en modo kernel [420160.572657] #PF: error_code(0x0000) - p\u00e1gina no presente [420160.579002] PGD 0 P4D 0 [420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI [420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G OE 5.19.0-rc7+ #10 [420160.597893] Nombre del hardware: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 19/03/2019 [420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice] [420160.616968] C\u00f3digo: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85 [420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282 [420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8 [420160.655893] RDX: 000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000 [420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000 [420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a [420160.683833] R13: 00000000000000a R14: 0000000000000000 R15: ffff888117611828 [420160.693211] FS: 00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000 [420160.703645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [420160.711783] CR2: 000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0 [420160.721399] DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [420160.740707] PKRU: 55555554 [420160.745960] Rastreo de llamadas: [420160.750962] [420160.755597] ? kmalloc_large_node+0x79/0x90 [420160.762703] ? __kmalloc_node+0x3f5/0x4b0 [420160.769341] xp_assign_dev+0xfd/0x210 [420160.775661] ? shmem_file_read_iter+0x29a/0x420 [420160.782896] xsk_bind+0x152/0x490 [420160.788943] __sys_bind+0xd0/0x100 [420160.795097] ? exit_to_user_mode_prepare+0x20/0x120 [420160.802801] __x64_sys_bind+0x16/0x20 [420160.809298] do_syscall_64+0x38/0x90 [420160.815741] entry_SYSCALL_64_after_hwframe+0x63/0xcd [420160.823731] RIP: 0033:0x7fa86a0dd2fb [420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48 [420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb [420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003 [420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000 [420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0 [420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000 [420160.91 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json index f40a780405e..ae781b2b7e8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50004.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: policy: fix metadata dst->dev xmit null pointer dereference\n\nWhen we try to transmit an skb with metadata_dst attached (i.e. dst->dev\n== NULL) through xfrm interface we can hit a null pointer dereference[1]\nin xfrmi_xmit2() -> xfrm_lookup_with_ifid() due to the check for a\nloopback skb device when there's no policy which dereferences dst->dev\nunconditionally. Not having dst->dev can be interepreted as it not being\na loopback device, so just add a check for a null dst_orig->dev.\n\nWith this fix xfrm interface's Tx error counters go up as usual.\n\n[1] net-next calltrace captured via netconsole:\n BUG: kernel NULL pointer dereference, address: 00000000000000c0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 7231 Comm: ping Kdump: loaded Not tainted 5.19.0+ #24\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014\n RIP: 0010:xfrm_lookup_with_ifid+0x5eb/0xa60\n Code: 8d 74 24 38 e8 26 a4 37 00 48 89 c1 e9 12 fc ff ff 49 63 ed 41 83 fd be 0f 85 be 01 00 00 41 be ff ff ff ff 45 31 ed 48 8b 03 80 c0 00 00 00 08 75 0f 41 80 bc 24 19 0d 00 00 01 0f 84 1e 02\n RSP: 0018:ffffb0db82c679f0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffd0db7fcad430 RCX: ffffb0db82c67a10\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb0db82c67a80\n RBP: ffffb0db82c67a80 R08: ffffb0db82c67a14 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff8fa449667dc8 R12: ffffffff966db880\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000\n FS: 00007ff35c83f000(0000) GS:ffff8fa478480000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000c0 CR3: 000000001ebb7000 CR4: 0000000000350ee0\n Call Trace:\n \n xfrmi_xmit+0xde/0x460\n ? tcf_bpf_act+0x13d/0x2a0\n dev_hard_start_xmit+0x72/0x1e0\n __dev_queue_xmit+0x251/0xd30\n ip_finish_output2+0x140/0x550\n ip_push_pending_frames+0x56/0x80\n raw_sendmsg+0x663/0x10a0\n ? try_charge_memcg+0x3fd/0x7a0\n ? __mod_memcg_lruvec_state+0x93/0x110\n ? sock_sendmsg+0x30/0x40\n sock_sendmsg+0x30/0x40\n __sys_sendto+0xeb/0x130\n ? handle_mm_fault+0xae/0x280\n ? do_user_addr_fault+0x1e7/0x680\n ? kvm_read_and_reset_apf_flags+0x3b/0x50\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7ff35cac1366\n Code: eb 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89\n RSP: 002b:00007fff738e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 00007fff738e57b0 RCX: 00007ff35cac1366\n RDX: 0000000000000040 RSI: 0000557164e4b450 RDI: 0000000000000003\n RBP: 0000557164e4b450 R08: 00007fff738e7a2c R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040\n R13: 00007fff738e5770 R14: 00007fff738e4030 R15: 0000001d00000001\n \n Modules linked in: netconsole veth br_netfilter bridge bonding virtio_net [last unloaded: netconsole]\n CR2: 00000000000000c0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: pol\u00edtica: corregir la desreferencia de puntero nulo de metadatos dst->dev xmit Cuando intentamos transmitir un skb con metadata_dst adjunto (es decir, dst->dev == NULL) a trav\u00e9s de la interfaz xfrm, podemos alcanzar una desreferencia de puntero nulo[1] en xfrmi_xmit2() -> xfrm_lookup_with_ifid() debido a la comprobaci\u00f3n de un dispositivo skb de bucle invertido cuando no hay ninguna pol\u00edtica que desreferencia dst->dev incondicionalmente. No tener dst->dev puede interpretarse como que no es un dispositivo de bucle invertido, as\u00ed que simplemente agregue una comprobaci\u00f3n para un dst_orig->dev nulo. Con esta correcci\u00f3n, los contadores de errores de Tx de la interfaz xfrm suben como de costumbre. [1] net-next calltrace capturado a trav\u00e9s de netconsole: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000000000c0 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 7231 Comm: ping Kdump: cargado No contaminado 5.19.0+ #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014 RIP: 0010:xfrm_lookup_with_ifid+0x5eb/0xa60 C\u00f3digo: 8d 74 24 38 e8 26 a4 37 00 48 89 c1 e9 12 fc ff ff 49 63 ed 41 83 fd ser 0f 85 ser 01 00 00 41 ser ff ff ff ff 45 31 ed 48 8b 03 80 c0 00 00 00 08 75 0f 41 80 bc 24 19 0d 00 00 01 0f 84 1e 02 RSP: 0018:ffffb0db82c679f0 EFLAGS: 00010246 RAX: 000000000000000 RBX: ffffd0db7fcad430 RCX: ffffb0db82c67a10 RDX: 00000000000000000 RSI: 0000000000000000 RDI: ffffb0db82c67a80 RBP: ffffb0db82c67a80 R08: ffffb0db82c67a14 R09: 0000000000000000 R10: 0000000000000000 R11: ffff8fa449667dc8 R12: ffffffff966db880 R13: 000000000000000 R14: 00000000ffffffff R15: 000000000000000 FS: 00007ff35c83f000(0000) GS:ffff8fa478480000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000c0 CR3: 000000001ebb7000 CR4: 0000000000350ee0 Seguimiento de llamadas: xfrmi_xmit+0xde/0x460 ? tcf_bpf_act+0x13d/0x2a0 dev_hard_start_xmit+0x72/0x1e0 __dev_queue_xmit+0x251/0xd30 ip_finish_output2+0x140/0x550 ip_push_pending_frames+0x56/0x80 raw_sendmsg+0x663/0x10a0 ? try_charge_memcg+0x3fd/0x7a0 ? __mod_memcg_lruvec_state+0x93/0x110 ? sock_sendmsg+0x30/0x40 sock_sendmsg+0x30/0x40 __sys_sendto+0xeb/0x130 ? manejar_mm_fault+0xae/0x280 ? hacer_direcci\u00f3n_usuario_fault+0x1e7/0x680 ? kvm_read_and_reset_apf_flags+0x3b/0x50 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7ff35cac1366 C\u00f3digo: eb 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 RSP: 002b:00007fff738e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fff738e57b0 RCX: 00007ff35cac1366 RDX: 0000000000000040 RSI: 0000557164e4b450 RDI: 0000000000000003 RBP: 0000557164e4b450 R08: 00007fff738e7a2c R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040 R13: 00007fff738e5770 R14: 00007fff738e4030 R15: 0000001d00000001 M\u00f3dulos vinculados en: netconsole veth br_netfilter bridge bonding virtio_net [\u00faltima descarga: netconsole] CR2: 00000000000000c0" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json index 58ceba94239..34f95ccee1c 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50005.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n (thread 1) | (thread 2)\n | pn532_uart_send_frame\npn532_uart_remove | mod_timer(&pn532->cmd_timeout,...)\n ... | (wait a time)\n kfree(pn532) //FREE | pn532_cmd_timeout\n | pn532_uart_send_frame\n | pn532->... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev->shutting_down to true and there\nare no syscalls could restart the cmd_timeout timer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: pn533: Se corrigen los errores de Use-After-Free causados por pn532_cmd_timeout. Cuando se desconecta el dispositivo uart pn532, se llama a pn532_uart_remove(). Sin embargo, no hay funciones en pn532_uart_remove() que puedan eliminar el temporizador cmd_timeout, lo que causar\u00eda errores de Use-After-Free. El proceso se muestra a continuaci\u00f3n: (hilo 1) | (hilo 2) | pn532_uart_send_frame pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (esperar un tiempo) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE Este parche a\u00f1ade del_timer_sync() a pn532_uart_remove() para evitar errores de Use-After-Free. Adem\u00e1s, pn53x_unregister_nfc() est\u00e1 bien sincronizado, establece nfc_dev->shutting_down como verdadero y ninguna llamada al sistema podr\u00eda reiniciar el temporizador cmd_timeout." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json index 2062a1d2bbf..d710bc8cc07 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50006.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2 fix problems with __nfs42_ssc_open\n\nA destination server while doing a COPY shouldn't accept using the\npassed in filehandle if its not a regular filehandle.\n\nIf alloc_file_pseudo() has failed, we need to decrement a reference\non the newly created inode, otherwise it leaks." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4.2 corrige problemas con __nfs42_ssc_open. Al realizar una copia, un servidor de destino no deber\u00eda aceptar el identificador de archivo proporcionado si no es un identificador de archivo normal. Si alloc_file_pseudo() falla, debemos decrementar una referencia en el inodo reci\u00e9n creado; de lo contrario, se produce una fuga." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json index ba4044972e2..5c27dbb5f7a 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50007.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in __xfrm_policy_check()\n\nThe issue happens on an error path in __xfrm_policy_check(). When the\nfetching process of the object `pols[1]` fails, the function simply\nreturns 0, forgetting to decrement the reference count of `pols[0]`,\nwhich is incremented earlier by either xfrm_sk_policy_lookup() or\nxfrm_policy_lookup(). This may result in memory leaks.\n\nFix it by decreasing the reference count of `pols[0]` in that path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: se corrige una fuga de referencias en __xfrm_policy_check(). El problema ocurre en una ruta de error en __xfrm_policy_check(). Cuando falla la obtenci\u00f3n del objeto `pols[1]`, la funci\u00f3n simplemente devuelve 0, olvidando decrementar el recuento de referencias de `pols[0]`, que se incrementa previamente mediante xfrm_sk_policy_lookup() o xfrm_policy_lookup(). Esto puede provocar fugas de memoria. Para solucionarlo, reduzca el recuento de referencias de `pols[0]` en esa ruta." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json index 36cbdfe91af..88fad4998ac 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50008.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: don't call disarm_kprobe() for disabled kprobes\n\nThe assumption in __disable_kprobe() is wrong, and it could try to disarm\nan already disarmed kprobe and fire the WARN_ONCE() below. [0] We can\neasily reproduce this issue.\n\n1. Write 0 to /sys/kernel/debug/kprobes/enabled.\n\n # echo 0 > /sys/kernel/debug/kprobes/enabled\n\n2. Run execsnoop. At this time, one kprobe is disabled.\n\n # /usr/share/bcc/tools/execsnoop &\n [1] 2460\n PCOMM PID PPID RET ARGS\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes\n kprobes_all_disarmed to false but does not arm the disabled kprobe.\n\n # echo 1 > /sys/kernel/debug/kprobes/enabled\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the\n disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().\n\n # fg\n /usr/share/bcc/tools/execsnoop\n ^C\n\nActually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses\nsome cleanups and leaves the aggregated kprobe in the hash table. Then,\n__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an\ninfinite loop like this.\n\n aggregated kprobe.list -> kprobe.list -.\n ^ |\n '.__.'\n\nIn this situation, these commands fall into the infinite loop and result\nin RCU stall or soft lockup.\n\n cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the\n infinite loop with RCU.\n\n /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,\n and __get_valid_kprobe() is stuck in\n\t\t\t\t the loop.\n\nTo avoid the issue, make sure we don't call disarm_kprobe() for disabled\nkprobes.\n\n[0]\nFailed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)\nWARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nModules linked in: ena\nCPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28\nHardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nCode: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94\nRSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001\nRDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff\nRBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff\nR10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40\nR13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000\nFS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\n __disable_kprobe (kernel/kprobes.c:1716)\n disable_kprobe (kernel/kprobes.c:2392)\n __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)\n disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)\n perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)\n perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)\n _free_event (kernel/events/core.c:4971)\n perf_event_release_kernel (kernel/events/core.c:5176)\n perf_release (kernel/events/core.c:5186)\n __fput (fs/file_table.c:321)\n task_work_run (./include/linux/\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kprobes: no llamar a disarm_kprobe() para kprobes deshabilitados. La suposici\u00f3n en __disable_kprobe() es err\u00f3nea, y podr\u00eda intentar desarmar un kprobe ya desarmado y ejecutar el comando WARN_ONCE() a continuaci\u00f3n. [0] Podemos reproducir f\u00e1cilmente este problema. 1. Escriba 0 en /sys/kernel/debug/kprobes/enabled. # echo 0 > /sys/kernel/debug/kprobes/enabled 2. Ejecute execsnoop. En este momento, un kprobe est\u00e1 deshabilitado. # /usr/share/bcc/tools/execsnoop & [1] 2460 PCOMM PID PPID RET ARGS # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE] 3. Escriba 1 en /sys/kernel/debug/kprobes/enabled, lo cual cambia kprobes_all_disarmed a falso pero no arma el kprobe deshabilitado. # echo 1 > /sys/kernel/debug/kprobes/enabled # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DESHABILITADO][FTRACE] 4. Matar execsnoop, cuando __disable_kprobe() llama a disarm_kprobe() para el kprobe deshabilitado y llega a WARN_ONCE() en __disarm_kprobe_ftrace(). # fg /usr/share/bcc/tools/execsnoop ^C En realidad, WARN_ONCE() se dispara dos veces, y __unregister_kprobe_top() pierde algunas limpiezas y deja el kprobe agregado en la tabla hash. Luego, __unregister_trace_kprobe() inicializa tk->rp.kp.list y crea un bucle infinito como este: addedd kprobe.list -> kprobe.list -. ^ | '.__.' En esta situaci\u00f3n, estos comandos caen en el bucle infinito y provocan una parada o un bloqueo suave de la RCU. cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() entra en el bucle infinito con la RCU. /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() contiene kprobe_mutex, y __get_valid_kprobe() queda atascado en el bucle. Para evitar este problema, aseg\u00farese de no llamar a disarm_kprobe() para las kprobes deshabilitadas. [0] No se pudo desarmar kprobe-ftrace en __x64_sys_execve+0x0/0x40 (error -2) ADVERTENCIA: CPU: 6 PID: 2460 en kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) M\u00f3dulos vinculados: ena CPU: 6 PID: 2460 Comm: execsnoop No contaminado 5.19.0+ #28 Nombre del hardware: Amazon EC2 c5.2xlarge/, BIOS 1.0 16/10/2017 RIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) C\u00f3digo: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94 RSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001 RDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff RBP: ffff89c504286da8 R08: 000000000000000 R09: c0000000fffeffff R10: 000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40 R13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 000000000000000 FS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000000400 PKRU: 55555554 Seguimiento de llamadas: __disable_kprobe (kernel/kprobes.c:1716) disable_kprobe (kernel/kprobes.c:2392) __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340) disable_trace_kprobe (kernel/trace/trace_kprobe.c:429) perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168) perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295) _free_event (kernel/events/core.c:4971) perf_event_release_kernel (kernel/events/core.c:5176) perf_release (kernel/events/core.c:5186) __fput (fs/file_table.c:321) task_work_run (./include/linux/---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json index 2f4672dfb5b..4a614048a29 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50009.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_get_dnode_of_data\n\nThere is issue as follows when test f2fs atomic write:\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock\nF2FS-fs (loop0): invalid crc_offset: 0\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.\n==================================================================\nBUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0\nRead of size 8 at addr 0000000000000028 by task rep/1990\n\nCPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266\nCall Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report.cold+0x49a/0x6bb\n kasan_report+0xa8/0x130\n f2fs_get_dnode_of_data+0xac/0x16d0\n f2fs_do_write_data_page+0x2a5/0x1030\n move_data_page+0x3c5/0xdf0\n do_garbage_collect+0x2015/0x36c0\n f2fs_gc+0x554/0x1d30\n f2fs_balance_fs+0x7f5/0xda0\n f2fs_write_single_data_page+0xb66/0xdc0\n f2fs_write_cache_pages+0x716/0x1420\n f2fs_write_data_pages+0x84f/0x9a0\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x87/0xa0\n file_write_and_wait_range+0x157/0x1c0\n f2fs_do_sync_file+0x206/0x12d0\n f2fs_sync_file+0x99/0xc0\n vfs_fsync_range+0x75/0x140\n f2fs_file_write_iter+0xd7b/0x1850\n vfs_write+0x645/0x780\n ksys_write+0xf1/0x1e0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAs 3db1de0e582c commit changed atomic write way which new a cow_inode for\natomic write file, and also mark cow_inode as FI_ATOMIC_FILE.\nWhen f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode\nwhich is NULL. Then will trigger null-ptr-deref.\nTo solve above issue, introduce FI_COW_FILE flag for COW inode.\n\nFiexes: 3db1de0e582c(\"f2fs: change the current atomic write way\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrige null-ptr-deref en f2fs_get_dnode_of_data Hay un problema como el siguiente cuando se prueba la escritura at\u00f3mica de f2fs: F2FS-fs (loop0): No se puede encontrar un sistema de archivos F2FS v\u00e1lido en el 2.\u00ba superbloque F2FS-fs (loop0): crc_offset no v\u00e1lido: 0 F2FS-fs (loop0): f2fs_check_nid_range: nid fuera de rango = 1, ejecute fsck para corregirlo. F2FS-fs (loop0): f2fs_check_nid_range: nid fuera de rango = 2, ejecute fsck para corregirlo. ======================================================================= ERROR: KASAN: null-ptr-deref en f2fs_get_dnode_of_data+0xac/0x16d0 Lectura de tama\u00f1o 8 en la direcci\u00f3n 000000000000028 por la tarea rep/1990 CPU: 4 PID: 1990 Comm: rep No contaminado 5.19.0-rc6-next-20220715 #266 Rastreo de llamadas: dump_stack_lvl+0x6e/0x91 print_report.cold+0x49a/0x6bb kasan_report+0xa8/0x130 f2fs_get_dnode_of_data+0xac/0x16d0 f2fs_do_write_data_page+0x2a5/0x1030 move_data_page+0x3c5/0xdf0 do_garbage_collect+0x2015/0x36c0 f2fs_gc+0x554/0x1d30 f2fs_balance_fs+0x7f5/0xda0 f2fs_write_single_data_page+0xb66/0xdc0 f2fs_write_cache_pages+0x716/0x1420 f2fs_write_data_pages+0x84f/0x9a0 do_writepages+0x130/0x3a0 filemap_fdatawrite_wbc+0x87/0xa0 file_write_and_wait_range+0x157/0x1c0 f2fs_do_sync_file+0x206/0x12d0 f2fs_sync_file+0x99/0xc0 vfs_fsync_range+0x75/0x140 f2fs_file_write_iter+0xd7b/0x1850 vfs_write+0x645/0x780 ksys_write+0xf1/0x1e0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Como el commit 3db1de0e582c cambi\u00f3 la forma de escritura at\u00f3mica que ahora es un cow_inode para el archivo de escritura at\u00f3mica, y tambi\u00e9n marca cow_inode como FI_ATOMIC_FILE. Al escribir en f2fs_do_write_data_page, cow_inode usar\u00e1 el valor nulo de cow_inode. Esto activar\u00e1 null-ptr-deref. Para solucionar el problema, introduzca el indicador FI_COW_FILE para el inodo COW. Fiexes: 3db1de0e582c(\"f2fs: cambiar la ruta de escritura at\u00f3mica actual\")" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json index 5fc8db8a6ec..9c29088cc7f 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50010.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: i740fb: Check the argument of i740_calc_vclk()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug.\n\nIf the user provides an improper 'pixclock' value that makes the argumet\nof i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a\ndivide-by-zero bug in:\n drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]\nRIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]\nRIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of i740_calc_vclk() first." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: i740fb: Comprobaci\u00f3n del argumento de i740_calc_vclk(). Dado que el usuario puede controlar los argumentos de ioctl() desde el espacio de usuario, bajo argumentos especiales, esto puede provocar un error de divisi\u00f3n por cero. Si el usuario proporciona un valor de 'pixclock' incorrecto que hace que el argumento de i740_calc_vclk() sea menor que 'I740_RFREQ_FIX', se producir\u00e1 un error de divisi\u00f3n por cero en: drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX))); El siguiente registro puede revelarlo: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [en l\u00ednea] RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [en l\u00ednea] RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742 Seguimiento de llamadas: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Solucione esto verificando primero el argumento de i740_calc_vclk()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json index a7a93e2685c..9e9969e13e9 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50011.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvenus: pm_helpers: Fix warning in OPP during probe\n\nFix the following WARN triggered during Venus driver probe on\n5.19.0-rc8-next-20220728:\n\n WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610\n Modules linked in: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor\n qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+)\n videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched\n snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats\n drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5\n phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro\n lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers\n qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector\n drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6\n CPU: 7 PID: 339 Comm: systemd-udevd Not tainted 5.19.0-rc8-next-20220728 #4\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : dev_pm_opp_set_config+0x49c/0x610\n lr : dev_pm_opp_set_config+0x58/0x610\n sp : ffff8000093c3710\n x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00\n x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810\n x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810\n x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000\n x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858\n x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000\n x11: 0000000000000002 x10: 0000000000000a60 x9 : ffff8000093c35c0\n x8 : ffff4396c4273700 x7 : ffff43983efca6c0 x6 : ffff43983efca640\n x5 : 00000000410fd0d0 x4 : ffff4396c4272c40 x3 : ffffbca3f5d1e008\n x2 : 0000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860\n Call trace:\n dev_pm_opp_set_config+0x49c/0x610\n devm_pm_opp_set_config+0x18/0x70\n vcodec_domains_get+0xb8/0x1638 [venus_core]\n core_get_v4+0x1d8/0x218 [venus_core]\n venus_probe+0xf4/0x468 [venus_core]\n platform_probe+0x68/0xd8\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n driver_probe_device+0x3c/0xf0\n __driver_attach+0x70/0x120\n bus_for_each_dev+0x70/0xc0\n driver_attach+0x24/0x30\n bus_add_driver+0x150/0x200\n driver_register+0x64/0x120\n __platform_driver_register+0x28/0x38\n qcom_venus_driver_init+0x24/0x1000 [venus_core]\n do_one_initcall+0x54/0x1c8\n do_init_module+0x44/0x1d0\n load_module+0x16c8/0x1aa0\n __do_sys_finit_module+0xbc/0x110\n __arm64_sys_finit_module+0x20/0x30\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.0+0xcc/0xf0\n do_el0_svc+0x2c/0xb8\n el0_svc+0x2c/0x88\n el0t_64_sync_handler+0xb8/0xc0\n el0t_64_sync+0x18c/0x190\n qcom-venus: probe of aa00000.video-codec failed with error -16\n\nThe fix is re-ordering the code related to OPP core. The OPP core\nexpects all configuration options to be provided before the OPP\ntable is added." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: venus: pm_helpers: Se corrige la advertencia en OPP durante el sondeo Se corrige el siguiente WARN activado durante el sondeo del controlador Venus en 5.19.0-rc8-next-20220728: ADVERTENCIA: CPU: 7 PID: 339 en drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610 M\u00f3dulos vinculados en: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+) videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5 phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6 CPU: 7 PID: 339 Comm: systemd-udevd No contaminado 5.19.0-rc8-next-20220728 #4 Nombre del hardware: Qualcomm Technologies, Inc. Robotics RB5 (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : dev_pm_opp_set_config+0x49c/0x610 lr : dev_pm_opp_set_config+0x58/0x610 sp : ffff8000093c3710 x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00 x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810 x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810 x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000 x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858 x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000 x11: 0000000000000002 x10: 0000000000000a60 x9: ffff8000093c35c0 x8: ffff4396c4273700 x7: ffff43983efca6c0 x6: ffff43983efca640 x5: 00000000410fd0d0 x4: ffff4396c4272c40 x3: ffffbca3f5d1e008 x2: 00000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860 Rastreo de llamadas: dev_pm_opp_set_config+0x49c/0x610 devm_pm_opp_set_config+0x18/0x70 vcodec_domains_get+0xb8/0x1638 [venus_core] core_get_v4+0x1d8/0x218 [venus_core] venus_probe+0xf4/0x468 [venus_core] platform_probe+0x68/0xd8 really_probe+0xbc/0x2a8 __driver_probe_device+0x78/0xe0 driver_probe_device+0x3c/0xf0 __driver_attach+0x70/0x120 bus_for_each_dev+0x70/0xc0 driver_attach+0x24/0x30 bus_add_driver+0x150/0x200 driver_register+0x64/0x120 __platform_driver_register+0x28/0x38 qcom_venus_driver_init+0x24/0x1000 [venus_core] do_one_initcall+0x54/0x1c8 do_init_module+0x44/0x1d0 load_module+0x16c8/0x1aa0 __do_sys_finit_module+0xbc/0x110 __arm64_sys_finit_module+0x20/0x30 invoke_syscall+0x44/0x108 el0_svc_common.constprop.0+0xcc/0xf0 do_el0_svc+0x2c/0xb8 el0_svc+0x2c/0x88 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x18c/0x190 qcom-venus: probe of aa00000.video-codec failed with error -16. La soluci\u00f3n consiste en reordenar el c\u00f3digo relacionado con el n\u00facleo OPP. El n\u00facleo OPP espera que se proporcionen todas las opciones de configuraci\u00f3n antes de agregar la tabla OPP." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json index d03fdd0431e..9a1db57e83f 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50012.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Init jump labels before parse_early_param()\n\nOn 64-bit, calling jump_label_init() in setup_feature_keys() is too\nlate because static keys may be used in subroutines of\nparse_early_param() which is again subroutine of early_init_devtree().\n\nFor example booting with \"threadirqs\":\n\n static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()\n WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120\n ...\n NIP static_key_enable_cpuslocked+0xfc/0x120\n LR static_key_enable_cpuslocked+0xf8/0x120\n Call Trace:\n static_key_enable_cpuslocked+0xf8/0x120 (unreliable)\n static_key_enable+0x30/0x50\n setup_forced_irqthreads+0x28/0x40\n do_early_param+0xa0/0x108\n parse_args+0x290/0x4e0\n parse_early_options+0x48/0x5c\n parse_early_param+0x58/0x84\n early_init_devtree+0xd4/0x518\n early_setup+0xb4/0x214\n\nSo call jump_label_init() just before parse_early_param() in\nearly_init_devtree().\n\n[mpe: Add call trace to change log and minor wording edits.]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/64: Inicializar etiquetas de salto antes de parse_early_param() En 64 bits, llamar a jump_label_init() en setup_feature_keys() es demasiado tarde porque las claves est\u00e1ticas se pueden usar en subrutinas de parse_early_param(), que a su vez es una subrutina de early_init_devtree(). Por ejemplo, al arrancar con \"threadirqs\": static_key_enable_cpuslocked(): clave est\u00e1tica '0xc000000002953260' usada antes de llamar a jump_label_init() ADVERTENCIA: CPU: 0 PID: 0 en kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120 ... NIP static_key_enable_cpuslocked+0xfc/0x120 LR static_key_enable_cpuslocked+0xf8/0x120 Rastreo de llamadas: static_key_enable_cpuslocked+0xf8/0x120 (no confiable) static_key_enable+0x30/0x50 setup_forced_irqthreads+0x28/0x40 do_early_param+0xa0/0x108 parse_args+0x290/0x4e0 parse_early_options+0x48/0x5c parse_early_param+0x58/0x84 early_init_devtree+0xd4/0x518 early_setup+0xb4/0x214 Por lo tanto, llame a jump_label_init() justo antes de parse_early_param() en early_init_devtree(). [mpe: Agregar seguimiento de llamadas al registro de cambios y ediciones menores de redacci\u00f3n]." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json index f287e0a4892..36a70fb0e78 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50013.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()\n\nAs Dipanjan Das reported, syzkaller\nfound a f2fs bug as below:\n\nRIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295\nCall Trace:\n write_all_xattrs fs/f2fs/xattr.c:487 [inline]\n __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743\n f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790\n f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86\n __vfs_setxattr+0x115/0x180 fs/xattr.c:182\n __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216\n __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277\n vfs_setxattr+0x13f/0x330 fs/xattr.c:303\n setxattr+0x146/0x160 fs/xattr.c:611\n path_setxattr+0x1a7/0x1d0 fs/xattr.c:630\n __do_sys_lsetxattr fs/xattr.c:653 [inline]\n __se_sys_lsetxattr fs/xattr.c:649 [inline]\n __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nNAT entry and nat bitmap can be inconsistent, e.g. one nid is free\nin nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it\nmay trigger BUG_ON() in f2fs_new_node_page(), fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar el uso de f2fs_bug_on() en f2fs_new_node_page() Como inform\u00f3 Dipanjan Das , syzkaller encontr\u00f3 un error de f2fs como el siguiente: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Seguimiento de llamadas: write_all_xattrs fs/f2fs/xattr.c:487 [en l\u00ednea] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [en l\u00ednea] __se_sys_lsetxattr fs/xattr.c:649 [en l\u00ednea] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 La entrada NAT y el mapa de bits NAT pueden ser inconsistentes, por ejemplo, un nid est\u00e1 libre en el mapa de bits NAT y blkaddr en su entrada NAT no es NULL_ADDR, puede activar BUG_ON() en f2fs_new_node_page(), arr\u00e9glelo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json index ed583fc314d..d303862c21d 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50014.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW\n\nEver since the Dirty COW (CVE-2016-5195) security issue happened, we know\nthat FOLL_FORCE can be possibly dangerous, especially if there are races\nthat can be exploited by user space.\n\nRight now, it would be sufficient to have some code that sets a PTE of a\nR/O-mapped shared page dirty, in order for it to erroneously become\nwritable by FOLL_FORCE. The implications of setting a write-protected PTE\ndirty might not be immediately obvious to everyone.\n\nAnd in fact ever since commit 9ae0f87d009c (\"mm/shmem: unconditionally set\npte dirty in mfill_atomic_install_pte\"), we can use UFFDIO_CONTINUE to map\na shmem page R/O while marking the pte dirty. This can be used by\nunprivileged user space to modify tmpfs/shmem file content even if the\nuser does not have write permissions to the file, and to bypass memfd\nwrite sealing -- Dirty COW restricted to tmpfs/shmem (CVE-2022-2590).\n\nTo fix such security issues for good, the insight is that we really only\nneed that fancy retry logic (FOLL_COW) for COW mappings that are not\nwritable (!VM_WRITE). And in a COW mapping, we really only broke COW if\nwe have an exclusive anonymous page mapped. If we have something else\nmapped, or the mapped anonymous page might be shared (!PageAnonExclusive),\nwe have to trigger a write fault to break COW. If we don't find an\nexclusive anonymous page when we retry, we have to trigger COW breaking\nonce again because something intervened.\n\nLet's move away from this mandatory-retry + dirty handling and rely on our\nPageAnonExclusive() flag for making a similar decision, to use the same\nCOW logic as in other kernel parts here as well. In case we stumble over\na PTE in a COW mapping that does not map an exclusive anonymous page, COW\nwas not properly broken and we have to trigger a fake write-fault to break\nCOW.\n\nJust like we do in can_change_pte_writable() added via commit 64fe24a3e05e\n(\"mm/mprotect: try avoiding write faults for exclusive anonymous pages\nwhen changing protection\") and commit 76aefad628aa (\"mm/mprotect: fix\nsoft-dirty check in can_change_pte_writable()\"), take care of softdirty\nand uffd-wp manually.\n\nFor example, a write() via /proc/self/mem to a uffd-wp-protected range has\nto fail instead of silently granting write access and bypassing the\nuserspace fault handler. Note that FOLL_FORCE is not only used for debug\naccess, but also triggered by applications without debug intentions, for\nexample, when pinning pages via RDMA.\n\nThis fixes CVE-2022-2590. Note that only x86_64 and aarch64 are\naffected, because only those support CONFIG_HAVE_ARCH_USERFAULTFD_MINOR.\n\nFortunately, FOLL_COW is no longer required to handle FOLL_FORCE. So\nlet's just get rid of it.\n\nThanks to Nadav Amit for pointing out that the pte_dirty() check in\nFOLL_FORCE code is problematic and might be exploitable.\n\nNote 1: We don't check for the PTE being dirty because it doesn't matter\n\tfor making a \"was COWed\" decision anymore, and whoever modifies the\n\tpage has to set the page dirty either way.\n\nNote 2: Kernels before extended uffd-wp support and before\n\tPageAnonExclusive (< 5.19) can simply revert the problematic\n\tcommit instead and be safe regarding UFFDIO_CONTINUE. A backport to\n\tv5.19 requires minor adjustments due to lack of\n\tvma_soft_dirty_enabled()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/gup: corregir el problema de seguridad de FOLL_FORCE COW y eliminar FOLL_COW Desde que ocurri\u00f3 el problema de seguridad Dirty COW (CVE-2016-5195), sabemos que FOLL_FORCE puede ser posiblemente peligroso, especialmente si hay ejecuciones que pueden ser explotadas por el espacio de usuario. En este momento, ser\u00eda suficiente tener alg\u00fan c\u00f3digo que establezca un PTE de una p\u00e1gina compartida asignada a R/O sucia, para que FOLL_FORCE pueda escribir en ella por error. Las implicaciones de establecer una PTE protegida contra escritura sucia podr\u00edan no ser inmediatamente obvias para todos. Y de hecho, desde el commit 9ae0f87d009c (\"mm/shmem: establecer un pte sucio incondicionalmente en mfill_atomic_install_pte\"), podemos usar UFFDIO_CONTINUE para asignar una p\u00e1gina shmem R/O mientras se marca el pte sucio. Esto puede ser usado por usuarios sin privilegios para modificar el contenido de archivos tmpfs/shmem incluso si no tienen permisos de escritura, y para evitar el sellado de escritura de memfd (COW sucio restringido a tmpfs/shmem [CVE-2022-2590]). Para solucionar definitivamente estos problemas de seguridad, la clave es que solo necesitamos esa l\u00f3gica de reintento sofisticada (FOLL_COW) para las asignaciones de COW que no permiten escritura (!VM_WRITE). En una asignaci\u00f3n de COW, solo se interrumpe si se asigna una p\u00e1gina an\u00f3nima exclusiva. Si se asigna otra cosa, o si la p\u00e1gina an\u00f3nima asignada puede ser compartida (!PageAnonExclusive), se debe generar un fallo de escritura para interrumpir COW. Si no se encuentra una p\u00e1gina an\u00f3nima exclusiva al reintentar, se debe activar la interrupci\u00f3n de COW de nuevo porque algo intervino. Dejemos de lado este manejo de reintentos obligatorios y errores de escritura y utilicemos nuestra bandera PageAnonExclusive() para tomar una decisi\u00f3n similar y usar la misma l\u00f3gica de COW que en otras partes del kernel. Si encontramos una PTE en una asignaci\u00f3n de COW que no asigne una p\u00e1gina an\u00f3nima exclusiva, COW no se rompi\u00f3 correctamente y debemos generar un falso fallo de escritura para romperlo. Al igual que en can_change_pte_writable(), a\u00f1adido mediante el commit 64fe24a3e05e (\"mm/mprotect: intentar evitar errores de escritura en p\u00e1ginas an\u00f3nimas exclusivas al cambiar la protecci\u00f3n\") y el commit 76aefad628aa (\"mm/mprotect: corregir la comprobaci\u00f3n de errores de escritura en can_change_pte_writable()\"), nos encargamos de los errores de escritura y uffd-wp manualmente. Por ejemplo, una escritura (write()) mediante /proc/self/mem a un rango protegido por uffd-wp debe fallar en lugar de conceder acceso de escritura silenciosamente y omitir el controlador de errores del espacio de usuario. Tenga en cuenta que FOLL_FORCE no solo se usa para el acceso de depuraci\u00f3n, sino que tambi\u00e9n lo activan aplicaciones sin intenciones de depuraci\u00f3n, por ejemplo, al anclar p\u00e1ginas mediante RDMA. Esto corrige CVE-2022-2590. Tenga en cuenta que solo x86_64 y aarch64 se ven afectados, ya que solo estos admiten CONFIG_HAVE_ARCH_USERFAULTFD_MINOR. Afortunadamente, FOLL_COW ya no es necesario para gestionar FOLL_FORCE. As\u00ed que simplemente lo eliminaremos. Gracias a Nadav Amit por se\u00f1alar que la comprobaci\u00f3n pte_dirty() en el c\u00f3digo de FOLL_FORCE es problem\u00e1tica y podr\u00eda ser explotable. Nota 1: No comprobamos si la PTE est\u00e1 sucia porque ya no es relevante para tomar la decisi\u00f3n de \"fue COWed\", y quien modifique la p\u00e1gina debe configurarla como sucia de todos modos. Nota 2: Los kernels anteriores a la compatibilidad extendida con uffd-wp y a PageAnonExclusive (< 5.19) pueden simplemente revertir el commit problem\u00e1tica y estar seguros con respecto a UFFDIO_CONTINUE. Una adaptaci\u00f3n a la versi\u00f3n 5.19 requiere ajustes menores debido a la falta de vma_soft_dirty_enabled()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json index d5002de044d..0f2276375d8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50015.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda-ipc: No procesar la respuesta de IPC antes del arranque del firmware. A\u00fan no est\u00e1 claro, pero es posible crear un firmware tan defectuoso que env\u00ede un mensaje de respuesta antes de un mensaje FW_READY (a\u00fan no se sabe si FW_READY llegar\u00e1 despu\u00e9s). Dado que los datos de respuesta se asignan solo despu\u00e9s del mensaje FW_READY, esto provocar\u00e1 una desreferencia de puntero nulo si no se filtra. El problema se report\u00f3 con el firmware IPC4, pero la misma condici\u00f3n se presenta para IPC3." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json index a51d118c591..ec60ec5b1a1 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50016.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: cnl: No procesar la respuesta de IPC antes del arranque del firmware. A\u00fan no est\u00e1 claro, pero es posible crear un firmware tan defectuoso que env\u00ede un mensaje de respuesta antes de un mensaje FW_READY (a\u00fan no se sabe si FW_READY llegar\u00e1 despu\u00e9s). Dado que los datos de respuesta se asignan solo despu\u00e9s del mensaje FW_READY, esto provocar\u00e1 una desreferencia de puntero nulo si no se filtra. El problema se report\u00f3 con el firmware IPC4, pero la misma condici\u00f3n se presenta para IPC3." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json index e1c16f26d7d..34840255d63 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50017.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start\n\nWe should call of_node_put() for the reference 'uctl_node' returned by\nof_get_parent() which will increase the refcount. Otherwise, there will\nbe a refcount leak bug." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mips: cavium-octeon: Se corrige la falta de of_node_put() en octeon2_usb_clocks_start. Deber\u00edamos llamar a of_node_put() para la referencia 'uctl_node' devuelta por of_get_parent(), lo que aumentar\u00e1 el recuento de referencias. De lo contrario, se producir\u00e1 un error de fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json index 4ad50191438..be7817e13dd 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50019.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: Fix refcount leak bug in ucc_uart.c\n\nIn soc_info(), of_find_node_by_type() will return a node pointer\nwith refcount incremented. We should use of_node_put() when it is\nnot used anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: Se corrige el error de fuga de refcount en ucc_uart.c. En soc_info(), of_find_node_by_type() devolver\u00e1 un puntero de nodo con refcount incrementado. Deber\u00edamos usar of_node_put() cuando ya no se use." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json index 6af2c7d14e7..a5f71c59be1 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50020.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar redimensionar a un tama\u00f1o de cl\u00faster parcial. Este parche evita que se intente redimensionar el sistema de archivos a un l\u00edmite de cl\u00faster no alineado. Un redimensionamiento en l\u00ednea a un tama\u00f1o que no es integral al tama\u00f1o del cl\u00faster provoca que la \u00faltima iteraci\u00f3n intente aumentar el sistema de archivos en una cantidad negativa, lo que activa un BUG_ON y deja el sistema de archivos con un superbloque en memoria da\u00f1ado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json index daec8ae058d..f00f51417cb 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50021.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n \n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: el rango de bloques debe validarse antes de su uso en ext4_mb_clear_bb(). El rango de bloques a liberar se valida en ext4_free_blocks() mediante ext4_inode_block_valid() y luego se pasa a ext4_mb_clear_bb(). Sin embargo, en algunas situaciones en el sistema de archivos bigalloc, el rango podr\u00eda ajustarse despu\u00e9s de la validaci\u00f3n en ext4_free_blocks(), lo que puede causar problemas en sistemas de archivos da\u00f1ados, como el detectado por syzkaller, que result\u00f3 en el siguiente error del kernel en fs/ext4/ext4.h:3319. PREEMPT SMP NOPTI CPU: 28 PID: 4243 Comm: repro Kdump: cargado No contaminado 5.19.0-rc6+ #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 01/04/2014 RIP: 0010:ext4_free_blocks+0x95e/0xa90 Rastreo de llamadas ? lock_timer_base+0x61/0x80 ? __es_remove_extent+0x5a/0x760 ? __mod_timer+0x256/0x380 ? ext4_ind_truncate_ensure_credits+0x90/0x220 ext4_clear_blocks+0x107/0x1b0 ext4_free_data+0x15b/0x170 ext4_ind_truncate+0x214/0x2c0 ? _raw_spin_unlock+0x15/0x30 ? ext4_discard_preallocations+0x15a/0x410 ? ext4_journal_check_start+0xe/0x90 ? __ext4_journal_start_sb+0x2f/0x110 ext4_truncate+0x1b5/0x460 ? __ext4_journal_start_sb+0x2f/0x110 ext4_evict_inode+0x2b4/0x6f0 evict+0xd0/0x1d0 ext4_enable_quotas+0x11f/0x1f0 ext4_orphan_cleanup+0x3de/0x430 ? proc_create_seq_private+0x43/0x50 ext4_fill_super+0x295f/0x3ae0 ? snprintf+0x39/0x40 ? sget_fc+0x19c/0x330 ? ext4_reconfigure+0x850/0x850 get_tree_bdev+0x16d/0x260 vfs_get_tree+0x25/0xb0 path_mount+0x431/0xa70 __x64_sys_mount+0xe2/0x120 do_syscall_64+0x5b/0x80 ? do_user_addr_fault+0x1e2/0x670 ? exc_page_fault+0x70/0x170 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fdf4e512ace Corr\u00edjalo asegur\u00e1ndose de que el rango de bloques est\u00e9 validado correctamente antes de usarse cada vez que cambie en ext4_free_blocks() o ext4_mb_clear_bb()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json index afce73e0e35..fee8e1d57ce 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50022.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers:md:fix a potential use-after-free bug\n\nIn line 2884, \"raid5_release_stripe(sh);\" drops the reference to sh and\nmay cause sh to be released. However, sh is subsequently used in lines\n2886 \"if (sh->batch_head && sh != sh->batch_head)\". This may result in an\nuse-after-free bug.\n\nIt can be fixed by moving \"raid5_release_stripe(sh);\" to the bottom of\nthe function." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers:md:fix, un posible error de use-after-free. En la l\u00ednea 2884, \"raid5_release_stripe(sh);\" omite la referencia a sh y puede provocar su liberaci\u00f3n. Sin embargo, sh se utiliza posteriormente en la l\u00ednea 2886 \"if (sh->batch_head && sh != sh->batch_head)\". Esto puede provocar un error de use-after-free. Se puede corregir moviendo \"raid5_release_stripe(sh);\" al final de la funci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json index a60f2b524fe..d1d5ae842b4 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50023.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: ignore interrupt if no descriptor\n\nIf the channel has no descriptor and the interrupt is raised then the\nkernel will OOPS. Check the result of vchan_next_desc() in the handler\naxi_chan_block_xfer_complete() to avoid the error happening." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: dw-axi-dmac: ignorar interrupci\u00f3n si no hay descriptor. Si el canal no tiene descriptor y se activa la interrupci\u00f3n, el kernel mostrar\u00e1 un error. Verifique el resultado de vchan_next_desc() en el controlador axi_chan_block_xfer_complete() para evitar el error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json index db6b67c3669..b0fa93aa995 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50024.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: do not print NULL LLI during error\n\nDuring debugging we have seen an issue where axi_chan_dump_lli()\nis passed a NULL LLI pointer which ends up causing an OOPS due\nto trying to get fields from it. Simply print NULL LLI and exit\nto avoid this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: dw-axi-dmac: no imprimir LLI nulo durante el error. Durante la depuraci\u00f3n, se detect\u00f3 un problema en el que a axi_chan_dump_lli() se le pasaba un puntero LLI nulo, lo que provocaba un error al intentar obtener campos de \u00e9l. Simplemente imprima LLI nulo y salga para evitarlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json index 1a887234f8f..646657c8fe6 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50025.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl: Fix a memory leak in an error handling path\n\nA bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the\nerror handling path of afu_allocate_irqs()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl: Se corrige una p\u00e9rdida de memoria en una ruta de manejo de errores. Un bitmap_zalloc() debe equilibrarse con un bitmap_free() correspondiente en la ruta de manejo de errores de afu_allocate_irqs()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json index ff7cd6db140..e84d1ec4cd5 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50026.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs/gaudi: fix shift out of bounds\n\nWhen validating NIC queues, queue offset calculation must be\nperformed only for NIC queues." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: habanalabs/gaudi: correcci\u00f3n de desplazamiento fuera de los l\u00edmites. Al validar colas NIC, el c\u00e1lculo de desplazamiento de cola se debe realizar solo para colas NIC." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json index f49f0288b3d..bfa0dfa9a3d 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50027.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak when failing to issue CMF WQE\n\nThere is no corresponding free routine if lpfc_sli4_issue_wqe fails to\nissue the CMF WQE in lpfc_issue_cmf_sync_wqe.\n\nIf ret_val is non-zero, then free the iocbq request structure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Se corrige una posible fuga de memoria al no emitir la WQE de CMF. No existe una rutina de liberaci\u00f3n correspondiente si lpfc_sli4_issue_wqe no emite la WQE de CMF en lpfc_issue_cmf_sync_wqe. Si ret_val es distinto de cero, se libera la estructura de solicitud iocbq." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json index ad0cd1d05d4..e4eb34a69a0 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50028.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngadgetfs: ep_io - wait until IRQ finishes\n\nafter usb_ep_queue() if wait_for_completion_interruptible() is\ninterrupted we need to wait until IRQ gets finished.\n\nOtherwise complete() from epio_complete() can corrupt stack." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gadgetfs: ep_io - espera hasta que finalice la IRQ despu\u00e9s de usb_ep_queue(). Si wait_for_completion_interruptible() se interrumpe, debemos esperar hasta que finalice la IRQ. De lo contrario, la ejecuci\u00f3n de complete() desde epio_complete() puede da\u00f1ar la pila." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json index 60b465cd9af..118d28c1daf 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50029.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: dont disable gcc_sleep_clk_src\n\nOnce the usb sleep clocks are disabled, clock framework is trying to\ndisable the sleep clock source also.\n\nHowever, it seems that it cannot be disabled and trying to do so produces:\n[ 245.436390] ------------[ cut here ]------------\n[ 245.441233] gcc_sleep_clk_src status stuck at 'on'\n[ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140\n[ 245.450435] Modules linked in: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio\n[ 245.456601] CPU: 2 PID: 223 Comm: sh Not tainted 5.18.0-rc4 #215\n[ 245.463889] Hardware name: Xiaomi AX9000 (DT)\n[ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 245.474307] pc : clk_branch_wait+0x130/0x140\n[ 245.481073] lr : clk_branch_wait+0x130/0x140\n[ 245.485588] sp : ffffffc009f2bad0\n[ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000\n[ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20\n[ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0\n[ 245.507294] x20: 0000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7\n[ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777\n[ 245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129\n[ 245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9 : 0000000000000001\n[ 245.535767] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : 0000000000000001\n[ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027\n[ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026\n[ 245.557122] Call trace:\n[ 245.564229] clk_branch_wait+0x130/0x140\n[ 245.566490] clk_branch2_disable+0x2c/0x40\n[ 245.570656] clk_core_disable+0x60/0xb0\n[ 245.574561] clk_core_disable+0x68/0xb0\n[ 245.578293] clk_disable+0x30/0x50\n[ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom]\n[ 245.585588] platform_remove+0x28/0x60\n[ 245.590361] device_remove+0x4c/0x80\n[ 245.594179] device_release_driver_internal+0x1dc/0x230\n[ 245.597914] device_driver_detach+0x18/0x30\n[ 245.602861] unbind_store+0xec/0x110\n[ 245.607027] drv_attr_store+0x24/0x40\n[ 245.610847] sysfs_kf_write+0x44/0x60\n[ 245.614405] kernfs_fop_write_iter+0x128/0x1c0\n[ 245.618052] new_sync_write+0xc0/0x130\n[ 245.622391] vfs_write+0x1d4/0x2a0\n[ 245.626123] ksys_write+0x58/0xe0\n[ 245.629508] __arm64_sys_write+0x1c/0x30\n[ 245.632895] invoke_syscall.constprop.0+0x5c/0x110\n[ 245.636890] do_el0_svc+0xa0/0x150\n[ 245.641488] el0_svc+0x18/0x60\n[ 245.644872] el0t_64_sync_handler+0xa4/0x130\n[ 245.647914] el0t_64_sync+0x174/0x178\n[ 245.652340] ---[ end trace 0000000000000000 ]---\n\nSo, add CLK_IS_CRITICAL flag to the clock so that the kernel won't try\nto disable the sleep clock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: ipq8074: no deshabilite gcc_sleep_clk_src Una vez que se deshabilitan los relojes de suspensi\u00f3n USB, el marco del reloj tambi\u00e9n intenta deshabilitar la fuente del reloj de suspensi\u00f3n. Sin embargo, parece que no se puede desactivar e intentar hacerlo produce: [ 245.436390] ------------[ cortar aqu\u00ed ]------------ [ 245.441233] estado gcc_sleep_clk_src atascado en 'on' [ 245.441254] ADVERTENCIA: CPU: 2 PID: 223 en clk_branch_wait+0x130/0x140 [ 245.450435] M\u00f3dulos vinculados en: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio [ 245.456601] CPU: 2 PID: 223 Comm: sh No contaminado 5.18.0-rc4 #215 [ 245.463889] Nombre del hardware: Xiaomi AX9000 (DT) [ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 245.474307] pc : clk_branch_wait+0x130/0x140 [ 245.481073] lr : clk_branch_wait+0x130/0x140 [ 245.485588] sp : ffffffc009f2bad0 [ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000 [ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20 [ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0 [ 245.507294] x20: 000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7 [ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777 [245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129 [245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9: 0000000000000001 [245.535767] x8: 000000000000001 x7: 0000000000017fe8 x6: 0000000000000001 [ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027 [ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026 [ 245.557122] Rastreo de llamadas: [ 245.564229] clk_branch_wait+0x130/0x140 [ 245.566490] clk_branch2_disable+0x2c/0x40 [ 245.570656] clk_core_disable+0x60/0xb0 [ 245.574561] clk_core_disable+0x68/0xb0 [ 245.578293] clk_disable+0x30/0x50 [ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom] [ 245.585588] platform_remove+0x28/0x60 [ 245.590361] device_remove+0x4c/0x80 [ 245.594179] device_release_driver_internal+0x1dc/0x230 [ 245.597914] device_driver_detach+0x18/0x30 [ 245.602861] unbind_store+0xec/0x110 [ 245.607027] drv_attr_store+0x24/0x40 [ 245.610847] sysfs_kf_write+0x44/0x60 [ 245.614405] kernfs_fop_write_iter+0x128/0x1c0 [ 245.618052] new_sync_write+0xc0/0x130 [ 245.622391] vfs_write+0x1d4/0x2a0 [ 245.626123] ksys_write+0x58/0xe0 [ 245.629508] __arm64_sys_write+0x1c/0x30 [ 245.632895] invoke_syscall.constprop.0+0x5c/0x110 [ 245.636890] do_el0_svc+0xa0/0x150 [ 245.641488] el0_svc+0x18/0x60 [ 245.644872] el0t_64_sync_handler+0xa4/0x130 [ 245.647914] el0t_64_sync+0x174/0x178 [ 245.652340] ---[ fin de seguimiento 0000000000000000 ]--- Por lo tanto, agregue el indicador CLK_IS_CRITICAL al reloj para que el n\u00facleo no intente para desactivar el reloj de sue\u00f1o." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json index 549edbbaccf..d167c6cebf6 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50030.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input\n\nMalformed user input to debugfs results in buffer overflow crashes. Adapt\ninput string lengths to fit within internal buffers, leaving space for NULL\nterminators." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Evita fallos por desbordamiento de b\u00fafer en debugfs con entradas de usuario malformadas. Las entradas de usuario malformadas en debugfs provocan fallos por desbordamiento de b\u00fafer. Adapta la longitud de las cadenas de entrada para que quepan en los b\u00faferes internos, dejando espacio para terminadores NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json index 756f2191005..718b6dae410 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50031.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: Fix HW conn removal use after free\n\nIf qla4xxx doesn't remove the connection before the session, the iSCSI\nclass tries to remove the connection for it. We were doing a\niscsi_put_conn() in the iter function which is not needed and will result\nin a use after free because iscsi_remove_conn() will free the connection." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: iscsi: Se corrige el uso de la eliminaci\u00f3n de la conexi\u00f3n de hardware despu\u00e9s de la liberaci\u00f3n. Si qla4xxx no elimina la conexi\u00f3n antes de la sesi\u00f3n, la clase iSCSI intenta eliminarla. Se estaba ejecutando una funci\u00f3n iscsi_put_conn() en la funci\u00f3n iter, lo cual no es necesario y resultar\u00e1 en un Use-After-Free, ya que iscsi_remove_conn() liberar\u00e1 la conexi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json index 3220b0d7faa..e18323239fc 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50032.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas: Fix refcount leak bug\n\nIn usbhs_rza1_hardware_init(), of_find_node_by_name() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: renesas: Se corrige el error de fuga de refcount. En usbhs_rza1_hardware_init(), of_find_node_by_name() devolver\u00e1 un puntero de nodo con refcount incrementado. Deber\u00edamos usar of_node_put() cuando ya no se use." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json index f36e4c32a0b..c302d4adb65 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50033.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-ppc-of: Fix refcount leak bug\n\nIn ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: host: ohci-ppc-of: Se corrige el error de fuga de refcount. En ohci_hcd_ppc_of_probe(), of_find_compatible_node() devolver\u00e1 un puntero de nodo con refcount incrementado. Deber\u00edamos usar of_node_put() cuando ya no se use." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json index b216a4f6ef4..43c033ff4c8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50034.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3 fix use-after-free at workaround 2\n\nBUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac\n\ncdns3_wa2_remove_old_request()\n{\n\t...\n\tkfree(priv_req->request.buf);\n\tcdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);\n\tlist_del_init(&priv_req->list);\n\t^^^ use after free\n\t...\n}\n\ncdns3_gadget_ep_free_request() free the space pointed by priv_req,\nbut priv_req is used in the following list_del_init().\n\nThis patch move list_del_init() before cdns3_gadget_ep_free_request()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdns3 corrige el Use-After-Free en la soluci\u00f3n alternativa 2 ERROR: KFENCE: Use-After-Free en __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ Use-After-Free ... } cdns3_gadget_ep_free_request() libera el espacio apuntado por priv_req, pero priv_req se usa en el siguiente list_del_init(). Este parche mueve list_del_init() antes de cdns3_gadget_ep_free_request()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json index b022a7bd463..7524c0e237f 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50035.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex\n\nIf amdgpu_cs_vm_handling returns r != 0, then it will unlock the\nbo_list_mutex inside the function amdgpu_cs_vm_handling and again on\namdgpu_cs_parser_fini. This problem results in the following\nuse-after-free problem:\n\n[ 220.280990] ------------[ cut here ]------------\n[ 220.281000] refcount_t: underflow; use-after-free.\n[ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n[ 220.281029] ------------[ cut here ]------------\n[ 220.281415] CPU: 1 PID: 3746 Comm: chrome:cs0 Tainted: G W L ------- --- 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64 #1\n[ 220.281421] Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022\n[ 220.281426] RIP: 0010:refcount_warn_saturate+0xba/0x110\n[ 220.281431] Code: 01 01 e8 79 4a 6f 00 0f 0b e9 42 47 a5 00 80 3d de\n7e be 01 00 75 85 48 c7 c7 f8 98 8e 98 c6 05 ce 7e be 01 01 e8 56 4a\n6f 00 <0f> 0b e9 1f 47 a5 00 80 3d b9 7e be 01 00 0f 85 5e ff ff ff 48\nc7\n[ 220.281437] RSP: 0018:ffffb4b0d18d7a80 EFLAGS: 00010282\n[ 220.281443] RAX: 0000000000000026 RBX: 0000000000000003 RCX: 0000000000000000\n[ 220.281448] RDX: 0000000000000001 RSI: ffffffff988d06dc RDI: 00000000ffffffff\n[ 220.281452] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffb4b0d18d7930\n[ 220.281457] R10: 0000000000000003 R11: ffffa0672e2fffe8 R12: ffffa058ca360400\n[ 220.281461] R13: ffffa05846c50a18 R14: 00000000fffffe00 R15: 0000000000000003\n[ 220.281465] FS: 00007f82683e06c0(0000) GS:ffffa066e2e00000(0000) knlGS:0000000000000000\n[ 220.281470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 220.281475] CR2: 00003590005cc000 CR3: 00000001fca46000 CR4: 0000000000350ee0\n[ 220.281480] Call Trace:\n[ 220.281485] \n[ 220.281490] amdgpu_cs_ioctl+0x4e2/0x2070 [amdgpu]\n[ 220.281806] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282028] drm_ioctl_kernel+0xa4/0x150\n[ 220.282043] drm_ioctl+0x21f/0x420\n[ 220.282053] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu]\n[ 220.282275] ? lock_release+0x14f/0x460\n[ 220.282282] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282290] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 220.282297] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282305] ? _raw_spin_unlock_irqrestore+0x40/0x60\n[ 220.282317] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu]\n[ 220.282534] __x64_sys_ioctl+0x90/0xd0\n[ 220.282545] do_syscall_64+0x5b/0x80\n[ 220.282551] ? futex_wake+0x6c/0x150\n[ 220.282568] ? lock_is_held_type+0xe8/0x140\n[ 220.282580] ? do_syscall_64+0x67/0x80\n[ 220.282585] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282592] ? do_syscall_64+0x67/0x80\n[ 220.282597] ? do_syscall_64+0x67/0x80\n[ 220.282602] ? lockdep_hardirqs_on+0x7d/0x100\n[ 220.282609] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 220.282616] RIP: 0033:0x7f8282a4f8bf\n[ 220.282639] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10\n00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00\n0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00\n00\n[ 220.282644] RSP: 002b:00007f82683df410 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 220.282651] RAX: ffffffffffffffda RBX: 00007f82683df588 RCX: 00007f8282a4f8bf\n[ 220.282655] RDX: 00007f82683df4d0 RSI: 00000000c0186444 RDI: 0000000000000018\n[ 220.282659] RBP: 00007f82683df4d0 R08: 00007f82683df5e0 R09: 00007f82683df4b0\n[ 220.282663] R10: 00001d04000a0600 R11: 0000000000000246 R12: 00000000c0186444\n[ 220.282667] R13: 0000000000000018 R14: 00007f82683df588 R15: 0000000000000003\n[ 220.282689] \n[ 220.282693] irq event stamp: 6232311\n[ 220.282697] hardirqs last enabled at (6232319): [] __up_console_sem+0x5e/0x70\n[ 220.282704] hardirqs last disabled at (6232326): [] __up_console_sem+0x43/0x70\n[ 220.282709] softirqs last enabled at (6232072): [] __irq_exit_rcu+0xf9/0x170\n[ 220.282716] softirqs last disabled at (6232061): [regions'\narray will be accessed by negative index '-1'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: sja1105: se corrige un desbordamiento de b\u00fafer en sja1105_setup_devlink_regions(). Si se produce un error en dsa_devlink_region_create(), se acceder\u00e1 a la matriz 'priv->regions' con el \u00edndice negativo '-1'. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json index aaa8a3687ae..bd52e372713 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50041.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix call trace with null VSI during VF reset\n\nDuring stress test with attaching and detaching VF from KVM and\nsimultaneously changing VFs spoofcheck and trust there was a\ncall trace in ice_reset_vf that VF's VSI is null.\n\n[145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio iavf dm_mod xt_CHECKSUM xt_MASQUERADE\nxt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun\n bridge stp llc sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTC\nO_vendor_support irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl ipmi_si intel_cstate ipmi_devintf joydev intel_uncore m\nei_me ipmi_msghandler i2c_i801 pcspkr mei lpc_ich ioatdma i2c_smbus acpi_pad acpi_power_meter ip_tables xfs libcrc32c i2c_algo_bit drm_sh\nmem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft syscopyarea crc64 sysfillrect sg sysimgblt fb_sys_fops drm i40e ixgbe ahci libahci\n libata crc32c_intel mdio dca wmi fuse [last unloaded: ice]\n[145237.352917] CPU: 46 PID: 840629 Comm: kworker/46:2 Tainted: G S W I E 5.19.0-rc6+ #24\n[145237.352921] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.0008.021120151325 02/11/2015\n[145237.352923] Workqueue: ice ice_service_task [ice]\n[145237.352948] RIP: 0010:ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352984] Code: 30 ec f3 cc e9 28 fd ff ff 0f b7 4b 50 48 c7 c2 48 19 9c c0 4c 89 ee 48 c7 c7 30 fe 9e c0 e8 d1 21 9d cc 31 c0 e9 a\n9 fe ff ff <0f> 0b b8 ea ff ff ff e9 c1 fc ff ff 0f 0b b8 fb ff ff ff e9 91 fe\n[145237.352987] RSP: 0018:ffffb453e257fdb8 EFLAGS: 00010246\n[145237.352990] RAX: ffff8bd0040181c0 RBX: ffff8be68db8f800 RCX: 0000000000000000\n[145237.352991] RDX: 000000000000ffff RSI: 0000000000000000 RDI: ffff8be68db8f800\n[145237.352993] RBP: ffff8bd0040181c0 R08: 0000000000001000 R09: ffff8bcfd520e000\n[145237.352995] R10: 0000000000000000 R11: 00008417b5ab0bc0 R12: 0000000000000005\n[145237.352996] R13: ffff8bcee061c0d0 R14: ffff8bd004019640 R15: 0000000000000000\n[145237.352998] FS: 0000000000000000(0000) GS:ffff8be5dfb00000(0000) knlGS:0000000000000000\n[145237.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[145237.353002] CR2: 00007fd81f651d68 CR3: 0000001a0fe10001 CR4: 00000000001726e0\n[145237.353003] Call Trace:\n[145237.353008] \n[145237.353011] ice_process_vflr_event+0x8d/0xb0 [ice]\n[145237.353049] ice_service_task+0x79f/0xef0 [ice]\n[145237.353074] process_one_work+0x1c8/0x390\n[145237.353081] ? process_one_work+0x390/0x390\n[145237.353084] worker_thread+0x30/0x360\n[145237.353087] ? process_one_work+0x390/0x390\n[145237.353090] kthread+0xe8/0x110\n[145237.353094] ? kthread_complete_and_exit+0x20/0x20\n[145237.353097] ret_from_fork+0x22/0x30\n[145237.353103] \n\nRemove WARN_ON() from check if VSI is null in ice_reset_vf.\nAdd \"VF is already removed\\n\" in dev_dbg().\n\nThis WARN_ON() is unnecessary and causes call trace, despite that\ncall trace, driver still works. There is no need for this warn\nbecause this piece of code is responsible for disabling VF's Tx/Rx\nqueues when VF is disabled, but when VF is already removed there\nis no need to do reset or disable queues." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Se corrige el seguimiento de llamadas con VSI nulo durante el reinicio de VF. Durante la prueba de estr\u00e9s con la conexi\u00f3n y desconexi\u00f3n de VF de KVM y el cambio simult\u00e1neo de VF, spoofcheck y trust, hab\u00eda un seguimiento de llamadas en ice_reset_vf que indicaba que el VSI de VF era nulo. [145237.352797] ADVERTENCIA: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice] [145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio iavf dm_mod xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun bridge stp llc sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTC O_vendor_support irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl ipmi_si intel_cstate ipmi_devintf joydev intel_uncore m ei_me ipmi_msghandler i2c_i801 pcspkr mei lpc_ich ioatdma i2c_smbus acpi_pad acpi_power_meter ip_tables xfs libcrc32c i2c_algo_bit drm_sh mem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft syscopyarea crc64 sysfillrect sg sysimgblt fb_sys_fops drm i40e ixgbe ahci libahci libata crc32c_intel mdio dca wmi fuse [last unloaded: ice] [145237.352917] CPU: 46 PID: 840629 Comm: kworker/46:2 Tainted: G S W I E 5.19.0-rc6+ #24 [145237.352921] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.0008.021120151325 02/11/2015 [145237.352923] Workqueue: ice ice_service_task [ice] [145237.352948] RIP: 0010:ice_reset_vf+0x3d6/0x410 [ice] [145237.352984] Code: 30 ec f3 cc e9 28 fd ff ff 0f b7 4b 50 48 c7 c2 48 19 9c c0 4c 89 ee 48 c7 c7 30 fe 9e c0 e8 d1 21 9d cc 31 c0 e9 a 9 fe ff ff <0f> 0b b8 ea ff ff ff e9 c1 fc ff ff 0f 0b b8 fb ff ff ff e9 91 fe [145237.352987] RSP: 0018:ffffb453e257fdb8 EFLAGS: 00010246 [145237.352990] RAX: ffff8bd0040181c0 RBX: ffff8be68db8f800 RCX: 0000000000000000 [145237.352991] RDX: 000000000000ffff RSI: 0000000000000000 RDI: ffff8be68db8f800 [145237.352993] RBP: ffff8bd0040181c0 R08: 0000000000001000 R09: ffff8bcfd520e000 [145237.352995] R10: 0000000000000000 R11: 00008417b5ab0bc0 R12: 0000000000000005 [145237.352996] R13: ffff8bcee061c0d0 R14: ffff8bd004019640 R15: 0000000000000000 [145237.352998] FS: 0000000000000000(0000) GS:ffff8be5dfb00000(0000) knlGS:0000000000000000 [145237.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [145237.353002] CR2: 00007fd81f651d68 CR3: 0000001a0fe10001 CR4: 00000000001726e0 [145237.353003] Call Trace: [145237.353008] [145237.353011] ice_process_vflr_event+0x8d/0xb0 [ice] [145237.353049] ice_service_task+0x79f/0xef0 [ice] [145237.353074] process_one_work+0x1c8/0x390 [145237.353081] ? process_one_work+0x390/0x390 [145237.353084] worker_thread+0x30/0x360 [145237.353087] ? process_one_work+0x390/0x390 [145237.353090] kthread+0xe8/0x110 [145237.353094] ? kthread_complete_and_exit+0x20/0x20 [145237.353097] ret_from_fork+0x22/0x30 [145237.353103] Eliminar WARN_ON() de la comprobaci\u00f3n si VSI es nulo en ice_reset_vf. A\u00f1adir \"VF ya se ha eliminado\\n\" en dev_dbg(). Este WARN_ON() es innecesario y genera un seguimiento de llamadas; a pesar de ello, el controlador sigue funcionando. No es necesario este aviso, ya que este fragmento de c\u00f3digo se encarga de deshabilitar las colas de Tx/Rx de VF cuando VF est\u00e1 deshabilitado, pero cuando VF ya se ha eliminado, no es necesario reiniciar ni deshabilitar las colas. " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json index f86e26bd50a..cdc329486cf 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50042.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: genl: fix error path memory leak in policy dumping\n\nIf construction of the array of policies fails when recording\nnon-first policy we need to unwind.\n\nnetlink_policy_dump_add_policy() itself also needs fixing as\nit currently gives up on error without recording the allocated\npointer in the pstate pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: genl: corrige error de p\u00e9rdida de memoria de ruta en el volcado de pol\u00edticas Si la construcci\u00f3n de la matriz de pol\u00edticas falla cuando se registra una pol\u00edtica que no es la primera, debemos desenrollar. netlink_policy_dump_add_policy() en s\u00ed tambi\u00e9n necesita reparaci\u00f3n, ya que actualmente se da por vencido en caso de error sin registrar el puntero asignado en el puntero pstate. " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json index 9321b76813d..029b74a14a2 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50043.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix potential refcount leak in ndisc_router_discovery()\n\nThe issue happens on specific paths in the function. After both the\nobject `rt` and `neigh` are grabbed successfully, when `lifetime` is\nnonzero but the metric needs change, the function just deletes the\nroute and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh`\nagain if above conditions hold. The function simply overwrite `neigh`\nif succeeds or returns if fails, without decreasing the reference\ncount of previous `neigh`. This may result in memory leaks.\n\nFix it by decrementing the reference count of `neigh` in place." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: correcci\u00f3n de una posible fuga de referencias en ndisc_router_discovery(). El problema se produce en rutas espec\u00edficas de la funci\u00f3n. Tras la captura correcta de los objetos `rt` y `neigh`, cuando `lifetime` es distinto de cero pero la m\u00e9trica necesita cambiar, la funci\u00f3n simplemente elimina la ruta y establece `rt` en NULL. A continuaci\u00f3n, puede intentar capturar `rt` y `neigh` de nuevo si se cumplen las condiciones anteriores. La funci\u00f3n simplemente sobrescribe `neigh` si tiene \u00e9xito o retorna si falla, sin reducir la cantidad de referencias de `neigh` anterior. Esto puede provocar fugas de memoria. Para solucionarlo, reduzca la cantidad de referencias de `neigh` en su lugar." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json index 6c199b266af..ab160d547b8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50044.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res->transaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,\n\t\t\t\tmhi_res->bytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qrtr: iniciar canal MHI despu\u00e9s de la creaci\u00f3n del endpoint El canal MHI puede generar un evento/interrupci\u00f3n justo despu\u00e9s de habilitarse. Esto puede provocar dos problemas de condiciones de ejecuci\u00f3n. 1) Dicho evento puede ser descartado por qcom_mhi_qrtr_dl_callback() en la comprobaci\u00f3n: if (!qdev || mhi_res->transaction_status) return; Porque dev_set_drvdata(&mhi_dev->dev, qdev) puede no ejecutarse en este momento. En esta situaci\u00f3n, qrtr-ns no podr\u00e1 enumerar los servicios en el dispositivo. --------------------------------------------------------------- 2) Dicho evento puede ocurrir despu\u00e9s de dev_set_drvdata() y antes de qrtr_endpoint_register(). En este caso, el kernel entrar\u00e1 en p\u00e1nico al acceder al puntero incorrecto en qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, mhi_res->bytes_xferd); Porque el endpoint a\u00fan no se ha creado. -------------------------------------------------------------- Por lo tanto, mueva mhi_prepare_for_transfer_autoqueue despu\u00e9s de la creaci\u00f3n del endpoint para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json index 452c15e8d7a..aed999c88ad 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50045.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pci: Fix get_phb_number() locking\n\nThe recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP\nwarning on some systems:\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n 1 lock held by swapper/1:\n #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220\n Preemption disabled at:\n [<00000000>] 0x0\n CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1\n Call Trace:\n [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable)\n [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8\n [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec\n [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4\n [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220\n [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784\n [d101de50] [c140852c] discover_phbs+0x30/0x4c\n [d101de60] [c0007fd4] do_one_initcall+0x94/0x344\n [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c\n [d101df10] [c00086e0] kernel_init+0x34/0x160\n [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64\n\nThis is because pcibios_alloc_controller() holds hose_spinlock but\nof_alias_get_id() takes of_mutex which can sleep.\n\nThe hose_spinlock protects the phb_bitmap, and also the hose_list, but\nit doesn't need to be held while get_phb_number() calls the OF routines,\nbecause those are only looking up information in the device tree.\n\nSo fix it by having get_phb_number() take the hose_spinlock itself, only\nwhere required, and then dropping the lock before returning.\npcibios_alloc_controller() then needs to take the lock again before the\nlist_add() but that's safe, the order of the list is not important." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/pci: Se corrige el bloqueo de get_phb_number() El cambio reciente en get_phb_number() provoca una advertencia DEBUG_ATOMIC_SLEEP en algunos sistemas: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper preempt_count: 1, expected: 0 Profundidad de anidamiento de RCU: 0, expected: 0 1 bloqueo mantenido por swapper/1: #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, en: pcibios_alloc_controller+0x64/0x220 Preempci\u00f3n deshabilitada en: [<00000000>] 0x0 CPU: 0 PID: 1 Comm: swapper No contaminado 5.19.0-yocto-standard+ #1 Seguimiento de llamadas: [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (no confiable) [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8 [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4 [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220 [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784 [d101de50] [c140852c] discover_phbs+0x30/0x4c [d101de60] [c0007fd4] do_one_initcall+0x94/0x344 [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c [d101df10] [c00086e0] kernel_init+0x34/0x160 [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64 Esto se debe a que pcibios_alloc_controller() mantiene hose_spinlock pero of_alias_get_id() toma of_mutex que puede dormir. El hose_spinlock protege phb_bitmap y tambi\u00e9n hose_list, pero no es necesario mantenerlo mientras get_phb_number() llama a las rutinas OF, ya que estas solo buscan informaci\u00f3n en el \u00e1rbol de dispositivos. Para solucionarlo, haga que get_phb_number() tome el hose_spinlock solo cuando sea necesario y luego desactive el bloqueo antes de regresar. pcibios_alloc_controller() debe volver a tomar el bloqueo antes de list_add(), pero esto es seguro; el orden de la lista no importa." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json index 7e27509fa78..0b22e445fe8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50046.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()\n\nThe issue happens on some error handling paths. When the function\nfails to grab the object `xprt`, it simply returns 0, forgetting to\ndecrease the reference count of another object `xps`, which is\nincreased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount\nleaks. Also, the function forgets to check whether `xps` is valid\nbefore using it, which may result in NULL-dereferencing issues.\n\nFix it by adding proper error handling code when either `xprt` or\n`xps` is NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sunrpc: se corrigen posibles fugas de memoria en rpc_sysfs_xprt_state_change(). El problema se produce en algunas rutas de gesti\u00f3n de errores. Cuando la funci\u00f3n no logra capturar el objeto `xprt`, simplemente devuelve 0, olvidando disminuir el recuento de referencias de otro objeto `xps`, que se incrementa mediante rpc_sysfs_xprt_kobj_get_xprt_switch(), lo que provoca fugas de referencias. Adem\u00e1s, la funci\u00f3n olvida comprobar si `xps` es v\u00e1lido antes de usarlo, lo que puede provocar problemas de desreferenciaci\u00f3n a valores NULL. Se puede solucionar a\u00f1adiendo el c\u00f3digo de gesti\u00f3n de errores adecuado cuando `xprt` o `xps` sean valores NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json index cfd8736ae19..7cea26c31c6 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50047.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6060: prevent crash on an unused port\n\nIf the port isn't a CPU port nor a user port, 'cpu_dp'\nis a null pointer and a crash happened on dereferencing\nit in mv88e6060_setup_port():\n\n[ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014\n...\n[ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84\n[ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54\n[ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0\n[ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c\n[ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c\n[ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0\n[ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184\n[ 9.986632] __device_attach from bus_probe_device+0x8c/0x94\n[ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8\n[ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c\n[ 10.006292] process_one_work from worker_thread+0x30/0x4b8\n[ 10.012155] worker_thread from kthread+0xd4/0x10c\n[ 10.017238] kthread from ret_from_fork+0x14/0x3c" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: mv88e6060: evitar un fallo en un puerto no utilizado Si el puerto no es un puerto de CPU ni un puerto de usuario, 'cpu_dp' es un puntero nulo y se produjo un fallo al desreferenciarlo en mv88e6060_setup_port(): [ 9.575872] No se puede controlar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000014 ... [ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84 [ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54 [ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0 [ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c [ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c [ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0 [ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184 [ 9.986632] __device_attach from bus_probe_device+0x8c/0x94 [ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8 [ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c [ 10.006292] process_one_work from worker_thread+0x30/0x4b8 [ 10.012155] worker_thread from kthread+0xd4/0x10c [ 10.017238] kthread from ret_from_fork+0x14/0x3c" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json index e48ee3b5110..29b6e58629e 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50048.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: possible module reference underflow in error path\n\ndst->ops is set on when nft_expr_clone() fails, but module refcount has\nnot been bumped yet, therefore nft_expr_destroy() leads to module\nreference underflow." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: posible desbordamiento de referencia de m\u00f3dulo en la ruta de error dst->ops est\u00e1 activado cuando nft_expr_clone() falla, pero el recuento de referencias del m\u00f3dulo a\u00fan no se ha incrementado, por lo tanto, nft_expr_destroy() provoca un desbordamiento de referencia de m\u00f3dulo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json index 63b4fd5ad08..32f3e739ea7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50049.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: DPCM: Don't pick up BE without substream\n\nWhen DPCM tries to add valid BE connections at dpcm_add_paths(), it\ndoesn't check whether the picked BE actually supports for the given\nstream direction. Due to that, when an asymmetric BE stream is\npresent, it picks up wrongly and this may result in a NULL dereference\nat a later point where the code assumes the existence of a\ncorresponding BE substream.\n\nThis patch adds the check for the presence of the substream for the\ntarget BE for avoiding the problem above.\n\nNote that we have already some fix for non-existing BE substream at\ncommit 6246f283d5e0 (\"ASoC: dpcm: skip missing substream while\napplying symmetry\"). But the code path we've hit recently is rather\nhappening before the previous fix. So this patch tries to fix at\npicking up a BE instead of parsing BE lists." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: DPCM: No seleccionar BE sin subflujo. Cuando DPCM intenta agregar conexiones BE v\u00e1lidas en dpcm_add_paths(), no comprueba si el BE seleccionado realmente admite la direcci\u00f3n de flujo dada. Debido a eso, cuando hay un flujo BE asim\u00e9trico presente, se selecciona incorrectamente y esto puede resultar en una desreferencia NULL en un punto posterior donde el c\u00f3digo asume la existencia de un subflujo BE correspondiente. Este parche agrega la verificaci\u00f3n de la presencia del subflujo para el BE de destino para evitar el problema mencionado anteriormente. Tenga en cuenta que ya tenemos una correcci\u00f3n para el subflujo BE inexistente en el commit 6246f283d5e0 (\"ASoC: dpcm: omitir subflujo faltante al aplicar simetr\u00eda\"). Pero la ruta de c\u00f3digo que hemos alcanzado recientemente est\u00e1 sucediendo antes de la correcci\u00f3n anterior. Por lo tanto, este parche intenta corregir al seleccionar un BE en lugar de analizar listas de BE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json index 9d409ee4fda..8451aaa4e64 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50050.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in the buffer\noverflow (although it's unrealistic).\n\nThis patch replaces with a safer version, scnprintf() for papering\nover such a potential issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda: Correcci\u00f3n de un posible desbordamiento de b\u00fafer mediante snprintf(). snprintf() devuelve el tama\u00f1o que se espera que se llene cuando la cadena supera el tama\u00f1o de b\u00fafer especificado; por lo tanto, usar este valor podr\u00eda provocar un desbordamiento de b\u00fafer (aunque esto no es realista). Este parche reemplaza a scnprintf(), una versi\u00f3n m\u00e1s segura, para disimular este posible problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json index 8794f25a4bc..ce4cff7e1d7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50051.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: debug: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in the buffer\noverflow (although it's unrealistic).\n\nThis patch replaces with a safer version, scnprintf() for papering\nover such a potential issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: depuraci\u00f3n: Correcci\u00f3n de un posible desbordamiento de b\u00fafer mediante snprintf(). snprintf() devuelve el tama\u00f1o que se espera que se llene cuando la cadena supera el tama\u00f1o de b\u00fafer especificado; por lo tanto, usar este valor podr\u00eda provocar un desbordamiento de b\u00fafer (aunque esto no es realista). Este parche reemplaza scnprintf(), una versi\u00f3n m\u00e1s segura, para disimular este posible problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json index 5855a223e8a..949bb5b5776 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50052.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in a buffer\noverflow (although it's unrealistic).\n\nThis patch replaces it with a safer version, scnprintf() for papering\nover such a potential issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: Intel: avs: Correcci\u00f3n de un posible desbordamiento de b\u00fafer mediante snprintf(). snprintf() devuelve el tama\u00f1o que se espera que se llene cuando la cadena supera el tama\u00f1o de b\u00fafer especificado; por lo tanto, usar este valor puede provocar un desbordamiento de b\u00fafer (aunque esto no es realista). Este parche lo reemplaza con una versi\u00f3n m\u00e1s segura, scnprintf(), para disimular este posible problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json index ac69c154e2f..756e5cf3b26 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50053.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix reset error handling\n\nDo not call iavf_close in iavf_reset_task error handling. Doing so can\nlead to double call of napi_disable, which can lead to deadlock there.\nRemoving VF would lead to iavf_remove task being stuck, because it\nrequires crit_lock, which is held by iavf_close.\nCall iavf_disable_vf if reset fail, so that driver will clean up\nremaining invalid resources.\nDuring rapid VF resets, HW can fail to setup VF mailbox. Wrong\nerror handling can lead to iavf_remove being stuck with:\n[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53\n...\n[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds.\n[ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.189764] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000\n[ 5267.190347] Call Trace:\n[ 5267.190647] \n[ 5267.190927] __schedule+0x460/0x9f0\n[ 5267.191264] schedule+0x44/0xb0\n[ 5267.191563] schedule_preempt_disabled+0x14/0x20\n[ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0\n[ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf]\n[ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf]\n[ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40\n[ 5267.193285] pci_device_remove+0x36/0xb0\n[ 5267.193619] device_release_driver_internal+0xc1/0x150\n[ 5267.193974] pci_stop_bus_device+0x69/0x90\n[ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20\n[ 5267.194735] pci_iov_remove_virtfn+0xba/0x120\n[ 5267.195130] sriov_disable+0x2f/0xe0\n[ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice]\n[ 5267.196056] ? pci_get_device+0x4f/0x70\n[ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice]\n[ 5267.196995] sriov_numvfs_store+0xfe/0x140\n[ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0\n[ 5267.197918] new_sync_write+0x10c/0x190\n[ 5267.198404] vfs_write+0x24e/0x2d0\n[ 5267.198886] ksys_write+0x5c/0xd0\n[ 5267.199367] do_syscall_64+0x3a/0x80\n[ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 5267.200317] RIP: 0033:0x7f5b381205c8\n[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8\n[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001\n[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820\n[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0\n[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002\n[ 5267.206041] \n[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks\n[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 5267.209623] Call Trace:\n[ 5267.210569] \n[ 5267.211480] dump_stack_lvl+0x33/0x42\n[ 5267.212472] panic+0x107/0x294\n[ 5267.213467] watchdog.cold.8+0xc/0xbb\n[ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30\n[ 5267.215511] kthread+0xf4/0x120\n[ 5267.216459] ? kthread_complete_and_exit+0x20/0x20\n[ 5267.217505] ret_from_fork+0x22/0x30\n[ 5267.218459] " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: Correcci\u00f3n del manejo de errores de reinicio. No se debe llamar a iavf_close en el manejo de errores de iavf_reset_task. Esto puede provocar una doble llamada a napi_disable, lo que puede provocar un bloqueo. Eliminar VF provocar\u00eda el bloqueo de la tarea iavf_remove, ya que requiere crit_lock, que est\u00e1 retenido por iavf_close. Se debe llamar a iavf_disable_vf si falla el reinicio para que el controlador limpie los recursos no v\u00e1lidos restantes. Durante reinicios r\u00e1pidos de VF, el hardware puede no configurar el buz\u00f3n de VF. Un manejo incorrecto de errores puede provocar que iavf_remove se quede atascado con: [ 5218.999087] iavf 0000:82:01.0: No se pudo inicializar adminq: -53 ... [ 5267.189211] INFORMACI\u00d3N: la tarea repro.sh:11219 estuvo bloqueada durante m\u00e1s de 30 segundos. [ 5267.189520] Contaminado: GSE 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.189764] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" deshabilita este mensaje. [ 5267.190062] tarea:repro.sh estado:D pila: 0 pid:11219 ppid: 8162 indicadores:0x00000000 [ 5267.190347] Seguimiento de llamadas: [ 5267.190647] [ 5267.190927] __schedule+0x460/0x9f0 [ 5267.191264] schedule+0x44/0xb0 [ 5267.191563] schedule_preempt_disabled+0x14/0x20 [ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 [ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] [ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] [ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 [ 5267.193285] pci_device_remove+0x36/0xb0 [ 5267.193619] device_release_driver_internal+0xc1/0x150 [ 5267.193974] pci_stop_bus_device+0x69/0x90 [ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 [ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 [ 5267.195130] sriov_disable+0x2f/0xe0 [ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] [ 5267.196056] ? pci_get_device+0x4f/0x70 [ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] [ 5267.196995] sriov_numvfs_store+0xfe/0x140 [ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 [ 5267.197918] new_sync_write+0x10c/0x190 [ 5267.198404] vfs_write+0x24e/0x2d0 [ 5267.198886] ksys_write+0x5c/0xd0 [ 5267.199367] do_syscall_64+0x3a/0x80 [ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 5267.200317] RIP: 0033:0x7f5b381205c8 [ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 [ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 [ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 [ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 [ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 [ 5267.206041] [ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks [ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 5267.209623] Call Trace: [ 5267.210569] [ 5267.211480] dump_stack_lvl+0x33/0x42 [ 5267.212472] panic+0x107/0x294 [ 5267.213467] watchdog.cold.8+0xc/0xbb [ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 [ 5267.215511] kthread+0xf4/0x120 [ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 [ 5267.217505] ret_from_fork+0x22/0x30 [ 5267.218459]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json index 3640f6494ed..76f35afe24a 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50054.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix NULL pointer dereference in iavf_get_link_ksettings\n\nFix possible NULL pointer dereference, due to freeing of adapter->vf_res\nin iavf_init_get_resources. Previous commit introduced a regression,\nwhere receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config\nwould free adapter->vf_res. However, netdev is still registered, so\nethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res,\nwill result with:\n[ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 9385.242683] #PF: supervisor read access in kernel mode\n[ 9385.242686] #PF: error_code(0x0000) - not-present page\n[ 9385.242690] PGD 0 P4D 0\n[ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n[ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf]\n[ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20\n[ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246\n[ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000\n[ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000\n[ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00\n[ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000\n[ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1\n[ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000\n[ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0\n[ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 9385.242787] Call Trace:\n[ 9385.242791] \n[ 9385.242793] ethtool_get_settings+0x71/0x1a0\n[ 9385.242814] __dev_ethtool+0x426/0x2f40\n[ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280\n[ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0\n[ 9385.242841] ? dev_ethtool+0x59/0x170\n[ 9385.242848] dev_ethtool+0xa7/0x170\n[ 9385.242856] dev_ioctl+0xc3/0x520\n[ 9385.242866] sock_do_ioctl+0xa0/0xe0\n[ 9385.242877] sock_ioctl+0x22f/0x320\n[ 9385.242885] __x64_sys_ioctl+0x84/0xc0\n[ 9385.242896] do_syscall_64+0x3a/0x80\n[ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 9385.242918] RIP: 0033:0x7f93702396db\n[ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48\n[ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db\n[ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007\n[ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330\n[ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80\n[ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0\n[ 9385.242948] \n[ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: Se corrige la desreferencia de puntero nulo en iavf_get_link_ksettings. Se corrige una posible desreferencia de puntero nulo debido a la liberaci\u00f3n de adapter->vf_res en iavf_init_get_resources. Una confirmaci\u00f3n anterior introdujo una regresi\u00f3n, donde recibir IAVF_ERR_ADMIN_QUEUE_NO_WORK de iavf_get_vf_config liberaba adapter->vf_res. Sin embargo, netdev sigue registrado, por lo que se puede llamar a ethtool_ops. Al llamar a iavf_get_link_ksettings sin vf_res, se obtendr\u00e1 el siguiente resultado: [ 9385.242676] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 [ 9385.242683] #PF: acceso de lectura del supervisor en modo kernel [ 9385.242686] #PF: error_code(0x0000) - p\u00e1gina no presente [ 9385.242690] PGD 0 P4D 0 [ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: cargado Tainted: GSE 5.18.0-04958-ga54ce3703613-dirty #1 [9385.242708] Nombre del hardware: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 02/11/2019 [9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf] [9385.242745] C\u00f3digo: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20 [ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246 [ 9385.242755] RAX: 000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000 [ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000 [ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00 [ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000 [ 9385.242768] R13: 000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1 [ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000 [ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9385.242778] CR2: 000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0 [ 9385.242781] DR0: 0000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 [ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 9385.242787] Seguimiento de llamadas: [ 9385.242791] [ 9385.242793] ethtool_get_settings+0x71/0x1a0 [ 9385.242814] __dev_ethtool+0x426/0x2f40 [ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280 [ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0 [ 9385.242841] ? dev_ethtool+0x59/0x170 [ 9385.242848] dev_ethtool+0xa7/0x170 [ 9385.242856] dev_ioctl+0xc3/0x520 [ 9385.242866] sock_do_ioctl+0xa0/0xe0 [ 9385.242877] sock_ioctl+0x22f/0x320 [ 9385.242885] __x64_sys_ioctl+0x84/0xc0 [ 9385.242896] do_syscall_64+0x3a/0x80 [ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 9385.242918] RIP: 0033:0x7f93702396db [ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48 [ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db [ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007 [ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330 [ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80 [ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0 [ 9385.242948] [ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json index 5ba3c5e6f4e..abea0e1a918 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50055.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix adminq error handling\n\niavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent\nmemory for VF mailbox.\nFree DMA regions for both ASQ and ARQ in case error happens during\nconfiguration of ASQ/ARQ registers.\nWithout this change it is possible to see when unloading interface:\n74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32]\nOne of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: Se corrige el error de administraci\u00f3n de iavf_alloc_asq_bufs/iavf_alloc_arq_bufs al asignar memoria con dma_alloc_coherent para el buz\u00f3n VF. Se liberan regiones DMA para ASQ y ARQ en caso de error durante la configuraci\u00f3n de los registros ASQ/ARQ. Sin este cambio, al descargar la interfaz, se puede observar lo siguiente: 74626.583369: dma_debug_device_change: el controlador del dispositivo tiene asignaciones de DMA pendientes al ser liberado del dispositivo [count=32]. Una de las entradas filtradas detalla: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapeado con DMA_BIDIRECTIONAL] [mapeado como coherente]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json index 7fdcf47bdf3..ad065a88a8d 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50056.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix missing i_op in ntfs_read_mft\n\nThere is null pointer dereference because i_op == NULL.\nThe bug happens because we don't initialize i_op for records in $Extend." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrige la falta de i_op en ntfs_read_mft. Hay una desreferencia de puntero nulo porque i_op == NULL. El error se produce porque no se inicializa i_op para los registros en $Extend." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json index 4fe25a27519..0f7fdb32bb4 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50057.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix NULL deref in ntfs_update_mftmirr\n\nIf ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.\nCode should check this ptr before dereferencing. Syzbot hit this issue\nvia passing wrong mount param as can be seen from log below\n\nFail log:\nntfs3: Unknown parameter 'iochvrset'\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nCPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0\n...\nCall Trace:\n \n put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463\n ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363\n put_fs_context+0x119/0x7a0 fs/fs_context.c:469\n do_new_mount+0x2b4/0xad0 fs/namespace.c:3044\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrige la desreferenciaci\u00f3n NULL en ntfs_update_mftmirr. Si no se invoc\u00f3 ntfs_fill_super(), sbi->sb ser\u00e1 igual a NULL. El c\u00f3digo debe comprobar este ptr antes de desreferenciar. Syzbot encontr\u00f3 este problema al pasar un par\u00e1metro de montaje incorrecto como se puede ver en el registro a continuaci\u00f3n. Registro de errores: ntfs3: Error de protecci\u00f3n general del par\u00e1metro desconocido 'iochvrset', probablemente para una direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x000000000000018-0x000000000000001f] CPU: 1 PID: 3589 Comm: syz-executor210 No contaminado 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0 ... Rastreo de llamadas: put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463 ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363 put_fs_context+0x119/0x7a0 fs/fs_context.c:469 do_new_mount+0x2b4/0xad0 fs/namespace.c:3044 do_mount fs/namespace.c:3383 [en l\u00ednea] __do_sys_mount fs/namespace.c:3591 [en l\u00ednea]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json index ed715b45222..1740a740327 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50058.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim_blk: set number of address spaces and virtqueue groups\n\nCommit bda324fd037a (\"vdpasim: control virtqueue support\") added two\nnew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to\ninitialize them for vdpa_sim_blk.\n\nWhen creating a new vdpa_sim_blk device this causes the kernel\nto panic in this way:\n \u00a0 \u00a0$ vdpa dev add mgmtdev vdpasim_blk name blk0\n \u00a0 \u00a0BUG: kernel NULL pointer dereference, address: 0000000000000030\n \u00a0 \u00a0...\n \u00a0 \u00a0RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb]\n \u00a0 \u00a0...\n \u00a0 \u00a0Call Trace:\n \u00a0 \u00a0 \n \u00a0 \u00a0 vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb]\n \u00a0 \u00a0 vdpasim_map_range+0x91/0xd0 [vdpa_sim]\n \u00a0 \u00a0 vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim]\n \u00a0 \u00a0 ...\n\nThis happens because vdpasim->iommu[0] is not initialized when\ndev_attr.nas is 0.\n\nLet's fix this issue by initializing both (nas, ngroups) to 1 for\nvdpa_sim_blk." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa_sim_blk: establecer el n\u00famero de espacios de direcciones y grupos virtqueue. el commit bda324fd037a (\"vdpasim: controlar la compatibilidad con virtqueue\") agreg\u00f3 dos nuevos campos (nas, ngroups) a vdpasim_dev_attr, pero olvidamos inicializarlos para vdpa_sim_blk. Al crear un nuevo dispositivo vdpa_sim_blk esto hace que el kernel entre en p\u00e1nico de esta manera: $ vdpa dev add mgmtdev vdpasim_blk name blk0 BUG: kernel NULL pointer dereference, address: 0000000000000030 ... RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb] ... Call Trace: vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb] vdpasim_map_range+0x91/0xd0 [vdpa_sim] vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim] ... Esto sucede porque vdpasim->iommu[0] no se inicializa cuando dev_attr.nas es 0. Solucionemos este problema inicializando ambos (nas, ngroups) en 1 para vdpa_sim_blk." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json index 2302fe4c3ee..98b20547dab 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50059.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: don't leak snap_rwsem in handle_cap_grant\n\nWhen handle_cap_grant is called on an IMPORT op, then the snap_rwsem is\nheld and the function is expected to release it before returning. It\ncurrently fails to do that in all cases which could lead to a deadlock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: no filtrar snap_rwsem en handle_cap_grant. Cuando se llama a handle_cap_grant en una operaci\u00f3n IMPORT, se retiene el snap_rwsem y se espera que la funci\u00f3n lo libere antes de regresar. Actualmente, esto no ocurre en todos los casos, lo que podr\u00eda provocar un bloqueo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json index 1eab8f29e23..1356bcb2e53 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50060.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-af: Se corrige la fuga de recursos de la entrada mcam. La secuencia de desmontaje del controlador FLR devuelve el mensaje si no hay ning\u00fan LF NIX conectado a PF/VF, ya que esto indica que ya se realiz\u00f3 un apagado ordenado de los recursos. Sin embargo, existe la posibilidad de que PF/VF no libere todas las entradas MCAM asignadas. Por lo tanto, las entradas mcam se liberan incluso con un LF desconectado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json index 2b486384111..965b9a50e48 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50061.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\"" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: nomadik: Se corrige la fuga de recuento de referencias en nmk_pinctrl_dt_subnode_to_map. \"of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la falta de of_node_put() para evitar la fuga de recuento de referencias.\"" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json index afc4a2e433f..bd4ac5e1934 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50062.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\n\nOn one of our machines we got:\n\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [] lr : [] psr: 800a0313\nsp : ee32be14 ip : 000005ea fp : 00000bd4\nr10: ee558500 r9 : c0116298 r8 : 00000002\nr7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851\nr3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180\nFlags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 12c5387d Table: 8e88c04a DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00: ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[] (dql_completed) from [] (bgmac_poll+0x18c/0x6d8)\n[] (bgmac_poll) from [] (net_rx_action+0x1c4/0x494)\n[] (net_rx_action) from [] (do_current_softirqs+0x1ec/0x43c)\n[] (do_current_softirqs) from [] (__local_bh_enable+0x80/0x98)\n[] (__local_bh_enable) from [] (irq_forced_thread_fn+0x84/0x98)\n[] (irq_forced_thread_fn) from [] (irq_thread+0x118/0x1c0)\n[] (irq_thread) from [] (kthread+0x150/0x158)\n[] (kthread) from [] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\n\nThe issue seems similar to commit 90b3b339364c (\"net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl\") and potentially introduced by commit\nb38c83dd0866 (\"bgmac: simplify tx ring index handling\").\n\nIf there is an RX interrupt between setting ring->end\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\n\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bgmac: Se corrige un ERROR provocado por bytes_compl incorrecto. En una de nuestras m\u00e1quinas obtuvimos: \u00a1ERROR del kernel en lib/dynamic_queue_limits.c:27! Error interno: Oops - BUG: 0 [#1] PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: GWO 4.14.275-rt132 #1 Nombre del hardware: BRCM XGS Tarea iProc: ee3415c0 task.stack: ee32a000 La PC est\u00e1 en dql_completed+0x168/0x178 LR est\u00e1 en bgmac_poll+0x18c/0x6d8 pc : [] lr : [] psr: 800a0313 sp : ee32be14 ip : 000005ea fp : 00000bd4 r10: ee558500 r9 : c0116298 r8 : 00000002 r7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851 r3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180 Indicadores: Nzcv IRQ en FIQ en modo SVC_32 ISA ARM Segmento ninguno Control: 12c5387d Table: 8e88c04a DAC: 00000051 Process irq/41-bgmac (pid: 1166, stack limit = 0xee32a210) Stack: (0xee32be14 to 0xee32c000) be00: ee558520 ee52c100 ef128810 be20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040 be40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040 be60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a be80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98 bea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8 bec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000 bee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520 bf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900 bf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c bf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28 bf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70 bf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000 bfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [] (dql_completed) from [] (bgmac_poll+0x18c/0x6d8) [] (bgmac_poll) from [] (net_rx_action+0x1c4/0x494) [] (net_rx_action) from [] (do_current_softirqs+0x1ec/0x43c) [] (do_current_softirqs) from [] (__local_bh_enable+0x80/0x98) [] (__local_bh_enable) from [] (irq_forced_thread_fn+0x84/0x98) [] (irq_forced_thread_fn) from [] (irq_thread+0x118/0x1c0) [] (irq_thread) from [] (kthread+0x150/0x158) [] (kthread) from [] (ret_from_fork+0x14/0x24) Code: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7) El problema parece similar a el commit 90b3b339364c (\"net: hisilicon: Correcci\u00f3n de un error provocado por bytes_compl incorrecto\") y posiblemente introducido por el commit b38c83dd0866 (\"bgmac: simplificaci\u00f3n del manejo del \u00edndice del anillo de transmisi\u00f3n\"). Si hay una interrupci\u00f3n de recepci\u00f3n entre la configuraci\u00f3n de ring->end y netdev_sent_queue(), podemos activar el error, ya que bgmac_dma_tx_free() puede calcular mal el tama\u00f1o de la cola al ser llamado desde bgmac_poll(). La m\u00e1quina que activ\u00f3 el error ejecuta un kernel RT v4.14, pero el problema tambi\u00e9n parece estar presente en la l\u00ednea principal." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json index ef6889ba70e..ca45810a18a 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50063.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: suppress non-changes to the tagging protocol\n\nThe way in which dsa_tree_change_tag_proto() works is that when\ndsa_tree_notify() fails, it doesn't know whether the operation failed\nmid way in a multi-switch tree, or it failed for a single-switch tree.\nSo even though drivers need to fail cleanly in\nds->ops->change_tag_protocol(), DSA will still call dsa_tree_notify()\nagain, to restore the old tag protocol for potential switches in the\ntree where the change did succeeed (before failing for others).\n\nThis means for the felix driver that if we report an error in\nfelix_change_tag_protocol(), we'll get another call where proto_ops ==\nold_proto_ops. If we proceed to act upon that, we may do unexpected\nthings. For example, we will call dsa_tag_8021q_register() twice in a\nrow, without any dsa_tag_8021q_unregister() in between. Then we will\nactually call dsa_tag_8021q_unregister() via old_proto_ops->teardown,\nwhich (if it manages to run at all, after walking through corrupted data\nstructures) will leave the ports inoperational anyway.\n\nThe bug can be readily reproduced if we force an error while in\ntag_8021q mode; this crashes the kernel.\n\necho ocelot-8021q > /sys/class/net/eno2/dsa/tagging\necho edsa > /sys/class/net/eno2/dsa/tagging # -EPROTONOSUPPORT\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000014\nCall trace:\n vcap_entry_get+0x24/0x124\n ocelot_vcap_filter_del+0x198/0x270\n felix_tag_8021q_vlan_del+0xd4/0x21c\n dsa_switch_tag_8021q_vlan_del+0x168/0x2cc\n dsa_switch_event+0x68/0x1170\n dsa_tree_notify+0x14/0x34\n dsa_port_tag_8021q_vlan_del+0x84/0x110\n dsa_tag_8021q_unregister+0x15c/0x1c0\n felix_tag_8021q_teardown+0x16c/0x180\n felix_change_tag_protocol+0x1bc/0x230\n dsa_switch_event+0x14c/0x1170\n dsa_tree_change_tag_proto+0x118/0x1c0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: felix: suprimir los no cambios en el protocolo de etiquetado La forma en que funciona dsa_tree_change_tag_proto() es que cuando dsa_tree_notify() falla, no sabe si la operaci\u00f3n fall\u00f3 a mitad de camino en un \u00e1rbol de m\u00faltiples conmutadores o fall\u00f3 para un \u00e1rbol de un solo conmutador. Entonces, aunque los controladores necesitan fallar limpiamente en ds->ops->change_tag_protocol(), DSA seguir\u00e1 llamando a dsa_tree_notify() nuevamente, para restaurar el antiguo protocolo de etiqueta para los conmutadores potenciales en el \u00e1rbol donde el cambio s\u00ed tuvo \u00e9xito (antes de fallar para otros). Esto significa para el controlador felix que si informamos de un error en felix_change_tag_protocol(), recibiremos otra llamada donde proto_ops == old_proto_ops. Si procedemos a actuar en consecuencia, podemos hacer cosas inesperadas. Por ejemplo, llamaremos a dsa_tag_8021q_register() dos veces seguidas, sin ejecutar dsa_tag_8021q_unregister() entre ambas. Luego, llamaremos a dsa_tag_8021q_unregister() mediante old_proto_ops->teardown, lo cual (si logra ejecutarse, tras analizar las estructuras de datos da\u00f1adas) dejar\u00e1 los puertos inoperativos. El error se puede reproducir f\u00e1cilmente si forzamos un error en modo tag_8021q; esto provoca un fallo del kernel. echo ocelot-8021q > /sys/class/net/eno2/dsa/tagging echo edsa > /sys/class/net/eno2/dsa/tagging # -EPROTONOSUPPORT No se puede controlar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000014 Rastreo de llamadas: vcap_entry_get+0x24/0x124 ocelot_vcap_filter_del+0x198/0x270 felix_tag_8021q_vlan_del+0xd4/0x21c dsa_switch_tag_8021q_vlan_del+0x168/0x2cc dsa_switch_event+0x68/0x1170 dsa_tree_notify+0x14/0x34 dsa_port_tag_8021q_vlan_del+0x84/0x110 dsa_tag_8021q_unregister+0x15c/0x1c0 felix_tag_8021q_teardown+0x16c/0x180 felix_change_tag_protocol+0x1bc/0x230 dsa_switch_event+0x14c/0x1170 dsa_tree_change_tag_proto+0x118/0x1c0" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json index 2638f5860f9..6ae2a265370 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50064.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Avoid use-after-free on suspend/resume\n\nhctx->user_data is set to vq in virtblk_init_hctx(). However, vq is\nfreed on suspend and reallocated on resume. So, hctx->user_data is\ninvalid after resume, and it will cause use-after-free accessing which\nwill result in the kernel crash something like below:\n\n[ 22.428391] Call Trace:\n[ 22.428899] \n[ 22.429339] virtqueue_add_split+0x3eb/0x620\n[ 22.430035] ? __blk_mq_alloc_requests+0x17f/0x2d0\n[ 22.430789] ? kvm_clock_get_cycles+0x14/0x30\n[ 22.431496] virtqueue_add_sgs+0xad/0xd0\n[ 22.432108] virtblk_add_req+0xe8/0x150\n[ 22.432692] virtio_queue_rqs+0xeb/0x210\n[ 22.433330] blk_mq_flush_plug_list+0x1b8/0x280\n[ 22.434059] __blk_flush_plug+0xe1/0x140\n[ 22.434853] blk_finish_plug+0x20/0x40\n[ 22.435512] read_pages+0x20a/0x2e0\n[ 22.436063] ? folio_add_lru+0x62/0xa0\n[ 22.436652] page_cache_ra_unbounded+0x112/0x160\n[ 22.437365] filemap_get_pages+0xe1/0x5b0\n[ 22.437964] ? context_to_sid+0x70/0x100\n[ 22.438580] ? sidtab_context_to_sid+0x32/0x400\n[ 22.439979] filemap_read+0xcd/0x3d0\n[ 22.440917] xfs_file_buffered_read+0x4a/0xc0\n[ 22.441984] xfs_file_read_iter+0x65/0xd0\n[ 22.442970] __kernel_read+0x160/0x2e0\n[ 22.443921] bprm_execve+0x21b/0x640\n[ 22.444809] do_execveat_common.isra.0+0x1a8/0x220\n[ 22.446008] __x64_sys_execve+0x2d/0x40\n[ 22.446920] do_syscall_64+0x37/0x90\n[ 22.447773] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis patch fixes this issue by getting vq from vblk, and removes\nvirtblk_init_hctx()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-blk: Evita el Use-After-Free al suspender/reanudar. hctx->user_data est\u00e1 configurado como vq en virtblk_init_hctx(). Sin embargo, vq se libera al suspender y se reasigna al reanudar. Por lo tanto, hctx->user_data no es v\u00e1lido despu\u00e9s de reanudar y provocar\u00e1 el acceso despu\u00e9s de la liberaci\u00f3n, lo que provocar\u00e1 un fallo del kernel similar al siguiente: [ 22.428391] Seguimiento de llamadas: [ 22.428899] [ 22.429339] virtqueue_add_split+0x3eb/0x620 [ 22.430035] ? __blk_mq_alloc_requests+0x17f/0x2d0 [ 22.430789] ? kvm_clock_get_cycles+0x14/0x30 [ 22.431496] virtqueue_add_sgs+0xad/0xd0 [ 22.432108] virtblk_add_req+0xe8/0x150 [ 22.432692] virtio_queue_rqs+0xeb/0x210 [ 22.433330] blk_mq_flush_plug_list+0x1b8/0x280 [ 22.434059] __blk_flush_plug+0xe1/0x140 [ 22.434853] blk_finish_plug+0x20/0x40 [ 22.435512] read_pages+0x20a/0x2e0 [ 22.436063] ? folio_add_lru+0x62/0xa0 [ 22.436652] page_cache_ra_unbounded+0x112/0x160 [ 22.437365] filemap_get_pages+0xe1/0x5b0 [ 22.437964] ? context_to_sid+0x70/0x100 [ 22.438580] ? sidtab_context_to_sid+0x32/0x400 [ 22.439979] filemap_read+0xcd/0x3d0 [ 22.440917] xfs_file_buffered_read+0x4a/0xc0 [ 22.441984] xfs_file_read_iter+0x65/0xd0 [ 22.442970] __kernel_read+0x160/0x2e0 [ 22.443921] bprm_execve+0x21b/0x640 [ 22.444809] do_execveat_common.isra.0+0x1a8/0x220 [ 22.446008] __x64_sys_execve+0x2d/0x40 [ 22.446920] do_syscall_64+0x37/0x90 [ 22.447773] entry_SYSCALL_64_after_hwframe+0x63/0xcd Este parche corrige este problema obteniendo vq de vblk y elimina virtblk_init_hctx()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json index 8027544ed47..b31f6d559b8 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50065.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: fix memory leak inside XPD_TX with mergeable\n\nWhen we call xdp_convert_buff_to_frame() to get xdpf, if it returns\nNULL, we should check if xdp_page was allocated by xdp_linearize_page().\nIf it is newly allocated, it should be freed here alone. Just like any\nother \"goto err_xdp\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio_net: se corrige una fuga de memoria dentro de XPD_TX con un objeto fusionable. Al llamar a xdp_convert_buff_to_frame() para obtener xdpf, si devuelve NULL, debemos comprobar si xdp_page fue asignado por xdp_linearize_page(). Si es una asignaci\u00f3n reciente, debe liberarse aqu\u00ed \u00fanicamente. Al igual que con cualquier otro \"goto err_xdp\"." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json index 68260c16443..eb8fca45f0a 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50066.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: fix aq_vec index out of range error\n\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] \n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] \n\nv2. fixed \"warning: variable 'aq_vec' set but not used\"\n\nv3. simplified a for loop" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: atlantic: correcci\u00f3n del error de \u00edndice fuera de rango de aq_vec. La \u00faltima instrucci\u00f3n de actualizaci\u00f3n del bucle for excede el rango de la matriz, por lo que no se verifica la desreferencia de self->aq_vec[i], lo que genera el error de \u00edndice fuera de rango. Tambi\u00e9n se corrigi\u00f3 este tipo de estilo de codificaci\u00f3n en otro bucle for. [ 97.937604] UBSAN: \u00edndice de matriz fuera de los l\u00edmites en drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48 [ 97.937607] el \u00edndice 8 est\u00e1 fuera de rango para el tipo 'aq_vec_s *[8]' [ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 No contaminado 5.19.0+ #2 [ 97.937610] Nombre del hardware: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 12/06/2022 [ 97.937611] Cola de trabajo: events_unbound async_run_entry_fn [ 97.937616] Seguimiento de llamadas: [ 97.937617] [ 97.937619] dump_stack_lvl+0x49/0x63 [ 97.937624] dump_stack+0x10/0x16 [ 97.937626] ubsan_epilogue+0x9/0x3f [ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 97.937629] ? __scm_send+0x348/0x440 [ 97.937632] ? aq_vec_stop+0x72/0x80 [atl\u00e1ntico] [ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atl\u00e1ntico] [ 97.937644] aq_suspend_common+0x88/0x90 [atl\u00e1ntico] [ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atl\u00e1ntico] [ 97.937653] pci_pm_suspend+0x7e/0x1a0 [ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0 [ 97.937657] dpm_run_callback+0x54/0x190 [ 97.937660] __device_suspend+0x14c/0x4d0 [ 97.937661] async_suspend+0x23/0x70 [ 97.937663] async_run_entry_fn+0x33/0x120 [ 97.937664] process_one_work+0x21f/0x3f0 [ 97.937666] work_thread+0x4a/0x3c0 [ 97.937668] ? process_one_work+0x3f0/0x3f0 [ 97.937669] kthread+0xf0/0x120 [ 97.937671] ? kthread_complete_and_exit+0x20/0x20 [ 97.937672] ret_from_fork+0x22/0x30 [ 97.937676] v2. Se corrigi\u00f3 la \"advertencia: variable 'aq_vec' establecida pero no utilizada\". v3. Se simplific\u00f3 un bucle for." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json index 1ed84aa4a65..926e7390288 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50067.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: unset reloc control if transaction commit fails in prepare_to_relocate()\n\nIn btrfs_relocate_block_group(), the rc is allocated. Then\nbtrfs_relocate_block_group() calls\n\nrelocate_block_group()\n prepare_to_relocate()\n set_reloc_control()\n\nthat assigns rc to the variable fs_info->reloc_ctl. When\nprepare_to_relocate() returns, it calls\n\nbtrfs_commit_transaction()\n btrfs_start_dirty_block_groups()\n btrfs_alloc_path()\n kmem_cache_zalloc()\n\nwhich may fail for example (or other errors could happen). When the\nfailure occurs, btrfs_relocate_block_group() detects the error and frees\nrc and doesn't set fs_info->reloc_ctl to NULL. After that, in\nbtrfs_init_reloc_root(), rc is retrieved from fs_info->reloc_ctl and\nthen used, which may cause a use-after-free bug.\n\nThis possible bug can be triggered by calling btrfs_ioctl_balance()\nbefore calling btrfs_ioctl_defrag().\n\nTo fix this possible bug, in prepare_to_relocate(), check if\nbtrfs_commit_transaction() fails. If the failure occurs,\nunset_reloc_control() is called to set fs_info->reloc_ctl to NULL.\n\nThe error log in our fault-injection testing is shown as follows:\n\n [ 58.751070] BUG: KASAN: use-after-free in btrfs_init_reloc_root+0x7ca/0x920 [btrfs]\n ...\n [ 58.753577] Call Trace:\n ...\n [ 58.755800] kasan_report+0x45/0x60\n [ 58.756066] btrfs_init_reloc_root+0x7ca/0x920 [btrfs]\n [ 58.757304] record_root_in_trans+0x792/0xa10 [btrfs]\n [ 58.757748] btrfs_record_root_in_trans+0x463/0x4f0 [btrfs]\n [ 58.758231] start_transaction+0x896/0x2950 [btrfs]\n [ 58.758661] btrfs_defrag_root+0x250/0xc00 [btrfs]\n [ 58.759083] btrfs_ioctl_defrag+0x467/0xa00 [btrfs]\n [ 58.759513] btrfs_ioctl+0x3c95/0x114e0 [btrfs]\n ...\n [ 58.768510] Allocated by task 23683:\n [ 58.768777] ____kasan_kmalloc+0xb5/0xf0\n [ 58.769069] __kmalloc+0x227/0x3d0\n [ 58.769325] alloc_reloc_control+0x10a/0x3d0 [btrfs]\n [ 58.769755] btrfs_relocate_block_group+0x7aa/0x1e20 [btrfs]\n [ 58.770228] btrfs_relocate_chunk+0xf1/0x760 [btrfs]\n [ 58.770655] __btrfs_balance+0x1326/0x1f10 [btrfs]\n [ 58.771071] btrfs_balance+0x3150/0x3d30 [btrfs]\n [ 58.771472] btrfs_ioctl_balance+0xd84/0x1410 [btrfs]\n [ 58.771902] btrfs_ioctl+0x4caa/0x114e0 [btrfs]\n ...\n [ 58.773337] Freed by task 23683:\n ...\n [ 58.774815] kfree+0xda/0x2b0\n [ 58.775038] free_reloc_control+0x1d6/0x220 [btrfs]\n [ 58.775465] btrfs_relocate_block_group+0x115c/0x1e20 [btrfs]\n [ 58.775944] btrfs_relocate_chunk+0xf1/0x760 [btrfs]\n [ 58.776369] __btrfs_balance+0x1326/0x1f10 [btrfs]\n [ 58.776784] btrfs_balance+0x3150/0x3d30 [btrfs]\n [ 58.777185] btrfs_ioctl_balance+0xd84/0x1410 [btrfs]\n [ 58.777621] btrfs_ioctl+0x4caa/0x114e0 [btrfs]\n ..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: anular el control de reubicaci\u00f3n si falla el commit de la transacci\u00f3n en prepare_to_relocate(). En btrfs_relocate_block_group(), se asigna el rc. Luego, btrfs_relocate_block_group() llama a relocate_block_group() prepare_to_relocate() set_reloc_control() que asigna rc a la variable fs_info->reloc_ctl. Cuando prepare_to_relocate() retorna, llama a btrfs_commit_transaction() btrfs_start_dirty_block_groups() btrfs_alloc_path() kmem_cache_zalloc() que puede fallar, por ejemplo (o podr\u00edan ocurrir otros errores). Cuando ocurre el fallo, btrfs_relocate_block_group() detecta el error y libera rc y no establece fs_info->reloc_ctl en NULL. Posteriormente, en btrfs_init_reloc_root(), se recupera rc de fs_info->reloc_ctl y se utiliza, lo que podr\u00eda causar un error de Use-After-Free. Este posible error se puede activar llamando a btrfs_ioctl_balance() antes de llamar a btrfs_ioctl_defrag(). Para corregir este posible error, en prepare_to_relocate(), compruebe si btrfs_commit_transaction() falla. Si falla, se llama a unset_reloc_control() para establecer fs_info->reloc_ctl en NULL. El registro de errores en nuestras pruebas de inyecci\u00f3n de fallas se muestra a continuaci\u00f3n: [ 58.751070] ERROR: KASAN: use-after-free en btrfs_init_reloc_root+0x7ca/0x920 [btrfs] ... [ 58.753577] Seguimiento de llamadas: ... [ 58.755800] kasan_report+0x45/0x60 [ 58.756066] btrfs_init_reloc_root+0x7ca/0x920 [btrfs] [ 58.757304] record_root_in_trans+0x792/0xa10 [btrfs] [ 58.757748] btrfs_record_root_in_trans+0x463/0x4f0 [btrfs] [ 58.758231] start_transaction+0x896/0x2950 [btrfs] [ 58.758661] btrfs_defrag_root+0x250/0xc00 [btrfs] [ 58.759083] btrfs_ioctl_defrag+0x467/0xa00 [btrfs] [ 58.759513] btrfs_ioctl+0x3c95/0x114e0 [btrfs] ... [ 58.768510] Asignado por la tarea 23683: [ 58.768777] ____kasan_kmalloc+0xb5/0xf0 [ 58.769069] __kmalloc+0x227/0x3d0 [ 58.769325] alloc_reloc_control+0x10a/0x3d0 [btrfs] [ 58.769755] btrfs_relocate_block_group+0x7aa/0x1e20 [btrfs] [ 58.770228] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.770655] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.771071] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.771472] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.771902] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ... [ 58.773337] Liberado por la tarea 23683: ... [ 58.774815] kfree+0xda/0x2b0 [ 58.775038] free_reloc_control+0x1d6/0x220 [btrfs] [ 58.775465] btrfs_relocate_block_group+0x115c/0x1e20 [btrfs] [ 58.775944] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.776369] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.776784] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.777185] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.777621] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ..." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json index 1ee53f878e4..920c0e21245 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50068.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix dummy res NULL ptr deref bug\n\nCheck the bo->resource value before accessing the resource\nmem_type.\n\nv2: Fix commit description unwrapped warning\n\n\n[ 40.191227][ T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI\n[ 40.192995][ T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n[ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1\n[ 40.196063][ T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014\n[ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm]\n[ 40.200754][ T184] Code: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58\n[ 40.203685][ T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202\n[ 40.204630][ T184] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1102f4bb71b\n[ 40.205864][ T184] RDX: 0000000000000002 RSI: ffffc900006df208 RDI: 0000000000000010\n[ 40.207102][ T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000\n[ 40.208394][ T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110\n[ 40.209692][ T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208\n[ 40.210862][ T184] FS: 00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000\n[ 40.212250][ T184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 40.213275][ T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0\n[ 40.214469][ T184] Call Trace:\n[ 40.214974][ T184] \n[ 40.215438][ T184] ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm]\n[ 40.216572][ T184] ? mutex_spin_on_owner+0x240/0x240\n[ 40.217456][ T184] ? drm_vma_offset_add+0xaa/0x100 [drm]\n[ 40.218457][ T184] ttm_bo_init_reserved+0x3d6/0x540 [ttm]\n[ 40.219410][ T184] ? shmem_get_inode+0x744/0x980\n[ 40.220231][ T184] ttm_bo_init_validate+0xb1/0x200 [ttm]\n[ 40.221172][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.222530][ T184] ? ttm_bo_init_reserved+0x540/0x540 [ttm]\n[ 40.223643][ T184] ? __do_sys_finit_module+0x11a/0x1c0\n[ 40.224654][ T184] ? __shmem_file_setup+0x102/0x280\n[ 40.234764][ T184] drm_gem_vram_create+0x305/0x480 [drm_vram_helper]\n[ 40.235766][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.236846][ T184] ? __kasan_slab_free+0x108/0x180\n[ 40.237650][ T184] drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper]\n[ 40.238864][ T184] ? local_pci_probe+0xdf/0x180\n[ 40.239674][ T184] ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper]\n[ 40.240826][ T184] drm_client_framebuffer_create+0x19c/0x400 [drm]\n[ 40.241955][ T184] ? drm_client_buffer_delete+0x200/0x200 [drm]\n[ 40.243001][ T184] ? drm_client_pick_crtcs+0x554/0xb80 [drm]\n[ 40.244030][ T184] drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper]\n[ 40.245226][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.245987][ T184] ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper]\n[ 40.247316][ T184] ? mutex_unlock+0x80/0x100\n[ 40.248005][ T184] ? __mutex_unlock_slowpath+0x2c0/0x2c0\n[ 40.249083][ T184] drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper]\n[ 40.250314][ T184] ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper]\n[ 40.251540][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.252321][ T184] ? mutex_lock+0x9f/0x100\n[ 40.253062][ T184] __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper]\n[ 40.254394][ T184] drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper]\n[ 40.255477][ T184] drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper]\n[ 40.256607][ T184] bochs_pci_probe+0x6b7/0x900 [bochs]\n[ \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/ttm: Se corrige el error de deref de resoluci\u00f3n ficticia NULL ptr. Verifique el valor de bo->resource antes de acceder al recurso mem_type. v2: Se corrige la advertencia de descripci\u00f3n de confirmaci\u00f3n sin envolver [ 40.191227][ T184] Fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 40.192995][ T184] KASAN: null-ptr-deref en el rango [0x0000000000000010-0x0000000000000017] [ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd No contaminado 5.19.0-rc4-00721-gb297c22b7070 #1 [ 40.196063][ T184] Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 01/04/2014 [ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm] [ 40.200754][ T184] C\u00f3digo: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58 [ 40.203685][ T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202 [ 40.204630][ T184] RAX: dffffc0000000000 RBX: 00000000000000000 RCX: 1ffff1102f4bb71b [ 40.205864][ T184] RDX: 00000000000000002 RSI: ffffc900006df208 I+D+i: 0000000000000010 [ 40.207102][ T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000 [ 40.208394][ T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110 [ 40.209692][ T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208 [ 40.210862][ T184] FS: 00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000 [ 40.212250][ T184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.213275][ T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0 [ 40.214469][ T184] Rastreo de llamadas: [ 40.214974][ T184] [ 40.215438][ T184] ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm] [ 40.216572][ T184] ? mutex_spin_on_owner+0x240/0x240 [ 40.217456][ T184] ? drm_vma_offset_add+0xaa/0x100 [drm] [ 40.218457][ T184] ttm_bo_init_reserved+0x3d6/0x540 [ttm] [ 40.219410][ T184] ? shmem_get_inode+0x744/0x980 [ 40.220231][ T184] ttm_bo_init_validate+0xb1/0x200 [ttm] [ 40.221172][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper] [ 40.222530][ T184] ? ttm_bo_init_reserved+0x540/0x540 [ttm] [ 40.223643][ T184] ? __do_sys_finit_module+0x11a/0x1c0 [ 40.224654][ T184] ? __shmem_file_setup+0x102/0x280 [ 40.234764][ T184] drm_gem_vram_create+0x305/0x480 [drm_vram_helper] [ 40.235766][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper] [ 40.236846][ T184] ? __kasan_slab_free+0x108/0x180 [ 40.237650][ T184] drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper] [ 40.238864][ T184] ? local_pci_probe+0xdf/0x180 [ 40.239674][ T184] ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper] [ 40.240826][ T184] drm_client_framebuffer_create+0x19c/0x400 [drm] [ 40.241955][ T184] ? drm_client_buffer_delete+0x200/0x200 [drm] [ 40.243001][ T184] ? drm_client_pick_crtcs+0x554/0xb80 [drm] [ 40.244030][ T184] drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper] [ 40.245226][ T184] ? __cond_resched+0x1c/0xc0 [ 40.245987][ T184] ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper] [ 40.247316][ T184] ? mutex_unlock+0x80/0x100 [ 40.248005][ T184] ? __mutex_unlock_slowpath+0x2c0/0x2c0 [ 40.249083][ T184] drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper] [ 40.250314][ T184] ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper] [ 40.251540][ T184] ? __cond_resched+0x1c/0xc0 [ 40.252321][ T184] ? mutex_lock+0x9f/0x100 [ 40.253062][ T184] __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper] [ 40.254394][ T184] drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper] [ 40.255477][ T184] drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper] [ 40.256607][ T184] bochs_pci_probe+0x6b7/0x900 [bochs] [ ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json index 91a8ed8e7c5..522da51a069 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50069.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBPF: Fix potential bad pointer dereference in bpf_sys_bpf()\n\nThe bpf_sys_bpf() helper function allows an eBPF program to load another\neBPF program from within the kernel. In this case the argument union\nbpf_attr pointer (as well as the insns and license pointers inside) is a\nkernel address instead of a userspace address (which is the case of a\nusual bpf() syscall). To make the memory copying process in the syscall\nwork in both cases, bpfptr_t was introduced to wrap around the pointer\nand distinguish its origin. Specifically, when copying memory contents\nfrom a bpfptr_t, a copy_from_user() is performed in case of a userspace\naddress and a memcpy() is performed for a kernel address.\n\nThis can lead to problems because the in-kernel pointer is never checked\nfor validity. The problem happens when an eBPF syscall program tries to\ncall bpf_sys_bpf() to load a program but provides a bad insns pointer --\nsay 0xdeadbeef -- in the bpf_attr union. The helper calls __sys_bpf()\nwhich would then call bpf_prog_load() to load the program.\nbpf_prog_load() is responsible for copying the eBPF instructions to the\nnewly allocated memory for the program; it creates a kernel bpfptr_t for\ninsns and invokes copy_from_bpfptr(). Internally, all bpfptr_t\noperations are backed by the corresponding sockptr_t operations, which\nperforms direct memcpy() on kernel pointers for copy_from/strncpy_from\noperations. Therefore, the code is always happy to dereference the bad\npointer to trigger a un-handle-able page fault and in turn an oops.\nHowever, this is not supposed to happen because at that point the eBPF\nprogram is already verified and should not cause a memory error.\n\nSample KASAN trace:\n\n[ 25.685056][ T228] ==================================================================\n[ 25.685680][ T228] BUG: KASAN: user-memory-access in copy_from_bpfptr+0x21/0x30\n[ 25.686210][ T228] Read of size 80 at addr 00000000deadbeef by task poc/228\n[ 25.686732][ T228]\n[ 25.686893][ T228] CPU: 3 PID: 228 Comm: poc Not tainted 5.19.0-rc7 #7\n[ 25.687375][ T228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014\n[ 25.687991][ T228] Call Trace:\n[ 25.688223][ T228] \n[ 25.688429][ T228] dump_stack_lvl+0x73/0x9e\n[ 25.688747][ T228] print_report+0xea/0x200\n[ 25.689061][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.689401][ T228] ? _printk+0x54/0x6e\n[ 25.689693][ T228] ? _raw_spin_lock_irqsave+0x70/0xd0\n[ 25.690071][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.690412][ T228] kasan_report+0xb5/0xe0\n[ 25.690716][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691059][ T228] kasan_check_range+0x2bd/0x2e0\n[ 25.691405][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691734][ T228] memcpy+0x25/0x60\n[ 25.692000][ T228] copy_from_bpfptr+0x21/0x30\n[ 25.692328][ T228] bpf_prog_load+0x604/0x9e0\n[ 25.692653][ T228] ? cap_capable+0xb4/0xe0\n[ 25.692956][ T228] ? security_capable+0x4f/0x70\n[ 25.693324][ T228] __sys_bpf+0x3af/0x580\n[ 25.693635][ T228] bpf_sys_bpf+0x45/0x240\n[ 25.693937][ T228] bpf_prog_f0ec79a5a3caca46_bpf_func1+0xa2/0xbd\n[ 25.694394][ T228] bpf_prog_run_pin_on_cpu+0x2f/0xb0\n[ 25.694756][ T228] bpf_prog_test_run_syscall+0x146/0x1c0\n[ 25.695144][ T228] bpf_prog_test_run+0x172/0x190\n[ 25.695487][ T228] __sys_bpf+0x2c5/0x580\n[ 25.695776][ T228] __x64_sys_bpf+0x3a/0x50\n[ 25.696084][ T228] do_syscall_64+0x60/0x90\n[ 25.696393][ T228] ? fpregs_assert_state_consistent+0x50/0x60\n[ 25.696815][ T228] ? exit_to_user_mode_prepare+0x36/0xa0\n[ 25.697202][ T228] ? syscall_exit_to_user_mode+0x20/0x40\n[ 25.697586][ T228] ? do_syscall_64+0x6e/0x90\n[ 25.697899][ T228] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 25.698312][ T228] RIP: 0033:0x7f6d543fb759\n[ 25.698624][ T228] Code: 08 5b 89 e8 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: BPF: Arreglar posible desreferencia de puntero incorrecta en bpf_sys_bpf() La funci\u00f3n auxiliar bpf_sys_bpf() permite que un programa eBPF cargue otro programa eBPF desde dentro del kernel. En este caso, el puntero de uni\u00f3n de argumentos bpf_attr (as\u00ed como los punteros insns y license dentro) es una direcci\u00f3n de kernel en lugar de una direcci\u00f3n de espacio de usuario (que es el caso de una llamada al sistema bpf() habitual). Para hacer que el proceso de copia de memoria en la llamada al sistema funcione en ambos casos, se introdujo bpfptr_t para envolver el puntero y distinguir su origen. Espec\u00edficamente, al copiar contenido de memoria desde un bpfptr_t, se realiza un copy_from_user() en el caso de una direcci\u00f3n de espacio de usuario y se realiza un memcpy() para una direcci\u00f3n de kernel. Esto puede conducir a problemas porque el puntero en el kernel nunca se comprueba para su validez. El problema ocurre cuando un programa de llamada al sistema eBPF intenta llamar a bpf_sys_bpf() para cargar un programa, pero proporciona un puntero insns incorrecto (por ejemplo, 0xdeadbeef) en la uni\u00f3n bpf_attr. El asistente llama a __sys_bpf(), que a su vez llama a bpf_prog_load() para cargar el programa. bpf_prog_load() se encarga de copiar las instrucciones eBPF a la memoria reci\u00e9n asignada al programa; crea un bpfptr_t de kernel para insns e invoca copy_from_bpfptr(). Internamente, todas las operaciones bpfptr_t est\u00e1n respaldadas por las operaciones sockptr_t correspondientes, que ejecutan memcpy() directamente en los punteros de kernel para las operaciones copy_from/strncpy_from. Por lo tanto, el c\u00f3digo siempre desreferencia el puntero incorrecto para generar un fallo de p\u00e1gina imposible de controlar y, en consecuencia, un error. Sin embargo, esto no deber\u00eda suceder porque en ese momento el programa eBPF ya est\u00e1 verificado y no deber\u00eda causar un error de memoria. Ejemplo de seguimiento de KASAN: [ 25.685056][ T228] ======================================================================= [ 25.685680][ T228] ERROR: KASAN: acceso a memoria de usuario en copy_from_bpfptr+0x21/0x30 [ 25.686210][ T228] Lectura de tama\u00f1o 80 en la direcci\u00f3n 00000000deadbeef por la tarea poc/228 [ 25.686732][ T228] [ 25.686893][ T228] CPU: 3 PID: 228 Comm: poc No contaminado 5.19.0-rc7 #7 [ 25.687375][ T228] Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS d55cb5a 01/04/2014 [ 25.687991][ T228] Seguimiento de llamadas: [ 25.688223][ T228] [ 25.688429][ T228] dump_stack_lvl+0x73/0x9e [ 25.688747][ T228] print_report+0xea/0x200 [ 25.689061][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.689401][ T228] ? _printk+0x54/0x6e [ 25.689693][ T228] ? _raw_spin_lock_irqsave+0x70/0xd0 [ 25.690071][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.690412][ T228] kasan_report+0xb5/0xe0 [ 25.690716][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.691059][ T228] kasan_check_range+0x2bd/0x2e0 [ 25.691405][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.691734][ T228] memcpy+0x25/0x60 [ 25.692000][ T228] copy_from_bpfptr+0x21/0x30 [ 25.692328][ T228] bpf_prog_load+0x604/0x9e0 [ 25.692653][ T228] ? cap_capable+0xb4/0xe0 [ 25.692956][ T228] ? security_capable+0x4f/0x70 [ 25.693324][ T228] __sys_bpf+0x3af/0x580 [ 25.693635][ T228] bpf_sys_bpf+0x45/0x240 [ 25.693937][ T228] bpf_prog_f0ec79a5a3caca46_bpf_func1+0xa2/0xbd [ 25.694394][ T228] bpf_prog_run_pin_on_cpu+0x2f/0xb0 [ 25.694756][ T228] bpf_prog_test_run_syscall+0x146/0x1c0 [ 25.695144][ T228] bpf_prog_test_run+0x172/0x190 [ 25.695487][ T228] __sys_bpf+0x2c5/0x580 [ 25.695776][ T228] __x64_sys_bpf+0x3a/0x50 [ 25.696084][ T228] do_syscall_64+0x60/0x90 [ 25.696393][ T228] ? fpregs_assert_state_consistent+0x50/0x60 [ 25.696815][ T228] ? exit_to_user_mode_prepare+0x36/0xa0 [ 25.697202][ T228] ? syscall_exit_to_user_mode+0x20/0x40 [ 25.697586][ T228] ? do_syscall_64+0x6e/0x90 [ 25.697899][ T228] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.698312][ T228] RIP: 0033:0x7f6d543fb759 [ 25.698624][ T228] Code: 08 5b 89 e8 5d c3 66 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json index 5fef6415256..2073e26dac0 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50070.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: do not queue data on closed subflows\n\nDipanjan reported a syzbot splat at close time:\n\nWARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153\ninet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nModules linked in: uio_ivshmem(OE) uio(E)\nCPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE\n5.19.0-rc6-g2eae0556bb9d #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nRIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nCode: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91\nf9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b\ne9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d\nRSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00\nRDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002\nRBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000\nR10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400\nR13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258\nFS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0\nCall Trace:\n \n __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067\n sk_destruct+0xbd/0xe0 net/core/sock.c:2112\n __sk_free+0xef/0x3d0 net/core/sock.c:2123\n sk_free+0x78/0xa0 net/core/sock.c:2134\n sock_put include/net/sock.h:1927 [inline]\n __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351\n __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828\n mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586\n process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289\n worker_thread+0x623/0x1070 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n \n\nThe root cause of the problem is that an mptcp-level (re)transmit can\nrace with mptcp_close() and the packet scheduler checks the subflow\nstate before acquiring the socket lock: we can try to (re)transmit on\nan already closed ssk.\n\nFix the issue checking again the subflow socket status under the\nsubflow socket lock protection. Additionally add the missing check\nfor the fallback-to-tcp case." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: no poner en cola datos en subflujos cerrados Dipanjan inform\u00f3 de un splat de syzbot en el momento del cierre: ADVERTENCIA: CPU: 1 PID: 10818 en net/ipv4/af_inet.c:153 inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 M\u00f3dulos vinculados en: uio_ivshmem(OE) uio(E) CPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE 5.19.0-rc6-g2eae0556bb9d #2 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Cola de trabajo: eventos mptcp_worker RIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 C\u00f3digo: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91 f9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b e9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d RSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00 RDX: 00000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002 RBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000 R10: 00000000000000005 R11: 00000000000004ea R12: ffff888179662400 R13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258 FS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0 Rastreo de llamadas: __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067 sk_destruct+0xbd/0xe0 net/core/sock.c:2112 __sk_free+0xef/0x3d0 net/core/sock.c:2123 sk_free+0x78/0xa0 net/core/sock.c:2134 sock_put include/net/sock.h:1927 [inline] __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351 __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828 mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586 process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289 worker_thread+0x623/0x1070 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 La causa ra\u00edz del problema es que una (re)transmisi\u00f3n a nivel de mptcp puede competir con mptcp_close() y el programador de paquetes comprueba el estado del subflujo antes de adquirir el bloqueo del socket: podemos intentar (re)transmitir en un ssk ya cerrado. Corrija el problema comprobando de nuevo el estado del socket del subflujo bajo la protecci\u00f3n de bloqueo del socket del subflujo. Adem\u00e1s, a\u00f1ada la comprobaci\u00f3n que falta para el caso de respaldo a TCP." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json index dc6c461a188..95142c953bc 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50071.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: move subflow cleanup in mptcp_destroy_common()\n\nIf the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE\neBPF program, the MPTCP protocol ends-up leaking all the subflows:\nthe related cleanup happens in __mptcp_destroy_sock() that is not\ninvoked in such code path.\n\nAddress the issue moving the subflow sockets cleanup in the\nmptcp_destroy_common() helper, which is invoked in every msk cleanup\npath.\n\nAdditionally get rid of the intermediate list_splice_init step, which\nis an unneeded relic from the past.\n\nThe issue is present since before the reported root cause commit, but\nany attempt to backport the fix before that hash will require a complete\nrewrite." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: mover la limpieza del subflujo en mptcp_destroy_common() Si la creaci\u00f3n del socket mptcp falla debido a un programa eBPF CGROUP_INET_SOCK_CREATE, el protocolo MPTCP termina filtrando todos los subflujos: la limpieza relacionada ocurre en __mptcp_destroy_sock() que no se invoca en dicha ruta de c\u00f3digo. Aborda el problema moviendo la limpieza de los sockets del subflujo en el ayudante mptcp_destroy_common(), que se invoca en cada ruta de limpieza de msk. Adem\u00e1s, deshazte del paso intermedio list_splice_init, que es una reliquia innecesaria del pasado. El problema est\u00e1 presente desde antes de el commit de la causa ra\u00edz informada, pero cualquier intento de retroportar la soluci\u00f3n antes de ese hash requerir\u00e1 una reescritura completa." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json index bbacf4faf00..e58e2e46116 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50072.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4/pnfs: corrige un error de Use-After-Free en open Si alguien cancela la llamada RPC open, entonces no debemos intentar liberar ni la ranura abierta ni los argumentos de la operaci\u00f3n layoutget, ya que es probable que a\u00fan est\u00e9n en uso por la llamada RPC colgada." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json index 28f93706f5c..9b99bd95cd5 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50073.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null\n\nFixes a NULL pointer derefence bug triggered from tap driver.\nWhen tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null\n(in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb)\nvirtio_net_hdr_to_skb calls dev_parse_header_protocol which\nneeds skb->dev field to be valid.\n\nThe line that trigers the bug is in dev_parse_header_protocol\n(dev is at offset 0x10 from skb and is stored in RAX register)\n if (!dev->header_ops || !dev->header_ops->parse_protocol)\n 22e1: mov 0x10(%rbx),%rax\n 22e5:\t mov 0x230(%rax),%rax\n\nSetting skb->dev before the call in tap.c fixes the issue.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000230\nRIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap]\nCode: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 <48> 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48\nRSP: 0018:ffffc90005c27c38 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010\nRDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300\nRBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8\nR10: ffff88858ec77458 R11: 0000000000000000 R12: 0000000000000001\nR13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6\nFS: 0000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0\nCall Trace:\n tap_get_user+0x3f1/0x540 [tap]\n tap_sendmsg+0x56/0x362 [tap]\n ? get_tx_bufs+0xc2/0x1e0 [vhost_net]\n handle_tx_copy+0x114/0x670 [vhost_net]\n handle_tx+0xb0/0xe0 [vhost_net]\n handle_tx_kick+0x15/0x20 [vhost_net]\n vhost_worker+0x7b/0xc0 [vhost]\n ? vhost_vring_call_reset+0x40/0x40 [vhost]\n kthread+0xfa/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tap: Desreferencia de puntero nulo en dev_parse_header_protocol cuando skb->dev es nulo. Corrige un error de desreferencia de puntero nulo provocado por el controlador tap. Cuando tap_get_user llama a virtio_net_hdr_to_skb, skb->dev es nulo (en tap.c, skb->dev se establece despu\u00e9s de la llamada a virtio_net_hdr_to_skb). virtio_net_hdr_to_skb llama a dev_parse_header_protocol, que requiere que el campo skb->dev sea v\u00e1lido. La l\u00ednea que activa el error est\u00e1 en dev_parse_header_protocol (dev est\u00e1 en el desplazamiento 0x10 desde skb y est\u00e1 almacenado en el registro RAX) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Configurar skb->dev antes de la llamada en tap.c soluciona el problema. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] C\u00f3digo: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 <48> 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48 RSP: 0018:ffffc90005c27c38 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010 RDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300 RBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8 R10: ffff88858ec77458 R11: 00000000000000000 R12: 0000000000000001 R13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6 FS: 000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0 Rastreo de llamadas: tap_get_user+0x3f1/0x540 [tap] tap_sendmsg+0x56/0x362 [tap] ? get_tx_bufs+0xc2/0x1e0 [vhost_net] handle_tx_copy+0x114/0x670 [vhost_net] handle_tx+0xb0/0xe0 [vhost_net] handle_tx_kick+0x15/0x20 [vhost_net] vhost_worker+0x7b/0xc0 [vhost] ? vhost_vring_call_reset+0x40/0x40 [vhost] kthread+0xfa/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json index 8c814439136..a321b1259c4 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50074.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix memleak in aa_simple_write_to_buffer()\n\nWhen copy_from_user failed, the memory is freed by kvfree. however the\nmanagement struct and data blob are allocated independently, so only\nkvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to\nfix this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: Se corrige la fuga de memoria en aa_simple_write_to_buffer(). Cuando copy_from_user falla, kvfree libera la memoria. Sin embargo, la estructura de administraci\u00f3n y el blob de datos se asignan de forma independiente, por lo que solo kvfree(data) causa un problema de fuga de memoria. Utilice aa_put_loaddata(data) para solucionar este problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json index cb7195bf8b5..dda05aa8422 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50075.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Have event probes be consistent with kprobes and uprobes\n\nCurrently, if a symbol \"@\" is attempted to be used with an event probe\n(eprobes), it will cause a NULL pointer dereference crash.\n\nBoth kprobes and uprobes can reference data other than the main registers.\nSuch as immediate address, symbols and the current task name. Have eprobes\ndo the same thing.\n\nFor \"comm\", if \"comm\" is used and the event being attached to does not\nhave the \"comm\" field, then make it the \"$comm\" that kprobes has. This is\nconsistent to the way histograms and filters work." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/eprobes: Que las sondas de eventos sean consistentes con kprobes y uprobes. Actualmente, si se intenta usar el s\u00edmbolo \"@\" con una sonda de eventos (eprobes), se producir\u00e1 un fallo por desreferencia de puntero nulo. Tanto kprobes como uprobes pueden referenciar datos distintos a los registros principales, como la direcci\u00f3n inmediata, los s\u00edmbolos y el nombre de la tarea actual. Que eprobes haga lo mismo. Para \"comm\", si se usa \"comm\" y el evento al que se adjunta no tiene el campo \"comm\", se debe usar \"$comm\" que tiene kprobes. Esto es consistente con el funcionamiento de los histogramas y filtros." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json index 4546e0d29f2..86f724f53b9 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50076.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory leak on the deferred close\n\nxfstests on smb21 report kmemleak as below:\n\n unreferenced object 0xffff8881767d6200 (size 64):\n comm \"xfs_io\", pid 1284, jiffies 4294777434 (age 20.789s)\n hex dump (first 32 bytes):\n 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c....\n 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v............\n backtrace:\n [<00000000ad04e6ea>] cifs_close+0x92/0x2c0\n [<0000000028b93c82>] __fput+0xff/0x3f0\n [<00000000d8116851>] task_work_run+0x85/0xc0\n [<0000000027e14f9e>] do_exit+0x5e5/0x1240\n [<00000000fb492b95>] do_group_exit+0x58/0xe0\n [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30\n [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80\n [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen cancel the deferred close work, we should also cleanup the struct\ncifs_deferred_close." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige la p\u00e9rdida de memoria en el cierre diferido. xfstests en smb21 informa kmemleak como se muestra a continuaci\u00f3n: objeto sin referencia 0xffff8881767d6200 (tama\u00f1o 64): comm \"xfs_io\", pid 1284, jiffies 4294777434 (edad 20,789 s) volcado hexadecimal (primeros 32 bytes): 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c.... 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .qv........... backtrace: [<00000000ad04e6ea>] cifs_close+0x92/0x2c0 [<0000000028b93c82>] __fput+0xff/0x3f0 [<00000000d8116851>] task_work_run+0x85/0xc0 [<0000000027e14f9e>] do_exit+0x5e5/0x1240 [<00000000fb492b95>] do_group_exit+0x58/0xe0 [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30 [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80 [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Cuando cancelamos el trabajo de cierre diferido, tambi\u00e9n debemos limpiar la estructura cifs_deferred_close." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json index 564eeba7b09..f32ce5ef755 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50077.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix reference count leak in aa_pivotroot()\n\nThe aa_pivotroot() function has a reference counting bug in a specific\npath. When aa_replace_current_label() returns on success, the function\nforgets to decrement the reference count of \u201ctarget\u201d, which is\nincreased earlier by build_pivotroot(), causing a reference leak.\n\nFix it by decreasing the refcount of \u201ctarget\u201d in that path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: se corrige una fuga de referencias en aa_pivotroot(). La funci\u00f3n aa_pivotroot() presenta un error de conteo de referencias en una ruta espec\u00edfica. Cuando aa_replace_current_label() retorna con \u00e9xito, la funci\u00f3n olvida decrementar el conteo de referencias de \"target\", que se incrementa previamente mediante build_pivotroot(), lo que provoca una fuga de referencias. Para solucionarlo, reduzca el conteo de referencias de \"target\" en esa ruta." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json index 2014d672f2e..1faeb19f1dd 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50078.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/eprobes: Do not allow eprobes to use $stack, or % for regs\n\nWhile playing with event probes (eprobes), I tried to see what would\nhappen if I attempted to retrieve the instruction pointer (%rip) knowing\nthat event probes do not use pt_regs. The result was:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000024\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309\n Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01\nv03.03 07/14/2016\n RIP: 0010:get_event_field.isra.0+0x0/0x50\n Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8\n50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24\n8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74\n RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086\n RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000\n RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8\n R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff916c9ea40000(0000)\nknlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0\n Call Trace:\n \n get_eprobe_size+0xb4/0x640\n ? __mod_node_page_state+0x72/0xc0\n __eprobe_trace_func+0x59/0x1a0\n ? __mod_lruvec_page_state+0xaa/0x1b0\n ? page_remove_file_rmap+0x14/0x230\n ? page_remove_rmap+0xda/0x170\n event_triggers_call+0x52/0xe0\n trace_event_buffer_commit+0x18f/0x240\n trace_event_raw_event_sched_wakeup_template+0x7a/0xb0\n try_to_wake_up+0x260/0x4c0\n __wake_up_common+0x80/0x180\n __wake_up_common_lock+0x7c/0xc0\n do_notify_parent+0x1c9/0x2a0\n exit_notify+0x1a9/0x220\n do_exit+0x2ba/0x450\n do_group_exit+0x2d/0x90\n __x64_sys_exit_group+0x14/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nObviously this is not the desired result.\n\nMove the testing for TPARG_FL_TPOINT which is only used for event probes\nto the top of the \"$\" variable check, as all the other variables are not\nused for event probes. Also add a check in the register parsing \"%\" to\nfail if an event probe is used." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/eprobes: No permitir que las eprobes usen $stack o % para regs. Mientras jugaba con las sondas de eventos (eprobes), intent\u00e9 ver qu\u00e9 suceder\u00eda si intentaba recuperar el puntero de instrucciones (%rip) sabiendo que las sondas de eventos no usan pt_regs. El resultado fue: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000024 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1847 Comm: trace-cmd No contaminado 5.19.0-rc5-test+ #309 Nombre del hardware: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 14/07/2016 RIP: 0010:get_event_field.isra.0+0x0/0x50 C\u00f3digo: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8 50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24 8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74 RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086 RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000 RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8 R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8 R13: ffff916c854041b0 R14: 000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff916c9ea40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0 Seguimiento de llamadas: get_eprobe_size+0xb4/0x640 ? __mod_node_page_state+0x72/0xc0 __eprobe_trace_func+0x59/0x1a0 ? __mod_lruvec_page_state+0xaa/0x1b0 ? page_remove_file_rmap+0x14/0x230 ? page_remove_rmap+0xda/0x170 event_triggers_call+0x52/0xe0 trace_event_buffer_commit+0x18f/0x240 trace_event_raw_event_sched_wakeup_template+0x7a/0xb0 try_to_wakeup+0x260/0x4c0 __wake_up_common+0x80/0x180 __wake_up_common_lock+0x7c/0xc0 do_notify_parent+0x1c9/0x2a0 exit_notify+0x1a9/0x220 do_exit+0x2ba/0x450 do_group_exit+0x2d/0x90 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Obviamente, este no es el resultado deseado. Mueva la prueba de TPARG_FL_TPOINT, que solo se usa para sondeos de eventos, al principio de la comprobaci\u00f3n de la variable \"$\", ya que las dem\u00e1s variables no se usan para sondeos de eventos. Tambi\u00e9n a\u00f1ada una comprobaci\u00f3n en el registro que analiza \"%\" para que falle si se usa un sondeo de eventos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json index fd2fd480e6b..01beb38bc7d 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50079.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check correct bounds for stream encoder instances for DCN303\n\n[Why & How]\neng_id for DCN303 cannot be more than 1, since we have only two\ninstances of stream encoders.\n\nCheck the correct boundary condition for engine ID for DCN303 prevent\nthe potential out of bounds access." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Verificar los l\u00edmites correctos para las instancias del codificador de flujo para DCN303 [Por qu\u00e9 y c\u00f3mo] El valor eng_id para DCN303 no puede ser mayor que 1, ya que solo tenemos dos instancias de codificadores de flujo. Verificar la condici\u00f3n de l\u00edmite correcta para el ID del motor para DCN303 previene el posible acceso fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json index 52a258017f7..b2a493aded6 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50080.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: add overflow check in register_shm_helper()\n\nWith special lengths supplied by user space, register_shm_helper() has\nan integer overflow when calculating the number of pages covered by a\nsupplied user space memory region.\n\nThis causes internal_get_user_pages_fast() a helper function of\npin_user_pages_fast() to do a NULL pointer dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n Modules linked in:\n CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pc : internal_get_user_pages_fast+0x474/0xa80\n Call trace:\n internal_get_user_pages_fast+0x474/0xa80\n pin_user_pages_fast+0x24/0x4c\n register_shm_helper+0x194/0x330\n tee_shm_register_user_buf+0x78/0x120\n tee_ioctl+0xd0/0x11a0\n __arm64_sys_ioctl+0xa8/0xec\n invoke_syscall+0x48/0x114\n\nFix this by adding an an explicit call to access_ok() in\ntee_shm_register_user_buf() to catch an invalid user space address\nearly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: agregar verificaci\u00f3n de desbordamiento en register_shm_helper(). Con longitudes especiales suministradas por el espacio de usuario, register_shm_helper() tiene un desbordamiento de entero al calcular la cantidad de p\u00e1ginas cubiertas por una regi\u00f3n de memoria del espacio de usuario suministrada. Esto hace que internal_get_user_pages_fast(), una funci\u00f3n auxiliar de pin_user_pages_fast(), realice una desreferencia de puntero NULL: No se puede manejar la desreferencia de puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000010 M\u00f3dulos vinculados: CPU: 1 PID: 173 Comm: optee_example_a No contaminado 5.19.0 #11 Nombre del hardware: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Rastreo de llamadas: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Solucione esto agregando una llamada expl\u00edcita a access_ok() en tee_shm_register_user_buf() para detectar de manera temprana una direcci\u00f3n de espacio de usuario no v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json index 69fa0482e8e..e6f06df75e0 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50082.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in ext4_iomap_begin as race between bmap and write\n\nWe got issue as follows:\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0\nRIP: 0010:ext4_iomap_begin+0x182/0x5d0\nRSP: 0018:ffff88812460fa08 EFLAGS: 00010293\nRAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f\nR10: ffff88812c669077 R11: ffffed10258cd20e R12: 0000000000000001\nR13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee\nFS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n iomap_apply+0x119/0x570\n iomap_bmap+0x124/0x150\n ext4_bmap+0x14f/0x250\n bmap+0x55/0x80\n do_vfs_ioctl+0x952/0xbd0\n __x64_sys_ioctl+0xc6/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAbove issue may happen as follows:\n bmap write\nbmap\n ext4_bmap\n iomap_bmap\n ext4_iomap_begin\n ext4_file_write_iter\n\t\t\t ext4_buffered_write_iter\n\t\t\t generic_perform_write\n\t\t\t\t ext4_da_write_begin\n\t\t\t\t ext4_da_write_inline_data_begin\n\t\t\t\t ext4_prepare_inline_data\n\t\t\t\t ext4_create_inline_data\n\t\t\t\t\t ext4_set_inode_flag(inode,\n\t\t\t\t\t\tEXT4_INODE_INLINE_DATA);\n if (WARN_ON_ONCE(ext4_has_inline_data(inode))) ->trigger bug_on\n\nTo solved above issue hold inode lock in ext4_bamp." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige la advertencia en ext4_iomap_begin como ejecuci\u00f3n entre bmap y escritura Tenemos el problema siguiente: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 3 PID: 9310 en fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f R10: ffff88812c669077 R11: ffffed10258cd20e R12: 000000000000001 R13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee FS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: iomap_apply+0x119/0x570 iomap_bmap+0x124/0x150 ext4_bmap+0x14f/0x250 bmap+0x55/0x80 do_vfs_ioctl+0x952/0xbd0 __x64_sys_ioctl+0xc6/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Above issue may happen as follows: bmap write bmap ext4_bmap iomap_bmap ext4_iomap_begin ext4_file_write_iter ext4_buffered_write_iter generic_perform_write ext4_da_write_begin ext4_da_write_inline_data_begin ext4_prepare_inline_data ext4_create_inline_data ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA); if (WARN_ON_ONCE(ext4_has_inline_data(inode))) ->trigger bug_on Para resolver el problema anterior, mantenga el bloqueo del inodo en ext4_bamp." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json index 90cb9d85829..c624b83959d 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50083.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h\n\nWhen adding an xattr to an inode, we must ensure that the inode_size is\nnot less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,\nthe end position may be greater than the start position, resulting in UAF." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: a\u00f1adir la macro EXT4_INODE_HAS_XATTR_SPACE en xattr.h. Al a\u00f1adir un xattr a un inodo, debemos asegurarnos de que el inode_size no sea menor que EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. De lo contrario, la posici\u00f3n final podr\u00eda ser mayor que la inicial, lo que provocar\u00eda un UAF." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json index 1c6355d5e67..7be65b542e5 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50084.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_status\n\nThere is this warning when using a kernel with the address sanitizer\nand running this testsuite:\nhttps://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]\nRead of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319\nCPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3. #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n \n dump_stack_lvl+0x6a/0x9c\n print_address_description.constprop.0+0x1f/0x1e0\n print_report.cold+0x55/0x244\n kasan_report+0xc9/0x100\n raid_status+0x1747/0x2820 [dm_raid]\n dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]\n table_load+0x35c/0x630 [dm_mod]\n ctl_ioctl+0x411/0x630 [dm_mod]\n dm_ctl_ioctl+0xa/0x10 [dm_mod]\n __x64_sys_ioctl+0x12a/0x1a0\n do_syscall_64+0x5b/0x80\n\nThe warning is caused by reading conf->max_nr_stripes in raid_status. The\ncode in raid_status reads mddev->private, casts it to struct r5conf and\nreads the entry max_nr_stripes.\n\nHowever, if we have different raid type than 4/5/6, mddev->private\ndoesn't point to struct r5conf; it may point to struct r0conf, struct\nr1conf, struct r10conf or struct mpconf. If we cast a pointer to one\nof these structs to struct r5conf, we will be reading invalid memory\nand KASAN warns about it.\n\nFix this bug by reading struct r5conf only if raid type is 4, 5 or 6." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm raid: correcci\u00f3n de la advertencia del depurador de direcciones en raid_status Existe esta advertencia cuando se usa un kernel con el depurador de direcciones y se ejecuta este conjunto de pruebas: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ====================================================================== ERROR: KASAN: slab-out-of-bounds en raid_status+0x1747/0x2820 [dm_raid] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888079d2c7e8 por la tarea lvcreate/13319 CPU: 0 PID: 13319 Comm: lvcreate No contaminado 5.18.0-0.rc3. #1 Nombre del hardware: Red Hat KVM, BIOS 0.5.1 01/01/2011 Seguimiento de llamadas: dump_stack_lvl+0x6a/0x9c print_address_description.constprop.0+0x1f/0x1e0 print_report.cold+0x55/0x244 kasan_report+0xc9/0x100 raid_status+0x1747/0x2820 [dm_raid] dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod] table_load+0x35c/0x630 [dm_mod] ctl_ioctl+0x411/0x630 [dm_mod] dm_ctl_ioctl+0xa/0x10 [dm_mod] __x64_sys_ioctl+0x12a/0x1a0 do_syscall_64+0x5b/0x80La advertencia se debe a la lectura de `conf->max_nr_stripes` en `raid_status`. El c\u00f3digo en `raid_status` lee `mddev->private`, lo convierte a `struct r5conf` y lee la entrada `max_nr_stripes`. Sin embargo, si el tipo de raid es diferente al 4/5/6, `mddev->private` no apunta a `struct r5conf`; puede apuntar a `struct r0conf`, `struct r1conf`, `struct r10conf` o `struct mpconf`. Si convertimos un puntero a una de estas estructuras en struct r5conf, leeremos memoria no v\u00e1lida y KASAN emitir\u00e1 una advertencia. Corrija este error leyendo struct r5conf solo si el tipo de RAID es 4, 5 o 6." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json index b64ec29f752..9099438ebe7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50085.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_resume\n\nThere is a KASAN warning in raid_resume when running the lvm test\nlvconvert-raid.sh. The reason for the warning is that mddev->raid_disks\nis greater than rs->raid_disks, so the loop touches one entry beyond\nthe allocated length." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm raid: correcci\u00f3n de la advertencia del depuraci\u00f3n de direcciones en raid_resume. Se produce una advertencia de KASAN en raid_resume al ejecutar la prueba lvm lvconvert-raid.sh. La advertencia se debe a que mddev->raid_disks es mayor que rs->raid_disks, por lo que el bucle toca una entrada m\u00e1s all\u00e1 de la longitud asignada." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json index da892d3bf56..bb4c65e6858 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50086.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't allow the same type rq_qos add more than once\n\nIn our test of iocost, we encountered some list add/del corruptions of\ninner_walk list in ioc_timer_fn.\n\nThe reason can be described as follows:\n\ncpu 0\t\t\t\t\tcpu 1\nioc_qos_write\t\t\t\tioc_qos_write\n\nioc = q_to_ioc(queue);\nif (!ioc) {\n ioc = kzalloc();\n\t\t\t\t\tioc = q_to_ioc(queue);\n\t\t\t\t\tif (!ioc) {\n\t\t\t\t\t\tioc = kzalloc();\n\t\t\t\t\t\t...\n\t\t\t\t\t\trq_qos_add(q, rqos);\n\t\t\t\t\t}\n ...\n rq_qos_add(q, rqos);\n ...\n}\n\nWhen the io.cost.qos file is written by two cpus concurrently, rq_qos may\nbe added to one disk twice. In that case, there will be two iocs enabled\nand running on one disk. They own different iocgs on their active list. In\nthe ioc_timer_fn function, because of the iocgs from two iocs have the\nsame root iocg, the root iocg's walk_list may be overwritten by each other\nand this leads to list add/del corruptions in building or destroying the\ninner_walk list.\n\nAnd so far, the blk-rq-qos framework works in case that one instance for\none type rq_qos per queue by default. This patch make this explicit and\nalso fix the crash above." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: no permitir que el mismo tipo rq_qos se agregue m\u00e1s de una vez En nuestra prueba de iocost, encontramos algunas corrupciones de lista add/del de la lista inner_walk en ioc_timer_fn. La raz\u00f3n puede describirse de la siguiente manera: cpu 0 cpu 1 ioc_qos_write ioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ... rq_qos_add(q, rqos); } ... rq_qos_add(q, rqos); ... } Cuando dos CPU escriben el archivo io.cost.qos simult\u00e1neamente, es posible que se agregue rq_qos a un disco dos veces. En ese caso, habr\u00e1 dos ioc habilitados y ejecut\u00e1ndose en un disco. Poseen diferentes iocgs en su lista activa. En la funci\u00f3n ioc_timer_fn, dado que los iocgs de dos iocs tienen el mismo iocg ra\u00edz, la lista walk_list de cada iocg ra\u00edz puede sobrescribirse entre s\u00ed, lo que provoca errores al agregar o eliminar listas al crear o destruir la lista inner_walk. Hasta ahora, el framework blk-rq-qos funciona con una instancia de un tipo rq_qos por cola por defecto. Este parche lo aclara y corrige el fallo mencionado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json index f2b2ce7e03f..148f3e2e095 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50087.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails\n\nWhen scpi probe fails, at any point, we need to ensure that the scpi_info\nis not set and will remain NULL until the probe succeeds. If it is not\ntaken care, then it could result use-after-free as the value is exported\nvia get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()\nbut freed when the probe fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: Asegurarse de que scpi_info no se asigne si la sonda falla. Cuando la sonda scpi falla, en cualquier momento, debemos asegurarnos de que scpi_info no est\u00e9 configurado y permanezca nulo hasta que la sonda tenga \u00e9xito. Si no se soluciona, podr\u00eda producirse un error de Use-After-Free, ya que el valor se exporta mediante get_scpi_ops() y podr\u00eda hacer referencia a una memoria asignada mediante devm_kzalloc(), pero liberada cuando la sonda falla." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json index d05308adca3..810e378142c 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50088.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/reclaim: fix potential memory leak in damon_reclaim_init()\n\ndamon_reclaim_init() allocates a memory chunk for ctx with\ndamon_new_ctx(). When damon_select_ops() fails, ctx is not released,\nwhich will lead to a memory leak.\n\nWe should release the ctx with damon_destroy_ctx() when damon_select_ops()\nfails to fix the memory leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/reclaim: se corrige una posible fuga de memoria en damon_reclaim_init(). damon_reclaim_init() asigna un fragmento de memoria para ctx con damon_new_ctx(). Cuando damon_select_ops() falla, ctx no se libera, lo que provoca una fuga de memoria. Deber\u00edamos liberar ctx con damon_destroy_ctx() cuando damon_select_ops() no solucione la fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json index df3bf30e6f2..bcdbc6a2455 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50089.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ensure pages are unlocked on cow_file_range() failure\n\nThere is a hung_task report on zoned btrfs like below.\n\nhttps://github.com/naota/linux/issues/59\n\n [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds.\n [726.329839] Not tainted 5.16.0-rc1+ #1\n [726.330484] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00000000\n [726.331608] Call Trace:\n [726.331611] \n [726.331614] __schedule+0x2e5/0x9d0\n [726.331622] schedule+0x58/0xd0\n [726.331626] io_schedule+0x3f/0x70\n [726.331629] __folio_lock+0x125/0x200\n [726.331634] ? find_get_entries+0x1bc/0x240\n [726.331638] ? filemap_invalidate_unlock_two+0x40/0x40\n [726.331642] truncate_inode_pages_range+0x5b2/0x770\n [726.331649] truncate_inode_pages_final+0x44/0x50\n [726.331653] btrfs_evict_inode+0x67/0x480\n [726.331658] evict+0xd0/0x180\n [726.331661] iput+0x13f/0x200\n [726.331664] do_unlinkat+0x1c0/0x2b0\n [726.331668] __x64_sys_unlink+0x23/0x30\n [726.331670] do_syscall_64+0x3b/0xc0\n [726.331674] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [726.331677] RIP: 0033:0x7fb9490a171b\n [726.331681] RSP: 002b:00007fb943ffac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000057\n [726.331684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9490a171b\n [726.331686] RDX: 00007fb943ffb040 RSI: 000055a6bbe6ec20 RDI: 00007fb94400d300\n [726.331687] RBP: 00007fb943ffad00 R08: 0000000000000000 R09: 0000000000000000\n [726.331688] R10: 0000000000000031 R11: 0000000000000246 R12: 00007fb943ffb000\n [726.331690] R13: 00007fb943ffb040 R14: 0000000000000000 R15: 00007fb943ffd260\n [726.331693] \n\nWhile we debug the issue, we found running fstests generic/551 on 5GB\nnon-zoned null_blk device in the emulated zoned mode also had a\nsimilar hung issue.\n\nAlso, we can reproduce the same symptom with an error injected\ncow_file_range() setup.\n\nThe hang occurs when cow_file_range() fails in the middle of\nallocation. cow_file_range() called from do_allocation_zoned() can\nsplit the give region ([start, end]) for allocation depending on\ncurrent block group usages. When btrfs can allocate bytes for one part\nof the split regions but fails for the other region (e.g. because of\n-ENOSPC), we return the error leaving the pages in the succeeded regions\nlocked. Technically, this occurs only when @unlock == 0. Otherwise, we\nunlock the pages in an allocated region after creating an ordered\nextent.\n\nConsidering the callers of cow_file_range(unlock=0) won't write out\nthe pages, we can unlock the pages on error exit from\ncow_file_range(). So, we can ensure all the pages except @locked_page\nare unlocked on error case.\n\nIn summary, cow_file_range now behaves like this:\n\n- page_started == 1 (return value)\n - All the pages are unlocked. IO is started.\n- unlock == 1\n - All the pages except @locked_page are unlocked in any case\n- unlock == 0\n - On success, all the pages are locked for writing out them\n - On failure, all the pages except @locked_page are unlocked" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: garantizar que las p\u00e1ginas se desbloqueen en caso de fallo de cow_file_range() Hay un informe de hung_task en btrfs zonificados como el que se muestra a continuaci\u00f3n. https://github.com/naota/linux/issues/59 [726.328648] INFORMACI\u00d3N: la tarea rocksdb:high0:11085 se bloque\u00f3 durante m\u00e1s de 241 segundos. [726.329839] No contaminado 5.16.0-rc1+ #1 [726.330484] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" deshabilita este mensaje. [726.331603] tarea:rocksdb:high0 estado:D pila: 0 pid:11085 ppid: 11082 indicadores:0x00000000 [726.331608] Seguimiento de llamadas: [726.331611] [726.331614] __schedule+0x2e5/0x9d0 [726.331622] schedule+0x58/0xd0 [726.331626] io_schedule+0x3f/0x70 [726.331629] __folio_lock+0x125/0x200 [726.331634] ? find_get_entries+0x1bc/0x240 [726.331638] ? filemap_invalidate_unlock_two+0x40/0x40 [726.331642] truncate_inode_pages_range+0x5b2/0x770 [726.331649] truncate_inode_pages_final+0x44/0x50 [726.331653] btrfs_evict_inode+0x67/0x480 [726.331658] evict+0xd0/0x180 [726.331661] iput+0x13f/0x200 [726.331664] do_unlinkat+0x1c0/0x2b0 [726.331668] __x64_sys_unlink+0x23/0x30 [726.331670] do_syscall_64+0x3b/0xc0 [726.331674] entry_SYSCALL_64_after_hwframe+0x44/0xae [726.331677] RIP: 0033:0x7fb9490a171b [726.331681] RSP: 002b:00007fb943ffac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [726.331684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9490a171b [726.331686] RDX: 00007fb943ffb040 RSI: 000055a6bbe6ec20 RDI: 00007fb94400d300 [726.331687] RBP: 00007fb943ffad00 R08: 0000000000000000 R09: 0000000000000000 [726.331688] R10: 0000000000000031 R11: 0000000000000246 R12: 00007fb943ffb000 [726.331690] R13: 00007fb943ffb040 R14: 0000000000000000 R15: 00007fb943ffd260 [726.331693] Mientras depur\u00e1bamos el problema, encontramos que ejecutar fstests generic/551 en un dispositivo null_blk sin zona de 5 GB en el modo de zona emulada tambi\u00e9n ten\u00eda un problema de bloqueo similar. Adem\u00e1s, podemos reproducir el mismo s\u00edntoma con un error inyectado en la configuraci\u00f3n de cow_file_range(). El bloqueo ocurre cuando cow_file_range() falla en medio de la asignaci\u00f3n. cow_file_range() llamado desde do_allocation_zoned() puede dividir la regi\u00f3n dada ([inicio, fin]) para la asignaci\u00f3n dependiendo de los usos actuales del grupo de bloques. Cuando btrfs puede asignar bytes para una parte de las regiones divididas pero falla para la otra regi\u00f3n (por ejemplo, debido a -ENOSPC), devolvemos el error dejando bloqueadas las p\u00e1ginas en las regiones exitosas. T\u00e9cnicamente, esto solo ocurre cuando @unlock == 0. De lo contrario, desbloqueamos las p\u00e1ginas en una regi\u00f3n asignada tras crear una extensi\u00f3n ordenada. Dado que quienes llaman a cow_file_range(unlock=0) no escribir\u00e1n las p\u00e1ginas, podemos desbloquearlas al salir de cow_file_range() en caso de error. Por lo tanto, podemos asegurar que todas las p\u00e1ginas, excepto @locked_page, se desbloqueen en caso de error. En resumen, cow_file_range ahora se comporta as\u00ed: - page_started == 1 (valor de retorno): todas las p\u00e1ginas est\u00e1n desbloqueadas. Se inicia la E/S. - unlock == 1: todas las p\u00e1ginas, excepto @locked_page, se desbloquean en cualquier caso. - unlock == 0: en caso de \u00e9xito, todas las p\u00e1ginas est\u00e1n bloqueadas para su escritura. - en caso de error, todas las p\u00e1ginas, excepto @locked_page, se desbloquean." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json index 36dac112f41..e0609ce7f30 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50090.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size\n\nOn zoned filesystem, data write out is limited by max_zone_append_size,\nand a large ordered extent is split according the size of a bio. OTOH,\nthe number of extents to be written is calculated using\nBTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the\nmetadata bytes to update and/or create the metadata items.\n\nThe metadata reservation is done at e.g, btrfs_buffered_write() and then\nreleased according to the estimation changes. Thus, if the number of extent\nincreases massively, the reserved metadata can run out.\n\nThe increase of the number of extents easily occurs on zoned filesystem\nif BTRFS_MAX_EXTENT_SIZE > max_zone_append_size. And, it causes the\nfollowing warning on a small RAM environment with disabling metadata\nover-commit (in the following patch).\n\n[75721.498492] ------------[ cut here ]------------\n[75721.505624] BTRFS: block rsv 1 returned -28\n[75721.512230] WARNING: CPU: 24 PID: 2327559 at fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: loaded Tainted: G W 5.18.0-rc2-BTRFS-ZNS+ #109\n[75721.597200] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n[75721.607310] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n[75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286\n[75721.654126] RAX: 0000000000000000 RBX: 0000000000004000 RCX: 0000000000000000\n[75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e\n[75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7\n[75721.682493] R10: ffffed13f1a3f8d8 R11: 0000000000000001 R12: ffff88980a3c0e28\n[75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a\n[75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000\n[75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0\n[75721.730499] Call Trace:\n[75721.735166] \n[75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs]\n[75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs]\n[75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.769520] ? push_leaf_left+0x420/0x620 [btrfs]\n[75721.776431] ? memcpy+0x4e/0x60\n[75721.781931] split_leaf+0x433/0x12d0 [btrfs]\n[75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs]\n[75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs]\n[75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs]\n[75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs]\n[75721.818300] ? lock_downgrade+0x7c0/0x7c0\n[75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs]\n[75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs]\n[75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs]\n[75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs]\n[75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs]\n[75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs]\n[75721.869313] ? rcu_read_lock_sched_held+0x16/0x80\n[75721.876085] ? lock_release+0x552/0xf80\n[75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs]\n[75721.888886] ? __kasan_check_write+0x14/0x20\n[75721.895152] ? do_raw_read_unlock+0x44/0x80\n[75721.901323] ? _raw_write_lock_irq+0x60/0x80\n[75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs]\n[75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs]\n[75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs]\n[75721.929166] ? _raw_write_unlock+0x23/0x40\n[75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs]\n[75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs]\n[75721.949906] ? try_to_wake_up+0x30/0x14a0\n[75721.955700] ? btrfs_unlink_subvol+0xda0/0xda0 [btrfs]\n[75721.962661] ? rcu\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: reemplazar BTRFS_MAX_EXTENT_SIZE con fs_info->max_extent_size En el sistema de archivos zonificado, la escritura de datos est\u00e1 limitada por max_zone_append_size, y una extensi\u00f3n ordenada grande se divide seg\u00fan el tama\u00f1o de un bio. OTOH, el n\u00famero de extensiones que se escribir\u00e1n se calcula utilizando BTRFS_MAX_EXTENT_SIZE, y ese n\u00famero estimado se utiliza para reservar los bytes de metadatos para actualizar y/o crear los elementos de metadatos. La reserva de metadatos se realiza en, por ejemplo, btrfs_buffered_write() y luego se libera de acuerdo con los cambios de estimaci\u00f3n. Por lo tanto, si el n\u00famero de extensiones aumenta masivamente, los metadatos reservados pueden agotarse. El aumento del n\u00famero de extensiones ocurre f\u00e1cilmente en el sistema de archivos zonificado si BTRFS_MAX_EXTENT_SIZE > max_zone_append_size. Y causa la siguiente advertencia en un entorno de RAM peque\u00f1o con la deshabilitaci\u00f3n de la sobreasignaci\u00f3n de metadatos (en el siguiente parche). [75721.498492] ------------[ cortar aqu\u00ed ]------------ [75721.505624] BTRFS: el bloque rsv 1 devolvi\u00f3 -28 [75721.512230] ADVERTENCIA: CPU: 24 PID: 2327559 en fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs] [75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: cargado Tainted: GW 5.18.0-rc2-BTRFS-ZNS+ #109 [75721.597200] Nombre del hardware: Supermicro Super Server/H12SSL-NT, BIOS 2.0 22/02/2021 [75721.607310] Cola de trabajo: btrfs-endio-write btrfs_work_helper [btrfs] [75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs] [75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286 [75721.654126] RAX: 00000000000000000 RBX: 0000000000004000 RCX: 0000000000000000 [75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e [75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7 [75721.682493] R10: ffffed13f1a3f8d8 R11: 000000000000001 R12: ffff88980a3c0e28 [75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a [75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000 [75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0 [75721.730499] Rastreo de llamadas: [75721.735166] [75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs] [75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs] [75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs] [75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs] [75721.769520] ? push_leaf_left+0x420/0x620 [btrfs] [75721.776431] ? memcpy+0x4e/0x60 [75721.781931] split_leaf+0x433/0x12d0 [btrfs] [75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs] [75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs] [75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs] [75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs] [75721.818300] ? lock_downgrade+0x7c0/0x7c0 [75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs] [75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs] [75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs] [75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs] [75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs] [75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs] [75721.869313] ? rcu_read_lock_sched_held+0x16/0x80 [75721.876085] ? lock_release+0x552/0xf80 [75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs] [75721.888886] ? __kasan_check_write+0x14/0x20 [75721.895152] ? do_raw_read_unlock+0x44/0x80 [75721.901323] ? _raw_write_lock_irq+0x60/0x80 [75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs] [75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs] [75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs] [75721.929166] ? _raw_write_unlock+0x23/0x40 [75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs] [75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs] [75721.949906] ? try_to_wake_up+0x30/0x14a0 [75721.955700] ? btrfs_unlink_subvol+0xda---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json index 2b72ea75f34..959ea1cc009 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50091.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/csd_lock: Change csdlock_debug from early_param to __setup\n\nThe csdlock_debug kernel-boot parameter is parsed by the\nearly_param() function csdlock_debug(). If set, csdlock_debug()\ninvokes static_branch_enable() to enable csd_lock_wait feature, which\ntriggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and\nCONFIG_SPARSEMEM_VMEMMAP=n.\n\nWith CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a NULL dereference\nbecause mem_section is initialized only later in sparse_init().\n\nThis is also a problem for powerpc because early_param() functions\nare invoked earlier than jump_label_init(), also resulting in\nstatic_key_enable() failures. These failures cause the warning \"static\nkey 'xxx' used before call to jump_label_init()\".\n\nThus, early_param is too early for csd_lock_wait to run\nstatic_branch_enable(), so changes it to __setup to fix these." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: locking/csd_lock: Cambiar csdlock_debug de early_param a __setup El par\u00e1metro csdlock_debug kernel-boot es analizado por la funci\u00f3n early_param() csdlock_debug(). Si se establece, csdlock_debug() invoca static_branch_enable() para habilitar la funci\u00f3n csd_lock_wait, que desencadena un p\u00e1nico en arm64 para kernels compilados con CONFIG_SPARSEMEM=y y CONFIG_SPARSEMEM_VMEMMAP=n. Con CONFIG_SPARSEMEM_VMEMMAP=n, se llama a __nr_to_section en static_key_enable() y devuelve NULL, lo que resulta en una desreferencia NULL porque mem_section se inicializa solo m\u00e1s tarde en sparse_init(). Esto tambi\u00e9n representa un problema para PowerPC, ya que las funciones early_param() se invocan antes que jump_label_init(), lo que tambi\u00e9n provoca fallos en static_key_enable(). Estos fallos generan la advertencia \"Clave est\u00e1tica 'xxx' usada antes de la llamada a jump_label_init()\". Por lo tanto, early_param es demasiado pronto para que csd_lock_wait ejecute static_branch_enable(), por lo que se cambia a __setup para solucionarlos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json index 592aef0b918..443e42a4805 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50092.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: fix use-after-free crash in dm_sm_register_threshold_callback\n\nFault inject on pool metadata device reports:\n BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80\n Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950\n\n CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x34/0x44\n print_address_description.constprop.0.cold+0xeb/0x3f4\n kasan_report.cold+0xe6/0x147\n dm_pool_register_metadata_threshold+0x40/0x80\n pool_ctr+0xa0a/0x1150\n dm_table_add_target+0x2c8/0x640\n table_load+0x1fd/0x430\n ctl_ioctl+0x2c4/0x5a0\n dm_ctl_ioctl+0xa/0x10\n __x64_sys_ioctl+0xb3/0xd0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis can be easily reproduced using:\n echo offline > /sys/block/sda/device/state\n dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10\n dmsetup load pool --table \"0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0\"\n\nIf a metadata commit fails, the transaction will be aborted and the\nmetadata space maps will be destroyed. If a DM table reload then\nhappens for this failed thin-pool, a use-after-free will occur in\ndm_sm_register_threshold_callback (called from\ndm_pool_register_metadata_threshold).\n\nFix this by in dm_pool_register_metadata_threshold() by returning the\n-EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr()\nwith a new error message: \"Error registering metadata threshold\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm thin: correcci\u00f3n del fallo de uso tras liberaci\u00f3n en dm_sm_register_threshold_callback Se informa de un fallo por inyecci\u00f3n en el dispositivo de metadatos del grupo: ERROR: KASAN: uso tras liberaci\u00f3n en dm_pool_register_metadata_threshold+0x40/0x80 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8881b9d50068 por la tarea dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Contaminado: GW 5.19.0-rc6 #1 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x34/0x44 print_address_description.constprop.0.cold+0xeb/0x3f4 kasan_report.cold+0xe6/0x147 dm_pool_register_metadata_threshold+0x40/0x80 pool_ctr+0xa0a/0x1150 dm_table_add_target+0x2c8/0x640 table_load+0x1fd/0x430 ctl_ioctl+0x2c4/0x5a0 dm_ctl_ioctl+0xa/0x10 __x64_sys_ioctl+0xb3/0xd0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Esto se puede reproducir f\u00e1cilmente usando: echo offline > /sys/block/sda/device/state dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10 dmsetup load pool --table \"0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0\" Si falla una confirmaci\u00f3n de metadatos, la transacci\u00f3n se cancelar\u00e1 y los mapas de espacio de metadatos se destruir\u00e1n. Si se recarga la tabla DM para este thin-pool fallido, se ejecutar\u00e1 un \"use after-free\" en dm_sm_register_threshold_callback (llamado desde dm_pool_register_metadata_threshold). Solucione esto en dm_pool_register_metadata_threshold() devolviendo el error -EINVAL si el thin-pool est\u00e1 en modo de fallo. Tambi\u00e9n se produce un error en pool_ctr() con un nuevo mensaje de error: \"Error al registrar el umbral de metadatos\"." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json index 068d0f816c4..bbaefa8bbc7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50093.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)\n\nKASAN reports:\n\n[ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n[ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0\n[ 4.683454][ T0]\n[ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1\n[ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016\n[ 4.703196][ T0] Call Trace:\n[ 4.706334][ T0] \n[ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n\nafter converting the type of the first argument (@nr, bit number)\nof arch_test_bit() from `long` to `unsigned long`[0].\n\nUnder certain conditions (for example, when ACPI NUMA is disabled\nvia command line), pxm_to_node() can return %NUMA_NO_NODE (-1).\nIt is valid 'magic' number of NUMA node, but not valid bit number\nto use in bitops.\nnode_online() eventually descends to test_bit() without checking\nfor the input, assuming it's on caller side (which might be good\nfor perf-critical tasks). There, -1 becomes %ULONG_MAX which leads\nto an insane array index when calculating bit position in memory.\n\nFor now, add an explicit check for @node being not %NUMA_NO_NODE\nbefore calling test_bit(). The actual logics didn't change here\nat all.\n\n[0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: evitar acceso no v\u00e1lido a memoria mediante node_online(NUMA_NO_NODE) KASAN informa: [ 4.668325][ T0] ERROR: KASAN: acceso a memoria salvaje en dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Lectura de tama\u00f1o 8 en la direcci\u00f3n 1fffffff85115558 por el intercambiador de tareas/0/0 [ 4.683454][ T0] [ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 No contaminado 5.19.0-rc3-00004-g0e862838f290 #1 [ 4.694331][ T0] Nombre del hardware: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 02/03/2016 [ 4.703196][ T0] Rastreo de llamadas: [ 4.706334][ T0] [ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) despu\u00e9s de convertir el tipo del primer argumento (@nr, n\u00famero de bit) de arch_test_bit() de `long` a `unsigned long`[0]. Bajo ciertas condiciones (por ejemplo, cuando ACPI NUMA est\u00e1 deshabilitado a trav\u00e9s de la l\u00ednea de comandos), pxm_to_node() puede devolver %NUMA_NO_NODE (-1). Es un n\u00famero 'm\u00e1gico' v\u00e1lido de nodo NUMA, pero no un n\u00famero de bit v\u00e1lido para usar en bitops. node_online() finalmente desciende a test_bit() sin verificar la entrada, asumiendo que est\u00e1 del lado del llamador (lo cual podr\u00eda ser \u00fatil para tareas cr\u00edticas para el rendimiento). All\u00ed, -1 se convierte en %ULONG_MAX, lo que genera un \u00edndice de matriz desproporcionado al calcular la posici\u00f3n del bit en memoria. Por ahora, agregue una verificaci\u00f3n expl\u00edcita de que @node no sea %NUMA_NO_NODE antes de llamar a test_bit(). La l\u00f3gica real no cambi\u00f3 en absoluto. [0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json index f26443dfb29..1e13db8e803 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50094.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: trace: fix stack-out-of-bound access in SPMI tracing functions\n\ntrace_spmi_write_begin() and trace_spmi_read_end() both call\nmemcpy() with a length of \"len + 1\". This leads to one extra\nbyte being read beyond the end of the specified buffer. Fix\nthis out-of-bound memory access by using a length of \"len\"\ninstead.\n\nHere is a KASAN log showing the issue:\n\nBUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234\nRead of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314\n...\nCall trace:\n dump_backtrace+0x0/0x3e8\n show_stack+0x2c/0x3c\n dump_stack_lvl+0xdc/0x11c\n print_address_description+0x74/0x384\n kasan_report+0x188/0x268\n kasan_check_range+0x270/0x2b0\n memcpy+0x90/0xe8\n trace_event_raw_event_spmi_read_end+0x1d0/0x234\n spmi_read_cmd+0x294/0x3ac\n spmi_ext_register_readl+0x84/0x9c\n regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi]\n _regmap_raw_read+0x40c/0x754\n regmap_raw_read+0x3a0/0x514\n regmap_bulk_read+0x418/0x494\n adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3]\n ...\n __arm64_sys_read+0x4c/0x60\n invoke_syscall+0x80/0x218\n el0_svc_common+0xec/0x1c8\n ...\n\naddr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame:\n adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3]\n\nthis frame has 1 object:\n [32, 33) 'status'\n\nMemory state around the buggy address:\n ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1\n ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n>ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00\n ^\n ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00\n==================================================================" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spmi: trace: se corrige el acceso fuera de los l\u00edmites de la pila en las funciones de seguimiento de SPMI. Las funciones trace_spmi_write_begin() y trace_spmi_read_end() llaman a memcpy() con una longitud de \"len + 1\". Esto provoca la lectura de un byte adicional m\u00e1s all\u00e1 del final del b\u00fafer especificado. Corrija este acceso fuera de los l\u00edmites de la pila utilizando una longitud de \"len\". Aqu\u00ed hay un registro de KASAN que muestra el problema: ERROR: KASAN: pila fuera de los l\u00edmites en trace_event_raw_event_spmi_read_end+0x1d0/0x234 Lectura de tama\u00f1o 2 en la direcci\u00f3n ffffffc0265b7540 por la tarea thermal@2.0-ser/1314 ... Seguimiento de llamadas: dump_backtrace+0x0/0x3e8 show_stack+0x2c/0x3c dump_stack_lvl+0xdc/0x11c print_address_description+0x74/0x384 kasan_report+0x188/0x268 kasan_check_range+0x270/0x2b0 memcpy+0x90/0xe8 trace_event_raw_event_spmi_read_end+0x1d0/0x234 spmi_read_cmd+0x294/0x3ac spmi_ext_register_readl+0x84/0x9c regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi] _regmap_raw_read+0x40c/0x754 regmap_raw_read+0x3a0/0x514 regmap_bulk_read+0x418/0x494 adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3] ... __arm64_sys_read+0x4c/0x60 invoke_syscall+0x80/0x218 el0_svc_common+0xec/0x1c8 ... la direcci\u00f3n ffffffc0265b7540 se encuentra en la pila de tareas thermal@2.0-ser/1314 en el desplazamiento 32 en el marco: adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3] este marco tiene 1 objeto: [32, 33) 'status' Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 fffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 >fffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00 ^ ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00 ====================================================================" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json index ee02df2f5ad..58f206facb4 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50095.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: Cleanup CPU timers before freeing them during exec\n\nCommit 55e8c8eb2c7b (\"posix-cpu-timers: Store a reference to a pid not a\ntask\") started looking up tasks by PID when deleting a CPU timer.\n\nWhen a non-leader thread calls execve, it will switch PIDs with the leader\nprocess. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find\nthe task because the timer still points out to the old PID.\n\nThat means that armed timers won't be disarmed, that is, they won't be\nremoved from the timerqueue_list. exit_itimers will still release their\nmemory, and when that list is later processed, it leads to a\nuse-after-free.\n\nClean up the timers from the de-threaded task before freeing them. This\nprevents a reported use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: posix-cpu-timers: Limpiar los temporizadores de CPU antes de liberarlos durante la ejecuci\u00f3n. el commit 55e8c8eb2c7b (\"posix-cpu-timers: Almacenar una referencia a un PID, no a una tarea\") comenz\u00f3 a buscar tareas por PID al eliminar un temporizador de CPU. Cuando un subproceso no l\u00edder llama a execve, intercambia los PID con el proceso l\u00edder. Luego, al llamar a exit_itimers, posix_cpu_timer_del no puede encontrar la tarea porque el temporizador a\u00fan apunta al PID anterior. Esto significa que los temporizadores armados no se desarmar\u00e1n; es decir, no se eliminar\u00e1n de timerqueue_list. exit_itimers liberar\u00e1 su memoria y, cuando esa lista se procese posteriormente, se generar\u00e1 un Use-After-Free. Limpie los temporizadores de la tarea desprovista de subprocesos antes de liberarlos. Esto evita un Use-After-Free reportado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json index bc7d1b004c1..f7b27006be7 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50096.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kprobes: Update kcb status flag after singlestepping\n\nFix kprobes to update kcb (kprobes control block) status flag to\nKPROBE_HIT_SSDONE even if the kp->post_handler is not set.\n\nThis bug may cause a kernel panic if another INT3 user runs right\nafter kprobes because kprobe_int3_handler() misunderstands the\nINT3 is kprobe's single stepping INT3." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/kprobes: Actualizaci\u00f3n del indicador de estado de kcb tras el paso \u00fanico. Se corrigi\u00f3 que kprobes actualizara el indicador de estado de kcb (bloque de control de kprobes) a KPROBE_HIT_SSDONE incluso si kp->post_handler no est\u00e1 configurado. Este error puede causar un p\u00e1nico del kernel si otro usuario INT3 se ejecuta justo despu\u00e9s de kprobes, ya que kprobe_int3_handler() malinterpreta que INT3 es el INT3 de paso \u00fanico de kprobe." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json index be2c3e6f7a6..dcda4a8d131 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50097.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: s3fb: Check the size of screen before memset_io()\n\nIn the function s3fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000\n[ 54.083742] #PF: supervisor write access in kernel mode\n[ 54.083744] #PF: error_code(0x0002) - not-present page\n[ 54.083760] RIP: 0010:memset_orig+0x33/0xb0\n[ 54.083782] Call Trace:\n[ 54.083788] s3fb_set_par+0x1ec6/0x4040\n[ 54.083806] fb_set_var+0x604/0xeb0\n[ 54.083836] do_fb_ioctl+0x234/0x670\n\nFix the this by checking the value of 'screen_size' before memset_io()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: s3fb: Verifique el tama\u00f1o de la pantalla antes de memset_io() En la funci\u00f3n s3fb_set_par(), el valor de 'screen_size' se calcula mediante la entrada del usuario. Si el usuario proporciona un valor incorrecto, el valor de 'screen_size' puede ser mayor que 'info->screen_size', lo que puede causar el siguiente error: [ 54.083733] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffc90003000000 [ 54.083742] #PF: acceso de escritura del supervisor en modo kernel [ 54.083744] #PF: error_code(0x0002) - p\u00e1gina no presente [ 54.083760] RIP: 0010:memset_orig+0x33/0xb0 [ 54.083782] Rastreo de llamadas: [ 54.083788] s3fb_set_par+0x1ec6/0x4040 [ 54.083806] fb_set_var+0x604/0xeb0 [ 54.083836] do_fb_ioctl+0x234/0x670 Solucione este problema comprobando el valor de 'screen_size' antes de memset_io()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json index c464e5515ca..5a15cdb9df0 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50098.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n\nEnsure SRB is returned during I/O timeout error escalation. If that is not\npossible fail the escalation path.\n\nFollowing crash stack was seen:\n\nBUG: unable to handle kernel paging request at 0000002f56aa90f8\nIP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx]\nCall Trace:\n ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx]\n ? qla2x00_start_sp+0x116/0x1170 [qla2xxx]\n ? dma_pool_alloc+0x1d6/0x210\n ? mempool_alloc+0x54/0x130\n ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx]\n ? qla_do_work+0x2d/0x40 [qla2xxx]\n ? process_one_work+0x14c/0x390" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Se corrige un fallo debido a un acceso obsoleto a SRB cerca de los tiempos de espera de E/S. Aseg\u00farese de que SRB se devuelva durante la escalada de errores de tiempo de espera de E/S. Si esto no es posible, reinicie la ruta de escalada. Se observ\u00f3 la siguiente pila de fallos: Error: no se puede gestionar la solicitud de paginaci\u00f3n del kernel en 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Rastreo de llamadas: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? dma_pool_alloc+0x1d6/0x210 ? mempool_alloc+0x54/0x130 ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx] ? qla_do_work+0x2d/0x40 [qla2xxx] ? process_one_work+0x14c/0x390 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json b/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json index 9a4d5fe9bf0..130d1f9707c 100644 --- a/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json +++ b/CVE-2022/CVE-2022-500xx/CVE-2022-50099.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Check the size of screen before memset_io()\n\nIn the function arkfb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000\n[ 659.399077] #PF: supervisor write access in kernel mode\n[ 659.399079] #PF: error_code(0x0002) - not-present page\n[ 659.399094] RIP: 0010:memset_orig+0x33/0xb0\n[ 659.399116] Call Trace:\n[ 659.399122] arkfb_set_par+0x143f/0x24c0\n[ 659.399130] fb_set_var+0x604/0xeb0\n[ 659.399161] do_fb_ioctl+0x234/0x670\n[ 659.399189] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: arkfb: Verifique el tama\u00f1o de la pantalla antes de memset_io() En la funci\u00f3n arkfb_set_par(), el valor de 'screen_size' se calcula mediante la entrada del usuario. Si el usuario proporciona un valor incorrecto, el valor de 'screen_size' puede ser mayor que 'info->screen_size', lo que puede causar el siguiente error: [ 659.399066] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffc90003000000 [ 659.399077] #PF: acceso de escritura del supervisor en modo kernel [ 659.399079] #PF: error_code(0x0002) - p\u00e1gina no presente [ 659.399094] RIP: 0010:memset_orig+0x33/0xb0 [ 659.399116] Rastreo de llamadas: [ 659.399122] arkfb_set_par+0x143f/0x24c0 [ 659.399130] fb_set_var+0x604/0xeb0 [ 659.399161] do_fb_ioctl+0x234/0x670 [ 659.399189] fb_ioctl+0xdd/0x130 Solucione este problema comprobando el valor de 'screen_size' antes de memset_io()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json index 5e2e3b98cda..44d715ae136 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50100.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Do not requeue task on CPU excluded from cpus_mask\n\nThe following warning was triggered on a large machine early in boot on\na distribution kernel but the same problem should also affect mainline.\n\n WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440\n Call Trace:\n \n rescuer_thread+0x1f6/0x360\n kthread+0x156/0x180\n ret_from_fork+0x22/0x30\n \n\nCommit c6e7bd7afaeb (\"sched/core: Optimize ttwu() spinning on p->on_cpu\")\noptimises ttwu by queueing a task that is descheduling on the wakelist,\nbut does not check if the task descheduling is still allowed to run on that CPU.\n\nIn this warning, the problematic task is a workqueue rescue thread which\nchecks if the rescue is for a per-cpu workqueue and running on the wrong CPU.\nWhile this is early in boot and it should be possible to create workers,\nthe rescue thread may still used if the MAYDAY_INITIAL_TIMEOUT is reached\nor MAYDAY_INTERVAL and on a sufficiently large machine, the rescue\nthread is being used frequently.\n\nTracing confirmed that the task should have migrated properly using the\nstopper thread to handle the migration. However, a parallel wakeup from udev\nrunning on another CPU that does not share CPU cache observes p->on_cpu and\nuses task_cpu(p), queues the task on the old CPU and triggers the warning.\n\nCheck that the wakee task that is descheduling is still allowed to run\non its current CPU and if not, wait for the descheduling to complete\nand select an allowed CPU." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/core: No volver a poner en cola la tarea en la CPU excluida de cpus_mask La siguiente advertencia se activ\u00f3 en una m\u00e1quina grande al comienzo del arranque en un kernel de distribuci\u00f3n, pero el mismo problema tambi\u00e9n deber\u00eda afectar a la l\u00ednea principal. ADVERTENCIA: CPU: 439 PID: 10 en ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440 Rastreo de llamadas: rescuer_thread+0x1f6/0x360 kthread+0x156/0x180 ret_from_fork+0x22/0x30 el commit c6e7bd7afaeb (\"sched/core: Optimize ttwu() spinning on p->on_cpu\") optimiza ttwu poniendo en cola una tarea que se est\u00e1 desprogramando en la lista de activaci\u00f3n, pero no comprueba si la desprogramaci\u00f3n de tareas a\u00fan puede ejecutarse en esa CPU. En esta advertencia, la tarea problem\u00e1tica es un subproceso de rescate de la cola de trabajo que comprueba si el rescate es para una cola de trabajo por CPU y se ejecuta en la CPU incorrecta. Aunque esto ocurre al principio del arranque y deber\u00eda ser posible crear trabajadores, el hilo de rescate a\u00fan podr\u00eda usarse si se alcanza el tiempo de espera inicial (MAYDAY_INITIAL_TIMEOUT) o el intervalo (MAYDAY_INTERVAL) y, en una m\u00e1quina lo suficientemente grande, se usa con frecuencia. El seguimiento confirm\u00f3 que la tarea deber\u00eda haberse migrado correctamente utilizando el hilo de parada para gestionar la migraci\u00f3n. Sin embargo, una activaci\u00f3n paralela de udev, ejecut\u00e1ndose en otra CPU que no comparte cach\u00e9 de CPU, observa p->on_cpu y utiliza task_cpu(p), pone la tarea en cola en la CPU anterior y activa la advertencia. Compruebe que la tarea de activaci\u00f3n que se est\u00e1 desprogramando a\u00fan pueda ejecutarse en su CPU actual; de no ser as\u00ed, espere a que se complete la desprogramaci\u00f3n y seleccione una CPU permitida." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json index 01b4d1c79c3..189125f5acc 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50101.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: vt8623fb: Check the size of screen before memset_io()\n\nIn the function vt8623fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000\n[ 583.339049] #PF: supervisor write access in kernel mode\n[ 583.339052] #PF: error_code(0x0002) - not-present page\n[ 583.339074] RIP: 0010:memset_orig+0x33/0xb0\n[ 583.339110] Call Trace:\n[ 583.339118] vt8623fb_set_par+0x11cd/0x21e0\n[ 583.339146] fb_set_var+0x604/0xeb0\n[ 583.339181] do_fb_ioctl+0x234/0x670\n[ 583.339209] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: vt8623fb: Verifique el tama\u00f1o de la pantalla antes de memset_io() En la funci\u00f3n vt8623fb_set_par(), el valor de 'screen_size' se calcula mediante la entrada del usuario. Si el usuario proporciona un valor incorrecto, el valor de 'screen_size' puede ser mayor que 'info->screen_size', lo que puede causar el siguiente error: [ 583.339036] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffc90005000000 [ 583.339049] #PF: acceso de escritura del supervisor en modo kernel [ 583.339052] #PF: error_code(0x0002) - p\u00e1gina no presente [ 583.339074] RIP: 0010:memset_orig+0x33/0xb0 [ 583.339110] Rastreo de llamadas: [ 583.339118] vt8623fb_set_par+0x11cd/0x21e0 [ 583.339146] fb_set_var+0x604/0xeb0 [ 583.339181] do_fb_ioctl+0x234/0x670 [ 583.339209] fb_ioctl+0xdd/0x130 Solucione este problema comprobando el valor de 'screen_size' antes de memset_io()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json index c4eba0e401e..e805b2cc2ff 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50102.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug\nin:\n drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);\nwith hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.\nand then in:\n drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);\nwe'll get a division-by-zero.\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]\nRIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of ark_set_pixclock() first." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: arkfb: Corrige un error de divisi\u00f3n por cero en ark_set_pixclock() Dado que el usuario puede controlar los argumentos de ioctl() desde el espacio de usuario, bajo argumentos especiales que pueden resultar en un error de divisi\u00f3n por cero en: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); con hdiv=1, pixclock=1 y hmul=2 terminas con (1*1)/2 = (int) 0. y luego en: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock); obtendremos una divisi\u00f3n por cero. El siguiente registro puede revelarlo: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [en l\u00ednea] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Rastreo de llamadas: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Solucione esto marcando el argumento de ark_set_pixclock() primero." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json index 07a39faed17..92bd70524ce 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50103.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed\n\nWith cgroup v2, the cpuset's cpus_allowed mask can be empty indicating\nthat the cpuset will just use the effective CPUs of its parent. So\ncpuset_can_attach() can call task_can_attach() with an empty mask.\nThis can lead to cpumask_any_and() returns nr_cpu_ids causing the call\nto dl_bw_of() to crash due to percpu value access of an out of bound\nCPU value. For example:\n\n\t[80468.182258] BUG: unable to handle page fault for address: ffffffff8b6648b0\n\t :\n\t[80468.191019] RIP: 0010:dl_cpu_busy+0x30/0x2b0\n\t :\n\t[80468.207946] Call Trace:\n\t[80468.208947] cpuset_can_attach+0xa0/0x140\n\t[80468.209953] cgroup_migrate_execute+0x8c/0x490\n\t[80468.210931] cgroup_update_dfl_csses+0x254/0x270\n\t[80468.211898] cgroup_subtree_control_write+0x322/0x400\n\t[80468.212854] kernfs_fop_write_iter+0x11c/0x1b0\n\t[80468.213777] new_sync_write+0x11f/0x1b0\n\t[80468.214689] vfs_write+0x1eb/0x280\n\t[80468.215592] ksys_write+0x5f/0xe0\n\t[80468.216463] do_syscall_64+0x5c/0x80\n\t[80468.224287] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFix that by using effective_cpus instead. For cgroup v1, effective_cpus\nis the same as cpus_allowed. For v2, effective_cpus is the real cpumask\nto be used by tasks within the cpuset anyway.\n\nAlso update task_can_attach()'s 2nd argument name to cs_effective_cpus to\nreflect the change. In addition, a check is added to task_can_attach()\nto guard against the possibility that cpumask_any_and() may return a\nvalue >= nr_cpu_ids." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched, cpuset: Se solucion\u00f3 el p\u00e1nico de dl_cpu_busy() debido a un valor de cs->cpus_allowed vac\u00edo. Con cgroup v2, la m\u00e1scara cpus_allowed de cpuset puede estar vac\u00eda, lo que indica que solo usar\u00e1 las CPU efectivas de su padre. Por lo tanto, cpuset_can_attach() puede llamar a task_can_attach() con una m\u00e1scara vac\u00eda. Esto puede provocar que cpumask_any_and() devuelva nr_cpu_ids, lo que provoca el bloqueo de la llamada a dl_bw_of() debido al acceso a un valor de CPU fuera de los l\u00edmites. Por ejemplo: [80468.182258] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffff8b6648b0 : [80468.191019] RIP: 0010:dl_cpu_busy+0x30/0x2b0 : [80468.207946] Rastreo de llamadas: [80468.208947] cpuset_can_attach+0xa0/0x140 [80468.209953] cgroup_migrate_execute+0x8c/0x490 [80468.210931] cgroup_update_dfl_csses+0x254/0x270 [80468.211898] Solucione esto utilizando effective_cpus en su lugar. Para cgroup v1, effective_cpus es igual que cpus_allowed. Para v2, effective_cpus es la m\u00e1scara de CPU real que usar\u00e1n las tareas dentro del conjunto de CPU. Actualice tambi\u00e9n el segundo argumento de task_can_attach() a cs_effective_cpus para reflejar el cambio. Adem\u00e1s, se ha a\u00f1adido una comprobaci\u00f3n a task_can_attach() para evitar que cpumask_any_and() devuelva un valor mayor que nr_cpu_ids." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json index 65790e16264..7d444b342d9 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50104.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: Fix refcount leak in xive_get_max_prio\n\nof_find_node_by_path() returns a node pointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/xive: Se corrige la fuga de recuento de referencias en xive_get_max_prio. of_find_node_by_path() devuelve un puntero de nodo con el recuento de referencias incrementado; al finalizar, se debe usar of_node_put(). Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json index 0e8aa143aba..6ec8d72dd94 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50105.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/spufs: Fix refcount leak in spufs_init_isolated_loader\n\nof_find_node_by_path() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/spufs: Se corrige la fuga de recuento de referencias en spufs_init_isolated_loader. La funci\u00f3n `of_find_node_by_path()` devuelve el puntero de nodo del dispositivo remoto con el recuento de referencias incrementado. Al finalizar, se debe usar `of_node_put()`. Se ha a\u00f1adido la funci\u00f3n `of_node_put()` que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json index 83122182b10..421d337aa73 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50106.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address\n\nof_get_next_parent() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() in the error path to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/cell/axon_msi: Se corrige la fuga de recuento de referencias en setup_msi_msg_address. of_get_next_parent() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Agregue la falta de of_node_put() en la ruta de error para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json index 341ab7023dd..d928906fa2a 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50107.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory leak when using fscache\n\nIf we hit the 'index == next_cached' case, we leak a refcount on the\nstruct page. Fix this by using readahead_folio() which takes care of\nthe refcount for you." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige la p\u00e9rdida de memoria al usar fscache. Si se da el caso 'index == next_cached', se filtra un recuento de referencias en la p\u00e1gina de estructura. Para solucionar esto, use readahead_folio(), que se encarga del recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json index af2b8c5490f..e5d1a7c7e9a 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50108.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: max77620: Fix refcount leak in max77620_initialise_fps\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mfd: max77620: Se corrige la fuga de recuento de referencias en max77620_initialise_fps. of_get_child_by_name() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json index 46a1953ad36..64d69ebb84b 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50109.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: amba-clcd: Fix refcount leak bugs\n\nIn clcdfb_of_init_display(), we should call of_node_put() for the\nreferences returned by of_graph_get_next_endpoint() and\nof_graph_get_remote_port_parent() which have increased the refcount.\n\nBesides, we should call of_node_put() both in fail path or when\nthe references are not used anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: amba-clcd: Correcci\u00f3n de errores de fuga de recuento de referencias. En clcdfb_of_init_display(), debemos llamar a of_node_put() para las referencias devueltas por of_graph_get_next_endpoint() y of_graph_get_remote_port_parent() que han aumentado el recuento de referencias. Adem\u00e1s, debemos llamar a of_node_put() tanto en la ruta de error como cuando las referencias ya no se utilizan." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json index 6d2aab692cc..f85e393b4f6 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50110.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: watchdog: sp5100_tco: corrige una p\u00e9rdida de memoria del recurso EFCH MMIO A diferencia de release_mem_region(), una llamada a release_resource() no libera el recurso, por lo que debe liberarse expl\u00edcitamente para evitar una p\u00e9rdida de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json index 54fd9aa0ba8..3e8ec1ce625 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50111.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6359: Fix refcount leak bug\n\nIn mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call\nof_node_put() for the reference returned by of_get_child_by_name()\nwhich has increased the refcount." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mt6359: Corregir error de p\u00e9rdida de recuento de referencias En mt6359_parse_dt() y mt6359_accdet_parse_dt(), debemos llamar a of_node_put() para la referencia devuelta por of_get_child_by_name() que ha aumentado el recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json index 734b3d551d1..24509a2f25c 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50112.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rpmsg: qcom_smd: se corrige la p\u00e9rdida de refcount en qcom_smd_parse_edge of_parse_phandle() devuelve un puntero de nodo con refcount incrementado, debemos usar of_node_put() en \u00e9l cuando termine." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json index e08850c643a..44281d6964b 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50113.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()\n\nWe should call of_node_put() for the reference before its replacement\nas it returned by of_get_parent() which has increased the refcount.\nBesides, we should also call of_node_put() before return." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoc: audio-graph-card2: Se corrige el error de fuga de recuento de referencias en __graph_get_type(). Deber\u00edamos llamar a of_node_put() para la referencia antes de reemplazarla, ya que la devolvi\u00f3 of_get_parent(), lo que increment\u00f3 el recuento de referencias. Adem\u00e1s, tambi\u00e9n deber\u00edamos llamar a of_node_put() antes del retorno." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json index edc4d200e24..e7ee0f3a731 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50114.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 9p: fix refcount leak in p9_read_work() error handling\n\np9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid\ntemporary refcount leak.\n\n[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: 9p: se corrige la fuga de recuento de referencias en el manejo de errores de p9_read_work(). Es necesario llamar a p9_req_put cuando m->rreq->rc.sdata es NULL para evitar una fuga temporal de recuento de referencias. [Dominique: ajustes en la redacci\u00f3n de las confirmaciones, correcciones del argumento p9_req_put para la rebase]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json index cc4ffa1f3ff..fb0267695c2 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50115.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes\n\nWe have sanity checks for byte controls and if any of the fail the locally\nallocated scontrol->ipc_control_data is freed up, but not set to NULL.\n\nOn a rollback path of the error the higher level code will also try to free\nthe scontrol->ipc_control_data which will eventually going to lead to\nmemory corruption as double freeing memory is not a good thing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: ipc3-topology: Impide la doble liberaci\u00f3n de ipc_control_data mediante load_bytes. Se han realizado comprobaciones de seguridad para los controles de bytes y, si alguna falla, se libera el archivo scontrol->ipc_control_data asignado localmente, pero no se establece en NULL. En una ruta de reversi\u00f3n del error, el c\u00f3digo de nivel superior tambi\u00e9n intentar\u00e1 liberar scontrol->ipc_control_data, lo que eventualmente provocar\u00e1 corrupci\u00f3n de memoria, ya que la doble liberaci\u00f3n de memoria no es recomendable." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json index 30c5b411a77..5b550ca2974 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50116.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix deadlock and link starvation in outgoing data path\n\nThe current implementation queues up new control and user packets as needed\nand processes this queue down to the ldisc in the same code path.\nThat means that the upper and the lower layer are hard coupled in the code.\nDue to this deadlocks can happen as seen below while transmitting data,\nespecially during ldisc congestion. Furthermore, the data channels starve\nthe control channel on high transmission load on the ldisc.\n\nIntroduce an additional control channel data queue to prevent timeouts and\nlink hangups during ldisc congestion. This is being processed before the\nuser channel data queue in gsm_data_kick(), i.e. with the highest priority.\nPut the queue to ldisc data path into a workqueue and trigger it whenever\nnew data has been put into the transmission queue. Change\ngsm_dlci_data_sweep() accordingly to fill up the transmission queue until\nTX_THRESH_HI. This solves the locking issue, keeps latency low and provides\ngood performance on high data load.\nNote that now all packets from a DLCI are removed from the internal queue\nif the associated DLCI was closed. This ensures that no data is sent by the\nintroduced write task to an already closed DLCI.\n\nBUG: spinlock recursion on CPU#0, test_v24_loop/124\n lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0\nCPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n do_raw_spin_lock+0x76/0xa0\n _raw_spin_lock_irqsave+0x72/0x80\n uart_write_room+0x3b/0xc0\n gsm_data_kick+0x14b/0x240 [n_gsm]\n gsmld_write_wakeup+0x35/0x70 [n_gsm]\n tty_wakeup+0x53/0x60\n tty_port_default_wakeup+0x1b/0x30\n serial8250_tx_chars+0x12f/0x220\n serial8250_handle_irq.part.0+0xfe/0x150\n serial8250_default_handle_irq+0x48/0x80\n serial8250_interrupt+0x56/0xa0\n __handle_irq_event_percpu+0x78/0x1f0\n handle_irq_event+0x34/0x70\n handle_fasteoi_irq+0x90/0x1e0\n __common_interrupt+0x69/0x100\n common_interrupt+0x48/0xc0\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:__do_softirq+0x83/0x34e\nCode: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d\ne2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff <49> c7 c2 40 61\n80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00\nRSP: 0018:ffffc90000003f98 EFLAGS: 00000286\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7\nRBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000\n ? __do_softirq+0x73/0x34e\n irq_exit_rcu+0xb5/0x100\n common_interrupt+0xa4/0xc0\n \n \n asm_common_interrupt+0x1e/0x40\nRIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50\nCode: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff\n48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 3d 97 33 ff\n65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44\nRSP: 0018:ffffc9000020fd08 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000\nRDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001\nRBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8\n ? _raw_spin_unlock_irqrestore+0x23/0x50\n gsmtty_write+0x65/0x80 [n_gsm]\n n_tty_write+0x33f/0x530\n ? swake_up_all+0xe0/0xe0\n file_tty_write.constprop.0+0x1b1/0x320\n ? n_tty_flush_buffer+0xb0/0xb0\n new_sync_write+0x10c/0x190\n vfs_write+0x282/0x310\n ksys_write+0x68/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f3e5e35c15c\nCode: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige el bloqueo y la inanici\u00f3n del enlace en la ruta de datos de salida La implementaci\u00f3n actual pone en cola nuevos paquetes de control y de usuario seg\u00fan sea necesario y procesa esta cola hasta el ldisc en la misma ruta de c\u00f3digo. Eso significa que las capas superior e inferior est\u00e1n acopladas r\u00edgidamente en el c\u00f3digo. Debido a esto, pueden ocurrir bloqueos como se ve a continuaci\u00f3n mientras se transmiten datos, especialmente durante la congesti\u00f3n del ldisc. Adem\u00e1s, los canales de datos privan al canal de control en una carga de transmisi\u00f3n alta en el ldisc. Introduzca una cola de datos de canal de control adicional para evitar tiempos de espera y cuelgues de enlace durante la congesti\u00f3n del ldisc. Esto se procesa antes que la cola de datos del canal de usuario en gsm_data_kick(), es decir, con la m\u00e1xima prioridad. Coloque la cola a la ruta de datos del ldisc en una cola de trabajo y act\u00edvela siempre que se hayan incluido nuevos datos en la cola de transmisi\u00f3n. Modifique gsm_dlci_data_sweep() seg\u00fan corresponda para llenar la cola de transmisi\u00f3n hasta TX_THRESH_HI. Esto soluciona el problema de bloqueo, mantiene baja la latencia y proporciona un buen rendimiento con una carga de datos alta. Tenga en cuenta que ahora todos los paquetes de un DLCI se eliminan de la cola interna si el DLCI asociado estaba cerrado. Esto garantiza que la tarea de escritura introducida no env\u00ede datos a un DLCI ya cerrado. ERROR: recursi\u00f3n de spinlock en CPU#0, test_v24_loop/124 bloqueo: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0 CPU: 0 PID: 124 Comm: test_v24_loop Contaminado: GO 5.18.0-rc2 #3 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x34/0x44 do_raw_spin_lock+0x76/0xa0 _raw_spin_lock_irqsave+0x72/0x80 uart_write_room+0x3b/0xc0 gsm_data_kick+0x14b/0x240 [n_gsm] gsmld_write_wakeup+0x35/0x70 [n_gsm] tty_wakeup+0x53/0x60 tty_port_default_wakeup+0x1b/0x30 serial8250_tx_chars+0x12f/0x220 serial8250_handle_irq.part.0+0xfe/0x150 serial8250_default_handle_irq+0x48/0x80 serial8250_interrupt+0x56/0xa0 __handle_irq_event_percpu+0x78/0x1f0 handle_irq_event+0x34/0x70 handle_fasteoi_irq+0x90/0x1e0 __common_interrupt+0x69/0x100 common_interrupt+0x48/0xc0 asm_common_interrupt+0x1e/0x40 RIP: 0010:__do_softirq+0x83/0x34e Code: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d e2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff <49> c7 c2 40 61 80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00 RSP: 0018:ffffc90000003f98 EFLAGS: 00000286 RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7 RBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000 ? __do_softirq+0x73/0x34e irq_exit_rcu+0xb5/0x100 common_interrupt+0xa4/0xc0 asm_common_interrupt+0x1e/0x40 RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50 Code: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff 48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 3d 97 33 ff 65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44 RSP: 0018:ffffc9000020fd08 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001 RBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8 ? _raw_spin_unlock_irqrestore+0x23/0x50 gsmtty_write+0x65/0x80 [n_gsm] n_tty_write+0x33f/0x530 ? swake_up_all+0xe0/0xe0 file_tty_write.constprop.0+0x1b1/0x320 ? n_tty_flush_buffer+0xb0/0xb0 new_sync_write+0x10c/0x190 vfs_write+0x282/0x310 ksys_write+0x68/0xe0 do_syscall_64+0x3b/0x90 entry_SYSCALL ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json index ce5ed13229a..6cb62169c22 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50117.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio: Split migration ops from main device ops\n\nvfio core checks whether the driver sets some migration op (e.g.\nset_state/get_state) and accordingly calls its op.\n\nHowever, currently mlx5 driver sets the above ops without regards to its\nmigration caps.\n\nThis might lead to unexpected usage/Oops if user space may call to the\nabove ops even if the driver doesn't support migration. As for example,\nthe migration state_mutex is not initialized in that case.\n\nThe cleanest way to manage that seems to split the migration ops from\nthe main device ops, this will let the driver setting them separately\nfrom the main ops when it's applicable.\n\nAs part of that, validate ops construction on registration and include a\ncheck for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set\nin migration_flags.\n\nHISI driver was changed as well to match this scheme.\n\nThis scheme may enable down the road to come with some extra group of\nops (e.g. DMA log) that can be set without regards to the other options\nbased on driver caps." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vfio: Dividir operaciones de migraci\u00f3n de las operaciones del dispositivo principal El n\u00facleo vfio verifica si el controlador establece alguna operaci\u00f3n de migraci\u00f3n (por ejemplo, set_state/get_state) y, en consecuencia, llama a su operaci\u00f3n. Sin embargo, actualmente el controlador mlx5 establece las operaciones anteriores sin tener en cuenta sus l\u00edmites de migraci\u00f3n. Esto puede llevar a un uso inesperado/Oops si el espacio de usuario puede llamar a las operaciones anteriores incluso si el controlador no admite la migraci\u00f3n. Como por ejemplo, el state_mutex de migraci\u00f3n no se inicializa en ese caso. La forma m\u00e1s limpia de gestionar eso parece dividir las operaciones de migraci\u00f3n de las operaciones del dispositivo principal, esto permitir\u00e1 que el controlador las configure por separado de las operaciones principales cuando sea aplicable. Como parte de eso, valide la construcci\u00f3n de las operaciones en el registro e incluya una comprobaci\u00f3n para VFIO_MIGRATION_STOP_COPY ya que la uAPI afirma que debe establecerse en migration_flags. El controlador HISI tambi\u00e9n se cambi\u00f3 para que coincida con este esquema. Este esquema puede permitir en el futuro contar con alg\u00fan grupo adicional de operaciones (por ejemplo, registro DMA) que se pueden configurar sin tener en cuenta las otras opciones en funci\u00f3n de las capacidades del controlador." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json index 9066904c9e6..82487029bac 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50118.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable\n\ncommit 2c9ac51b850d (\"powerpc/perf: Fix PMU callbacks to clear\npending PMI before resetting an overflown PMC\") added a new\nfunction \"pmi_irq_pending\" in hw_irq.h. This function is to check\nif there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is\nused in power_pmu_disable in a WARN_ON. The intention here is to\nprovide a warning if there is PMI pending, but no counter is found\noverflown.\n\nDuring some of the perf runs, below warning is hit:\n\nWARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0\n Modules linked in:\n -----\n\n NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0\n LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0\n Call Trace:\n [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable)\n [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60\n [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100\n [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240\n [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140\n [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0\n [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300\n [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100\n [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40\n [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250\n [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0\n [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0\n [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80\n [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0\n [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140\n [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8\n [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0\n [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220\n\nThis means that there is no PMC overflown among the active events\nin the PMU, but there is a PMU pending in Paca. The function\n\"any_pmc_overflown\" checks the PMCs on active events in\ncpuhw->n_events. Code snippet:\n\n<<>>\nif (any_pmc_overflown(cpuhw))\n \tclear_pmi_irq_pending();\n else\n \tWARN_ON(pmi_irq_pending());\n<<>>\n\nHere the PMC overflown is not from active event. Example: When we do\nperf record, default cycles and instructions will be running on PMC6\nand PMC5 respectively. It could happen that overflowed event is currently\nnot active and pending PMI is for the inactive event. Debug logs from\ntrace_printk:\n\n<<>>\nany_pmc_overflown: idx is 5: pmc value is 0xd9a\npower_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011\n<<>>\n\nHere active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011).\nWhen we handle PMI interrupt for such cases, if the PMC overflown is\nfrom inactive event, it will be ignored. Reference commit:\ncommit bc09c219b2e6 (\"powerpc/perf: Fix finding overflowed PMC in interrupt\")\n\nPatch addresses two changes:\n1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); )\n We were printing warning if no PMC is found overflown among active PMU\n events, but PMI pending in PACA. But this could happen in cases where\n PMC overflown is not in active PMC. An inactive event could have caused\n the overflow. Hence the warning is not needed. To know pending PMI is\n from an inactive event, we need to loop through all PMC's which will\n cause more SPR reads via mfspr and increase in context switch. Also in\n existing function: perf_event_interrupt, already we ignore PMI's\n overflown when it is from an inactive PMC.\n\n2) Fix 2: optimization in clearing pending PMI.\n Currently we check for any active PMC overflown before clearing PMI\n pending in Paca. This is causing additional SP\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/perf: Optimizar la limpieza del PMI pendiente y eliminar WARN_ON para la comprobaci\u00f3n de PMI en power_pmu_disable, confirmaci\u00f3n 2c9ac51b850d (\"powerpc/perf: Corregir las devoluciones de llamada de PMU para limpiar el PMI pendiente antes de restablecer un PMC desbordado\"). Se a\u00f1adi\u00f3 la funci\u00f3n \"pmi_irq_pending\" en hw_irq.h. Esta funci\u00f3n comprueba si hay un PMI marcado como pendiente en Paca (PACA_IRQ_PMI). Se utiliza en power_pmu_disable en un WARN_ON. El objetivo es emitir una advertencia si hay un PMI pendiente, pero no se encuentra ning\u00fan contador desbordado. Durante algunas ejecuciones de rendimiento, se muestra la siguiente advertencia: ADVERTENCIA: CPU: 36 PID: 0 en arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0 M\u00f3dulos vinculados: ----- NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0 LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 Rastreo de llamadas: [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable) [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60 [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100 [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240 [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140 [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0 [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300 [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100 [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40 [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250 [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0 [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0 [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80 [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0 [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140 [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8 [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0 [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220 Esto significa que no hay ning\u00fan PMC desbordado entre los eventos activos en la PMU, pero hay una PMU pendiente en Paca. La funci\u00f3n \"any_pmc_overflown\" comprueba los PMC en los eventos activos en cpuhw->n_events. Fragmento de c\u00f3digo: <<>> if (any_pmc_overflown(cpuhw)) clear_pmi_irq_pending(); else WARN_ON(pmi_irq_pending()); <<>> Aqu\u00ed, el PMC desbordado no proviene del evento activo. Ejemplo: Al realizar un registro de rendimiento, los ciclos e instrucciones predeterminados se ejecutar\u00e1n en PMC6 y PMC5 respectivamente. Podr\u00eda ocurrir que el evento desbordado no est\u00e9 activo y que el PMI pendiente corresponda al evento inactivo. Registros de depuraci\u00f3n de trace_printk: <<>> any_pmc_overflown: idx es 5: el valor de pmc es 0xd9a power_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011 <<>> Aqu\u00ed, el PMC activo (de idx) es PMC5, pero el PMC desbordado es PMC6(0x80002011). Cuando manejamos la interrupci\u00f3n de PMI para tales casos, si el PMC desbordado proviene de un evento inactivo, ser\u00e1 ignorado. Referencia de confirmaci\u00f3n: confirmaci\u00f3n bc09c219b2e6 (\"powerpc/perf: Correcci\u00f3n de encontrar PMC desbordado en la interrupci\u00f3n\") El parche aborda dos cambios: 1) Correcci\u00f3n 1: Eliminaci\u00f3n de la advertencia ( WARN_ON(pmi_irq_pending()); ) Est\u00e1bamos imprimiendo una advertencia si no se encontraba ning\u00fan PMC desbordado entre los eventos PMU activos, pero s\u00ed PMI pendiente en PACA. Pero esto podr\u00eda suceder en casos donde el PMC desbordado no est\u00e1 en el PMC activo. Un evento inactivo podr\u00eda haber causado el desbordamiento. Por lo tanto, la advertencia no es necesaria. Para saber si el PMI pendiente proviene de un evento inactivo, necesitamos recorrer todos los PMC, lo que causar\u00e1 m\u00e1s lecturas de SPR a trav\u00e9s de mfspr y aumentar\u00e1 el cambio de contexto. Adem\u00e1s, en la funci\u00f3n existente: --- trunca" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json index 98c9339a3cd..61403539004 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50119.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: Fix possible refcount leak in rpmsg_register_device_override()\n\nrpmsg_register_device_override need to call put_device to free vch when\ndriver_set_override fails.\n\nFix this by adding a put_device() to the error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rpmsg: Se corrige una posible fuga de recuento en rpmsg_register_device_override(). rpmsg_register_device_override necesita llamar a put_device para liberar vch cuando driver_set_override falla. Se soluciona a\u00f1adiendo put_device() a la ruta de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json index aeae42c6934..d458670391f 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50120.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\nThis function has two paths missing of_node_put()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: remoteproc: imx_rproc: Se corrige la fuga de refcount en imx_rproc_addr_init. of_parse_phandle() devuelve un puntero de nodo con refcount incrementado; debemos usar of_node_put() cuando ya no sea necesario. Esta funci\u00f3n tiene dos rutas que faltan en of_node_put()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json index a752242e1d5..8e28397095f 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50121.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: remoteproc: k3-r5: Se corrige la fuga de recuento de referencias en k3_r5_cluster_of_init. Cada iteraci\u00f3n de for_each_available_child_of_node() disminuye el recuento de referencias del nodo anterior. Al interrumpir un bucle for_each_available_child_of_node() antes de tiempo, debemos llamar expl\u00edcitamente a of_node_put() en el nodo hijo. A\u00f1ada la falta de of_node_put() para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json index 5844df65685..e6695f71649 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50122.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix refcount leak in some error paths." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: mt8173-rt5650: Se corrige la fuga de recuento de referencias en mt8173_rt5650_dev_probe. of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se corrige la fuga de recuento de referencias en algunas rutas de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json index bd5b6cf7570..fb1130eff78 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50123.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix missing of_node_put() in error paths." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: mt8173: Se corrige la fuga de refcount en mt8173_rt5650_rt5676_dev_probe. of_parse_phandle() devuelve un puntero de nodo con refcount incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se corrige la ausencia de of_node_put() en las rutas de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json index 9c36b56d146..da39c9f26ce 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50124.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mt6797-mt6351: Se corrige la fuga de recuento de referencias en mt6797_mt6351_dev_probe. of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json index 3301122ff77..7c4db5c5cb1 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50125.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: cros_ec_codec: Se corrige la fuga de recuento de referencias en cros_ec_codec_platform_probe. of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json index 5d62eabf07c..c07ad602bf6 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50126.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted\n\nFollowing process will fail assertion 'jh->b_frozen_data == NULL' in\njbd2_journal_dirty_metadata():\n\n jbd2_journal_commit_transaction\nunlink(dir/a)\n jh->b_transaction = trans1\n jh->b_jlist = BJ_Metadata\n journal->j_running_transaction = NULL\n trans1->t_state = T_COMMIT\nunlink(dir/b)\n handle->h_trans = trans2\n do_get_write_access\n jh->b_modified = 0\n jh->b_frozen_data = frozen_buffer\n jh->b_next_transaction = trans2\n jbd2_journal_dirty_metadata\n is_handle_aborted\n is_journal_aborted // return false\n\n --> jbd2 abort <--\n\n while (commit_transaction->t_buffers)\n if (is_journal_aborted)\n jbd2_journal_refile_buffer\n __jbd2_journal_refile_buffer\n WRITE_ONCE(jh->b_transaction,\n\t\t\t\t\t\tjh->b_next_transaction)\n WRITE_ONCE(jh->b_next_transaction, NULL)\n __jbd2_journal_file_buffer(jh, BJ_Reserved)\n J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !\n\nThe reproducer (See detail in [Link]) reports:\n ------------[ cut here ]------------\n kernel BUG at fs/jbd2/transaction.c:1629!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 2 PID: 584 Comm: unlink Tainted: G W\n 5.19.0-rc6-00115-g4a57a8400075-dirty #697\n RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\n RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\n Call Trace:\n \n __ext4_handle_dirty_metadata+0xa0/0x290\n ext4_handle_dirty_dirblock+0x10c/0x1d0\n ext4_delete_entry+0x104/0x200\n __ext4_unlink+0x22b/0x360\n ext4_unlink+0x275/0x390\n vfs_unlink+0x20b/0x4c0\n do_unlinkat+0x42f/0x4c0\n __x64_sys_unlink+0x37/0x50\n do_syscall_64+0x35/0x80\n\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()'\ninto the area protected by @jh->b_state_lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jbd2: se corrige el error de aserci\u00f3n 'jh->b_frozen_data == NULL' cuando se aborta el diario El siguiente proceso fallar\u00e1 la aserci\u00f3n 'jh->b_frozen_data == NULL' en jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = frozen_buffer jh->b_next_transaction = trans2 jbd2_journal_dirty_metadata is_handle_aborted is_journal_aborted // devuelve falso --> jbd2 abort <-- while (commit_transaction->t_buffers) if (is_journal_aborted) jbd2_journal_refile_buffer __jbd2_journal_refile_buffer WRITE_ONCE(jh->b_transaction, jh->b_next_transaction) WRITE_ONCE(jh->b_next_transaction, NULL) __jbd2_journal_file_buffer(jh, BJ_Reserved) J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // \u00a1Fallo de aserci\u00f3n! El reproductor (ver detalles en [Enlace]) informa: ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/jbd2/transaction.c:1629! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: desvincular Contaminado: GW 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Rastreo de llamadas: __ext4_handle_dirty_metadata+0xa0/0x290 ext4_handle_dirty_dirblock+0x10c/0x1d0 ext4_delete_entry+0x104/0x200 __ext4_unlink+0x22b/0x360 ext4_unlink+0x275/0x390 vfs_unlink+0x20b/0x4c0 do_unlinkat+0x42f/0x4c0 __x64_sys_unlink+0x37/0x50 do_syscall_64+0x35/0x80 Despu\u00e9s de abortar el diario, se ejecuta __jbd2_journal_refile_buffer() manteniendo presionado @jh->b_state_lock. Podemos solucionarlo moviendo 'is_handle_aborted()' al \u00e1rea protegida por @jh->b_state_lock." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json index d8c6ebae0af..0d235d46f45 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50127.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix error unwind in rxe_create_qp()\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\n\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nMove the spinlock initializations earlier before any failures." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rxe: Correcci\u00f3n del error de desenrollado en rxe_create_qp(). En la funci\u00f3n rxe_create_qp(), se llama a rxe_qp_from_init() para inicializar qp. Internamente, elementos como los bloqueos de giro no se configuran hasta rxe_qp_init_req(). Si se produce un error antes de este punto, el desenrollado llamar\u00e1 a rxe_cleanup() y, finalmente, a rxe_qp_do_cleanup()/rxe_cleanup_task(), lo que generar\u00e1 un error al intentar acceder al bloqueo de giro no inicializado. Se deben adelantar las inicializaciones de los bloqueos de giro para evitar cualquier fallo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json index 4cb2887f31c..9eb189c7e18 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50129.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Fix a use-after-free\n\nChange the LIO port members inside struct srpt_port from regular members\ninto pointers. Allocate the LIO port data structures from inside\nsrpt_make_tport() and free these from inside srpt_make_tport(). Keep\nstruct srpt_device as long as either an RDMA port or a LIO target port is\nassociated with it. This patch decouples the lifetime of struct srpt_port\n(controlled by the RDMA core) and struct srpt_port_id (controlled by LIO).\nThis patch fixes the following KASAN complaint:\n\n BUG: KASAN: use-after-free in srpt_enable_tpg+0x31/0x70 [ib_srpt]\n Read of size 8 at addr ffff888141cc34b8 by task check/5093\n\n Call Trace:\n \n show_stack+0x4e/0x53\n dump_stack_lvl+0x51/0x66\n print_address_description.constprop.0.cold+0xea/0x41e\n print_report.cold+0x90/0x205\n kasan_report+0xb9/0xf0\n __asan_load8+0x69/0x90\n srpt_enable_tpg+0x31/0x70 [ib_srpt]\n target_fabric_tpg_base_enable_store+0xe2/0x140 [target_core_mod]\n configfs_write_iter+0x18b/0x210\n new_sync_write+0x1f2/0x2f0\n vfs_write+0x3e3/0x540\n ksys_write+0xbb/0x140\n __x64_sys_write+0x42/0x50\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/srpt: Se corrige un problema de use-after-free. Se cambian los miembros del puerto LIO dentro de struct srpt_port de miembros regulares a punteros. Se asignan las estructuras de datos del puerto LIO desde srpt_make_tport() y se liberan desde srpt_make_tport(). Se mantiene struct srpt_device mientras un puerto RDMA o un puerto de destino LIO est\u00e9 asociado a \u00e9l. Este parche desacopla la duraci\u00f3n de struct srpt_port (controlado por el n\u00facleo RDMA) y struct srpt_port_id (controlado por LIO). Este parche corrige la siguiente queja de KASAN: ERROR: KASAN: Use-After-Free en srpt_enable_tpg+0x31/0x70 [ib_srpt] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888141cc34b8 por la tarea check/5093 Rastreo de llamadas: show_stack+0x4e/0x53 dump_stack_lvl+0x51/0x66 print_address_description.constprop.0.cold+0xea/0x41e print_report.cold+0x90/0x205 kasan_report+0xb9/0xf0 __asan_load8+0x69/0x90 srpt_enable_tpg+0x31/0x70 [ib_srpt] target_fabric_tpg_base_enable_store+0xe2/0x140 [target_core_mod] configfs_write_iter+0x18b/0x210 new_sync_write+0x1f2/0x2f0 vfs_write+0x3e3/0x540 ksys_write+0xbb/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json index c28ed25afc2..bb152af4584 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50130.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: core: set smem_len before fb_deferred_io_init call\n\nThe fbtft_framebuffer_alloc() calls fb_deferred_io_init() before\ninitializing info->fix.smem_len. It is set to zero by the\nframebuffer_alloc() function. It will trigger a WARN_ON() at the\nstart of fb_deferred_io_init() and the function will not do anything." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: fbtft: core: establecer smem_len antes de la llamada a fb_deferred_io_init. La funci\u00f3n fbtft_framebuffer_alloc() llama a fb_deferred_io_init() antes de inicializar info->fix.smem_len. La funci\u00f3n framebuffer_alloc() la establece a cero. Esto activar\u00e1 un WARN_ON() al inicio de fb_deferred_io_init() y la funci\u00f3n no realizar\u00e1 ninguna acci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json index cf8fe0d739e..5b8a5187374 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50131.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: mcp2221: prevent a buffer overflow in mcp_smbus_write()\n\nSmatch Warning:\ndrivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy()\n'&mcp->txbuf[5]' too small (59 vs 255)\ndrivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf'\ntoo small (34 vs 255)\n\nThe 'len' variable can take a value between 0-255 as it can come from\ndata->block[0] and it is user data. So add an bound check to prevent a\nbuffer overflow in memcpy()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: mcp2221: evitar un desbordamiento de b\u00fafer en mcp_smbus_write() Advertencia de Smatch: drivers/hid/hid-mcp2221.c:388 Error de mcp_smbus_write(): __memcpy() '&mcp->txbuf[5]' demasiado peque\u00f1o (59 frente a 255) drivers/hid/hid-mcp2221.c:388 Error de mcp_smbus_write(): __memcpy() 'buf' demasiado peque\u00f1o (34 frente a 255) La variable 'len' puede tomar un valor entre 0 y 255, ya que puede provenir de data->block[0] y son datos de usuario. Por lo tanto, agregue una comprobaci\u00f3n de l\u00edmite para evitar un desbordamiento de b\u00fafer en memcpy()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json index 0994d2b14eb..999e44bed0e 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50132.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()\n\nIf 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer\nand its dereference with priv_ep->cdns3_dev may cause panic.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdns3: cambio de la asignaci\u00f3n de 'priv_ep' en cdns3_gadget_ep_dequeue() y cdns3_gadget_ep_enable(). Si 'ep' es nulo, el resultado de ep_to_cdns3_ep(ep) es un puntero no v\u00e1lido y su desreferencia con priv_ep->cdns3_dev puede causar p\u00e1nico. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json index 28d97eda3b6..2efe87e1f1c 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50133.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci_plat_remove: avoid NULL dereference\n\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci->shared_hcd can be NULL, which causes the following Oops\non reboot:\n\n[ 710.124450] systemd-shutdown[1]: Rebooting.\n[ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[ 710.304217] usb usb3: USB disconnect, device number 1\n[ 710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[ 710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[ 710.328401] usb usb2: USB disconnect, device number 1\n[ 710.333515] usb 2-3: USB disconnect, device number 2\n[ 710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[ 710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[ 710.484425] Mem abort info:\n[ 710.487265] ESR = 0x0000000096000004\n[ 710.491060] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 710.496427] SET = 0, FnV = 0\n[ 710.499525] EA = 0, S1PTW = 0\n[ 710.502716] FSC = 0x04: level 0 translation fault\n[ 710.507648] Data abort info:\n[ 710.510577] ISV = 0, ISS = 0x00000004\n[ 710.514462] CM = 0, WnR = 0\n[ 710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[ 710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[ 710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[ 710.602067] lr : xhci_plat_remove+0x74/0x140\n[ 710.606351] sp : ffff800009f3b7c0\n[ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[ 710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[ 710.681251] Call trace:\n[ 710.683704] usb_remove_hcd+0x34/0x1e4\n[ 710.687467] xhci_plat_remove+0x74/0x140\n[ 710.691400] platform_remove+0x34/0x70\n[ 710.695165] device_remove+0x54/0x90\n[ 710.698753] device_release_driver_internal+0x200/0x270\n[ 710.703992] device_release_driver+0x24/0x30\n[ 710.708273] bus_remove_device+0xe0/0x16c\n[ 710.712293] device_del+0x178/0x390\n[ 710.715797] platform_device_del.part.0+0x24/0x90\n[ 710.720514] platform_device_unregister+0x30/0x50\n[ 710.725232] dwc3_host_exit+0x20/0x30\n[ 710.728907] dwc3_remove+0x174/0x1b0\n[ 710.732494] platform_remove+0x34/0x70\n[ 710.736254] device_remove+0x54/0x90\n[ 710.739840] device_release_driver_internal+0x200/0x270\n[ 710.745078] device_release_driver+0x24/0x30\n[ 710.749359] bus_remove_device+0xe0/0x16c\n[ 710.753380] device_del+0x178/0x390\n[ 710.756881] platform_device_del.part\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: xhci_plat_remove: evitar la desreferencia NULL Desde el commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host: xhci-plat: omitir hcd compartido si el concentrador ra\u00edz no tiene puertos\") xhci->shared_hcd puede ser NULL, lo que provoca el siguiente error Oops al reiniciar: [ 710.124450] systemd-shutdown[1]: Reiniciando. [ 710.298861] xhci-hcd xhci-hcd.2.auto: eliminar, estado 4 [ 710.304217] usb usb3: desconexi\u00f3n USB, n\u00famero de dispositivo 1 [ 710.317441] xhci-hcd xhci-hcd.2.auto: bus USB 3 anulado [ 710.323280] xhci-hcd xhci-hcd.2.auto: eliminar, estado 1 [ 710.328401] usb usb2: desconexi\u00f3n USB, n\u00famero de dispositivo 1 [ 710.333515] usb 2-3: desconexi\u00f3n USB, n\u00famero de dispositivo 2 [ 710.467649] xhci-hcd xhci-hcd.2.auto: bus USB 2 anulado [ 710.475450] No se puede manejar el kernel NULL desreferencia de puntero en la direcci\u00f3n virtual 00000000000003b8 [ 710.484425] Informaci\u00f3n de aborto de memoria: [ 710.487265] ESR = 0x0000000096000004 [ 710.491060] EC = 0x25: DABT (EL actual), IL = 32 bits [ 710.496427] SET = 0, FnV = 0 [ 710.499525] EA = 0, S1PTW = 0 [ 710.502716] FSC = 0x04: fallo de traducci\u00f3n de nivel 0 [ 710.507648] Informaci\u00f3n de aborto de datos: [ 710.510577] ISV = 0, ISS = 0x00000004 [ 710.514462] CM = 0, WnR = 0 [ 710.517480] usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp=00000008b0050000 [ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000 [ 710.530961] Error interno: Oops: 96000004 [#1] PREEMPT SMP [ 710.536551] M\u00f3dulos vinculados: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6 [ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow No contaminado 5.19.0-rc7-00043-gfd8619f4fd54 #1 [ 710.583822] Nombre del hardware: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022 [ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 710.597949] pc : usb_remove_hcd+0x34/0x1e4 [ 710.602067] lr : xhci_plat_remove+0x74/0x140 [ 710.606351] sp : ffff800009f3b7c0 [ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000 [ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000 [ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800 [ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff [ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c [ 710.645465] x14: 000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0 [ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4 [ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001 [ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000 [ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000 [ 710.681251] Llamada seguimiento: [ 710.683704] usb_remove_hcd+0x34/0x1e4 [ 710.687467] xhci_plat_remove+0x74/0x140 [ 710.691400] platform_remove+0x34/0x70 [ 710.695165] device_remove+0x54/0x90 [ 710.698753] device_release_driver_internal+0x200/0x270 [ 710.703992] device_release_driver+0x24/0x30 [ 710.708273] bus_remove_device+0xe0/0x16c [ 710.712293] device_del+0x178/0x390 [ 710.715797] platform_device_del.part.0+0x24/0x90 [ 710.720514] platform_device_unregister+0x30/0x50 [ 710.725232] dwc3_host_exit+0x20/0x30 [ 710.728907] dwc3_remove+0x174/0x1b0 [ 710.732494] platform_remove+0x34/0x70 [ 710.736254] device_remove+0x54/0x90 [ 710.739840] device_release_driver_internal+0x200/0x270 [ 710.745078] device_release_driver+0x24/0x30 [ 710.749359] bus_remove_device+0xe0/0x16c [ 710.753380] device_del+0x178/0x390 [ 710.756881] platform_device_del.part ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json index 440ebaa846d..6f38a02264d 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50134.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: fix potential memory leak in setup_base_ctxt()\n\nsetup_base_ctxt() allocates a memory chunk for uctxt->groups with\nhfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups\nis not released, which will lead to a memory leak.\n\nWe should release the uctxt->groups with hfi1_free_ctxt_rcv_groups()\nwhen init_user_ctxt() fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/hfi1: Se corrige una posible fuga de memoria en setup_base_ctxt(). setup_base_ctxt() asigna un fragmento de memoria para uctxt->groups con hfi1_alloc_ctxt_rcv_groups(). Cuando init_user_ctxt() falla, uctxt->groups no se libera, lo que provoca una fuga de memoria. Deber\u00edamos liberar uctxt->groups con hfi1_free_ctxt_rcv_groups() cuando init_user_ctxt() falla." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json index 55796e12c35..2428e81d52e 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50135.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup\n\nThe function rxe_create_qp calls rxe_qp_from_init. If some error\noccurs, the error handler of function rxe_qp_from_init will set\nboth scq and rcq to NULL.\n\nThen rxe_create_qp calls rxe_put to handle qp. In the end,\nrxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly\naccesses scq and rcq before checking them. This will cause\nnull-ptr-deref error.\n\nThe call graph is as below:\n\nrxe_create_qp {\n ...\n rxe_qp_from_init {\n ...\n err1:\n ...\n qp->rcq = NULL; <---rcq is set to NULL\n qp->scq = NULL; <---scq is set to NULL\n ...\n }\n\nqp_init:\n rxe_put{\n ...\n rxe_qp_do_cleanup {\n ...\n atomic_dec(&qp->scq->num_wq); <--- scq is accessed\n ...\n atomic_dec(&qp->rcq->num_wq); <--- rcq is accessed\n }\n}" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rxe: Correcci\u00f3n BUG: KASAN: null-ptr-deref en rxe_qp_do_cleanup La funci\u00f3n rxe_create_qp llama a rxe_qp_from_init. Si ocurre alg\u00fan error, el controlador de errores de la funci\u00f3n rxe_qp_from_init establecer\u00e1 tanto scq como rcq en NULL. Luego, rxe_create_qp llama a rxe_put para manejar qp. Al final, rxe_put llama a rxe_qp_do_cleanup. rxe_qp_do_cleanup accede directamente a scq y rcq antes de verificarlos. Esto causar\u00e1 un error null-ptr-deref. El gr\u00e1fico de llamadas es el siguiente: rxe_create_qp { ... rxe_qp_from_init { ... err1: ... qp->rcq = NULL; <---rcq se establece en NULL qp->scq = NULL; <---scq se establece en NULL ... } qp_init: rxe_put{ ... rxe_qp_do_cleanup { ... atomic_dec(&qp->scq->num_wq); <--- se accede a scq ... atomic_dec(&qp->rcq->num_wq); <--- se accede a rcq } }" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json index fb2cf0d5817..5cf241da362 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50136.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event\n\nIf siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't\nbeen received completely, and should not report IW_CM_EVENT_CONNECT_REPLY\nin this case. This may trigger a call trace in iw_cm. A simple way to\ntrigger this:\n server: ib_send_lat\n client: ib_send_lat -R \n\nThe call trace looks like this:\n\n kernel BUG at drivers/infiniband/core/iwcm.c:894!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n <...>\n Workqueue: iw_cm_wq cm_work_handler [iw_cm]\n Call Trace:\n \n cm_work_handler+0x1dd/0x370 [iw_cm]\n process_one_work+0x1e2/0x3b0\n worker_thread+0x49/0x2e0\n ? rescuer_thread+0x370/0x370\n kthread+0xe5/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/siw: Se corrige el evento IW_CM_EVENT_CONNECT_REPLY reportado duplicado. Si siw_recv_mpa_rr devuelve -EAGAIN, significa que la respuesta de MPA no se ha recibido completamente y, en este caso, no deber\u00eda reportar IW_CM_EVENT_CONNECT_REPLY. Esto podr\u00eda activar un seguimiento de llamadas en iw_cm. Una forma sencilla de activarlo: servidor: ib_send_lat cliente: ib_send_lat -R . El seguimiento de llamadas se ve as\u00ed: kernel BUG en drivers/infiniband/core/iwcm.c:894! C\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI <...> Cola de trabajo: iw_cm_wq cm_work_handler [iw_cm] Rastreo de llamadas: cm_work_handler+0x1dd/0x370 [iw_cm] process_one_work+0x1e2/0x3b0 worker_thread+0x49/0x2e0 ? rescuer_thread+0x370/0x370 kthread+0xe5/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json index d98903dafa8..fbfcd73829c 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50137.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a window for use-after-free\n\nDuring a destroy CQ an interrupt may cause processing of a CQE after CQ\nresources are freed by irdma_cq_free_rsrc(). Fix this by moving the call\nto irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is\ncalled under the cq_lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/irdma: Se corrige una ventana para el Use-After-Free. Durante un CQ de destrucci\u00f3n, una interrupci\u00f3n puede provocar el procesamiento de un CQE despu\u00e9s de que irdma_cq_free_rsrc() libere recursos CQ. Se soluciona este problema trasladando la llamada a irdma_cq_free_rsrc() despu\u00e9s de irdma_sc_cleanup_ceqes(), que se ejecuta bajo cq_lock." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json index ee246519ad5..f270115bb6f 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50138.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()\n\n__qedr_alloc_mr() allocates a memory chunk for \"mr->info.pbl_table\" with\ninit_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, \"mr\"\nis released while \"mr->info.pbl_table\" is not released, which will lead\nto a memory leak.\n\nWe should release the \"mr->info.pbl_table\" with qedr_free_pbl() when error\noccurs to fix the memory leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/qedr: Se corrige una posible fuga de memoria en __qedr_alloc_mr(). __qedr_alloc_mr() asigna un fragmento de memoria para \"mr->info.pbl_table\" con init_mr_info(). Cuando fallan rdma_alloc_tid() y rdma_register_tid(), se libera \"mr\" mientras que \"mr->info.pbl_table\" no, lo que provoca una fuga de memoria. Deber\u00edamos liberar \"mr->info.pbl_table\" con qedr_free_pbl() cuando se produzca el error para corregir la fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json index df33fbcf991..fbe7822eaaf 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50139.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()\n\nWe should call of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: aspeed-vhub: se corrige el error de p\u00e9rdida de recuento de referencias en ast_vhub_init_desc() Deber\u00edamos llamar a of_node_put() para la referencia devuelta por of_get_child_by_name() que ha aumentado el recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json index c09f2c26936..7071bd1fece 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50140.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/ms_block: Fix a memory leak\n\n'erased_blocks_bitmap' is never freed. As it is allocated at the same time\nas 'used_blocks_bitmap', it is likely that it should be freed also at the\nsame time.\n\nAdd the corresponding bitmap_free() in msb_data_clear()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memstick/ms_block: Se corrige una fuga de memoria: la variable 'erased_blocks_bitmap' nunca se libera. Dado que se asigna al mismo tiempo que 'used_blocks_bitmap', es probable que deba liberarse tambi\u00e9n simult\u00e1neamente. Agregue el bitmap_free() correspondiente en msb_data_clear()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json index d17c05c1e15..3476eadc714 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50141.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() checks null pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: sdhci-of-esdhc: Se corrige la fuga de recuento de referencias en esdhc_signal_voltage_switch. of_find_matching_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias. of_node_put() comprueba el puntero nulo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json index ead64015657..eea9b914621 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50142.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: msu: Fix vmalloced buffers\n\nAfter commit f5ff79fddf0e (\"dma-mapping: remove CONFIG_DMA_REMAP\") there's\na chance of DMA buffer getting allocated via vmalloc(), which messes up\nthe mmapping code:\n\n> RIP: msc_mmap_fault [intel_th_msu]\n> Call Trace:\n> \n> __do_fault\n> do_fault\n...\n\nFix this by accounting for vmalloc possibility." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: intel_th: msu: Reparar b\u00faferes vmalloced Despu\u00e9s de el commit f5ff79fddf0e (\"dma-mapping: remove CONFIG_DMA_REMAP\") existe la posibilidad de que el buffer DMA se asigne a trav\u00e9s de vmalloc(), lo que arruina el c\u00f3digo mmapping: > RIP: msc_mmap_fault [intel_th_msu] > Rastreo de llamada: > > __do_fault > do_fault ... Solucione esto teniendo en cuenta la posibilidad de vmalloc." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json index 04d51afca04..d5f9af14fe9 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50143.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: Fix a resource leak in an error handling path\n\nIf an error occurs after calling 'pci_alloc_irq_vectors()',\n'pci_free_irq_vectors()' must be called as already done in the remove\nfunction." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: intel_th: corrige una p\u00e9rdida de recursos en una ruta de manejo de errores Si ocurre un error despu\u00e9s de llamar a 'pci_alloc_irq_vectors()', se debe llamar a 'pci_free_irq_vectors()' como ya se hizo en la funci\u00f3n de eliminaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json index bb2aa317518..40030da5418 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50144.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: revisit driver bind/unbind and callbacks\n\nIn the SoundWire probe, we store a pointer from the driver ops into\nthe 'slave' structure. This can lead to kernel oopses when unbinding\ncodec drivers, e.g. with the following sequence to remove machine\ndriver and codec driver.\n\n/sbin/modprobe -r snd_soc_sof_sdw\n/sbin/modprobe -r snd_soc_rt711\n\nThe full details can be found in the BugLink below, for reference the\ntwo following examples show different cases of driver ops/callbacks\nbeing invoked after the driver .remove().\n\nkernel: BUG: kernel NULL pointer dereference, address: 0000000000000150\nkernel: Workqueue: events cdns_update_slave_status_work [soundwire_cadence]\nkernel: RIP: 0010:mutex_lock+0x19/0x30\nkernel: Call Trace:\nkernel: ? sdw_handle_slave_status+0x426/0xe00 [soundwire_bus 94ff184bf398570c3f8ff7efe9e32529f532e4ae]\nkernel: ? newidle_balance+0x26a/0x400\nkernel: ? cdns_update_slave_status_work+0x1e9/0x200 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82]\n\nkernel: BUG: unable to handle page fault for address: ffffffffc07654c8\nkernel: Workqueue: pm pm_runtime_work\nkernel: RIP: 0010:sdw_bus_prep_clk_stop+0x6f/0x160 [soundwire_bus]\nkernel: Call Trace:\nkernel: \nkernel: sdw_cdns_clock_stop+0xb5/0x1b0 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82]\nkernel: intel_suspend_runtime+0x5f/0x120 [soundwire_intel aca858f7c87048d3152a4a41bb68abb9b663a1dd]\nkernel: ? dpm_sysfs_remove+0x60/0x60\n\nThis was not detected earlier in Intel tests since the tests first\nremove the parent PCI device and shut down the bus. The sequence\nabove is a corner case which keeps the bus operational but without a\ndriver bound.\n\nWhile trying to solve this kernel oopses, it became clear that the\nexisting SoundWire bus does not deal well with the unbind case.\n\nCommit 528be501b7d4a (\"soundwire: sdw_slave: add probe_complete structure and new fields\")\nadded a 'probed' status variable and a 'probe_complete'\nstruct completion. This status is however not reset on remove and\nlikewise the 'probe complete' is not re-initialized, so the\nbind/unbind/bind test cases would fail. The timeout used before the\n'update_status' callback was also a bad idea in hindsight, there\nshould really be no timing assumption as to if and when a driver is\nbound to a device.\n\nAn initial draft was based on device_lock() and device_unlock() was\ntested. This proved too complicated, with deadlocks created during the\nsuspend-resume sequences, which also use the same device_lock/unlock()\nas the bind/unbind sequences. On a CometLake device, a bad DSDT/BIOS\ncaused spurious resumes and the use of device_lock() caused hangs\nduring suspend. After multiple weeks or testing and painful\nreverse-engineering of deadlocks on different devices, we looked for\nalternatives that did not interfere with the device core.\n\nA bus notifier was used successfully to keep track of DRIVER_BOUND and\nDRIVER_UNBIND events. This solved the bind-unbind-bind case in tests,\nbut it can still be defeated with a theoretical corner case where the\nmemory is freed by a .remove while the callback is in use. The\nnotifier only helps make sure the driver callbacks are valid, but not\nthat the memory allocated in probe remains valid while the callbacks\nare invoked.\n\nThis patch suggests the introduction of a new 'sdw_dev_lock' mutex\nprotecting probe/remove and all driver callbacks. Since this mutex is\n'local' to SoundWire only, it does not interfere with existing locks\nand does not create deadlocks. In addition, this patch removes the\n'probe_complete' completion, instead we directly invoke the\n'update_status' from the probe routine. That removes any sort of\ntiming dependency and a much better support for the device/driver\nmodel, the driver could be bound before the bus started, or eons after\nthe bus started and the hardware would be properly initialized in all\ncases.\n\nBugLink: https://github.com/thesofproject/linux/is\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: revisitar la vinculaci\u00f3n/desvinculaci\u00f3n del controlador y las devoluciones de llamada. En la sonda SoundWire, almacenamos un puntero desde las operaciones del controlador en la estructura \"slave\". Esto puede provocar errores en el kernel al desvincular los controladores de c\u00f3dec, por ejemplo, con la siguiente secuencia para eliminar el controlador de la m\u00e1quina y el controlador de c\u00f3dec: /sbin/modprobe -r snd_soc_sof_sdw /sbin/modprobe -r snd_soc_rt711. Los detalles completos se pueden encontrar en el enlace de error a continuaci\u00f3n. Como referencia, los dos ejemplos siguientes muestran diferentes casos de operaciones/devoluciones de llamada del controlador que se invocan despu\u00e9s de la instrucci\u00f3n `.remove()` del controlador. kernel: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000150 kernel: Cola de trabajo: eventos cdns_update_slave_status_work [cadencia_soundwire] kernel: RIP: 0010:mutex_lock+0x19/0x30 kernel: Rastreo de llamadas: kernel: ? sdw_handle_slave_status+0x426/0xe00 [bus_soundwire 94ff184bf398570c3f8ff7efe9e32529f532e4ae] kernel: ? newidle_balance+0x26a/0x400 kernel: ? cdns_update_slave_status_work+0x1e9/0x200 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82] kernel: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffffc07654c8 kernel: Cola de trabajo: pm pm_runtime_work kernel: RIP: 0010:sdw_bus_prep_clk_stop+0x6f/0x160 [soundwire_bus] kernel: Rastreo de llamadas: kernel: kernel: sdw_cdns_clock_stop+0xb5/0x1b0 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82] kernel: intel_suspend_runtime+0x5f/0x120 [soundwire_intel aca858f7c87048d3152a4a41bb68abb9b663a1dd] kernel: ? dpm_sysfs_remove+0x60/0x60 Esto no se detect\u00f3 previamente en las pruebas de Intel, ya que estas primero eliminan el dispositivo PCI principal y apagan el bus. La secuencia anterior es un caso excepcional que mantiene el bus operativo, pero sin un controlador vinculado. Al intentar resolver este error del kernel, se hizo evidente que el bus SoundWire existente no gestiona bien el caso de desvinculaci\u00f3n. el commit 528be501b7d4a (\"soundwire: sdw_slave: a\u00f1adir estructura probe_complete y nuevos campos\") a\u00f1adi\u00f3 una variable de estado \"probed\" y una finalizaci\u00f3n de estructura \"probe_complete\". Sin embargo, este estado no se restablece al eliminar el dispositivo y, del mismo modo, la prueba \"probe complete\" no se reinicializa, por lo que las pruebas de vinculaci\u00f3n/desvinculaci\u00f3n/vinculaci\u00f3n fallar\u00edan. El tiempo de espera utilizado antes de la devoluci\u00f3n de llamada \"update_status\" tambi\u00e9n fue una mala idea en retrospectiva; no deber\u00eda haber suposiciones sobre el tiempo que determina si un controlador est\u00e1 vinculado a un dispositivo y cu\u00e1ndo. Un borrador inicial se bas\u00f3 en device_lock() y se prob\u00f3 device_unlock(). Esto result\u00f3 ser demasiado complicado, con interbloqueos creados durante las secuencias de suspensi\u00f3n-reinicio, que tambi\u00e9n utilizan el mismo device_lock/unlock() que las secuencias de vinculaci\u00f3n/desvinculaci\u00f3n. En un dispositivo CometLake, un DSDT/BIOS defectuoso provoc\u00f3 reanudaciones falsas y el uso de device_lock() provoc\u00f3 bloqueos durante la suspensi\u00f3n. Tras varias semanas de pruebas y una ardua ingenier\u00eda inversa de interbloqueos en diferentes dispositivos, buscamos alternativas que no interfirieran con el n\u00facleo del dispositivo. Se utiliz\u00f3 con \u00e9xito un notificador de bus para realizar un seguimiento de los eventos DRIVER_BOUND y DRIVER_UNBIND. Esto solucion\u00f3 el problema de enlazar-desenlazar-enlazar en las pruebas, pero a\u00fan se puede solucionar con un caso l\u00edmite te\u00f3rico donde la memoria se libera mediante un `.remove` mientras se usa la devoluci\u00f3n de llamada. El notificador solo ayuda a garantizar que las devoluciones de llamada del controlador sean v\u00e1lidas, pero no que la memoria asignada en la sonda siga siendo v\u00e1lida mientras se invocan las devoluciones de llamada. Este parche sugiere la introducci\u00f3n de un nuevo ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json index 89a7b27f06c..87684f40427 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: Add multithread support for a DMA channel\n\nWhen we get a DMA channel and try to use it in multiple threads it\nwill cause oops and hanging the system.\n\n% echo 64 > /sys/module/dmatest/parameters/threads_per_chan\n% echo 10000 > /sys/module/dmatest/parameters/iterations\n% echo 1 > /sys/module/dmatest/parameters/run\n[ 89.480664] Unable to handle kernel NULL pointer dereference at virtual\n address 00000000000000a0\n[ 89.488725] Oops [#1]\n[ 89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 Not tainted\n 5.17.0-rc5\n[ 89.509385] epc : vchan_find_desc+0x32/0x46\n[ 89.513553] ra : sf_pdma_tx_status+0xca/0xd6\n\nThis happens because of data race. Each thread rewrite channels's\ndescriptor as soon as device_prep_dma_memcpy() is called. It leads to the\nsituation when the driver thinks that it uses right descriptor that\nactually is freed or substituted for other one.\n\nWith current fixes a descriptor changes its value only when it has\nbeen used. A new descriptor is acquired from vc->desc_issued queue that\nis already filled with descriptors that are ready to be sent. Threads\nhave no direct access to DMA channel descriptor. Now it is just possible\nto queue a descriptor for further processing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: sf-pdma: Agregar soporte multihilo para un canal DMA Cuando obtenemos un canal DMA e intentamos usarlo en m\u00faltiples subprocesos, provocar\u00e1 errores y colgar\u00e1 el sistema. % echo 64 > /sys/module/dmatest/parameters/threads_per_chan % echo 10000 > /sys/module/dmatest/parameters/iterations % echo 1 > /sys/module/dmatest/parameters/run [ 89.480664] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000000000a0 [ 89.488725] Ups [#1] [ 89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 No contaminado 5.17.0-rc5 [ 89.509385] epc : vchan_find_desc+0x32/0x46 [ 89.513553] ra : sf_pdma_tx_status+0xca/0xd6 Esto ocurre debido a la ejecuci\u00f3n de datos. Cada hilo reescribe el descriptor del canal en cuanto se llama a device_prep_dma_memcpy(). Esto provoca que el controlador crea que est\u00e1 usando el descriptor correcto, pero en realidad se libera o sustituye a otro. Con las correcciones actuales, un descriptor cambia su valor solo cuando se ha usado. Se obtiene un nuevo descriptor de la cola vc->desc_issued, que ya contiene descriptores listos para enviarse. Los hilos no tienen acceso directo al descriptor del canal DMA. Ahora solo es posible poner en cola un descriptor para su posterior procesamiento." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json index bfc8827ec09..c22236deefc 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50146.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors\n\nIf dw_pcie_ep_init() fails to perform any action after the EPC memory is\ninitialized and the MSI memory region is allocated, the latter parts won't\nbe undone thus causing a memory leak. Add a cleanup-on-error path to fix\nthese leaks.\n\n[bhelgaas: commit log]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: dwc: Desasignar memoria EPC en errores de dw_pcie_ep_init(). Si dw_pcie_ep_init() no realiza ninguna acci\u00f3n despu\u00e9s de inicializar la memoria EPC y asignar la regi\u00f3n de memoria MSI, estas \u00faltimas acciones no se deshar\u00e1n, lo que provocar\u00e1 una fuga de memoria. Se ha a\u00f1adido una ruta de limpieza en caso de error para corregir estas fugas. [bhelgaas: registro de confirmaciones]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json index 33deae62b5c..9fb55782216 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50147.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix get_nodes out of bound access\n\nWhen user specified more nodes than supported, get_nodes will access nmask\narray out of bounds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mempolicy: corrige el acceso fuera de los l\u00edmites a get_nodes. Cuando el usuario especifica m\u00e1s nodos de los admitidos, get_nodes acceder\u00e1 a la matriz nmask fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json index 5b0251982cc..4c80a918da1 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50148.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: fix potential NULL dereference in __kernfs_remove\n\nWhen lockdep is enabled, lockdep_assert_held_write would\ncause potential NULL pointer dereference.\n\nFix the following smatch warnings:\n\nfs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kernfs: se corrige una posible desreferencia de punteros NULL en __kernfs_remove. Cuando lockdep est\u00e1 habilitado, lockdep_assert_held_write podr\u00eda causar una posible desreferencia de punteros NULL. Se corrigen las siguientes advertencias de coincidencia: fs/kernfs/dir.c:1353 __kernfs_remove() warn: variable desreferenciada antes de la comprobaci\u00f3n 'kn' (v\u00e9ase la l\u00ednea 1346)." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json index 21e0be8a1c1..6e5cbd1fcba 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50149.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential deadlock in __driver_attach\n\nIn __driver_attach function, There are also AA deadlock problem,\nlike the commit b232b02bf3c2 (\"driver core: fix deadlock in\n__device_attach\").\n\nstack like commit b232b02bf3c2 (\"driver core: fix deadlock in\n__device_attach\").\nlist below:\n In __driver_attach function, The lock holding logic is as follows:\n ...\n __driver_attach\n if (driver_allows_async_probing(drv))\n device_lock(dev) // get lock dev\n async_schedule_dev(__driver_attach_async_helper, dev); // func\n async_schedule_node\n async_schedule_node_domain(func)\n entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);\n /* when fail or work limit, sync to execute func, but\n __driver_attach_async_helper will get lock dev as\n will, which will lead to A-A deadlock. */\n if (!entry || atomic_read(&entry_count) > MAX_WORK) {\n func;\n else\n queue_work_node(node, system_unbound_wq, &entry->work)\n device_unlock(dev)\n\n As above show, when it is allowed to do async probes, because of\n out of memory or work limit, async work is not be allowed, to do\n sync execute instead. it will lead to A-A deadlock because of\n __driver_attach_async_helper getting lock dev.\n\nReproduce:\nand it can be reproduce by make the condition\n(if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like\nbelow:\n\n[ 370.785650] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables\nthis message.\n[ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid:\n0 flags:0x00004000\n[ 370.788865] Call Trace:\n[ 370.789374] \n[ 370.789841] __schedule+0x482/0x1050\n[ 370.790613] schedule+0x92/0x1a0\n[ 370.791290] schedule_preempt_disabled+0x2c/0x50\n[ 370.792256] __mutex_lock.isra.0+0x757/0xec0\n[ 370.793158] __mutex_lock_slowpath+0x1f/0x30\n[ 370.794079] mutex_lock+0x50/0x60\n[ 370.794795] __device_driver_lock+0x2f/0x70\n[ 370.795677] ? driver_probe_device+0xd0/0xd0\n[ 370.796576] __driver_attach_async_helper+0x1d/0xd0\n[ 370.797318] ? driver_probe_device+0xd0/0xd0\n[ 370.797957] async_schedule_node_domain+0xa5/0xc0\n[ 370.798652] async_schedule_node+0x19/0x30\n[ 370.799243] __driver_attach+0x246/0x290\n[ 370.799828] ? driver_allows_async_probing+0xa0/0xa0\n[ 370.800548] bus_for_each_dev+0x9d/0x130\n[ 370.801132] driver_attach+0x22/0x30\n[ 370.801666] bus_add_driver+0x290/0x340\n[ 370.802246] driver_register+0x88/0x140\n[ 370.802817] ? virtio_scsi_init+0x116/0x116\n[ 370.803425] scsi_register_driver+0x1a/0x30\n[ 370.804057] init_sd+0x184/0x226\n[ 370.804533] do_one_initcall+0x71/0x3a0\n[ 370.805107] kernel_init_freeable+0x39a/0x43a\n[ 370.805759] ? rest_init+0x150/0x150\n[ 370.806283] kernel_init+0x26/0x230\n[ 370.806799] ret_from_fork+0x1f/0x30\n\nTo fix the deadlock, move the async_schedule_dev outside device_lock,\nas we can see, in async_schedule_node_domain, the parameter of\nqueue_work_node is system_unbound_wq, so it can accept concurrent\noperations. which will also not change the code logic, and will\nnot lead to deadlock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: n\u00facleo del controlador: corrige un posible bloqueo en __driver_attach En la funci\u00f3n __driver_attach, tambi\u00e9n hay un problema de bloqueo AA, como el commit b232b02bf3c2 (\"n\u00facleo del controlador: corrige el bloqueo en __device_attach\"). pila como el commit b232b02bf3c2 (\"n\u00facleo del controlador: corrige el bloqueo en __device_attach\"). lista a continuaci\u00f3n: En la funci\u00f3n __driver_attach, la l\u00f3gica de retenci\u00f3n de bloqueo es la siguiente: ... __driver_attach if (driver_allows_async_probing(drv)) device_lock(dev) // obtener bloqueo dev async_schedule_dev(__driver_attach_async_helper, dev); // func async_schedule_node async_schedule_node_domain(func) entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); /* cuando falla o hay l\u00edmite de trabajo, se sincroniza para ejecutar func, pero __driver_attach_async_helper obtendr\u00e1 el bloqueo dev, lo que provocar\u00e1 un bloqueo AA. */ if (!entry || atomic_read(&entry_count) > MAX_WORK) { func; else queue_work_node(node, system_unbound_wq, &entry->work) device_unlock(dev) Como se muestra arriba, cuando se permite hacer sondeos asincr\u00f3nicos, debido a falta de memoria o l\u00edmite de trabajo, no se permite el trabajo asincr\u00f3nico, en su lugar se ejecuta la sincronizaci\u00f3n. Esto provocar\u00e1 un bloqueo AA debido a que __driver_attach_async_helper obtiene el bloqueo dev. Reproducir: y se puede reproducir haciendo que la condici\u00f3n (if (!entry || atomic_read(&entry_count) > MAX_WORK)) sea insostenible, como se muestra a continuaci\u00f3n: [ 370.785650] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" deshabilita este mensaje. [ 370.787154] tarea:swapper/0 estado:D pila: 0 pid: 1 ppid: 0 indicadores:0x00004000 [ 370.788865] Seguimiento de llamadas: [ 370.789374] [ 370.789841] __schedule+0x482/0x1050 [ 370.790613] schedule+0x92/0x1a0 [ 370.791290] schedule_preempt_disabled+0x2c/0x50 [ 370.792256] __mutex_lock.isra.0+0x757/0xec0 [ 370.793158] __mutex_lock_slowpath+0x1f/0x30 [ 370.794079] mutex_lock+0x50/0x60 [ 370.794795] __device_driver_lock+0x2f/0x70 [ 370.795677] ? driver_probe_device+0xd0/0xd0 [ 370.796576] __driver_attach_async_helper+0x1d/0xd0 [ 370.797318] ? driver_probe_device+0xd0/0xd0 [ 370.797957] async_schedule_node_domain+0xa5/0xc0 [ 370.798652] async_schedule_node+0x19/0x30 [ 370.799243] __driver_attach+0x246/0x290 [ 370.799828] ? driver_allows_async_probing+0xa0/0xa0 [ 370.800548] bus_for_each_dev+0x9d/0x130 [ 370.801132] driver_attach+0x22/0x30 [ 370.801666] bus_add_driver+0x290/0x340 [ 370.802246] driver_register+0x88/0x140 [ 370.802817] ? virtio_scsi_init+0x116/0x116 [ 370.803425] scsi_register_driver+0x1a/0x30 [ 370.804057] init_sd+0x184/0x226 [ 370.804533] do_one_initcall+0x71/0x3a0 [ 370.805107] kernel_init_freeable+0x39a/0x43a [ 370.805759] ? rest_init+0x150/0x150 [ 370.806283] kernel_init+0x26/0x230 [ 370.806799] ret_from_fork+0x1f/0x30 Para corregir el bloqueo, mueva async_schedule_dev fuera de device_lock, como podemos ver, en async_schedule_node_domain, el par\u00e1metro de queue_work_node es system_unbound_wq, por lo que puede aceptar operaciones concurrentes, lo que tampoco cambiar\u00e1 la l\u00f3gica del c\u00f3digo y no conducir\u00e1 a un bloqueo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json index 7d6fd182e4b..3af07764525 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50151.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix random warning message when driver load\n\nWarning log:\n[ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code!\n[ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20\n[ 4.158010] Hardware name: Freescale i.MX8QXP MEK (DT)\n[ 4.163155] Call trace:\n[ 4.165600] dump_backtrace+0x0/0x1b0\n[ 4.169286] show_stack+0x18/0x68\n[ 4.172611] dump_stack_lvl+0x68/0x84\n[ 4.176286] dump_stack+0x18/0x34\n[ 4.179613] kmalloc_fix_flags+0x60/0x88\n[ 4.183550] new_slab+0x334/0x370\n[ 4.186878] ___slab_alloc.part.108+0x4d4/0x748\n[ 4.191419] __slab_alloc.isra.109+0x30/0x78\n[ 4.195702] kmem_cache_alloc+0x40c/0x420\n[ 4.199725] dma_pool_alloc+0xac/0x1f8\n[ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0\n\npool_alloc_page(struct dma_pool *pool, gfp_t mem_flags)\n{\n\t...\n\tpage = kmalloc(sizeof(*page), mem_flags);\n\tpage->vaddr = dma_alloc_coherent(pool->dev, pool->allocation,\n\t\t\t\t\t &page->dma, mem_flags);\n\t...\n}\n\nkmalloc was called with mem_flags, which is passed down in\ncdns3_allocate_trb_pool() and have GFP_DMA32 flags.\nkmall_fix_flags() report warning.\n\nGFP_DMA32 is not useful at all. dma_alloc_coherent() will handle\nDMA memory region correctly by pool->dev. GFP_DMA32 can be removed\nsafely." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdns3: se corrige un mensaje de advertencia aleatorio al cargar el controlador. Registro de advertencias: [4.141392] GFP inesperado: 0x4 (GFP_DMA32). Se est\u00e1 solucionando hasta gfp: 0xa20 (GFP_ATOMIC). \u00a1Corrige tu c\u00f3digo! [ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 No contaminado 5.15.5-00039-g2fd9ae1b568c #20 [ 4.158010] Nombre del hardware: Freescale i.MX8QXP MEK (DT) [ 4.163155] Rastreo de llamadas: [ 4.165600] dump_backtrace+0x0/0x1b0 [ 4.169286] show_stack+0x18/0x68 [ 4.172611] dump_stack_lvl+0x68/0x84 [ 4.176286] dump_stack+0x18/0x34 [ 4.179613] kmalloc_fix_flags+0x60/0x88 [ 4.183550] new_slab+0x334/0x370 [ 4.186878] ___slab_alloc.part.108+0x4d4/0x748 [ 4.191419] __slab_alloc.isra.109+0x30/0x78 [ 4.195702] kmem_cache_alloc+0x40c/0x420 [ 4.199725] dma_pool_alloc+0xac/0x1f8 [ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0 pool_alloc_page(struct dma_pool *pool, gfp_t mem_flags) { ... page = kmalloc(sizeof(*page), mem_flags); page->vaddr = dma_alloc_coherent(pool->dev, pool->allocation, &page->dma, mem_flags); ... } kmalloc se llam\u00f3 con mem_flags, que se transmite en cdns3_allocate_trb_pool() y tiene indicadores GFP_DMA32. kmall_fix_flags() informa una advertencia. GFP_DMA32 no es \u00fatil. dma_alloc_coherent() gestionar\u00e1 correctamente la regi\u00f3n de memoria DMA mediante pool->dev. GFP_DMA32 se puede eliminar de forma segura." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json index 15c5cae0393..fc419b45250 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50152.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: ohci-nxp: Se corrige la fuga de recuento de referencias en ohci_hcd_nxp_probe. of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json index 08c4a9b5f05..a6630daf20d 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50153.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: Fix refcount leak in ehci_hcd_ppc_of_probe\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: host: Se corrige la fuga de recuento de referencias en ehci_hcd_ppc_of_probe. of_find_compatible_node() devuelve un puntero de nodo con el recuento de referencias incrementado; al finalizar, se debe usar of_node_put(). Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json index 5ae6496f4d9..a63e019fb5d 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50154.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()\n\nof_get_child_by_name() returns a node pointer with refcount incremented, so\nwe should use of_node_put() on it when we don't need it anymore.\n\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: mediatek-gen3: Se corrige la fuga de recuento de referencias en mtk_pcie_init_irq_domains(). of_get_child_by_name() devuelve un puntero de nodo con el recuento de referencias incrementado, por lo que debemos usar of_node_put() cuando ya no lo necesitemos. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json index 8cf59bb813e..0ebb25fb45e 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50155.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset\n\nof_find_node_by_path() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: parsers: ofpart: Se corrige la fuga de recuento de referencias en bcm4908_partitions_fw_offset. of_find_node_by_path() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json index a6938dc2a60..a7e403945e2 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50156.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: cp2112: prevent a buffer overflow in cp2112_xfer()\n\nSmatch warnings:\ndrivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()\n'data->block[1]' too small (33 vs 255)\ndrivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too\nsmall (64 vs 255)\n\nThe 'read_length' variable is provided by 'data->block[0]' which comes\nfrom user and it(read_length) can take a value between 0-255. Add an\nupper bound to 'read_length' variable to prevent a buffer overflow in\nmemcpy()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: cp2112: evitar un desbordamiento de b\u00fafer en cp2112_xfer() Advertencias de Smatch: drivers/hid/hid-cp2112.c:793 Error de cp2112_xfer(): __memcpy() 'data->block[1]' demasiado peque\u00f1o (33 frente a 255) drivers/hid/hid-cp2112.c:793 Error de cp2112_xfer(): __memcpy() 'buf' demasiado peque\u00f1o (64 frente a 255) La variable 'read_length' la proporciona 'data->block[0]', que proviene del usuario, y puede tomar un valor entre 0 y 255. A\u00f1ada un l\u00edmite superior a la variable 'read_length' para evitar un desbordamiento de b\u00fafer en memcpy()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json index edc4a3c8111..88b14bbf4c7 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50157.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()\n\nof_get_next_child() returns a node pointer with refcount incremented, so we\nshould use of_node_put() on it when we don't need it anymore.\n\nmc_pcie_init_irq_domains() only calls of_node_put() in the normal path,\nmissing it in some error paths. Add missing of_node_put() to avoid\nrefcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: microchip: Se corrige la fuga de recuento de referencias en mc_pcie_init_irq_domains(). of_get_next_child() devuelve un puntero de nodo con el recuento de referencias incrementado, por lo que debemos usar of_node_put() cuando ya no lo necesitemos. mc_pcie_init_irq_domains() solo llama a of_node_put() en la ruta normal, y no lo detecta en algunas rutas con errores. Se a\u00f1ade la falta de of_node_put() para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json index e96d51b55dc..0230cdfaae6 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50158.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: partitions: Fix refcount leak in parse_redboot_of\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: particiones: Se corrige la fuga de recuento de referencias en parse_redboot_of. of_get_child_by_name() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json index 9b7e06b4ce1..a61d7231663 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50159.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: check previous kernel's ima-kexec-buffer against memory bounds\n\nPresently ima_get_kexec_buffer() doesn't check if the previous kernel's\nima-kexec-buffer lies outside the addressable memory range. This can result\nin a kernel panic if the new kernel is booted with 'mem=X' arg and the\nima-kexec-buffer was allocated beyond that range by the previous kernel.\nThe panic is usually of the form below:\n\n$ sudo kexec --initrd initrd vmlinux --append='mem=16G'\n\n\n BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000\n Faulting instruction address: 0xc000000000837974\n Oops: Kernel access of bad area, sig: 11 [#1]\n\n NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0\n LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n Call Trace:\n [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108\n [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120\n [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0\n [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec\n [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0\n [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64\n Instruction dump:\n f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330\n 7c0802a6 fb610198 7c9b2378 f80101d0 2c090001 40820614 e9240010\n ---[ end trace 0000000000000000 ]---\n\nFix this issue by checking returned PFN range of previous kernel's\nima-kexec-buffer with page_is_ram() to ensure correct memory bounds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: comprobar el b\u00fafer ima-kexec del kernel anterior con los l\u00edmites de memoria. Actualmente, ima_get_kexec_buffer() no comprueba si el b\u00fafer ima-kexec del kernel anterior se encuentra fuera del rango de memoria direccionable. Esto puede provocar un p\u00e1nico del kernel si el nuevo kernel se inicia con el argumento 'mem=X' y el kernel anterior asign\u00f3 el b\u00fafer ima-kexec fuera de ese rango. El p\u00e1nico suele tener el siguiente formato: $ sudo kexec --initrd initrd vmlinux --append='mem=16G' ERROR: No se puede controlar el acceso a los datos del kernel en lectura en 0xc000c01fff7f0000 Direcci\u00f3n de instrucci\u00f3n con error: 0xc000000000837974 Oops: Acceso al kernel de \u00e1rea defectuosa, firma: 11 [#1] NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0 LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 Rastreo de llamadas: [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108 [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120 [c00000000371fbf0] [c000000000012240] hacer_una_initcall+0x60/0x2c0 [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0 [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64 Volcado de instrucciones: f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330 7c0802a6 fb610198 7c9b2378 f80101d0 2c090001 40820614 e9240010 ---[ fin del seguimiento 0000000000000000 ]--- Solucione este problema verificando el rango PFN devuelto del ima-kexec-buffer del kernel anterior con page_is_ram() para garantizar los l\u00edmites de memoria correctos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json index a47e230bac8..c9aa2f24bba 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50160.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in ap_flash_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: mapas: Se corrige la fuga de recuento de referencias en ap_flash_init. of_find_matching_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json index 37b0e13a3f1..246c1c3ce92 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50161.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in of_flash_probe_versatile\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: mapas: Se corrige la fuga de recuento de referencias en of_flash_probe_versatile. of_find_matching_node_and_match() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json index e618daff10a..386851cd14c 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50162.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: Fix possible refcount leak in if_usb_probe()\n\nusb_get_dev will be called before lbs_get_firmware_async which means that\nusb_put_dev need to be called when lbs_get_firmware_async fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: libertas: se corrige una posible p\u00e9rdida de recuento de referencias en if_usb_probe(). usb_get_dev se llamar\u00e1 antes de lbs_get_firmware_async, lo que significa que se debe llamar a usb_put_dev cuando lbs_get_firmware_async falla." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json index aa4c77e3878..803d234499f 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50163.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix incorrect dev_tracker usage\n\nWhile investigating a separate rose issue [1], and enabling\nCONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2]\n\nAn ax25_dev can be used by one (or many) struct ax25_cb.\nWe thus need different dev_tracker, one per struct ax25_cb.\n\nAfter this patch is applied, we are able to focus on rose.\n\n[1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/\n\n[2]\n[ 205.798723] reference already released.\n[ 205.798732] allocated in:\n[ 205.798734] ax25_bind+0x1a2/0x230 [ax25]\n[ 205.798747] __sys_bind+0xea/0x110\n[ 205.798753] __x64_sys_bind+0x18/0x20\n[ 205.798758] do_syscall_64+0x5c/0x80\n[ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798768] freed in:\n[ 205.798770] ax25_release+0x115/0x370 [ax25]\n[ 205.798778] __sock_release+0x42/0xb0\n[ 205.798782] sock_close+0x15/0x20\n[ 205.798785] __fput+0x9f/0x260\n[ 205.798789] ____fput+0xe/0x10\n[ 205.798792] task_work_run+0x64/0xa0\n[ 205.798798] exit_to_user_mode_prepare+0x18b/0x190\n[ 205.798804] syscall_exit_to_user_mode+0x26/0x40\n[ 205.798808] do_syscall_64+0x69/0x80\n[ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798827] ------------[ cut here ]------------\n[ 205.798829] WARNING: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81\n[ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video\n[ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25]\n[ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3\n[ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020\n[ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81\n[ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 <0f> 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e\n[ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286\n[ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000\n[ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff\n[ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618\n[ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0\n[ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001\n[ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000\n[ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0\n[ 205.799033] Call Trace:\n[ 205.799035] \n[ 205.799038] ? ax25_dev_device_down+0xd9/\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: correcci\u00f3n del uso incorrecto de dev_tracker. Mientras investigaba un problema independiente de Rose [1] y habilitaba CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard report\u00f3 un problema ortogonal de Ax25 [2]. Un ax25_dev puede ser utilizado por una (o varias) estructuras ax25_cb. Por lo tanto, necesitamos diferentes dev_tracker, uno por estructura ax25_cb. Tras aplicar este parche, podemos centrarnos en Rose. [1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/ [2] [ 205.798723] referencia ya publicada. [ 205.798732] asignado en: [ 205.798734] ax25_bind+0x1a2/0x230 [ax25] [ 205.798747] __sys_bind+0xea/0x110 [ 205.798753] __x64_sys_bind+0x18/0x20 [ 205.798758] do_syscall_64+0x5c/0x80 [ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 205.798768] liberado en: [ 205.798770] ax25_release+0x115/0x370 [ax25] [ 205.798778] __sock_release+0x42/0xb0 [ 205.798782] sock_close+0x15/0x20 [ 205.798785] __fput+0x9f/0x260 [ 205.798789] ____fput+0xe/0x10 [ 205.798792] task_work_run+0x64/0xa0 [ 205.798798] exit_to_user_mode_prepare+0x18b/0x190 [ 205.798804] syscall_exit_to_user_mode+0x26/0x40 [ 205.798808] do_syscall_64+0x69/0x80 [ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 205.798827] ------------[ cortar aqu\u00ed ]------------ [ 205.798829] ADVERTENCIA: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81 [ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video [ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25] [ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3 [ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020 [ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81 [ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 <0f> 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e [ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286 [ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000 [ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff [ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618 [ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0 [ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001 [ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000 [ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0 [ 205.799033] Call Trace: [ 205.799035] [ 205.799038] ? ax25_dev_device_down+0xd9/ ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json index 998ba229a78..4835416fe63 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50164.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n\nAfter successfull station association, if station queues are disabled for\nsome reason, the related lists are not emptied. So if some new element is\nadded to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old\none and produce a BUG like this:\n\n[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).\n[ 46.535283] ------------[ cut here ]------------\n[ 46.535284] kernel BUG at lib/list_debug.c:26!\n[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1\n[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012\n[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f\n[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1\n[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286\n[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000\n[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff\n[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666\n[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388\n[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0\n[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000\n[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0\n[ 46.687422] Call Trace:\n[ 46.689906] \n[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]\n[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]\n[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]\n[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]\n[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]\n...\n\nIn order to avoid this problem, we must also remove the related lists when\nstation queues are disabled." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: correcci\u00f3n de un error de list_add doble en iwl_mvm_mac_wake_tx_queue. Tras la asociaci\u00f3n correcta de estaciones, si las colas de estaciones se deshabilitan por alg\u00fan motivo, las listas relacionadas no se vac\u00edan. Por lo tanto, si se a\u00f1ade un nuevo elemento a la lista en iwl_mvm_mac_wake_tx_queue, este puede coincidir con el anterior y generar un error como este: [46.535263] list_add corrupto. prev->next deber\u00eda ser next (ffff94c1c318a360), pero era 0000000000000000. (prev=ffff94c1d02d3388). [ 46.535283] ------------[ cortar aqu\u00ed ]------------ [ 46.535284] \u00a1ERROR del kernel en lib/list_debug.c:26! [ 46.535290] C\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant No contaminado 5.19.0-rc3+ #1 [ 46.592380] Nombre del hardware: Dell Inc. Inspiron 660s/0478VN, BIOS A07 24/08/2012 [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f [ 46.605475] C\u00f3digo: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 [ 46.629854] RAX: 000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff [ 46.644356] RBP: ffff94c1c5f43370 R08: 000000000000075 R09: 3064316334396666 [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 [ 46.687422] Rastreo de llamadas: [ 46.689906] [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm] [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211] [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211] [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211] [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211] ... Para evitar este problema, tambi\u00e9n debemos eliminar las listas relacionadas cuando las colas de estaciones est\u00e9n deshabilitadas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json index 52360237ee5..58fa2265a83 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50165.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`\n\nCommit 7a4836560a61 changes simple_write_to_buffer() with memdup_user()\nbut it forgets to change the value to be returned that came from\nsimple_write_to_buffer() call. It results in the following warning:\n\n warning: variable 'rc' is uninitialized when used here [-Wuninitialized]\n return rc;\n ^~\n\nRemove rc variable and just return the passed in length if the\nmemdup_user() succeeds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: wil6210: debugfs: se corrige el uso de variables no inicializadas en `wil_write_file_wmi()`. El commit 7a4836560a61 cambia `simple_write_to_buffer()` por `memdup_user()`, pero olvida cambiar el valor devuelto que proviene de la llamada `simple_write_to_buffer()`. Esto genera la siguiente advertencia: `advertencia: la variable `rc' no est\u00e1 inicializada cuando se usa aqu\u00ed` [-Wuninitialized] return rc; ^~ Se elimina la variable `rc` y se devuelve solo la longitud introducida si `memdup_user()` se ejecuta correctamente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json index f91564c4a46..09262f1dc1a 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50166.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: When HCI work queue is drained, only queue chained work\n\nThe HCI command, event, and data packet processing workqueue is drained\nto avoid deadlock in commit\n76727c02c1e1 (\"Bluetooth: Call drain_workqueue() before resetting state\").\n\nThere is another delayed work, which will queue command to this drained\nworkqueue. Which results in the following error report:\n\nBluetooth: hci2: command 0x040f tx timeout\nWARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140\nWorkqueue: events hci_cmd_timeout\nRIP: 0010:__queue_work+0xdad/0x1140\nRSP: 0000:ffffc90002cffc60 EFLAGS: 00010093\nRAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000\nRDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08\nRBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700\nR10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60\nR13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800\nFS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ? queue_work_on+0xcb/0x110\n ? lockdep_hardirqs_off+0x90/0xd0\n queue_work_on+0xee/0x110\n process_one_work+0x996/0x1610\n ? pwq_dec_nr_in_flight+0x2a0/0x2a0\n ? rwlock_bug.part.0+0x90/0x90\n ? _raw_spin_lock_irq+0x41/0x50\n worker_thread+0x665/0x1080\n ? process_one_work+0x1610/0x1610\n kthread+0x2e9/0x3a0\n ? kthread_complete_and_exit+0x40/0x40\n ret_from_fork+0x1f/0x30\n \n\nTo fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the\ntimeout workqueue while command workqueue is draining." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Al vaciar la cola de trabajo de HCI, solo se pone en cola el trabajo encadenado. La cola de trabajo de procesamiento de comandos, eventos y paquetes de datos de HCI se vac\u00eda para evitar un bloqueo en el commit 76727c02c1e1 (\"Bluetooth: Llamar a drain_workqueue() antes de restablecer el estado\"). Existe otro trabajo retrasado que pondr\u00e1 en cola el comando en esta cola de trabajo vaciada. Lo que genera el siguiente informe de error: Bluetooth: hci2: command 0x040f tx timeout ADVERTENCIA: CPU: 1 PID: 18374 en kernel/workqueue.c:1438 __queue_work+0xdad/0x1140 Workqueue: events hci_cmd_timeout RIP: 0010:__queue_work+0xdad/0x1140 RSP: 0000:ffffc90002cffc60 EFLAGS: 00010093 RAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000 RDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08 RBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700 R10: ffffffff814f73c6 R11: 000000000000000 R12: ffff88807cce4c60 R13: 000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: ? queue_work_on+0xcb/0x110 ? lockdep_hardirqs_off+0x90/0xd0 queue_work_on+0xee/0x110 process_one_work+0x996/0x1610 ? pwq_dec_nr_in_flight+0x2a0/0x2a0 ? rwlock_bug.part.0+0x90/0x90 ? _raw_spin_lock_irq+0x41/0x50 worker_thread+0x665/0x1080 ? process_one_work+0x1610/0x1610 kthread+0x2e9/0x3a0 ? kthread_complete_and_exit+0x40/0x40 ret_from_fork+0x1f/0x30 Para solucionar esto, podemos agregar un nuevo indicador HCI_DRAIN_WQ y no poner en cola la cola de trabajo de tiempo de espera mientras se drena la cola de trabajo de comandos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json index bf27d4070b2..49810ff8a13 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50167.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix potential 32-bit overflow when accessing ARRAY map element\n\nIf BPF array map is bigger than 4GB, element pointer calculation can\noverflow because both index and elem_size are u32. Fix this everywhere\nby forcing 64-bit multiplication. Extract this formula into separate\nsmall helper and use it consistently in various places.\n\nSpeculative-preventing formula utilizing index_mask trick is left as is,\nbut explicit u64 casts are added in both places." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: se corrige un posible desbordamiento de 32 bits al acceder al elemento del mapa de matriz. Si el mapa de matriz BPF supera los 4 GB, el c\u00e1lculo del puntero del elemento puede desbordarse, ya que tanto el \u00edndice como el tama\u00f1o de elem son u32. Se corrige este problema en todas partes forzando la multiplicaci\u00f3n de 64 bits. Se extrae esta f\u00f3rmula en un peque\u00f1o ayudante independiente y se usa de forma consistente en varios lugares. La f\u00f3rmula que evita la especulaci\u00f3n mediante el truco de index_mask se mantiene sin cambios, pero se a\u00f1aden conversiones u64 expl\u00edcitas en ambos lugares." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json index 8dc28494c2a..01475b80bbd 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50168.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, x86: fix freeing of not-finalized bpf_prog_pack\n\nsyzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens\nwith multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile()\non each sub program. And then, we call it on each sub program again. jit_data\nis not freed in the first call of bpf_int_jit_compile(). Similarly we don't\ncall bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile().\n\nIf bpf_int_jit_compile() failed for one sub program, we will call\nbpf_jit_binary_pack_finalize() for this sub program. However, we don't have a\nchance to call it for other sub programs. Then we will hit \"goto out_free\" in\njit_subprogs(), and call bpf_jit_free on some subprograms that haven't got\nbpf_jit_binary_pack_finalize() yet.\n\nAt this point, bpf_jit_binary_pack_free() is called and the whole 2MB page is\nfreed erroneously.\n\nFix this with a custom bpf_jit_free() for x86_64, which calls\nbpf_jit_binary_pack_finalize() if necessary. Also, with custom\nbpf_jit_free(), bpf_prog_aux->use_bpf_prog_pack is not needed any more,\nremove it.\n\n[1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f\n[2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, x86: se corrige la liberaci\u00f3n de bpf_prog_pack no finalizado. syzbot report\u00f3 algunos problemas con bpf_prog_pack [1], [2]. Esto solo ocurre con varios subprogramas. En jit_subprogs(), primero llamamos a bpf_int_jit_compile() en cada subprograma. Y luego, lo volvemos a llamar en cada subprograma. jit_data no se libera en la primera llamada de bpf_int_jit_compile(). De igual manera, no llamamos a bpf_jit_binary_pack_finalize() en la primera llamada de bpf_int_jit_compile(). Si bpf_int_jit_compile() falla en un subprograma, llamaremos a bpf_jit_binary_pack_finalize() para este subprograma. Sin embargo, no podemos llamarlo para otros subprogramas. Luego, pulsaremos \"goto out_free\" en jit_subprogs() y llamaremos a bpf_jit_free en algunos subprogramas que a\u00fan no tienen bpf_jit_binary_pack_finalize(). En este punto, se llama a bpf_jit_binary_pack_free() y se libera la p\u00e1gina completa de 2 MB por error. Se puede solucionar con un bpf_jit_free() personalizado para x86_64, que llama a bpf_jit_binary_pack_finalize() si es necesario. Adem\u00e1s, con bpf_jit_free() personalizado, bpf_prog_aux->use_bpf_prog_pack ya no es necesario; elim\u00ednelo. [1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f [2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json index 728bdf99fff..5a6ebfcf345 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50169.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n\nThe simple_write_to_buffer() function will succeed if even a single\nbyte is initialized. However, we need to initialize the whole buffer\nto prevent information leaks. Just use memdup_user()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: wil6210: debugfs: correcci\u00f3n de fuga de informaci\u00f3n en wil_write_file_wmi(). La funci\u00f3n simple_write_to_buffer() funcionar\u00e1 correctamente incluso si se inicializa un solo byte. Sin embargo, es necesario inicializar todo el b\u00fafer para evitar fugas de informaci\u00f3n. Simplemente use memdup_user()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json index 1a17c2be893..3bda21081ef 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50170.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit: executor: Fix a memory leak on failure in kunit_filter_tests\n\nIt's possible that memory allocation for 'filtered' will fail, but for the\ncopy of the suite to succeed. In this case, the copy could be leaked.\n\nProperly free 'copy' in the error case for the allocation of 'filtered'\nfailing.\n\nNote that there may also have been a similar issue in\nkunit_filter_subsuites, before it was removed in \"kunit: flatten\nkunit_suite*** to kunit_suite** in .kunit_test_suites\".\n\nThis was reported by clang-analyzer via the kernel test robot, here:\nhttps://lore.kernel.org/all/c8073b8e-7b9e-0830-4177-87c12f16349c@intel.com/\n\nAnd by smatch via Dan Carpenter and the kernel test robot:\nhttps://lore.kernel.org/all/202207101328.ASjx88yj-lkp@intel.com/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kunit: executor: Se corrige una fuga de memoria en caso de fallo en kunit_filter_tests. Es posible que la asignaci\u00f3n de memoria para \"filtered\" falle, pero que la copia de la suite se realice correctamente. En este caso, la copia podr\u00eda sufrir una fuga. Libere correctamente \"copy\" en caso de error en caso de fallo en la asignaci\u00f3n de \"filtered\". Tenga en cuenta que tambi\u00e9n podr\u00eda haber existido un problema similar en kunit_filter_subsuites, antes de que se eliminara en \"kunit: flatten kunit_suite*** to kunit_suite** in .kunit_test_suites\". Esto fue informado por clang-analyzer a trav\u00e9s del robot de pruebas del kernel, aqu\u00ed: https://lore.kernel.org/all/c8073b8e-7b9e-0830-4177-87c12f16349c@intel.com/ Y por smatch a trav\u00e9s de Dan Carpenter y el robot de pruebas del kernel: https://lore.kernel.org/all/202207101328.ASjx88yj-lkp@intel.com/" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json index e0dff9dd443..77008f9f78d 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50171.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - don't sleep when in softirq\n\nWhen kunpeng920 encryption driver is used to deencrypt and decrypt\npackets during the softirq, it is not allowed to use mutex lock. The\nkernel will report the following error:\n\nBUG: scheduling while atomic: swapper/57/0/0x00000300\nCall trace:\ndump_backtrace+0x0/0x1e4\nshow_stack+0x20/0x2c\ndump_stack+0xd8/0x140\n__schedule_bug+0x68/0x80\n__schedule+0x728/0x840\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x24\n__mutex_lock.constprop.0+0x594/0x5dc\n__mutex_lock_slowpath+0x1c/0x30\nmutex_lock+0x50/0x60\nsec_request_init+0x8c/0x1a0 [hisi_sec2]\nsec_process+0x28/0x1ac [hisi_sec2]\nsec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2]\nsec_skcipher_encrypt+0x1c/0x30 [hisi_sec2]\ncrypto_skcipher_encrypt+0x2c/0x40\ncrypto_authenc_encrypt+0xc8/0xfc [authenc]\ncrypto_aead_encrypt+0x2c/0x40\nechainiv_encrypt+0x144/0x1a0 [echainiv]\ncrypto_aead_encrypt+0x2c/0x40\nesp_output_tail+0x348/0x5c0 [esp4]\nesp_output+0x120/0x19c [esp4]\nxfrm_output_one+0x25c/0x4d4\nxfrm_output_resume+0x6c/0x1fc\nxfrm_output+0xac/0x3c0\nxfrm4_output+0x64/0x130\nip_build_and_send_pkt+0x158/0x20c\ntcp_v4_send_synack+0xdc/0x1f0\ntcp_conn_request+0x7d0/0x994\ntcp_v4_conn_request+0x58/0x6c\ntcp_v6_conn_request+0xf0/0x100\ntcp_rcv_state_process+0x1cc/0xd60\ntcp_v4_do_rcv+0x10c/0x250\ntcp_v4_rcv+0xfc4/0x10a4\nip_protocol_deliver_rcu+0xf4/0x200\nip_local_deliver_finish+0x58/0x70\nip_local_deliver+0x68/0x120\nip_sublist_rcv_finish+0x70/0x94\nip_list_rcv_finish.constprop.0+0x17c/0x1d0\nip_sublist_rcv+0x40/0xb0\nip_list_rcv+0x140/0x1dc\n__netif_receive_skb_list_core+0x154/0x28c\n__netif_receive_skb_list+0x120/0x1a0\nnetif_receive_skb_list_internal+0xe4/0x1f0\nnapi_complete_done+0x70/0x1f0\ngro_cell_poll+0x9c/0xb0\nnapi_poll+0xcc/0x264\nnet_rx_action+0xd4/0x21c\n__do_softirq+0x130/0x358\nirq_exit+0x11c/0x13c\n__handle_domain_irq+0x88/0xf0\ngic_handle_irq+0x78/0x2c0\nel1_irq+0xb8/0x140\narch_cpu_idle+0x18/0x40\ndefault_idle_call+0x5c/0x1c0\ncpuidle_idle_call+0x174/0x1b0\ndo_idle+0xc8/0x160\ncpu_startup_entry+0x30/0x11c\nsecondary_start_kernel+0x158/0x1e4\nsoftirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with\npreempt_count 00000100, exited with fffffe00?" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: hisilicon/sec - no dormir cuando est\u00e1 en softirq Cuando se utiliza el controlador de cifrado kunpeng920 para descifrar y descifrar paquetes durante softirq, no se permite utilizar el bloqueo mutex. El n\u00facleo informar\u00e1 del siguiente error: ERROR: programaci\u00f3n mientras es at\u00f3mico: swapper/57/0/0x00000300 Rastreo de llamadas: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preempt_disabled+0x18/0x24 __mutex_lock.constprop.0+0x594/0x5dc __mutex_lock_slowpath+0x1c/0x30 mutex_lock+0x50/0x60 sec_request_init+0x8c/0x1a0 [hisi_sec2] sec_process+0x28/0x1ac [hisi_sec2] sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2] sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2] crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp_output_tail+0x348/0x5c0 [esp4] esp_output+0x120/0x19c [esp4] xfrm_output_one+0x25c/0x4d4 xfrm_output_resume+0x6c/0x1fc xfrm_output+0xac/0x3c0 xfrm4_output+0x64/0x130 ip_build_and_send_pkt+0x158/0x20c tcp_v4_send_synack+0xdc/0x1f0 tcp_conn_request+0x7d0/0x994 tcp_v4_conn_request+0x58/0x6c tcp_v6_conn_request+0xf0/0x100 tcp_rcv_state_process+0x1cc/0xd60 tcp_v4_do_rcv+0x10c/0x250 tcp_v4_rcv+0xfc4/0x10a4 ip_protocol_deliver_rcu+0xf4/0x200 ip_local_deliver_finish+0x58/0x70 ip_local_deliver+0x68/0x120 ip_sublist_rcv_finish+0x70/0x94 ip_list_rcv_finish.constprop.0+0x17c/0x1d0 ip_sublist_rcv+0x40/0xb0 ip_list_rcv+0x140/0x1dc __netif_receive_skb_list_core+0x154/0x28c __netif_receive_skb_list+0x120/0x1a0 netif_receive_skb_list_internal+0xe4/0x1f0 napi_complete_done+0x70/0x1f0 gro_cell_poll+0x9c/0xb0 napi_poll+0xcc/0x264 net_rx_action+0xd4/0x21c __do_softirq+0x130/0x358 irq_exit+0x11c/0x13c __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x78/0x2c0 el1_irq+0xb8/0x140 arch_cpu_idle+0x18/0x40 default_idle_call+0x5c/0x1c0 cpuidle_idle_call+0x174/0x1b0 do_idle+0xc8/0x160 cpu_startup_entry+0x30/0x11c secondary_start_kernel+0x158/0x1e4 softirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with preempt_count 00000100, exited with fffffe00? " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json index bde1b6b6c94..67603568851 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50172.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg\n\nFree the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: mt76x02u: corrige una posible p\u00e9rdida de memoria en __mt76x02u_mcu_send_msg Libera el skb si mt76u_bulk_msg falla en la rutina __mt76x02u_mcu_send_msg." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json index 9a4a6ec95eb..7097f45c537 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50173.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Fix global state lock backoff\n\nWe need to grab the lock after the early return for !hwpipe case.\nOtherwise, we could have hit contention yet still returned 0.\n\nFixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged\nin CI:\n\n WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154\n Modules linked in:\n CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1\n Hardware name: Qualcomm Technologies, Inc. DB820c (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : drm_modeset_lock+0xf8/0x154\n lr : drm_atomic_get_private_obj_state+0x84/0x170\n sp : ffff80000cfab6a0\n x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00\n x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58\n x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001\n x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038\n x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0\n x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47\n x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610\n x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000\n x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029\n x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58\n Call trace:\n drm_modeset_lock+0xf8/0x154\n drm_atomic_get_private_obj_state+0x84/0x170\n mdp5_get_global_state+0x54/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x2ec/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n ...\n ---[ end trace 0000000000000000 ]---\n drm_modeset_lock attempting to lock a contended lock without backoff:\n drm_modeset_lock+0x148/0x154\n mdp5_get_global_state+0x30/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x290/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n drm_atomic_check_only+0x4b0/0x8f4\n drm_atomic_commit+0x68/0xe0\n\nPatchwork: https://patchwork.freedesktop.org/patch/492701/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/mdp5: Se corrige el retroceso del bloqueo del estado global. Necesitamos tomar el bloqueo despu\u00e9s del retorno anticipado para el caso de !hwpipe. De lo contrario, podr\u00edamos haber llegado a una contenci\u00f3n y a\u00fan as\u00ed haber devuelto 0. Corrige un problema que el nuevo material CONFIG_DRM_DEBUG_MODESET_LOCK marc\u00f3 en CI: ADVERTENCIA: CPU: 0 PID: 282 en drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 M\u00f3dulos vinculados en: CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: GW 5.19.0-rc2-15930-g875cc8bc536a #1 Nombre del hardware: Qualcomm Technologies, Inc. DB820c (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : drm_modeset_lock+0xf8/0x154 lr : drm_atomic_get_private_obj_state+0x84/0x170 sp : ffff80000cfab6a0 x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00 x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58 x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001 x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038 x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0 x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47 x11: ffff80000a386aa8 x10: 0000000000000029 x9: ffff80000cfab610 x8: 0000000000000029 x7: 00000000000000014 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029 x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58 Rastreo de llamadas: drm_modeset_lock+0xf8/0x154 drm_atomic_get_private_obj_state+0x84/0x170 mdp5_get_global_state+0x54/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x2ec/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 ... ---[ fin del seguimiento 0000000000000000 ]--- drm_modeset_lock intenta bloquear un bloqueo disputado sin retroceso: drm_modeset_lock+0x148/0x154 mdp5_get_global_state+0x30/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x290/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 drm_atomic_check_only+0x4b0/0x8f4 drm_atomic_commit+0x68/0xe0 Patchwork: https://patchwork.freedesktop.org/patch/492701/" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json index 7ebf3a055c4..fc8cc39b52f 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50174.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: avoid kernel hung in hinic_get_stats64()\n\nWhen using hinic device as a bond slave device, and reading device stats\nof master bond device, the kernel may hung.\n\nThe kernel panic calltrace as follows:\nKernel panic - not syncing: softlockup: hung tasks\nCall trace:\n native_queued_spin_lock_slowpath+0x1ec/0x31c\n dev_get_stats+0x60/0xcc\n dev_seq_printf_stats+0x40/0x120\n dev_seq_show+0x1c/0x40\n seq_read_iter+0x3c8/0x4dc\n seq_read+0xe0/0x130\n proc_reg_read+0xa8/0xe0\n vfs_read+0xb0/0x1d4\n ksys_read+0x70/0xfc\n __arm64_sys_read+0x20/0x30\n el0_svc_common+0x88/0x234\n do_el0_svc+0x2c/0x90\n el0_svc+0x1c/0x30\n el0_sync_handler+0xa8/0xb0\n el0_sync+0x148/0x180\n\nAnd the calltrace of task that actually caused kernel hungs as follows:\n __switch_to+124\n __schedule+548\n schedule+72\n schedule_timeout+348\n __down_common+188\n __down+24\n down+104\n hinic_get_stats64+44 [hinic]\n dev_get_stats+92\n bond_get_stats+172 [bonding]\n dev_get_stats+92\n dev_seq_printf_stats+60\n dev_seq_show+24\n seq_read_iter+964\n seq_read+220\n proc_reg_read+164\n vfs_read+172\n ksys_read+108\n __arm64_sys_read+28\n el0_svc_common+132\n do_el0_svc+40\n el0_svc+24\n el0_sync_handler+164\n el0_sync+324\n\nWhen getting device stats from bond, kernel will call bond_get_stats().\nIt first holds the spinlock bond->stats_lock, and then call\nhinic_get_stats64() to collect hinic device's stats.\nHowever, hinic_get_stats64() calls `down(&nic_dev->mgmt_lock)` to\nprotect its critical section, which may schedule current task out.\nAnd if system is under high pressure, the task cannot be woken up\nimmediately, which eventually triggers kernel hung panic.\n\nSince previous patch has replaced hinic_dev.tx_stats/rx_stats with local\nvariable in hinic_get_stats64(), there is nothing need to be protected\nby lock, so just removing down()/up() is ok." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hinic: evitar que el kernel se cuelgue en hinic_get_stats64(). Al usar un dispositivo hinic como un dispositivo esclavo de enlace y leer las estad\u00edsticas del dispositivo de enlace maestro, el kernel puede colgarse. El seguimiento de llamadas de p\u00e1nico del kernel es el siguiente: P\u00e1nico del kernel - no sincroniza: softlockup: tareas colgadas Seguimiento de llamadas: native_queued_spin_lock_slowpath+0x1ec/0x31c dev_get_stats+0x60/0xcc dev_seq_printf_stats+0x40/0x120 dev_seq_show+0x1c/0x40 seq_read_iter+0x3c8/0x4dc seq_read+0xe0/0x130 proc_reg_read+0xa8/0xe0 vfs_read+0xb0/0x1d4 ksys_read+0x70/0xfc __arm64_sys_read+0x20/0x30 el0_svc_common+0x88/0x234 do_el0_svc+0x2c/0x90 el0_svc+0x1c/0x30 el0_sync_handler+0xa8/0xb0 el0_sync+0x148/0x180 Y el seguimiento de llamadas de la tarea que realmente caus\u00f3 los bloqueos del kernel de la siguiente manera: __switch_to+124 __schedule+548 schedule+72 schedule_timeout+348 __down_common+188 __down+24 down+104 hinic_get_stats64+44 [hinic] dev_get_stats+92 bond_get_stats+172 [bonding] dev_get_stats+92 dev_seq_printf_stats+60 dev_seq_show+24 seq_read_iter+964 seq_read+220 proc_reg_read+164 vfs_read+172 ksys_read+108 __arm64_sys_read+28 el0_svc_common+132 do_el0_svc+40 el0_svc+24 el0_sync_handler+164 el0_sync+324 Al obtener las estad\u00edsticas del dispositivo desde Bond, el kernel llama a bond_get_stats(). Primero mantiene el bloqueo de giro bond->stats_lock y luego llama a hinic_get_stats64() para recopilar las estad\u00edsticas del dispositivo Hinic. Sin embargo, hinic_get_stats64() llama a `down(&nic_dev->mgmt_lock)` para proteger su secci\u00f3n cr\u00edtica, que podr\u00eda programar la tarea actual. Si el sistema est\u00e1 bajo alta presi\u00f3n, la tarea no se puede reactivar inmediatamente, lo que eventualmente desencadena un p\u00e1nico de bloqueo del kernel. Dado que el parche anterior reemplaz\u00f3 hinic_dev.tx_stats/rx_stats con una variable local en hinic_get_stats64(), no es necesario proteger nada con bloqueo, por lo que simplemente eliminar down()/up() est\u00e1 bien." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json index 1f33512cb66..f7cdfc657b6 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50175.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tw686x: Fix memory leak in tw686x_video_init\n\nvideo_device_alloc() allocates memory for vdev,\nwhen video_register_device() fails, it doesn't release the memory and\nleads to memory leak, call video_device_release() to fix this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: tw686x: Se corrige la p\u00e9rdida de memoria en tw686x_video_init video_device_alloc() asigna memoria para vdev, cuando video_register_device() falla, no libera la memoria y provoca una p\u00e9rdida de memoria, llame a video_device_release() para solucionar esto." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json index b60f8ef4d43..3fdcacd2dee 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50176.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mcde: Fix refcount leak in mcde_dsi_bind\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference counter of the previous node. There is no decrement\nwhen break out from the loop and results in refcount leak.\nAdd missing of_node_put() to fix this." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/mcde: Se corrige la fuga de recuento de referencias en mcde_dsi_bind. Cada iteraci\u00f3n de for_each_available_child_of_node() decrementa el contador de referencias del nodo anterior. No se produce decremento al salir del bucle, lo que provoca una fuga de recuento de referencias. Para solucionar esto, se ha a\u00f1adido la funci\u00f3n of_node_put() (faltante)." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json index 1392fc98531..bcaf96369fb 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50177.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix ksoftirqd boosting timing and iteration\n\nThe RCU priority boosting can fail in two situations:\n\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\n\nThe issues can trigger for example with:\n\n\t./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\"\n\n\t[ 34.968561] rcu-torture: !!!\n\t[ 34.968627] ------------[ cut here ]------------\n\t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.052043] Modules linked in:\n\t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n\t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n\t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n\t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n\t[ 37.277320] rcu: De-offloading 8\n\t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n\t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n\t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n\t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n\t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n\t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n\t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n\t[ 37.290470] Call Trace:\n\t[ 37.295049] \n\t[ 37.295065] ? preempt_count_add+0x63/0x90\n\t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n\t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n\t[ 37.295143] rcu_torture_stats+0x29/0x70\n\t[ 37.295160] kthread+0xe3/0x110\n\t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n\t[ 37.295193] ret_from_fork+0x22/0x30\n\t[ 37.295218] \n\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcutorture: Correcci\u00f3n de la sincronizaci\u00f3n e iteraci\u00f3n del boosting de ksoftirqd. El boosting de prioridad de RCU puede fallar en dos situaciones: 1) Si (nr_cpus= > maxcpus=), lo que significa que el n\u00famero total de CPU es mayor que el de las que se conectaron al arranque, torture_onoff() puede reactivar posteriormente las CPU que no lo estaban. Dado que la inicializaci\u00f3n de rcutorture solo potencia los ksoftirqds de las CPU que se conectaron al arranque, las CPU que torture_onoff active posteriormente no se beneficiar\u00e1n del boosting, lo que provocar\u00e1 un fallo en el boosting de prioridad de RCU. 2) Los kthreads de ksoftirqd se impulsan tras la creaci\u00f3n de los kthreads rcu_torture_boost(), lo que abre una ventana lo suficientemente grande como para que estos kthreads rcu_torture_boost() esperen (a pesar de ejecutarse con prioridad FIFO) a los ksoftirqds que a\u00fan se ejecutan con prioridad SCHED_NORMAL. Los problemas pueden activarse, por ejemplo, con: ./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\" [ 34.968561] rcu-torture: !!! [ 34.968627] ------------[ cortar aqu\u00ed ]------------ [ 35.014054] ADVERTENCIA: CPU: 4 PID: 114 en kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610 [ 35.052043] M\u00f3dulos vinculados en: [ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta No contaminado 5.18.0-rc1 #1 [ 35.096424] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014 [ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610 [ 35.198527] C\u00f3digo: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82 [ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202 [ 37.277320] rcu: Descarga 8 [ 37.290367] RAX: 00000000000000000 RBX: 0000000000000001 RCX: 0000000000000001 [ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff [ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff [37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20 [37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0 [37.290427] FS: 000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000 [37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0 [ 37.290470] Rastreo de llamadas: [ 37.295049] [ 37.295065] ? preempt_count_add+0x63/0x90 [ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40 [ 37.295125] ? rcu_torture_stats_print+0x610/0x610 [ 37.295143] rcu_torture_stats+0x29/0x70 [ 37.295160] kthread+0xe3/0x110 [ 37.295176] ? kthread_complete_and_exit+0x20/0x20 [ 37.295193] ret_from_fork+0x22/0x30 [ 37.295218] Solucione esto potenciando los kthreads ksoftirqds desde la devoluci\u00f3n de llamada hotplug de potenciaci\u00f3n y antes de que se creen los kthreads de potenciaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json index 03c09ce15f9..8541a5399b7 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50178.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn't good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn't zero; otherwise,\nzero is adopted.\n\n divide error: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 \n RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n rtw89_core_sta_add+0x95/0x9c [rtw89_core ]\n rtw89_ops_sta_state+0x5d/0x108 [rtw89_core ]\n drv_sta_state+0x115/0x66f [mac80211 ]\n sta_info_insert_rcu+0x45c/0x713 [mac80211 ]\n sta_info_insert+0xf/0x1b [mac80211 ]\n ieee80211_prep_connection+0x9d6/0xb0c [mac80211 ]\n ieee80211_mgd_auth+0x2aa/0x352 [mac80211 ]\n cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 ]\n nl80211_authenticate+0x2e5/0x306 [cfg80211 ]\n genl_rcv_msg+0x371/0x3a1\n ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 ]\n ? genl_rcv+0x36/0x36\n netlink_rcv_skb+0x8a/0xf9\n genl_rcv+0x28/0x36\n netlink_unicast+0x27b/0x3a0\n netlink_sendmsg+0x2aa/0x469\n sock_sendmsg_nosec+0x49/0x4d\n ____sys_sendmsg+0xe5/0x213\n __sys_sendmsg+0xec/0x157\n ? syscall_enter_from_user_mode+0xd7/0x116\n do_syscall_64+0x43/0x55\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7fa99f6e689b" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: 8852a: rfk: correcci\u00f3n de la excepci\u00f3n div 0. DPK es un tipo de calibraci\u00f3n de RF cuyo algoritmo ajusta los par\u00e1metros, calibra y comprueba el resultado. Si el resultado no es lo suficientemente bueno, podr\u00eda ajustar los par\u00e1metros e intentarlo de nuevo. Este problema se produce al leer y mostrar el resultado, pero podr\u00eda ser un resultado de calibraci\u00f3n negativo que cause un divisor 0 y un volcado de memoria. Por lo tanto, se debe solucionar con phy_div(), que realiza la divisi\u00f3n solo si el divisor no es cero; de lo contrario, se adopta el valor cero. error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpa_supplicant No contaminado 5.10.114-16019-g462a1661811a #1 RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: fffffffc0292de3 R11: fffffffc00d2f51 R12: 000000000000000 R13: ffffa141d01023c0 R14: fffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Rastreo de llamadas: rtw89_core_sta_add+0x95/0x9c [rtw89_core ] rtw89_ops_sta_state+0x5d/0x108 [rtw89_core ] drv_sta_state+0x115/0x66f [mac80211 ] sta_info_insert_rcu+0x45c/0x713 [mac80211 ] sta_info_insert+0xf/0x1b [mac80211 ] ieee80211_prep_connection+0x9d6/0xb0c [mac80211 ] ieee80211_mgd_auth+0x2aa/0x352 [mac80211 ] cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 ] nl80211_authenticate+0x2e5/0x306 [cfg80211 ] genl_rcv_msg+0x371/0x3a1 ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 ] ? genl_rcv+0x36/0x36 netlink_rcv_skb+0x8a/0xf9 genl_rcv+0x28/0x36 netlink_unicast+0x27b/0x3a0 netlink_sendmsg+0x2aa/0x469 sock_sendmsg_nosec+0x49/0x4d ____sys_sendmsg+0xe5/0x213 __sys_sendmsg+0xec/0x157 ? syscall_enter_from_user_mode+0xd7/0x116 do_syscall_64+0x43/0x55 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json index 08c7aa83c76..541fb4ae0cc 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50179.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k: fix use-after-free in ath9k_hif_usb_rx_cb\n\nSyzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The\nproblem was in incorrect htc_handle->drv_priv initialization.\n\nProbable call trace which can trigger use-after-free:\n\nath9k_htc_probe_device()\n /* htc_handle->drv_priv = priv; */\n ath9k_htc_wait_for_target() <--- Failed\n ieee80211_free_hw()\t\t <--- priv pointer is freed\n\n\n...\nath9k_hif_usb_rx_cb()\n ath9k_hif_usb_rx_stream()\n RX_STAT_INC()\t\t<--- htc_handle->drv_priv access\n\nIn order to not add fancy protection for drv_priv we can move\nhtc_handle->drv_priv initialization at the end of the\nath9k_htc_probe_device() and add helper macro to make\nall *_STAT_* macros NULL safe, since syzbot has reported related NULL\nderef in that macros [1]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath9k: correcci\u00f3n del Use-After-Free en ath9k_hif_usb_rx_cb. Syzbot report\u00f3 una lectura de Use-After-Free en ath9k_hif_usb_rx_cb() [0]. El problema resid\u00eda en una inicializaci\u00f3n incorrecta de htc_handle->drv_priv. Posible rastreo de llamadas que puede activar el Use-After-Free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Error en ieee80211_free_hw() <--- el puntero privado se liber\u00f3 ... ath9k_hif_usb_rx_cb() ath9k_hif_usb_rx_stream() RX_STAT_INC() <--- acceso a htc_handle->drv_priv Para no agregar protecci\u00f3n sofisticada para drv_priv, podemos mover la inicializaci\u00f3n de htc_handle->drv_priv al final de ath9k_htc_probe_device() y agregar una macro auxiliar para hacer que todas las macros *_STAT_* sean seguras para NULL, ya que syzbot inform\u00f3 una desreferencia NULL relacionada en esas macros [1]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json index ffbba8116ee..5c2a0006c15 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50181.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-gpu: fix a missing check to avoid NULL dereference\n\n'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()\nand it will lead to a NULL dereference by a lately use of it\n(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.\n\n\n[ kraxel: minor codestyle fixup ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-gpu: se corrige una comprobaci\u00f3n faltante para evitar la desreferencia de NULL. 'cache_ent' podr\u00eda establecerse en NULL dentro de virtio_gpu_cmd_get_capset(), lo que provocar\u00eda una desreferencia de NULL al usarla recientemente (es decir, ptr = cache_ent->caps_cache). Se corrige con una comprobaci\u00f3n de NULL. [kraxel: correcci\u00f3n menor de estilo de c\u00f3digo]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json index d3efd88a1f2..4dc3e643b10 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50182.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Align upwards buffer size\n\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\n\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\n\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\n\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: imx-jpeg: Alinear hacia arriba el tama\u00f1o del b\u00fafer. El hardware puede admitir cualquier tama\u00f1o de imagen (ancho x alto), con dimensiones arbitrarias de ancho y alto. Alinear hacia arriba el tama\u00f1o del b\u00fafer tanto para el codificador como para el decodificador y dejar la resoluci\u00f3n de la imagen sin cambios. Para el decodificador, se puede evitar el riesgo de memoria fuera de los l\u00edmites. Tanto para el codificador como para el decodificador, el controlador eliminar\u00e1 la limitaci\u00f3n de la alineaci\u00f3n de la resoluci\u00f3n. Por ejemplo, el decodificador puede admitir jpeg cuya resoluci\u00f3n es de 227x149, el codificador puede admitir nv12 1080P, no lo cambiar\u00e1 a 1920x1072." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json index 410b28cb06e..ad7f2e72554 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50183.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/meson: encoder_cvbs: Se corrige la fuga de recuento de referencias en meson_encoder_cvbs_init. `of_graph_get_remote_node()` devuelve el puntero de nodo del dispositivo remoto con el recuento de referencias incrementado. Deber\u00edamos usar `of_node_put()` al finalizar. Se ha a\u00f1adido la funci\u00f3n `of_node_put()` que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json index b160013914d..f352ed863a5 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50184.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/meson: encoder_hdmi: Se corrige la fuga de recuento de referencias en meson_encoder_hdmi_init. `of_graph_get_remote_node()` devuelve el puntero de nodo del dispositivo remoto con el recuento de referencias incrementado. Deber\u00edamos usar `of_node_put()` al finalizar. Se ha a\u00f1adido la funci\u00f3n `of_node_put()` que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json index dc8a97c4095..039b4bcb2a9 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50185.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()\n\nThe last case label can write two buffers 'mc_reg_address[j]' and\n'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE\nsince there are no checks for this value in both case labels after the\nlast 'j++'.\n\nInstead of changing '>' to '>=' there, add the bounds check at the start\nof the second 'case' (the first one already has it).\n\nAlso, remove redundant last checks for 'j' index bigger than array size.\nThe expression is always false. Moreover, before or after the patch\n'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it\nseems it can be a valid value.\n\nDetected using the static analysis tool - Svace." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: corrige un desbordamiento de b\u00fafer potencial en ni_set_mc_special_registers() La \u00faltima etiqueta de caso puede escribir dos b\u00faferes 'mc_reg_address[j]' y 'mc_data[j]' con el desplazamiento 'j' igual a SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE ya que no hay comprobaciones para este valor en ambas etiquetas de caso despu\u00e9s del \u00faltimo 'j++'. En lugar de cambiar \">\" a \">=\" all\u00ed, agregue la comprobaci\u00f3n de los l\u00edmites al comienzo del segundo 'caso' (el primero ya lo tiene). Adem\u00e1s, elimine las \u00faltimas comprobaciones redundantes para el \u00edndice 'j' mayor que el tama\u00f1o del arreglo. La expresi\u00f3n siempre es falsa. Adem\u00e1s, antes o despu\u00e9s del parche 'table->last' puede ser igual a SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE y parece que puede ser un valor v\u00e1lido. Detectado usando la herramienta de an\u00e1lisis est\u00e1tico - Svace." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json index 0c8f78631b5..a3288163b77 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50186.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix missing skb drop on htc_tx_completion error\n\nOn htc_tx_completion error the skb is not dropped. This is wrong since\nthe completion_handler logic expect the skb to be consumed anyway even\nwhen an error is triggered. Not freeing the skb on error is a memory\nleak since the skb won't be freed anywere else. Correctly free the\npacket on eid >= ATH11K_HTC_EP_COUNT before returning.\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: se corrige la falta de eliminaci\u00f3n de skb en el error htc_tx_completion. En el error htc_tx_completion, el skb no se elimina. Esto es incorrecto, ya que la l\u00f3gica de completion_handler espera que el skb se consuma de todas formas, incluso cuando se produce un error. No liberar el skb en caso de error supone una fuga de memoria, ya que no se liberar\u00e1 en ning\u00fan otro lugar. Libere correctamente el paquete en eid >= ATH11K_HTC_EP_COUNT antes de regresar. Probado en: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json index a9cbc99dd09..4da578e582c 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50187.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix netdev open race\n\nMake sure to allocate resources needed before registering the device.\n\nThis specifically avoids having a racing open() trigger a BUG_ON() in\nmod_timer() when ath11k_mac_op_start() is called before the\nmon_reap_timer as been set up.\n\nI did not see this issue with next-20220310, but I hit it on every probe\nwith next-20220511. Perhaps some timing changed in between.\n\nHere's the backtrace:\n\n[ 51.346947] kernel BUG at kernel/time/timer.c:990!\n[ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n...\n[ 51.578225] Call trace:\n[ 51.583293] __mod_timer+0x298/0x390\n[ 51.589518] mod_timer+0x14/0x20\n[ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k]\n[ 51.603165] drv_start+0x38/0x60 [mac80211]\n[ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211]\n[ 51.617945] ieee80211_open+0x60/0xb0 [mac80211]\n[ 51.625311] __dev_open+0x100/0x1c0\n[ 51.631420] __dev_change_flags+0x194/0x210\n[ 51.638214] dev_change_flags+0x24/0x70\n[ 51.644646] do_setlink+0x228/0xdb0\n[ 51.650723] __rtnl_newlink+0x460/0x830\n[ 51.657162] rtnl_newlink+0x4c/0x80\n[ 51.663229] rtnetlink_rcv_msg+0x124/0x390\n[ 51.669917] netlink_rcv_skb+0x58/0x130\n[ 51.676314] rtnetlink_rcv+0x18/0x30\n[ 51.682460] netlink_unicast+0x250/0x310\n[ 51.688960] netlink_sendmsg+0x19c/0x3e0\n[ 51.695458] ____sys_sendmsg+0x220/0x290\n[ 51.701938] ___sys_sendmsg+0x7c/0xc0\n[ 51.708148] __sys_sendmsg+0x68/0xd0\n[ 51.714254] __arm64_sys_sendmsg+0x28/0x40\n[ 51.720900] invoke_syscall+0x48/0x120\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: correcci\u00f3n de netdev open race. Aseg\u00farese de asignar los recursos necesarios antes de registrar el dispositivo. Esto evita que un open() de ejecuci\u00f3n active un BUG_ON() en mod_timer() cuando se llama ath11k_mac_op_start() antes de configurar mon_reap_timer. No observ\u00e9 este problema con next-20220310, pero s\u00ed lo encontr\u00e9 en cada sondeo con next-20220511. Quiz\u00e1s se produjo alg\u00fan cambio de sincronizaci\u00f3n entre ambos. Aqu\u00ed est\u00e1 el backtrace: [51.346947] \u00a1ERROR del kernel en kernel/time/timer.c:990! [ 51.346958] Error interno: Ups - ERROR: 0 [#1] PREEMPT SMP ... [ 51.578225] Rastreo de llamadas: [ 51.583293] __mod_timer+0x298/0x390 [ 51.589518] mod_timer+0x14/0x20 [ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k] [ 51.603165] drv_start+0x38/0x60 [mac80211] [ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211] [ 51.617945] ieee80211_open+0x60/0xb0 [mac80211] [ 51.625311] __dev_open+0x100/0x1c0 [ 51.631420] __dev_change_flags+0x194/0x210 [ 51.638214] dev_change_flags+0x24/0x70 [ 51.644646] do_setlink+0x228/0xdb0 [ 51.650723] __rtnl_newlink+0x460/0x830 [ 51.657162] rtnl_newlink+0x4c/0x80 [ 51.663229] rtnetlink_rcv_msg+0x124/0x390 [ 51.669917] netlink_rcv_skb+0x58/0x130 [ 51.676314] rtnetlink_rcv+0x18/0x30 [ 51.682460] netlink_unicast+0x250/0x310 [ 51.688960] netlink_sendmsg+0x19c/0x3e0 [ 51.695458] ____sys_sendmsg+0x220/0x290 [ 51.701938] ___sys_sendmsg+0x7c/0xc0 [ 51.708148] __sys_sendmsg+0x68/0xd0 [ 51.714254] __arm64_sys_sendmsg+0x28/0x40 [ 51.720900] invoke_syscall+0x48/0x120 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json index 858216bce62..7ac64913d4e 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50188.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: Fix refcount leak in meson_encoder_hdmi_init\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it when not need anymore.\nAdd missing put_device() in error path to avoid refcount\nleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/meson: Se corrige la fuga de recuento de referencias en meson_encoder_hdmi_init. La referencia de of_find_device_by_node() se toma; debemos usar put_device() para liberarla cuando ya no sea necesaria. Se a\u00f1ade la falta de put_device() en la ruta de error para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json index 829b8985d47..94d087b7163 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50189.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix file pointer leak\n\nCurrently if a fscanf fails then an early return leaks an open\nfile pointer. Fix this by fclosing the file before the return.\nDetected using static analysis with cppcheck:\n\ntools/power/x86/turbostat/turbostat.c:2039:3: error: Resource leak: fp [resourceLeak]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tools/power turbostat: Correcci\u00f3n de fuga de puntero de archivo. Actualmente, si un fscanf falla, un retorno anticipado filtra un puntero de archivo abierto. Se soluciona cerrando el archivo antes del retorno. Detectado mediante an\u00e1lisis est\u00e1tico con cppcheck: tools/power/x86/turbostat/turbostat.c:2039:3: error: Fuga de recursos: fp [resourceLeak]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json index 78898a63e23..f311f4c00e3 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50190.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix simplification of devm_spi_register_controller\n\nThis reverts commit 59ebbe40fb51 (\"spi: simplify\ndevm_spi_register_controller\").\n\nIf devm_add_action() fails in devm_add_action_or_reset(),\ndevm_spi_unregister() will be called, it decreases the\nrefcount of 'ctlr->dev' to 0, then it will cause uaf in\nthe drivers that calling spi_put_controller() in error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: Correcci\u00f3n de la simplificaci\u00f3n de devm_spi_register_controller. Esto revierte el commit 59ebbe40fb51 (\"spi: simplificar devm_spi_register_controller\"). Si devm_add_action() falla en devm_add_action_or_reset(), se llamar\u00e1 a devm_spi_unregister(), lo que reduce el recuento de referencias de 'ctlr->dev' a 0 y, en consecuencia, causar\u00e1 un error uaf en los controladores que llaman a spi_put_controller() en la ruta de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json index 509df441bfe..8388fcd8bdd 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50191.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n\nWe should call the of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulator: of: Se corrige el error de p\u00e9rdida de recuento de referencias en of_get_regulation_constraints() Deber\u00edamos llamar a of_node_put() para la referencia devuelta por of_get_child_by_name() que ha aumentado el recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json index c958ae69e41..98842fa76bf 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50192.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra20-slink: fix UAF in tegra_slink_remove()\n\nAfter calling spi_unregister_master(), the refcount of master will\nbe decrease to 0, and it will be freed in spi_controller_release(),\nthe device data also will be freed, so it will lead a UAF when using\n'tspi'. To fix this, get the master before unregister and put it when\nfinish using it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: tegra20-slink: correcci\u00f3n del UAF en tegra_slink_remove(). Tras llamar a spi_unregister_master(), el recuento de referencias del master se reduce a 0 y se libera en spi_controller_release(). Los datos del dispositivo tambi\u00e9n se liberan, por lo que se generar\u00e1 un UAF al usar 'tspi'. Para solucionar esto, obtenga el master antes de anular el registro y col\u00f3quelo al finalizar su uso." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json index 4582ddc924f..03579503ba4 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50193.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: wake up all waiters after z_erofs_lzma_head ready\n\nWhen the user mounts the erofs second times, the decompression thread\nmay hung. The problem happens due to a sequence of steps like the\nfollowing:\n\n1) Task A called z_erofs_load_lzma_config which obtain all of the node\n from the z_erofs_lzma_head.\n\n2) At this time, task B called the z_erofs_lzma_decompress and wanted to\n get a node. But the z_erofs_lzma_head was empty, the Task B had to\n sleep.\n\n3) Task A release nodes and push nodes into the z_erofs_lzma_head. But\n task B was still sleeping.\n\nOne example report when the hung happens:\ntask:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000\nWorkqueue: erofs_unzipd z_erofs_decompressqueue_work\nCall Trace:\n \n __schedule+0x281/0x760\n schedule+0x49/0xb0\n z_erofs_lzma_decompress+0x4bc/0x580\n ? cpu_core_flags+0x10/0x10\n z_erofs_decompress_pcluster+0x49b/0xba0\n ? __update_load_avg_se+0x2b0/0x330\n ? __update_load_avg_se+0x2b0/0x330\n ? update_load_avg+0x5f/0x690\n ? update_load_avg+0x5f/0x690\n ? set_next_entity+0xbd/0x110\n ? _raw_spin_unlock+0xd/0x20\n z_erofs_decompress_queue.isra.0+0x2e/0x50\n z_erofs_decompressqueue_work+0x30/0x60\n process_one_work+0x1d3/0x3a0\n worker_thread+0x45/0x3a0\n ? process_one_work+0x3a0/0x3a0\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: despierta a todos los que esperan despu\u00e9s de que z_erofs_lzma_head est\u00e9 listo Cuando el usuario monta erofs por segunda vez, el hilo de descompresi\u00f3n puede colgarse. El problema ocurre debido a una secuencia de pasos como la siguiente: 1) La tarea A llam\u00f3 a z_erofs_load_lzma_config que obtiene todos los nodos de z_erofs_lzma_head. 2) En este momento, la tarea B llam\u00f3 a z_erofs_lzma_decompress y quiso obtener un nodo. Pero z_erofs_lzma_head estaba vac\u00edo, la tarea B tuvo que dormir. 3) La tarea A libera nodos y los empuja hacia z_erofs_lzma_head. Pero la tarea B segu\u00eda durmiendo. Un ejemplo de informe cuando se produce el bloqueo: tarea:kworker/u3:1 estado:D pila:14384 pid: 86 ppid: 2 indicadores:0x00004000 Cola de trabajo: erofs_unzipd z_erofs_decompressqueue_work Seguimiento de llamadas: __schedule+0x281/0x760 schedule+0x49/0xb0 z_erofs_lzma_decompress+0x4bc/0x580 ? cpu_core_flags+0x10/0x10 z_erofs_decompress_pcluster+0x49b/0xba0 ? __update_load_avg_se+0x2b0/0x330 ? __update_load_avg_se+0x2b0/0x330 ? update_load_avg+0x5f/0x690 ? update_load_avg+0x5f/0x690 ? set_next_entity+0xbd/0x110 ? _raw_spin_unlock+0xd/0x20 z_erofs_decompress_queue.isra.0+0x2e/0x50 z_erofs_decompressqueue_work+0x30/0x60 process_one_work+0x1d3/0x3a0 worker_thread+0x45/0x3a0 ? process_one_work+0x3a0/0x3a0 kthread+0xe2/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json index 0583faa252d..8f647f11f26 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50194.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: aoss: Se corrige la fuga de recuento de referencias en qmp_cooling_devices_register. Cada iteraci\u00f3n de for_each_available_child_of_node() disminuye el recuento de referencias del nodo anterior. Al interrumpir un bucle for_each_available_child_of_node() antes de tiempo, debemos llamar expl\u00edcitamente a of_node_put() en el nodo secundario. A\u00f1ada la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json index e2d32eb4948..6e483501eb1 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50195.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: dts: qcom: replace gcc PXO with pxo_board fixed clock\n\nReplace gcc PXO phandle to pxo_board fixed clock declared in the dts.\ngcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause a\nkernel panic if any driver actually try to use it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: dts: qcom: reemplazar gcc PXO con pxo_board reloj fijo. Reemplazar gcc PXO phandle por pxo_board reloj fijo declarado en el dts. El controlador gcc no proporciona PXO_SRC, ya que es un reloj fijo. Esto provoca un p\u00e1nico del kernel si alg\u00fan controlador intenta usarlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json index 2ad3e445612..6039b5b31e9 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50196.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: ocmem: Fix refcount leak in of_get_ocmem\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() will check NULL pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: ocmem: Se corrige la fuga de recuento de referencias en of_get_ocmem. of_parse_phandle() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias. of_node_put() comprobar\u00e1 el puntero NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json index 03b2a6a9331..2a2dc77e65b 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50197.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: zynq: Fix refcount leak in zynq_get_revision\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: zynq: Se corrige la fuga de recuento de referencias en zynq_get_revision. of_find_compatible_node() devuelve un puntero de nodo con el recuento de referencias incrementado; al finalizar, se debe usar of_node_put(). Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json index 264595f0121..c963dc11ee2 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50198.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: OMAP2+: Se corrige la fuga de recuento de referencias en omap3xxx_prm_late_init. of_find_matching_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json b/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json index bf9c3cf77b6..44617b5d530 100644 --- a/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json +++ b/CVE-2022/CVE-2022-501xx/CVE-2022-50199.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omapdss_init_of\n\nomapdss_find_dss_of_node() calls of_find_compatible_node() to get device\nnode. of_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() in later error path and normal path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: OMAP2+: Se corrige la fuga de recuento de referencias en omapdss_init_of. Omapdss_find_dss_of_node() llama a of_find_compatible_node() para obtener el nodo del dispositivo. of_find_compatible_node() devuelve un puntero de nodo con el recuento de referencias incrementado; al finalizar, se debe usar of_node_put(). Se a\u00f1ade la falta de of_node_put() en la ruta de error posterior y en la ruta normal." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json index 03893f3bd49..7e15e0b2e11 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50200.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: Add boundary check in put_entry()\n\nJust like next_entry(), boundary check is necessary to prevent memory\nout-of-bound access." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: Agregar verificaci\u00f3n de los l\u00edmites en put_entry() Al igual que next_entry(), la verificaci\u00f3n de los l\u00edmites es necesaria para evitar el acceso fuera de los l\u00edmites de la memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json index d04633ddc32..47f371d24e6 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50201.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix memleak in security_read_state_kernel()\n\nIn this function, it directly returns the result of __security_read_policy\nwithout freeing the allocated memory in *data, cause memory leak issue,\nso free the memory if __security_read_policy failed.\n\n[PM: subject line tweak]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: corrige memleak en security_read_state_kernel() En esta funci\u00f3n, devuelve directamente el resultado de __security_read_policy sin liberar la memoria asignada en *data, lo que causa un problema de p\u00e9rdida de memoria, por lo que libera la memoria si __security_read_policy falla. [PM: ajuste de la l\u00ednea de asunto]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json index d1b5ff50468..46483a10c05 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50202.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: defer device probing when resuming from hibernation\n\nsyzbot is reporting hung task at misc_open() [1], for there is a race\nwindow of AB-BA deadlock which involves probe_count variable. Currently\nwait_for_device_probe() from snapshot_open() from misc_open() can sleep\nforever with misc_mtx held if probe_count cannot become 0.\n\nWhen a device is probed by hub_event() work function, probe_count is\nincremented before the probe function starts, and probe_count is\ndecremented after the probe function completed.\n\nThere are three cases that can prevent probe_count from dropping to 0.\n\n (a) A device being probed stopped responding (i.e. broken/malicious\n hardware).\n\n (b) A process emulating a USB device using /dev/raw-gadget interface\n stopped responding for some reason.\n\n (c) New device probe requests keeps coming in before existing device\n probe requests complete.\n\nThe phenomenon syzbot is reporting is (b). A process which is holding\nsystem_transition_mutex and misc_mtx is waiting for probe_count to become\n0 inside wait_for_device_probe(), but the probe function which is called\n from hub_event() work function is waiting for the processes which are\nblocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface.\n\nThis patch mitigates (b) by deferring wait_for_device_probe() from\nsnapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that\nthe possibility of (b) remains as long as any thread which is emulating a\nUSB device via /dev/raw-gadget interface can be blocked by uninterruptible\nblocking operations (e.g. mutex_lock()).\n\nPlease also note that (a) and (c) are not addressed. Regarding (c), we\nshould change the code to wait for only one device which contains the\nimage for resuming from hibernation. I don't know how to address (a), for\nuse of timeout for wait_for_device_probe() might result in loss of user\ndata in the image. Maybe we should require the userland to wait for the\nimage device before opening /dev/snapshot interface." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PM: hibernar: aplazar el sondeo del dispositivo al reanudar desde la hibernaci\u00f3n syzbot informa una tarea colgada en misc_open() [1], ya que hay una ventana de ejecuci\u00f3n de punto muerto AB-BA que involucra a la variable probe_count. Actualmente, wait_for_device_probe() de snapshot_open() de misc_open() puede dormir para siempre con misc_mtx retenido si probe_count no puede llegar a 0. Cuando un dispositivo es sondeado por la funci\u00f3n de trabajo hub_event(), probe_count se incrementa antes de que comience la funci\u00f3n de sondeo y probe_count se decrementa despu\u00e9s de que la funci\u00f3n de sondeo se complete. Hay tres casos que pueden evitar que probe_count caiga a 0. (a) Un dispositivo que se est\u00e1 sondeando dej\u00f3 de responder (es decir, hardware roto/malicioso). (b) Un proceso que emula un dispositivo USB usando la interfaz /dev/raw-gadget dej\u00f3 de responder por alguna raz\u00f3n. (c) Siguen llegando nuevas solicitudes de sondeo de dispositivo antes de que se completen las solicitudes de sondeo de dispositivo existentes. El fen\u00f3meno que syzbot reporta es (b). Un proceso que contiene system_transition_mutex y misc_mtx espera a que probe_count sea 0 dentro de wait_for_device_probe(), pero la funci\u00f3n de sonda, llamada desde la funci\u00f3n de trabajo hub_event(), espera a que los procesos bloqueados en mutex_lock(&misc_mtx) respondan mediante la interfaz /dev/raw-gadget. Este parche mitiga (b) al posponer wait_for_device_probe() de snapshot_open() a snapshot_write() y snapshot_ioctl(). Tenga en cuenta que la posibilidad de (b) persiste mientras cualquier hilo que emule un dispositivo USB mediante la interfaz /dev/raw-gadget pueda ser bloqueado por operaciones de bloqueo ininterrumpido (p. ej., mutex_lock()). Tenga en cuenta tambi\u00e9n que (a) y (c) no se abordan. Respecto a (c), debemos modificar el c\u00f3digo para que espere solo a un dispositivo que contenga la imagen para reanudar la hibernaci\u00f3n. No s\u00e9 c\u00f3mo abordar (a), ya que el uso del tiempo de espera para wait_for_device_probe() podr\u00eda provocar la p\u00e9rdida de datos de usuario en la imagen. Quiz\u00e1s deber\u00edamos exigir que el espacio de usuario espere al dispositivo de imagen antes de abrir la interfaz /dev/snapshot." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json index 9aa5894bd25..1217c6d14c0 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50203.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: display: Fix refcount leak bug\n\nIn omapdss_init_fbdev(), of_find_node_by_name() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: OMAP2+: display: Se corrige el error de fuga de refcount. En omapdss_init_fbdev(), of_find_node_by_name() devolver\u00e1 un puntero de nodo con refcount incrementado. Deber\u00edamos usar of_node_put() cuando ya no se use." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json index d6b97a29da9..3f9c3aef84b 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50204.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: pdata-quirks: Fix refcount leak bug\n\nIn pdata_quirks_init_clocks(), the loop contains\nof_find_node_by_name() but without corresponding of_node_put()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: OMAP2+: pdata-quirks: Corregir error de p\u00e9rdida de recuento de referencias En pdata_quirks_init_clocks(), el bucle contiene of_find_node_by_name() pero sin el of_node_put() correspondiente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json index d0bdfca10b1..41992776319 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50205.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next2: Add more validity checks for inode counts\n\nAdd checks verifying number of inodes stored in the superblock matches\nthe number computed from number of inodes per group. Also verify we have\nat least one block worth of inodes per group. This prevents crashes on\ncorrupted filesystems." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext2: Se han a\u00f1adido m\u00e1s comprobaciones de validez para el recuento de inodos. Se han a\u00f1adido comprobaciones que verifican que el n\u00famero de inodos almacenados en el superbloque coincida con el calculado a partir del n\u00famero de inodos por grupo. Tambi\u00e9n se ha verificado que tengamos al menos un bloque de inodos por grupo. Esto evita fallos en sistemas de archivos da\u00f1ados." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json index 8184193485a..fc162e0878f 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50206.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: fix oops in concurrently setting insn_emulation sysctls\n\nemulation_proc_handler() changes table->data for proc_dointvec_minmax\nand can generate the following Oops if called concurrently with itself:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n | Internal error: Oops: 96000006 [#1] SMP\n | Call trace:\n | update_insn_emulation_mode+0xc0/0x148\n | emulation_proc_handler+0x64/0xb8\n | proc_sys_call_handler+0x9c/0xf8\n | proc_sys_write+0x18/0x20\n | __vfs_write+0x20/0x48\n | vfs_write+0xe4/0x1d0\n | ksys_write+0x70/0xf8\n | __arm64_sys_write+0x20/0x28\n | el0_svc_common.constprop.0+0x7c/0x1c0\n | el0_svc_handler+0x2c/0xa0\n | el0_svc+0x8/0x200\n\nTo fix this issue, keep the table->data as &insn->current_mode and\nuse container_of() to retrieve the insn pointer. Another mutex is\nused to protect against the current_mode update but not for retrieving\ninsn_emulation as table->data is no longer changing." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: se corrige el error al configurar simult\u00e1neamente sysctls emulation_proc_handler() de insn_emulation y cambia table->data para proc_dointvec_minmax, que puede generar el siguiente error si se llama simult\u00e1neamente consigo mismo: | No se puede controlar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000010 | Error interno: Oops: 96000006 [#1] SMP | Rastreo de llamadas: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handler+0x9c/0xf8 | proc_sys_write+0x18/0x20 | __vfs_write+0x20/0x48 | Para solucionar este problema, mantenga la tabla->data como &insn->current_mode y use container_of() para recuperar el puntero insn. Se usa otro mutex para proteger contra la actualizaci\u00f3n de current_mode, pero no para recuperar la emulaci\u00f3n insn, ya que la tabla->data ya no cambia." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json index 8b9218cc771..4e9660ce688 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50207.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: bcm: Fix refcount leak in bcm_kona_smc_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: bcm: Se corrige la fuga de recuento de referencias en bcm_kona_smc_init. of_find_matching_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json index a6465450354..baa6076a920 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50208.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: amlogic: Fix refcount leak in meson-secure-pwrc.c\n\nIn meson_secure_pwrc_probe(), there is a refcount leak in one fail\npath." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: amlogic: Se corrige una p\u00e9rdida de recuento de referencias en meson-secure-pwrc.c En meson_secure_pwrc_probe(), hay una p\u00e9rdida de recuento de referencias en una ruta de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json index 487e6e7e312..49a0b6a5640 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50209.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmeson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: meson-mx-socinfo: Se corrige la fuga de recuento de referencias en meson_mx_socinfo_init. of_find_matching_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Debemos usar of_node_put() cuando ya no sea necesario. Se ha a\u00f1adido la funci\u00f3n of_node_put() que falta para evitar la fuga de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json index 2a525abf014..b0f66855f27 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50210.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<980000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: MIPS: cpuinfo: Se corrige una advertencia para CONFIG_CPUMASK_OFFSTACK. Al seleccionar CONFIG_CPUMASK_OFFSTACK y CONFIG_DEBUG_PER_CPU_MAPS, cpu_max_bits_warn() genera una advertencia de tiempo de ejecuci\u00f3n similar a la que se muestra a continuaci\u00f3n mientras se muestra /proc/cpuinfo. Se corrige usando nr_cpu_ids (el l\u00edmite de tiempo de ejecuci\u00f3n) en lugar de NR_CPUS para iterar las CPU. [ 3.052463] ------------[ cortar aqu\u00ed ]------------ [ 3.059679] ADVERTENCIA: CPU: 3 PID: 1 en include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] M\u00f3dulos vinculados: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd No contaminado 5.19-rc5+ #1052 [ 3.084034] Nombre del hardware: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [3.099465] Pila: 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [3.118774] 90000001001578e8 000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 000000000000000 0000000000000000 000000000000000 00000000000000 00000000000aaaaaa [ 3.147711] ffff8000339dc220 000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Rastreo de llamadas: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ fin de seguimiento 8b484262b4b8c24c ]---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json index bf65bbd4888..e47fac7cb34 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50211.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd-raid10: fix KASAN warning\n\nThere's a KASAN warning in raid10_remove_disk when running the lvm\ntest lvconvert-raid-reshape.sh. We fix this warning by verifying that the\nvalue \"number\" is valid.\n\nBUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10]\nRead of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682\n\nCPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x34/0x44\n print_report.cold+0x45/0x57a\n ? __lock_text_start+0x18/0x18\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n kasan_report+0xa8/0xe0\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n raid10_remove_disk+0x61/0x2a0 [raid10]\nBuffer I/O error on dev dm-76, logical block 15344, async page read\n ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0\n remove_and_add_spares+0x367/0x8a0 [md_mod]\n ? super_written+0x1c0/0x1c0 [md_mod]\n ? mutex_trylock+0xac/0x120\n ? _raw_spin_lock+0x72/0xc0\n ? _raw_spin_lock_bh+0xc0/0xc0\n md_check_recovery+0x848/0x960 [md_mod]\n raid10d+0xcf/0x3360 [raid10]\n ? sched_clock_cpu+0x185/0x1a0\n ? rb_erase+0x4d4/0x620\n ? var_wake_function+0xe0/0xe0\n ? psi_group_change+0x411/0x500\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? raid10_sync_request+0x36c0/0x36c0 [raid10]\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_unlock_irqrestore+0x19/0x40\n ? del_timer_sync+0xa9/0x100\n ? try_to_del_timer_sync+0xc0/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? _raw_spin_unlock_irq+0x11/0x24\n ? __list_del_entry_valid+0x68/0xa0\n ? finish_wait+0xa3/0x100\n md_thread+0x161/0x260 [md_mod]\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? prepare_to_wait_event+0x2c0/0x2c0\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n kthread+0x148/0x180\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \n\nAllocated by task 124495:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x80/0xa0\n setup_conf+0x140/0x5c0 [raid10]\n raid10_run+0x4cd/0x740 [raid10]\n md_run+0x6f9/0x1300 [md_mod]\n raid_ctr+0x2531/0x4ac0 [dm_raid]\n dm_table_add_target+0x2b0/0x620 [dm_mod]\n table_load+0x1c8/0x400 [dm_mod]\n ctl_ioctl+0x29e/0x560 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]\n __do_compat_sys_ioctl+0xfa/0x160\n do_syscall_64+0x90/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\nL __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\n __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe buggy address belongs to the object at ffff889108f3d200\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 0 bytes to the right of\n 256-byte region [ffff889108f3d200, ffff889108f3d300)\n\nThe buggy address belongs to the physical page:\npage:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c\nhead:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0\nflags: 0x4000000000010200(slab|head|zone=2)\nraw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40\nraw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff889108f3d280: 00 00\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md-raid10: correcci\u00f3n de la advertencia de KASAN. Hay una advertencia de KASAN en raid10_remove_disk al ejecutar la prueba lvm lvconvert-raid-reshape.sh. Para corregir esta advertencia, verificamos que el valor \"number\" sea v\u00e1lido. ERROR: KASAN: slab fuera de los l\u00edmites en raid10_remove_disk+0x61/0x2a0 [raid10] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff889108f3d300 por la tarea mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 No contaminado 5.19.0-rc6 #1 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 01/04/2014 Seguimiento de llamadas: dump_stack_lvl+0x34/0x44 print_report.cold+0x45/0x57a ? __lock_text_start+0x18/0x18 ? raid10_remove_disk+0x61/0x2a0 [raid10] kasan_report+0xa8/0xe0 ? raid10_remove_disk+0x61/0x2a0 [raid10] raid10_remove_disk+0x61/0x2a0 [raid10] Buffer I/O error on dev dm-76, logical block 15344, async page read ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0 remove_and_add_spares+0x367/0x8a0 [md_mod] ? super_written+0x1c0/0x1c0 [md_mod] ? mutex_trylock+0xac/0x120 ? _raw_spin_lock+0x72/0xc0 ? _raw_spin_lock_bh+0xc0/0xc0 md_check_recovery+0x848/0x960 [md_mod] raid10d+0xcf/0x3360 [raid10] ? sched_clock_cpu+0x185/0x1a0 ? rb_erase+0x4d4/0x620 ? var_wake_function+0xe0/0xe0 ? psi_group_change+0x411/0x500 ? preempt_count_sub+0xf/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? raid10_sync_request+0x36c0/0x36c0 [raid10] ? preempt_count_sub+0xf/0xc0 ? _raw_spin_unlock_irqrestore+0x19/0x40 ? del_timer_sync+0xa9/0x100 ? try_to_del_timer_sync+0xc0/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? _raw_spin_unlock_irq+0x11/0x24 ? __list_del_entry_valid+0x68/0xa0 ? finish_wait+0xa3/0x100 md_thread+0x161/0x260 [md_mod] ? unregister_md_personality+0xa0/0xa0 [md_mod] ? _raw_spin_lock_irqsave+0x78/0xc0 ? prepare_to_wait_event+0x2c0/0x2c0 ? unregister_md_personality+0xa0/0xa0 [md_mod] kthread+0x148/0x180 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 Allocated by task 124495: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x80/0xa0 setup_conf+0x140/0x5c0 [raid10] raid10_run+0x4cd/0x740 [raid10] md_run+0x6f9/0x1300 [md_mod] raid_ctr+0x2531/0x4ac0 [dm_raid] dm_table_add_target+0x2b0/0x620 [dm_mod] table_load+0x1c8/0x400 [dm_mod] ctl_ioctl+0x29e/0x560 [dm_mod] dm_compat_ctl_ioctl+0x7/0x20 [dm_mod] __do_compat_sys_ioctl+0xfa/0x160 do_syscall_64+0x90/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 L __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff889108f3d200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 0 bytes to the right of 256-byte region [ffff889108f3d200, ffff889108f3d300) The buggy address belongs to the physical page: page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=2) raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff889108f3d280: 00 00 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json index 1df59739d39..9d495c05180 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50212.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow CHAIN_ID to refer to another table\n\nWhen doing lookups for chains on the same batch by using its ID, a chain\nfrom a different table can be used. If a rule is added to a table but\nrefers to a chain in a different table, it will be linked to the chain in\ntable2, but would have expressions referring to objects in table1.\n\nThen, when table1 is removed, the rule will not be removed as its linked to\na chain in table2. When expressions in the rule are processed or removed,\nthat will lead to a use-after-free.\n\nWhen looking for chains by ID, use the table that was used for the lookup\nby name, and only return chains belonging to that same table." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no permitir que CHAIN_ID haga referencia a otra tabla Al realizar b\u00fasquedas de cadenas en el mismo lote usando su ID, se puede usar una cadena de una tabla diferente. Si se agrega una regla a una tabla pero hace referencia a una cadena en una tabla diferente, se vincular\u00e1 a la cadena en la tabla2, pero tendr\u00eda expresiones que hacen referencia a objetos en la tabla1. Luego, cuando se elimina la tabla1, la regla no se eliminar\u00e1 ya que est\u00e1 vinculada a una cadena en la tabla2. Cuando se procesan o eliminan expresiones en la regla, eso conducir\u00e1 a un Use-After-Free. Al buscar cadenas por ID, use la tabla que se us\u00f3 para la b\u00fasqueda por nombre y solo devuelva las cadenas que pertenecen a esa misma tabla." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json index 7140fb737fa..e8798905393 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50213.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow SET_ID to refer to another table\n\nWhen doing lookups for sets on the same batch by using its ID, a set from a\ndifferent table can be used.\n\nThen, when the table is removed, a reference to the set may be kept after\nthe set is freed, leading to a potential use-after-free.\n\nWhen looking for sets by ID, use the table that was used for the lookup by\nname, and only return sets belonging to that same table.\n\nThis fixes CVE-2022-2586, also reported as ZDI-CAN-17470." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no permitir que SET_ID haga referencia a otra tabla. Al buscar conjuntos en el mismo lote usando su ID, se puede usar un conjunto de una tabla diferente. Al eliminar la tabla, es posible que se conserve una referencia al conjunto despu\u00e9s de liberarlo, lo que puede provocar un error de Use-After-Free. Al buscar conjuntos por ID, se debe usar la tabla utilizada para la b\u00fasqueda por nombre y devolver solo los conjuntos que pertenecen a esa misma tabla. Esto corrige CVE-2022-2586, tambi\u00e9n reportado como ZDI-CAN-17470." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json index 0efb61ce272..61a2c726897 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50214.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: Clear the connection field properly\n\ncoresight devices track their connections (output connections) and\nhold a reference to the fwnode. When a device goes away, we walk through\nthe devices on the coresight bus and make sure that the references\nare dropped. This happens both ways:\n a) For all output connections from the device, drop the reference to\n the target device via coresight_release_platform_data()\n\nb) Iterate over all the devices on the coresight bus and drop the\n reference to fwnode if *this* device is the target of the output\n connection, via coresight_remove_conns()->coresight_remove_match().\n\nHowever, the coresight_remove_match() doesn't clear the fwnode field,\nafter dropping the reference, this causes use-after-free and\nadditional refcount drops on the fwnode.\n\ne.g., if we have two devices, A and B, with a connection, A -> B.\nIf we remove B first, B would clear the reference on B, from A\nvia coresight_remove_match(). But when A is removed, it still has\na connection with fwnode still pointing to B. Thus it tries to drops\nthe reference in coresight_release_platform_data(), raising the bells\nlike :\n\n[ 91.990153] ------------[ cut here ]------------\n[ 91.990163] refcount_t: addition on 0; use-after-free.\n[ 91.990212] WARNING: CPU: 0 PID: 461 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144\n[ 91.990260] Modules linked in: coresight_funnel coresight_replicator coresight_etm4x(-)\n crct10dif_ce coresight ip_tables x_tables ipv6 [last unloaded: coresight_cpu_debug]\n[ 91.990398] CPU: 0 PID: 461 Comm: rmmod Tainted: G W T 5.19.0-rc2+ #53\n[ 91.990418] Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Feb 1 2019\n[ 91.990434] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 91.990454] pc : refcount_warn_saturate+0xa0/0x144\n[ 91.990476] lr : refcount_warn_saturate+0xa0/0x144\n[ 91.990496] sp : ffff80000c843640\n[ 91.990509] x29: ffff80000c843640 x28: ffff800009957c28 x27: ffff80000c8439a8\n[ 91.990560] x26: ffff00097eff1990 x25: ffff8000092b6ad8 x24: ffff00097eff19a8\n[ 91.990610] x23: ffff80000c8439a8 x22: 0000000000000000 x21: ffff80000c8439c2\n[ 91.990659] x20: 0000000000000000 x19: ffff00097eff1a10 x18: ffff80000ab99c40\n[ 91.990708] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80000abf6fa0\n[ 91.990756] x14: 000000000000001d x13: 0a2e656572662d72 x12: 657466612d657375\n[ 91.990805] x11: 203b30206e6f206e x10: 6f69746964646120 x9 : ffff8000081aba28\n[ 91.990854] x8 : 206e6f206e6f6974 x7 : 69646461203a745f x6 : 746e756f63666572\n[ 91.990903] x5 : ffff00097648ec58 x4 : 0000000000000000 x3 : 0000000000000027\n[ 91.990952] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00080260ba00\n[ 91.991000] Call trace:\n[ 91.991012] refcount_warn_saturate+0xa0/0x144\n[ 91.991034] kobject_get+0xac/0xb0\n[ 91.991055] of_node_get+0x2c/0x40\n[ 91.991076] of_fwnode_get+0x40/0x60\n[ 91.991094] fwnode_handle_get+0x3c/0x60\n[ 91.991116] fwnode_get_nth_parent+0xf4/0x110\n[ 91.991137] fwnode_full_name_string+0x48/0xc0\n[ 91.991158] device_node_string+0x41c/0x530\n[ 91.991178] pointer+0x320/0x3ec\n[ 91.991198] vsnprintf+0x23c/0x750\n[ 91.991217] vprintk_store+0x104/0x4b0\n[ 91.991238] vprintk_emit+0x8c/0x360\n[ 91.991257] vprintk_default+0x44/0x50\n[ 91.991276] vprintk+0xcc/0xf0\n[ 91.991295] _printk+0x68/0x90\n[ 91.991315] of_node_release+0x13c/0x14c\n[ 91.991334] kobject_put+0x98/0x114\n[ 91.991354] of_node_put+0x24/0x34\n[ 91.991372] of_fwnode_put+0x40/0x5c\n[ 91.991390] fwnode_handle_put+0x38/0x50\n[ 91.991411] coresight_release_platform_data+0x74/0xb0 [coresight]\n[ 91.991472] coresight_unregister+0x64/0xcc [coresight]\n[ 91.991525] etm4_remove_dev+0x64/0x78 [coresight_etm4x]\n[ 91.991563] etm4_remove_amba+0x1c/0x2c [coresight_etm4x]\n[ 91.991598] amba_remove+0x3c/0x19c\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: Borrar el campo de conexi\u00f3n correctamente los dispositivos coresight rastrean sus conexiones (conexiones de salida) y mantienen una referencia al fwnode. Cuando un dispositivo desaparece, recorremos los dispositivos en el bus coresight y nos aseguramos de que se eliminen las referencias. Esto sucede en ambos sentidos: a) Para todas las conexiones de salida desde el dispositivo, eliminamos la referencia al dispositivo de destino mediante coresight_release_platform_data() b) Iteramos sobre todos los dispositivos en el bus coresight y eliminamos la referencia a fwnode si *este* dispositivo es el destino de la conexi\u00f3n de salida, mediante coresight_remove_conns()->coresight_remove_match(). Sin embargo, coresight_remove_match() no borra el campo fwnode, despu\u00e9s de eliminar la referencia, esto causa Use-After-Free y disminuciones adicionales de refcount en el fwnode. Por ejemplo, si tenemos dos dispositivos, A y B, conectados, A -> B. Si eliminamos B primero, B eliminar\u00eda la referencia en B desde A mediante coresight_remove_match(). Sin embargo, al eliminar A, a\u00fan mantiene una conexi\u00f3n con fwnode apuntando a B. Por lo tanto, intenta eliminar la referencia en coresight_release_platform_data(), lo que genera alertas como: [ 91.990153 ------------[ cortar aqu\u00ed ]------------ [ 91.990163 ] refcount_t: adici\u00f3n en 0; Use-After-Free. [ 91.990212] ADVERTENCIA: CPU: 0 PID: 461 en lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144 [ 91.990260] M\u00f3dulos vinculados: coresight_funnel coresight_replicator coresight_etm4x(-) crct10dif_ce coresight ip_tables x_tables ipv6 [\u00faltima descarga: coresight_cpu_debug] [ 91.990398] CPU: 0 PID: 461 Comm: rmmod Contaminado: GWT 5.19.0-rc2+ #53 [ 91.990418] Nombre del hardware: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II 1 de febrero de 2019 [ 91.990434] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 91.990454] pc : refcount_warn_saturate+0xa0/0x144 [ 91.990476] lr : refcount_warn_saturate+0xa0/0x144 [ 91.990496] sp : ffff80000c843640 [ 91.990509] x29: ffff80000c843640 x28: ffff800009957c28 x27: ffff80000c8439a8 [ 91.990560] x26: ffff00097eff1990 x25: ffff8000092b6ad8 x24: ffff00097eff19a8 [91.990610] x23: ffff80000c8439a8 x22: 0000000000000000 x21: ffff80000c8439c2 [91.990659] x20: 0000000000000000 x19: ffff00097eff1a10 x18: ffff80000ab99c40 [91.990708] x17: 000000000000000 x16: 0000000000000000 x15: ffff80000abf6fa0 [ 91.990756] x14: 000000000000001d x13: 0a2e656572662d72 x12: 657466612d657375 [ 91.990805] x11: 203b30206e6f206e x10: 6f69746964646120 x9: ffff8000081aba28 [91.990854] x8: 206e6f206e6f6974 x7: 69646461203a745f x6: 746e756f63666572 [91.990903] x5: ffff00097648ec58 x4: 0000000000000000 x3: 0000000000000027 [91.990952] x2: 0000000000000000 x1: 0000000000000000 x0: ffff00080260ba00 [91.991000] Rastreo de llamadas: [ 91.991012] refcount_warn_saturate+0xa0/0x144 [ 91.991034] kobject_get+0xac/0xb0 [ 91.991055] of_node_get+0x2c/0x40 [ 91.991076] of_fwnode_get+0x40/0x60 [ 91.991094] fwnode_handle_get+0x3c/0x60 [ 91.991116] fwnode_get_nth_parent+0xf4/0x110 [ 91.991137] fwnode_full_name_string+0x48/0xc0 [ 91.991158] device_node_string+0x41c/0x530 [ 91.991178] pointer+0x320/0x3ec [ 91.991198] vsnprintf+0x23c/0x750 [ 91.991217] vprintk_store+0x104/0x4b0 [ 91.991238] vprintk_emit+0x8c/0x360 [ 91.991257] vprintk_default+0x44/0x50 [ 91.991276] vprintk+0xcc/0xf0 [ 91.991295] _printk+0x68/0x90 [ 91.991315] of_node_release+0x13c/0x14c [ 91.991334] kobject_put+0x98/0x114 [ 91.991354] of_node_put+0x24/0x34 [ 91.991372] of_fwnode_put+0x40/0x5c [ 91.991390] fwnode_handle_put+0x38/0x50 [ 91.991411] coresight_release_platform_data+0x74/0xb0 [coresight] [ 91.991472] coresight_unregister+0x64/0xcc [coresight] [ 91.991525] etm4_remove_dev+0x64/0x78 [coresight_etm4x] [ 91.991563] etm4_remove_amba+0x1c/0x2c [coresight_etm4x] [ 91.991598] amba_remove+0x3c/0x19c ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json index 5049049a075..f2474cca521 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50215.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Allow waiting for commands to complete on removed device\n\nWhen a SCSI device is removed while in active use, currently sg will\nimmediately return -ENODEV on any attempt to wait for active commands that\nwere sent before the removal. This is problematic for commands that use\nSG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel\nwhen userspace frees or reuses it after getting ENODEV, leading to\ncorrupted userspace memory (in the case of READ-type commands) or corrupted\ndata being sent to the device (in the case of WRITE-type commands). This\nhas been seen in practice when logging out of a iscsi_tcp session, where\nthe iSCSI driver may still be processing commands after the device has been\nmarked for removal.\n\nChange the policy to allow userspace to wait for active sg commands even\nwhen the device is being removed. Return -ENODEV only when there are no\nmore responses to read." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: sg: Permitir esperar a que se completen los comandos en el dispositivo eliminado Cuando se elimina un dispositivo SCSI mientras est\u00e1 en uso activo, actualmente sg devolver\u00e1 inmediatamente -ENODEV en cualquier intento de esperar los comandos activos que se enviaron antes de la eliminaci\u00f3n. Esto es problem\u00e1tico para los comandos que usan SG_FLAG_DIRECT_IO ya que el b\u00fafer de datos puede seguir en uso por el kernel cuando el espacio de usuario lo libera o lo reutiliza despu\u00e9s de obtener ENODEV, lo que lleva a la memoria del espacio de usuario da\u00f1ada (en el caso de comandos de tipo READ) o al env\u00edo de datos da\u00f1ados al dispositivo (en el caso de comandos de tipo WRITE). Esto se ha visto en la pr\u00e1ctica al cerrar sesi\u00f3n en una sesi\u00f3n iscsi_tcp, donde el controlador iSCSI puede seguir procesando comandos despu\u00e9s de que el dispositivo se haya marcado para su eliminaci\u00f3n. Cambie la pol\u00edtica para permitir que el espacio de usuario espere comandos sg activos incluso cuando se est\u00e9 eliminando el dispositivo. Devuelva -ENODEV solo cuando no haya m\u00e1s respuestas para leer." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json index f9339da5c80..9a748171a08 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50217.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: write inode in fuse_release()\n\nA race between write(2) and close(2) allows pages to be dirtied after\nfuse_flush -> write_inode_now(). If these pages are not flushed from\nfuse_release(), then there might not be a writable open file later. So any\nremaining dirty pages must be written back before the file is released.\n\nThis is a partial revert of the blamed commit." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fuse: escritura de inodo en fuse_release(). Una competencia entre write(2) y close(2) permite que las p\u00e1ginas se ensucien despu\u00e9s de fuse_flush -> write_inode_now(). Si estas p\u00e1ginas no se vac\u00edan desde fuse_release(), es posible que no haya ning\u00fan archivo abierto con permisos de escritura posteriormente. Por lo tanto, cualquier p\u00e1gina sucia restante debe reescribirse antes de liberar el archivo. Esta es una reversi\u00f3n parcial de el commit responsable." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json index 19378380cd4..c3c00997f8c 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50218.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: isl29028: Fix the warning in isl29028_remove()\n\nThe driver use the non-managed form of the register function in\nisl29028_remove(). To keep the release order as mirroring the ordering\nin probe, the driver should use non-managed form in probe, too.\n\nThe following log reveals it:\n\n[ 32.374955] isl29028 0-0010: remove\n[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0\n[ 32.385461] Call Trace:\n[ 32.385807] sysfs_unmerge_group+0x59/0x110\n[ 32.386110] dpm_sysfs_remove+0x58/0xc0\n[ 32.386391] device_del+0x296/0xe50\n[ 32.386959] cdev_device_del+0x1d/0xd0\n[ 32.387231] devm_iio_device_unreg+0x27/0xb0\n[ 32.387542] devres_release_group+0x319/0x3d0\n[ 32.388162] i2c_device_remove+0x93/0x1f0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: light: isl29028: Se corrige la advertencia en isl29028_remove(). El controlador utiliza la forma no administrada de la funci\u00f3n de registro en isl29028_remove(). Para que el orden de lanzamiento sea similar al de la sonda, el controlador tambi\u00e9n debe usar la forma no administrada en la sonda. El siguiente registro lo revela: [32.374955] isl29028 0-0010: eliminar [32.376861] fallo de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI [ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0 [ 32.385461] Call Trace: [ 32.385807] sysfs_unmerge_group+0x59/0x110 [ 32.386110] dpm_sysfs_remove+0x58/0xc0 [ 32.386391] device_del+0x296/0xe50 [ 32.386959] cdev_device_del+0x1d/0xd0 [ 32.387231] devm_iio_device_unreg+0x27/0xb0 [ 32.387542] devres_release_group+0x319/0x3d0 [ 32.388162] i2c_device_remove+0x93/0x1f0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json index 33cefae8204..fe713f66327 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50219.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix KASAN use-after-free Read in compute_effective_progs\n\nSyzbot found a Use After Free bug in compute_effective_progs().\nThe reproducer creates a number of BPF links, and causes a fault\ninjected alloc to fail, while calling bpf_link_detach on them.\nLink detach triggers the link to be freed by bpf_link_free(),\nwhich calls __cgroup_bpf_detach() and update_effective_progs().\nIf the memory allocation in this function fails, the function restores\nthe pointer to the bpf_cgroup_link on the cgroup list, but the memory\ngets freed just after it returns. After this, every subsequent call to\nupdate_effective_progs() causes this already deallocated pointer to be\ndereferenced in prog_list_length(), and triggers KASAN UAF error.\n\nTo fix this issue don't preserve the pointer to the prog or link in the\nlist, but remove it and replace it with a dummy prog without shrinking\nthe table. The subsequent call to __cgroup_bpf_detach() or\n__cgroup_bpf_detach() will correct it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Correcci\u00f3n de la lectura de Use-After-Free de KASAN en compute_effective_progs Syzbot encontr\u00f3 un error de Use-After-Free en compute_effective_progs(). El reproductor crea varios enlaces BPF y provoca que falle una asignaci\u00f3n inyectada por error, al llamar a bpf_link_detach en ellos. La separaci\u00f3n del enlace activa la liberaci\u00f3n del enlace por bpf_link_free(), que llama a __cgroup_bpf_detach() y update_effective_progs(). Si la asignaci\u00f3n de memoria en esta funci\u00f3n falla, la funci\u00f3n restaura el puntero a bpf_cgroup_link en la lista cgroup, pero la memoria se libera justo despu\u00e9s de que regrese. Despu\u00e9s de esto, cada llamada posterior a update_effective_progs() hace que este puntero ya desasignado se desreferencia en prog_list_length() y activa el error UAF de KASAN. Para solucionar este problema, no conserve el puntero al programa ni al enlace en la lista, sino elim\u00ednelo y reempl\u00e1celo con un programa ficticio sin reducir la tabla. La llamada posterior a __cgroup_bpf_detach() o __cgroup_bpf_detach() lo corregir\u00e1. " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json index 67c3c3dbb0e..5eb3b2f06f5 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50220.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Fix linkwatch use-after-free on disconnect\n\nusbnet uses the work usbnet_deferred_kevent() to perform tasks which may\nsleep. On disconnect, completion of the work was originally awaited in\n->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic\ncommit \"[PATCH] USB: usbnet, prevent exotic rtnl deadlock\":\n\n https://git.kernel.org/tglx/history/c/0f138bbfd83c\n\nThe change was made because back then, the kernel's workqueue\nimplementation did not allow waiting for a single work. One had to wait\nfor completion of *all* work by calling flush_scheduled_work(), and that\ncould deadlock when waiting for usbnet_deferred_kevent() with rtnl_mutex\nheld in ->ndo_stop().\n\nThe commit solved one problem but created another: It causes a\nuse-after-free in USB Ethernet drivers aqc111.c, asix_devices.c,\nax88179_178a.c, ch9200.c and smsc75xx.c:\n\n* If the drivers receive a link change interrupt immediately before\n disconnect, they raise EVENT_LINK_RESET in their (non-sleepable)\n ->status() callback and schedule usbnet_deferred_kevent().\n* usbnet_deferred_kevent() invokes the driver's ->link_reset() callback,\n which calls netif_carrier_{on,off}().\n* That in turn schedules the work linkwatch_event().\n\nBecause usbnet_deferred_kevent() is awaited after unregister_netdev(),\nnetif_carrier_{on,off}() may operate on an unregistered netdev and\nlinkwatch_event() may run after free_netdev(), causing a use-after-free.\n\nIn 2010, usbnet was changed to only wait for a single instance of\nusbnet_deferred_kevent() instead of *all* work by commit 23f333a2bfaf\n(\"drivers/net: don't use flush_scheduled_work()\").\n\nUnfortunately the commit neglected to move the wait back to\n->ndo_stop(). Rectify that omission at long last." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: Se corrige el Use-After-Free de linkwatch al desconectar. usbnet usa la funci\u00f3n usbnet_deferred_kevent() para ejecutar tareas que podr\u00edan estar en estado de suspensi\u00f3n. Al desconectar, la finalizaci\u00f3n de la tarea se esperaba originalmente en ->ndo_stop(). Sin embargo, en 2003, esto se traslad\u00f3 a ->disconnect() mediante el commit hist\u00f3rica \"[PATCH] USB: usbnet, previene el bloqueo rtnl ex\u00f3tico\": https://git.kernel.org/tglx/history/c/0f138bbfd83c. Este cambio se realiz\u00f3 porque, en aquel entonces, la implementaci\u00f3n de la cola de trabajo del kernel no permit\u00eda esperar una sola tarea. Se deb\u00eda esperar la finalizaci\u00f3n de *todas* las tareas llamando a flush_scheduled_work(), lo que pod\u00eda provocar un bloqueo al esperar usbnet_deferred_kevent() con rtnl_mutex en ->ndo_stop(). El commit resolvi\u00f3 un problema pero cre\u00f3 otro: Provoca un uso despu\u00e9s de la liberaci\u00f3n en los controladores Ethernet USB aqc111.c, asix_devices.c, ax88179_178a.c, ch9200.c y smsc75xx.c: * Si los controladores reciben una interrupci\u00f3n de cambio de enlace inmediatamente antes de la desconexi\u00f3n, generan EVENT_LINK_RESET en su devoluci\u00f3n de llamada ->status() (no inactiva) y programan usbnet_deferred_kevent(). * usbnet_deferred_kevent() invoca la devoluci\u00f3n de llamada ->link_reset() del controlador, que llama a netif_carrier_{on,off}(). * Eso a su vez programa el trabajo linkwatch_event(). Dado que usbnet_deferred_kevent() se espera despu\u00e9s de unregister_netdev(), netif_carrier_{on,off}() puede operar en un netdev no registrado y linkwatch_event() puede ejecutarse despu\u00e9s de free_netdev(), lo que provoca un error de uso despu\u00e9s de la liberaci\u00f3n. En 2010, se modific\u00f3 la configuraci\u00f3n de usbnet para que solo esperara una instancia de usbnet_deferred_kevent() en lugar de *todo* el trabajo mediante el commit 23f333a2bfaf (\"drivers/net: no usar flush_scheduled_work()\"). Lamentablemente, el commit no retras\u00f3 la espera a ->ndo_stop(). Se corrigi\u00f3 esta omisi\u00f3n de una vez." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json index 9395f3a81d5..13684ec1625 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50221.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fb-helper: Fix out-of-bounds access\n\nClip memory range to screen-buffer size to avoid out-of-bounds access\nin fbdev deferred I/O's damage handling.\n\nFbdev's deferred I/O can only track pages. From the range of pages, the\ndamage handler computes the clipping rectangle for the display update.\nIf the fbdev screen buffer ends near the beginning of a page, that page\ncould contain more scanlines. The damage handler would then track these\nnon-existing scanlines as dirty and provoke an out-of-bounds access\nduring the screen update. Hence, clip the maximum memory range to the\nsize of the screen buffer.\n\nWhile at it, rename the variables min/max to min_off/max_off in\ndrm_fb_helper_deferred_io(). This avoids confusion with the macros of\nthe same name." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/fb-helper: Arregla el acceso fuera de los l\u00edmites Recorta el rango de memoria al tama\u00f1o del b\u00fafer de pantalla para evitar el acceso fuera de los l\u00edmites en el manejo de da\u00f1os de E/S diferidas de fbdev. La E/S diferida de fbdev solo puede rastrear p\u00e1ginas. A partir del rango de p\u00e1ginas, el controlador de da\u00f1os calcula el rect\u00e1ngulo de recorte para la actualizaci\u00f3n de la pantalla. Si el b\u00fafer de pantalla de fbdev termina cerca del principio de una p\u00e1gina, esa p\u00e1gina podr\u00eda contener m\u00e1s l\u00edneas de exploraci\u00f3n. El controlador de da\u00f1os rastrear\u00eda entonces estas l\u00edneas de exploraci\u00f3n inexistentes como sucias y provocar\u00eda un acceso fuera de los l\u00edmites durante la actualizaci\u00f3n de la pantalla. Por lo tanto, recorta el rango m\u00e1ximo de memoria al tama\u00f1o del b\u00fafer de pantalla. Mientras lo haces, cambia el nombre de las variables min/max a min_off/max_off en drm_fb_helper_deferred_io(). Esto evita confusiones con las macros del mismo nombre." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json index 19f5c11ac71..cb4fb879ed2 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50222.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vt: initialize unicode screen buffer\n\nsyzbot reports kernel infoleak at vcs_read() [1], for buffer can be read\nimmediately after resize operation. Initialize buffer using kzalloc().\n\n ----------\n #include \n #include \n #include \n #include \n\n int main(int argc, char *argv[])\n {\n struct fb_var_screeninfo var = { };\n const int fb_fd = open(\"/dev/fb0\", 3);\n ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);\n var.yres = 0x21;\n ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);\n return read(open(\"/dev/vcsu\", O_RDONLY), &var, sizeof(var)) == -1;\n }\n ----------" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vt: al inicializar el b\u00fafer de pantalla Unicode, syzbot reporta una fuga de informaci\u00f3n del kernel en vcs_read() [1], ya que el b\u00fafer se puede leer inmediatamente despu\u00e9s de la operaci\u00f3n de cambio de tama\u00f1o. Inicialice el b\u00fafer con kzalloc(). ---------- #include #include #include #include int main(int argc, char *argv[]) { struct fb_var_screeninfo var = { }; const int fb_fd = open(\"/dev/fb0\", 3); ioctl(fb_fd, FBIOGET_VSCREENINFO, &var); var.yres = 0x21; ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var); return read(open(\"/dev/vcsu\", O_RDONLY), &var, sizeof(var)) == -1; } ---------- " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json index 3c863edcb3b..bab3ee06e60 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50223.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A5000-7A1000-1w-V0.1-CRB/Loongson-LS3A5000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: cpuinfo: Se corrige una advertencia para CONFIG_CPUMASK_OFFSTACK. Al seleccionar CONFIG_CPUMASK_OFFSTACK y CONFIG_DEBUG_PER_CPU_MAPS, cpu_max_bits_warn() genera una advertencia de tiempo de ejecuci\u00f3n similar a la que se muestra a continuaci\u00f3n mientras se muestra /proc/cpuinfo. Se corrige usando nr_cpu_ids (el l\u00edmite de tiempo de ejecuci\u00f3n) en lugar de NR_CPUS para iterar las CPU. [ 3.052463] ------------[ cortar aqu\u00ed ]------------ [ 3.059679] ADVERTENCIA: CPU: 3 PID: 1 en include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] M\u00f3dulos vinculados: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd No contaminado 5.19-rc5+ #1052 [ 3.084034] Nombre del hardware: Loongson Loongson-3A5000-7A1000-1w-V0.1-CRB/Loongson-LS3A5000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [3.099465] Pila: 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [3.118774] 90000001001578e8 000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 000000000000000 0000000000000000 000000000000000 00000000000000 00000000000aaaaaa [ 3.147711] ffff8000339dc220 000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Rastreo de llamadas: [ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ fin de seguimiento 8b484262b4b8c24c ]---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json index 071eea9a097..215ff998b63 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50224.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Treat NX as a valid SPTE bit for NPT\n\nTreat the NX bit as valid when using NPT, as KVM will set the NX bit when\nthe NX huge page mitigation is enabled (mindblowing) and trigger the WARN\nthat fires on reserved SPTE bits being set.\n\nKVM has required NX support for SVM since commit b26a71a1a5b9 (\"KVM: SVM:\nRefuse to load kvm_amd if NX support is not available\") for exactly this\nreason, but apparently it never occurred to anyone to actually test NPT\nwith the mitigation enabled.\n\n ------------[ cut here ]------------\n spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000\n WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm]\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022\n RIP: 0010:make_spte+0x327/0x340 [kvm]\n Call Trace:\n \n tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm]\n kvm_tdp_mmu_map+0x343/0x3b0 [kvm]\n direct_page_fault+0x1ae/0x2a0 [kvm]\n kvm_tdp_page_fault+0x7d/0x90 [kvm]\n kvm_mmu_page_fault+0xfb/0x2e0 [kvm]\n npf_interception+0x55/0x90 [kvm_amd]\n svm_invoke_exit_handler+0x31/0xf0 [kvm_amd]\n svm_handle_exit+0xf6/0x1d0 [kvm_amd]\n vcpu_enter_guest+0xb6d/0xee0 [kvm]\n ? kvm_pmu_trigger_event+0x6d/0x230 [kvm]\n vcpu_run+0x65/0x2c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm]\n kvm_vcpu_ioctl+0x551/0x610 [kvm]\n __se_sys_ioctl+0x77/0xc0\n __x64_sys_ioctl+0x1d/0x20\n do_syscall_64+0x44/0xa0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n \n ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86/mmu: Tratar NX como un bit SPTE v\u00e1lido para NPT. Se trata el bit NX como v\u00e1lido al usar NPT, ya que KVM lo activar\u00e1 cuando la mitigaci\u00f3n de p\u00e1ginas enormes de NX est\u00e9 habilitada (\u00a1incre\u00edble!) y activar\u00e1 la advertencia que se activa al activarse los bits SPTE reservados. KVM ha requerido compatibilidad con NX para SVM desde el commit b26a71a1a5b9 (\"KVM: SVM: Rechazar la carga de kvm_amd si la compatibilidad con NX no est\u00e1 disponible\") precisamente por esta raz\u00f3n, pero aparentemente a nadie se le ocurri\u00f3 probar NPT con la mitigaci\u00f3n habilitada. ------------[ cortar aqu\u00ed ]------------ spte = 0x800000018a600ee7, nivel = 2, bits rsvd = 0x800f0000001fe000 ADVERTENCIA: CPU: 152 PID: 15966 en arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm] Nombre del hardware: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 27/01/2022 RIP: 0010:make_spte+0x327/0x340 [kvm] Rastreo de llamadas: tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm] kvm_tdp_mmu_map+0x343/0x3b0 [kvm] direct_page_fault+0x1ae/0x2a0 [kvm] kvm_tdp_page_fault+0x7d/0x90 [kvm] kvm_mmu_page_fault+0xfb/0x2e0 [kvm] npf_interception+0x55/0x90 [kvm_amd] svm_invoke_exit_handler+0x31/0xf0 [kvm_amd] svm_handle_exit+0xf6/0x1d0 [kvm_amd] vcpu_enter_guest+0xb6d/0xee0 [kvm] ? kvm_pmu_trigger_event+0x6d/0x230 [kvm] vcpu_run+0x65/0x2c0 [kvm] kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm] kvm_vcpu_ioctl+0x551/0x610 [kvm] __se_sys_ioctl+0x77/0xc0 __x64_sys_ioctl+0x1d/0x20 do_syscall_64+0x44/0xa0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json index c61ef5f1efd..42423e5e535 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50225.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv:uprobe fix SR_SPIE set/clear handling\n\nIn riscv the process of uprobe going to clear spie before exec\nthe origin insn,and set spie after that.But When access the page\nwhich origin insn has been placed a page fault may happen and\nirq was disabled in arch_uprobe_pre_xol function,It cause a WARN\nas follows.\nThere is no need to clear/set spie in arch_uprobe_pre/post/abort_xol.\nWe can just remove it.\n\n[ 31.684157] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1488\n[ 31.684677] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 76, name: work\n[ 31.684929] preempt_count: 0, expected: 0\n[ 31.685969] CPU: 2 PID: 76 Comm: work Tainted: G\n[ 31.686542] Hardware name: riscv-virtio,qemu (DT)\n[ 31.686797] Call Trace:\n[ 31.687053] [] dump_backtrace+0x30/0x38\n[ 31.687699] [] show_stack+0x40/0x4c\n[ 31.688141] [] dump_stack_lvl+0x44/0x5c\n[ 31.688396] [] dump_stack+0x18/0x20\n[ 31.688653] [] __might_resched+0x114/0x122\n[ 31.688948] [] __might_sleep+0x50/0x7a\n[ 31.689435] [] down_read+0x30/0x130\n[ 31.689728] [] do_page_fault+0x166/x446\n[ 31.689997] [] ret_from_exception+0x0/0xc" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv:uprobe fix SR_SPIE set/clear management. En riscv, el proceso de uprobe borra spie antes de ejecutar la instrucci\u00f3n de origen y la configura despu\u00e9s. Sin embargo, al acceder a la p\u00e1gina donde se ha colocado la instrucci\u00f3n de origen, puede producirse un fallo de p\u00e1gina y la funci\u00f3n irq se ha deshabilitado en arch_uprobe_pre_xol. Esto genera una advertencia como la siguiente. No es necesario borrar/configurar spie en arch_uprobe_pre/post/abort_xol. Simplemente podemos eliminarlo. [ 31.684157] ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/rwsem.c:1488 [ 31.684677] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 76, name: work [ 31.684929] preempt_count: 0, expected: 0 [ 31.685969] CPU: 2 PID: 76 Comm: work Tainted: G [ 31.686542] Nombre del hardware: riscv-virtio,qemu (DT) [ 31.686797] Rastreo de llamadas: [ 31.687053] [] dump_backtrace+0x30/0x38 [ 31.687699] [] show_stack+0x40/0x4c [ 31.688141] [] dump_stack_lvl+0x44/0x5c [ 31.688396] [] dump_stack+0x18/0x20 [ 31.688653] [] __might_resched+0x114/0x122 [ 31.688948] [] __might_sleep+0x50/0x7a [ 31.689435] [] down_read+0x30/0x130 [ 31.689728] [] do_page_fault+0x166/x446 [ 31.689997] [] ret_from_exception+0x0/0xc " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json index cac3e25f0b1..3e9bc403b6d 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50226.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak\n\nFor some sev ioctl interfaces, input may be passed that is less than or\nequal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP\nfirmware returns. In this case, kmalloc will allocate memory that is the\nsize of the input rather than the size of the data. Since PSP firmware\ndoesn't fully overwrite the buffer, the sev ioctl interfaces with the\nissue may return uninitialized slab memory.\n\nCurrently, all of the ioctl interfaces in the ccp driver are safe, but\nto prevent future problems, change all ioctl interfaces that allocate\nmemory with kmalloc to use kzalloc and memset the data buffer to zero\nin sev_ioctl_do_platform_status." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: ccp - Use kzalloc para interfaces sev ioctl para evitar fugas de memoria en el kernel Para algunas interfaces sev ioctl, se puede pasar una entrada menor o igual a SEV_FW_BLOB_MAX_SIZE, pero mayor que los datos que devuelve el firmware de PSP. En este caso, kmalloc asignar\u00e1 memoria que sea del tama\u00f1o de la entrada en lugar del tama\u00f1o de los datos. Dado que el firmware de PSP no sobrescribe completamente el b\u00fafer, las interfaces sev ioctl con el problema pueden devolver memoria slab sin inicializar. Actualmente, todas las interfaces ioctl en el controlador ccp son seguras, pero para evitar problemas futuros, cambie todas las interfaces ioctl que asignan memoria con kmalloc para usar kzalloc y memset el b\u00fafer de datos a cero en sev_ioctl_do_platform_status." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json index 10cb9ba81cd..41512815400 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50227.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/xen: Initialize Xen timer only once\n\nAdd a check for existing xen timers before initializing a new one.\n\nCurrently kvm_xen_init_timer() is called on every\nKVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG\ncrash when vcpu->arch.xen.timer is already set.\n\nODEBUG: init active (active state 0)\nobject type: hrtimer hint: xen_timer_callbac0\nRIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502\nCall Trace:\n__debug_object_init\ndebug_hrtimer_init\ndebug_init\nhrtimer_init\nkvm_xen_init_timer\nkvm_xen_vcpu_set_attr\nkvm_arch_vcpu_ioctl\nkvm_vcpu_ioctl\nvfs_ioctl" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86/xen: Inicializar el temporizador Xen solo una vez. Se ha a\u00f1adido una comprobaci\u00f3n de los temporizadores Xen existentes antes de inicializar uno nuevo. Actualmente, se llama a kvm_xen_init_timer() en cada KVM_XEN_VCPU_ATTR_TYPE_TIMER, lo que provoca el siguiente fallo de ODEBUG cuando vcpu->arch.xen.timer ya est\u00e1 configurado. ODEBUG: init activo (estado activo 0) tipo de objeto: hrtimer sugerencia: xen_timer_callbac0 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502 Seguimiento de llamadas: __debug_object_init debug_hrtimer_init debug_init hrtimer_init kvm_xen_init_timer kvm_xen_vcpu_set_attr kvm_arch_vcpu_ioctl kvm_vcpu_ioctl vfs_ioctl" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json index 4e3ec62c124..c81b369b3fe 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50228.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0\n\nDon't BUG/WARN on interrupt injection due to GIF being cleared,\nsince it's trivial for userspace to force the situation via\nKVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct\nfor KVM internally generated injections).\n\n kernel BUG at arch/x86/kvm/svm/svm.c:3386!\n invalid opcode: 0000 [#1] SMP\n CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd]\n Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53\n RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006\n RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0\n RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000\n FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0\n Call Trace:\n \n inject_pending_event+0x2f7/0x4c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm]\n kvm_vcpu_ioctl+0x26d/0x650 [kvm]\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: SVM: No generar ERRORES si el espacio de usuario inyecta una interrupci\u00f3n con GIF=0 No generar ERRORES/ADVERTENCIAS en la inyecci\u00f3n de interrupci\u00f3n debido a que se borra el GIF, ya que es trivial para el espacio de usuario forzar la situaci\u00f3n a trav\u00e9s de KVM_SET_VCPU_EVENTS (incluso si tener al menos un WARN all\u00ed ser\u00eda correcto para las inyecciones generadas internamente por KVM). \u00a1ERROR del kernel en arch/x86/kvm/svm/svm.c:3386! C\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] CPU SMP: 15 PID: 926 Comm: smm_test No contaminado 5.17.0-rc3+ #264 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] C\u00f3digo: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 000000000000000 R10: 000000000000000 R11: 000000000000000 R12: 000000000000000 R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000 FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0 Rastreo de llamadas: inject_pending_event+0x2f7/0x4c0 [kvm] kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm] kvm_vcpu_ioctl+0x26d/0x650 [kvm] __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json index accec370d5c..1171144957b 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50229.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: bcd2000: Fix a UAF bug on the error path of probing\n\nWhen the driver fails in snd_card_register() at probe time, it will free\nthe 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.\n\nThe following log can reveal it:\n\n[ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n[ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0\n[ 50.729530] Call Trace:\n[ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]\n\nFix this by adding usb_kill_urb() before usb_free_urb()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: bcd2000: corrige un error de UAF en la ruta de error del sondeo Cuando el controlador falla en snd_card_register() en el momento del sondeo, liberar\u00e1 'bcd2k->midi_out_urb' antes de matarlo, lo que puede causar un error de UAF. El siguiente registro puede revelarlo: [ 50.727020] ERROR: KASAN: uso despu\u00e9s de la liberaci\u00f3n en bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] [ 50.727623] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88810fab0e88 por el intercambiador de tareas/4/0 [ 50.729530] Seguimiento de llamadas: [ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] Solucione esto agregando usb_kill_urb() antes de usb_free_urb()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json index 0404680d0c7..0b84943b5e8 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50230.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: establecer UXN en las tablas de p\u00e1ginas del intercambiador [Este problema se corrigi\u00f3 accidentalmente en c3cee924bd85 (\"arm64: head: cubrir toda la imagen del kernel en el mapa de ID inicial\") como parte de una refactorizaci\u00f3n a gran escala del flujo de arranque de arm64. Por lo tanto, esta sencilla soluci\u00f3n es la preferida para la retroportaci\u00f3n de -stable]. En un sistema que implementa FEAT_EPAN, se deniega el acceso de lectura/escritura al mapa de ID porque UXN no est\u00e1 establecido en las PTE del intercambiador. Como resultado, idmap_kpti_install_ng_mappings genera un p\u00e1nico en el kernel al acceder a __idmap_kpti_flag. Se soluciona estableciendo UXN en estas PTE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json index 685857c0187..65f7dacf8be 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50231.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/poly1305 - fix a read out-of-bound\n\nA kasan error was reported during fuzzing:\n\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\n dump_backtrace+0x0/0x394\n show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x158/0x1e4 lib/dump_stack.c:118\n print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n __kasan_report+0xe0/0x140 mm/kasan/report.c:547\n kasan_report+0x44/0xe0 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load4+0x94/0xd0 mm/kasan/generic.c:252\n neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\n neon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\n neon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\n crypto_shash_update crypto/shash.c:131 [inline]\n shash_finup_unaligned+0x84/0x15c crypto/shash.c:179\n crypto_shash_finup+0x8c/0x140 crypto/shash.c:193\n shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\n crypto_shash_digest+0xa4/0xfc crypto/shash.c:217\n crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\n essiv_skcipher_setkey+0x164/0x200 [essiv]\n crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\n skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\n alg_setkey+0x114/0x2a0 crypto/af_alg.c:220\n alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n __sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n __do_sys_setsockopt net/socket.c:2134 [inline]\n __se_sys_setsockopt net/socket.c:2131 [inline]\n __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\n invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\n el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\n do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\n el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\n el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\n el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\n\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n\n#include \n#include \n#include \n#include \n\nchar test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\"\n \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\"\n \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\"\n \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\";\n\nint init(void)\n{\n struct crypto_shash *tfm = NULL;\n char *data = NULL, *out = NULL;\n\n tfm = crypto_alloc_shash(\"poly1305\", 0, 0);\n data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\n out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\n memcpy(data, test_data, POLY1305_KEY_SIZE - 1);\n crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\n\n kfree(data);\n kfree(out);\n return 0;\n}\n\nvoid deinit(void)\n{\n}\n\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE(\"GPL\");\n\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first \"block\" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\n\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: arm64/poly1305 - corrige una lectura fuera de los l\u00edmites Se inform\u00f3 un error de kasan durante el fuzzing: BUG: KASAN: slab-out-of-bounds en neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff0010e293f010 por la tarea syz-executor.5/1646715 CPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: cargado No contaminado 5.10.0.aarch64 #1 Nombre del hardware: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 31/01/2019 Rastreo de llamadas: dump_backtrace+0x0/0x394 show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196 __dump_stack lib/dump_stack.c:77 [en l\u00ednea] dump_stack+0x158/0x1e4 lib/dump_stack.c:118 print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387 __kasan_report+0xe0/0x140 mm/kasan/report.c:547 kasan_report+0x44/0xe0 mm/kasan/report.c:564 check_memory_region_inline mm/kasan/generic.c:187 [en l\u00ednea] __asan_load4+0x94/0xd0 mm/kasan/generic.c:252 neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] neon_poly1305_do_update+0x6c/0x15c [poly1305_neon] neon_poly1305_update+0x9c/0x1c4 [poly1305_neon] crypto_shash_update crypto/shash.c:131 [en l\u00ednea] shash_finup_unaligned+0x84/0x15c crypto/shash.c:179 crypto_shash_finup+0x8c/0x140 crypto/shash.c:193 shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201 crypto_shash_digest+0xa4/0xfc crypto/shash.c:217 crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229 essiv_skcipher_setkey+0x164/0x200 [essiv] crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612 skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305 alg_setkey+0x114/0x2a0 crypto/af_alg.c:220 alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253 __sys_setsockopt+0x190/0x2e0 net/socket.c:2123 __do_sys_setsockopt net/socket.c:2134 [en l\u00ednea] __se_sys_setsockopt net/socket.c:2131 [en l\u00ednea] __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131 __invoke_syscall arch/arm64/kernel/syscall.c:36 [en l\u00ednea] invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48 el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155 do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353 el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369 el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683 Este error se puede reproducir con el siguiente c\u00f3digo compilado como ko en un sistema con kasan habilitado: #include #include #include #include char test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\" \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\" \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\" \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\"; int init(void) { struct crypto_shash *tfm = NULL; char *data = NULL, *out = NULL; tfm = crypto_alloc_shash(\"poly1305\", 0, 0); datos = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL); salida = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL); memcpy(datos, datos_de_prueba, POLY1305_KEY_SIZE - 1); crypto_shash_tfm_digest(tfm, datos, POLY1305_KEY_SIZE - 1, salida); kfree(data); kfree(out); return 0; } void deinit(void) { } module_init(init) module_exit(deinit) MODULE_LICENSE(\"GPL\"); La causa ra\u00edz del error reside en neon_poly1305_blocks. La l\u00f3gica de neon_poly1305_blocks() es que, si se invoc\u00f3 con s[] y r[] sin inicializar, primero intentar\u00e1 inicializarlos con los datos del primer \"bloque\", que se cree que tiene una longitud de 32 bytes. Los primeros 16 bytes se utilizan como clave y los siguientes para s[]. Esto provocar\u00eda la lectura fuera de los l\u00edmites mencionada anteriormente. Sin embargo, tras invocar poly1305_init_arch(), solo se restaron 16 bytes de la entrada y s[] se inicializa de nuevo con los siguientes 16 bytes. La segunda inicializaci\u00f3n de s[] es ciertamente redundante, lo que indica que la primera inicializaci\u00f3n deber\u00eda ser solo para r[]. Este parche corrige el problema llamando a poly1305_init_arm64() en lugar de truncated." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json b/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json index de471ce81ad..4cbb7c6819f 100644 --- a/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json +++ b/CVE-2022/CVE-2022-502xx/CVE-2022-50232.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: establecer UXN en las tablas de p\u00e1ginas del intercambiador [Este problema se corrigi\u00f3 accidentalmente en c3cee924bd85 (\"arm64: head: cubrir toda la imagen del kernel en el mapa de ID inicial\") como parte de una refactorizaci\u00f3n a gran escala del flujo de arranque de arm64. Por lo tanto, esta sencilla soluci\u00f3n es la preferida para la retroportaci\u00f3n de -stable]. En un sistema que implementa FEAT_EPAN, se deniega el acceso de lectura/escritura al mapa de ID porque UXN no est\u00e1 establecido en las PTE del intercambiador. Como resultado, idmap_kpti_install_ng_mappings genera un p\u00e1nico en el kernel al acceder a __idmap_kpti_flag. Se soluciona estableciendo UXN en estas PTE." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26512.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26512.json index b4e04916e21..12556bd1d23 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26512.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26512.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26512", "sourceIdentifier": "security@apache.org", "published": "2023-07-17T08:15:09.243", - "lastModified": "2024-11-21T07:51:39.267", - "vulnStatus": "Modified", + "lastModified": "2025-06-25T13:04:17.487", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -77,10 +77,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:eventmesh:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:apache:eventmesh-connector-rabbitmq:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.7.0", "versionEndIncluding": "1.8.0", - "matchCriteriaId": "D9795BBB-B147-4B54-8911-7FEF05DAAC03" + "matchCriteriaId": "318D434D-67A0-4702-A58F-D8FE4A2824C2" } ] }, diff --git a/CVE-2023/CVE-2023-266xx/CVE-2023-26604.json b/CVE-2023/CVE-2023-266xx/CVE-2023-26604.json index c1d742a777b..410280c914e 100644 --- a/CVE-2023/CVE-2023-266xx/CVE-2023-26604.json +++ b/CVE-2023/CVE-2023-266xx/CVE-2023-26604.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26604", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-03T16:15:10.607", - "lastModified": "2025-03-07T19:15:34.837", - "vulnStatus": "Modified", + "lastModified": "2025-06-20T19:17:18.077", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -78,6 +78,21 @@ } ], "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + }, { "nodes": [ { @@ -87,8 +102,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", - "versionEndExcluding": "247", - "matchCriteriaId": "9BE23150-D350-4350-B3C4-624BC28DA751" + "versionEndExcluding": "246.7", + "matchCriteriaId": "435DD039-3F1D-4C69-920C-09FCCD720863" } ] } @@ -98,7 +113,11 @@ "references": [ { "url": "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", @@ -117,19 +136,33 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Mailing List" + ] }, { "url": "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230505-0009/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", @@ -148,15 +181,25 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "Mailing List" + ] }, { "url": "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230505-0009/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-267xx/CVE-2023-26785.json b/CVE-2023/CVE-2023-267xx/CVE-2023-26785.json index 5c470633e84..68a33811538 100644 --- a/CVE-2023/CVE-2023-267xx/CVE-2023-26785.json +++ b/CVE-2023/CVE-2023-267xx/CVE-2023-26785.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-17T22:15:02.743", "lastModified": "2024-10-21T00:15:11.947", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json b/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json index 742614e44f9..7a14f432ad4 100644 --- a/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json +++ b/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26819", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-19T22:15:14.103", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T18:24:59.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cjson_project:cjson:1.7.15:*:*:*:*:*:*:*", + "matchCriteriaId": "4BE8F553-8284-4077-A5AB-6DC1B7DCB3FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/boofish/json_bugs/tree/main/cjson", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json index 7be966ca93f..284490b18db 100644 --- a/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json +++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27859.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27859", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-22T20:15:46.550", - "lastModified": "2024-11-21T07:53:35.533", + "lastModified": "2025-06-20T19:15:21.503", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -69,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json index 0fb827ae0b3..a4058ea35ff 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28366", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.790", - "lastModified": "2024-11-21T07:54:55.887", + "lastModified": "2025-06-26T14:15:28.433", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-401" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29055.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29055.json index 3546fba6a9b..53a272cd123 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29055.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29055.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29055", "sourceIdentifier": "security@apache.org", "published": "2024-01-29T13:15:07.970", - "lastModified": "2025-02-13T17:16:17.503", + "lastModified": "2025-06-20T20:15:23.453", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,13 +36,33 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "security@apache.org", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-303xx/CVE-2023-30308.json b/CVE-2023/CVE-2023-303xx/CVE-2023-30308.json index 2506243f41f..4ccbf0c1100 100644 --- a/CVE-2023/CVE-2023-303xx/CVE-2023-30308.json +++ b/CVE-2023/CVE-2023-303xx/CVE-2023-30308.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-05-28T20:16:20.453", "lastModified": "2024-11-21T07:59:59.913", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json index c5e633761e0..28e74f3041a 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30464.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T21:15:13.080", "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json index b1f1541adf8..a0147b41024 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31505", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T03:15:08.160", - "lastModified": "2024-11-21T08:01:59.510", + "lastModified": "2025-06-20T20:15:23.660", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-434" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33757.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33757.json index 68cf1fe3ac9..476e2f96084 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33757.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33757.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33757", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T08:15:08.420", - "lastModified": "2024-11-21T08:05:57.263", + "lastModified": "2025-06-20T20:15:23.837", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-295" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33758.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33758.json index 177c6b8fb3a..323075deed2 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33758.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33758.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33758", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T08:15:08.573", - "lastModified": "2024-11-21T08:05:57.423", + "lastModified": "2025-06-20T20:15:24.010", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json index 5b52f737fe4..65d3435e1f2 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33806", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T23:15:06.837", - "lastModified": "2024-11-21T08:06:02.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:12:34.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hikvision:ds-d5b86rb\\/b_firmware:2.3.0:build220119:*:*:*:*:*:*", + "matchCriteriaId": "EC53A329-FDEA-4B06-9B3C-E2BB1224D58D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hikvision:ds-d5b86rb\\/b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "661F153F-61BA-4461-B5D6-C922ACD710FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/s4fv4n/5a6374cf1dcad85226566eaa325a710d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/s4fv4n/5a6374cf1dcad85226566eaa325a710d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json index f70abc29378..f0d13ffcdbe 100644 --- a/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36328.json @@ -2,7 +2,7 @@ "id": "CVE-2023-36328", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:08.177", - "lastModified": "2024-11-21T08:09:33.493", + "lastModified": "2025-06-26T14:15:28.723", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37230.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37230.json index 873aad85309..abdf00bddc7 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37230.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37230.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-10T14:15:12.210", "lastModified": "2024-09-10T17:35:06.247", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json index 73b5acc3479..c7fc68218c6 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37571.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37571", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.803", - "lastModified": "2024-11-21T08:11:58.387", + "lastModified": "2025-06-20T20:15:24.190", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json index 50d7ed24d0d..ba11493f3f0 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38318", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:11.970", - "lastModified": "2024-11-21T08:13:19.230", + "lastModified": "2025-06-20T20:15:24.373", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json index c6b8c5b5a70..23999d2d7af 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38319", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T05:15:12.063", - "lastModified": "2024-11-21T08:13:19.377", + "lastModified": "2025-06-20T20:15:24.553", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38624.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38624.json index a45273e2d8b..c6bf7eab64e 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38624.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38624.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38624", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.143", - "lastModified": "2024-11-21T08:13:57.743", + "lastModified": "2025-06-20T19:15:21.677", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38625.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38625.json index b5517f5d047..2bc35867db7 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38625.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38625.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38625", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.210", - "lastModified": "2024-11-21T08:13:57.877", + "lastModified": "2025-06-20T19:15:21.857", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38626.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38626.json index 360f74d42f7..c1ac8e9b258 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38626.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38626.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38626", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.253", - "lastModified": "2024-11-21T08:13:57.990", + "lastModified": "2025-06-20T19:15:22.020", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38627.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38627.json index cd5bdd97f2a..27f3c1c4395 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38627.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38627.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38627", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.297", - "lastModified": "2024-11-21T08:13:58.110", + "lastModified": "2025-06-20T19:15:22.180", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39593.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39593.json index 03af313d755..2bdb882d1e4 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39593.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39593.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-17T22:15:02.847", "lastModified": "2024-10-21T00:15:12.103", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39912.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39912.json index 83d19552703..b0f13cfae2b 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39912.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39912.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39912", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T23:15:26.297", - "lastModified": "2024-11-21T08:16:01.373", + "lastModified": "2025-06-26T15:15:21.010", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40440.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40440.json index 92a719398b1..9e3e1331d7e 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40440.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40440.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40440", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-12T00:15:09.133", - "lastModified": "2024-11-21T08:19:27.977", + "lastModified": "2025-06-25T14:15:21.393", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40477.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40477.json index b873b24aabf..9ee37b31442 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40477.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40477", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:20.473", - "lastModified": "2024-11-21T08:19:33.483", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:13:59.143", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.23", + "matchCriteriaId": "A586AE4C-6F08-4E96-B74C-AA0A7BF4F2DD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1152/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1152/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40611.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40611.json index aecb0e79d5b..371fa7bfcd4 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40611.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40611.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40611", "sourceIdentifier": "security@apache.org", "published": "2023-09-12T12:15:08.200", - "lastModified": "2025-02-13T17:17:04.810", + "lastModified": "2025-06-25T14:15:21.987", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41176.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41176.json index cea017deb81..ba7e6b213a1 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41176.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41176.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41176", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.343", - "lastModified": "2024-11-21T08:20:44.150", + "lastModified": "2025-06-20T19:15:22.343", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42101.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42101.json index c284d146478..92dfab9adfb 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42101.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42101.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:47.643", "lastModified": "2024-11-21T08:22:16.603", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42102.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42102.json index a090e40e8f9..60b35b6db39 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42102.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42102.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:47.810", "lastModified": "2024-11-21T08:22:16.730", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42103.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42103.json index 1cff696bf3a..840287ccfe9 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42103.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42103.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:47.983", "lastModified": "2024-11-21T08:22:16.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42104.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42104.json index f4f3ccddd5d..ea814c42fcd 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42104.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42104.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:48.163", "lastModified": "2024-11-21T08:22:16.970", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42105.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42105.json index 374b80016a7..3e5365322b5 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42105.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42105.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:15:48.333", "lastModified": "2024-11-21T08:22:17.100", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42133.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42133.json index cd92303e9dd..98bdd012d04 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42133.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42133.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Los dispositivos POS basados en Android PAX permiten la escalada de privilegios a trav\u00e9s de scripts configurados incorrectamente. Un atacante debe tener acceso al shell con privilegios de cuenta del sistema para poder explotar esta vulnerabilidad. Se incluy\u00f3 un parche que soluciona este problema en la versi\u00f3n de firmware PayDroid_8.1.0_Sagittarius_V11.1.61_20240226." + "value": "Los dispositivos PAX Android based POS permiten la escalada de privilegios a trav\u00e9s de scripts configurados incorrectamente. Un atacante debe tener acceso al shell con privilegios de cuenta del sistema para poder explotar esta vulnerabilidad. Se incluy\u00f3 un parche que soluciona este problema en la versi\u00f3n de firmware PayDroid_8.1.0_Sagittarius_V11.1.61_20240226." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json b/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json index 28132cbbf3c..6d7574a4a52 100644 --- a/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json +++ b/CVE-2023/CVE-2023-421xx/CVE-2023-42144.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42144", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T20:15:45.150", - "lastModified": "2024-11-21T08:22:21.477", + "lastModified": "2025-06-20T19:15:22.520", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-319" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42881.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42881.json index 3af528d3515..0ce6223289d 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42881.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42881.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42881", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:09.840", - "lastModified": "2024-11-21T08:23:24.993", + "lastModified": "2025-06-20T19:15:22.720", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42935.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42935.json index d17e65acb5b..1c71927cf19 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42935.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42935.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42935", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:10.170", - "lastModified": "2024-11-21T08:23:32.953", + "lastModified": "2025-06-20T19:15:22.913", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42937.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42937.json index b61d2c1b06b..4ae4ccaa61b 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42937.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42937.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42937", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:10.217", - "lastModified": "2024-11-21T08:23:33.287", + "lastModified": "2025-06-20T19:15:23.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43037.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43037.json index 48d59e15025..2c1abc1ba05 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43037.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43037.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-04-10T14:15:25.580", "lastModified": "2025-04-11T15:39:52.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json index fc8f1c971f6..f5e543f2a6a 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43317.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43317", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T07:15:46.300", - "lastModified": "2024-11-21T08:23:58.773", + "lastModified": "2025-06-20T20:15:24.717", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43992.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43992.json index ac1887cfbe0..b8179ed943b 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43992.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43992.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43992", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T10:15:08.670", - "lastModified": "2024-11-21T08:25:04.217", + "lastModified": "2025-06-20T20:15:24.883", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43995.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43995.json index 2977b2c5f43..a73b89b18aa 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43995.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43995.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43995", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T10:15:08.950", - "lastModified": "2024-11-21T08:25:04.757", + "lastModified": "2025-06-20T20:15:25.053", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43996.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43996.json index 55ca35ea86d..856fdcc89f0 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43996.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43996.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43996", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T10:15:09.003", - "lastModified": "2024-11-21T08:25:04.900", + "lastModified": "2025-06-20T20:15:25.220", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43997.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43997.json index 579949b9af8..540967f6f47 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43997.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43997.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43997", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T10:15:09.140", - "lastModified": "2024-11-21T08:25:05.050", + "lastModified": "2025-06-20T20:15:25.383", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46350.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46350.json index e7ec0685cbd..d87543be848 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46350.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46350.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46350", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T08:15:08.253", - "lastModified": "2024-11-21T08:28:20.590", + "lastModified": "2025-06-20T21:15:20.320", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json index a23b8a18ee4..47267d5db64 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46351", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.367", - "lastModified": "2024-11-21T08:28:20.747", + "lastModified": "2025-06-20T19:15:23.593", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json index a8d24ca3f87..aceb36a2ed6 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46447.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46447", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-20T05:15:08.207", - "lastModified": "2024-11-21T08:28:31.817", + "lastModified": "2025-06-20T19:15:23.900", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-319" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json index 81f2ca43129..9357000af2d 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47193.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47193", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.563", - "lastModified": "2024-11-21T08:29:55.903", + "lastModified": "2025-06-20T19:15:24.103", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-346" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json index ce95103e5fa..49d7544b9df 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47195.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47195", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:08.647", - "lastModified": "2024-11-21T08:29:56.127", + "lastModified": "2025-06-20T19:15:24.340", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-346" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json index c3d2edb9ada..0813b930758 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47253.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2023-11-06T06:15:40.957", "lastModified": "2025-06-12T17:15:27.357", - "vulnStatus": "Modified", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47310.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47310.json index 8c2d9d504b1..d218e5cee98 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47310.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47310.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets." + }, + { + "lang": "es", + "value": "Una configuraci\u00f3n incorrecta en los ajustes predeterminados de MikroTik RouterOS 7 y corregida en v7.14 permite paquetes traceroute UDP IPv6 entrantes." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json index 5e800535639..270860247eb 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47355", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T16:15:54.910", - "lastModified": "2024-11-21T08:30:11.490", + "lastModified": "2025-06-20T20:15:25.550", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47889.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47889.json index 5497ae3e7a5..4e856a72e33 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47889.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47889.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47889", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T01:15:08.087", - "lastModified": "2024-11-21T08:30:57.627", + "lastModified": "2025-06-20T21:15:20.523", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-927" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json index bb8a5cd8a09..dae4796daf8 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4761.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4761", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-05T22:15:09.583", - "lastModified": "2024-11-21T08:35:55.490", + "lastModified": "2025-06-25T15:15:21.450", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48082.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48082.json index dfe5277d29a..99a48d2d716 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48082.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48082.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-14T19:15:10.780", "lastModified": "2025-03-13T15:15:39.083", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json index 61097288c3d..4e6220c84ce 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48104.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48104", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.370", - "lastModified": "2024-11-21T08:31:05.833", + "lastModified": "2025-06-20T18:15:19.840", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json index c2d71e1ae53..4b71604e818 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48118.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48118", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T19:15:08.947", - "lastModified": "2024-11-21T08:31:07.503", + "lastModified": "2025-06-20T19:15:24.500", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json index c99564f2d45..4aa638e5f8f 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48129.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48129", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T08:15:42.070", - "lastModified": "2024-11-21T08:31:08.683", + "lastModified": "2025-06-20T20:15:25.730", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json index 22dcb2119ef..e29db9968b7 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48132.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48132", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-26T07:15:58.333", - "lastModified": "2024-11-21T08:31:09.193", + "lastModified": "2025-06-20T20:15:25.893", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48339.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48339.json index 407e7fac76b..7426b010d20 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48339.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48339.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48339", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.210", - "lastModified": "2024-11-21T08:31:31.170", + "lastModified": "2025-06-20T18:15:20.583", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-862" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48340.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48340.json index 88abb72f618..d50b8dcc683 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48340.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48340.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48340", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.287", - "lastModified": "2024-11-21T08:31:31.323", + "lastModified": "2025-06-20T18:15:20.773", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48341.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48341.json index ba0f6682a64..1c98e83ca17 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48341.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48341.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48341", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.333", - "lastModified": "2024-11-21T08:31:31.457", + "lastModified": "2025-06-20T18:15:20.940", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48342.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48342.json index 04dd01d297f..c2d3d4d2eed 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48342.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48342.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48342", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.380", - "lastModified": "2024-11-21T08:31:31.587", + "lastModified": "2025-06-20T18:15:21.110", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48343.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48343.json index b6c64b0e981..c38d0b84698 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48343.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48343.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48343", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.430", - "lastModified": "2024-11-21T08:31:31.727", + "lastModified": "2025-06-20T18:15:21.270", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48344.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48344.json index d5cec5bac40..19caac8b69c 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48344.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48344.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48344", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.470", - "lastModified": "2024-11-21T08:31:31.853", + "lastModified": "2025-06-20T18:15:21.430", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48346.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48346.json index 9413aa4da08..f7af44e5df0 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48346.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48346.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48346", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.560", - "lastModified": "2024-11-21T08:31:32.110", + "lastModified": "2025-06-20T18:15:21.597", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48347.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48347.json index bfaac4594cd..55f40f7ef0a 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48347.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48347.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48347", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.607", - "lastModified": "2024-11-21T08:31:32.240", + "lastModified": "2025-06-20T18:15:21.757", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48348.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48348.json index c0524bd793e..57407cb5169 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48348.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48348.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48348", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.650", - "lastModified": "2024-11-21T08:31:32.377", + "lastModified": "2025-06-20T18:15:21.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48349.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48349.json index 2ddec1fbf98..fd317c40142 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48349.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48349.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48349", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.693", - "lastModified": "2024-11-21T08:31:32.500", + "lastModified": "2025-06-20T18:15:22.090", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48350.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48350.json index b6a185df6f2..d3db8ab1f64 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48350.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48350.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48350", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.737", - "lastModified": "2024-11-21T08:31:32.630", + "lastModified": "2025-06-20T18:15:22.250", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48351.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48351.json index e165108d0d6..d8bc281acce 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48351.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48351", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.850", - "lastModified": "2024-11-21T08:31:32.750", + "lastModified": "2025-06-20T18:15:22.413", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48352.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48352.json index 809c624baa0..dc5bb1cdeb2 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48352.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48352.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48352", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.917", - "lastModified": "2024-11-21T08:31:32.877", + "lastModified": "2025-06-20T18:15:22.573", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48353.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48353.json index fc9d9d7d25a..08d369748cd 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48353.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48353.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48353", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:57.960", - "lastModified": "2024-11-21T08:31:33.000", + "lastModified": "2025-06-20T19:15:24.697", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48354.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48354.json index 5aaf528ea5f..c8653d7582d 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48354.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48354.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48354", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.013", - "lastModified": "2024-11-21T08:31:33.130", + "lastModified": "2025-06-20T19:15:24.867", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48355.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48355.json index e2214cec7ca..ebc9b3efde5 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48355.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48355.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48355", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.063", - "lastModified": "2024-11-21T08:31:33.247", + "lastModified": "2025-06-20T19:15:25.020", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48356.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48356.json index 458ff413c2b..04c7cf1d86d 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48356.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48356.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48356", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.107", - "lastModified": "2024-11-21T08:31:33.383", + "lastModified": "2025-06-20T19:15:25.183", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48357.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48357.json index 9e92d0ec9b6..11a78c281a9 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48357.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48357.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48357", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.150", - "lastModified": "2024-11-21T08:31:33.500", + "lastModified": "2025-06-20T19:15:25.370", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48358.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48358.json index 380c718acdd..75cc89297f2 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48358.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48358.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48358", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.193", - "lastModified": "2024-11-21T08:31:33.630", + "lastModified": "2025-06-20T19:15:25.560", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48359.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48359.json index 973e38bf535..5042dab24ba 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48359.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48359.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48359", "sourceIdentifier": "security@unisoc.com", "published": "2024-01-18T03:15:58.237", - "lastModified": "2024-11-21T08:31:33.763", + "lastModified": "2025-06-20T19:15:25.743", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json index ac29f8a854e..bab30b7012c 100644 --- a/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component." + }, + { + "lang": "es", + "value": "Un problema en NCR ITM Web terminal v.4.4.0 y v.4.4.4 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente URL de la c\u00e1mara IP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49031.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49031.json index 17266d737b9..908038a85fc 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49031.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49031.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T18:15:28.330", "lastModified": "2025-03-05T19:15:37.110", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json index f48d6597f30..573884673e8 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49203.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-18T15:15:14.513", "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49329.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49329.json index 97918ddd080..19307d66e8c 100644 --- a/CVE-2023/CVE-2023-493xx/CVE-2023-49329.json +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49329.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49329", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T21:15:08.320", - "lastModified": "2024-11-21T08:33:14.527", + "lastModified": "2025-06-20T19:15:25.907", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4969.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4969.json index 5b49fd3fa79..82ba6eb30a5 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4969.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4969.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4969", "sourceIdentifier": "cret@cert.org", "published": "2024-01-16T17:15:08.083", - "lastModified": "2024-11-21T08:36:22.080", + "lastModified": "2025-06-20T18:15:22.740", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.0, "impactScore": 4.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 } ] }, diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50275.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50275.json index 3aa7601d66d..9b4b4218225 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50275.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50275.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50275", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-01-23T17:15:10.127", - "lastModified": "2024-11-21T08:36:48.220", + "lastModified": "2025-06-20T19:15:26.100", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -69,6 +69,16 @@ "value": "CWE-287" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50805.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50805.json index 9db1a5e4912..0e1d8a7780c 100644 --- a/CVE-2023/CVE-2023-508xx/CVE-2023-50805.json +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50805.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-09T19:15:10.590", "lastModified": "2024-11-25T16:15:11.600", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json index 2835ad3c9d4..480a358cba7 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:08.467", "lastModified": "2024-11-21T08:38:24.227", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json index cf0a13bb064..f49747ffc15 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:09.673", "lastModified": "2024-11-21T08:38:24.360", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json index 095aa2479ee..c30d621732c 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:10.277", "lastModified": "2024-11-21T08:38:24.523", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json index b77e4012acd..d317ec90b6b 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:10.880", "lastModified": "2024-11-21T08:38:24.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51574.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51574.json index 7fb283d300f..6ee007c9080 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51574.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51574.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:16.540", "lastModified": "2024-11-21T08:38:24.770", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51575.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51575.json index b0b6994b2e1..d2ee30386e6 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51575.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51575.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:16.747", "lastModified": "2024-11-21T08:38:24.887", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51576.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51576.json index 842af36dbf7..c0d2e1815f8 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51576.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51576.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:16.953", "lastModified": "2024-11-21T08:38:25.000", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51577.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51577.json index 9aace346762..6a0432f027d 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51577.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51577.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:17.143", "lastModified": "2024-11-21T08:38:25.120", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51578.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51578.json index 644f4ce4f63..19a5ca60cd3 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51578.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51578.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:17.307", "lastModified": "2024-11-21T08:38:25.237", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51579.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51579.json index a1843646833..a3262d91141 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51579.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51579.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:17.497", "lastModified": "2024-11-21T08:38:25.363", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51580.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51580.json index 0ac8773f69f..4c4230af37c 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51580.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51580.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:17.673", "lastModified": "2024-11-21T08:38:25.483", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51581.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51581.json index 15514091711..402f7974de0 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51581.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51581.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:17.840", "lastModified": "2024-11-21T08:38:25.607", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51582.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51582.json index 7c715f909de..1f5958fb725 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51582.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51582.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.023", "lastModified": "2024-11-21T08:38:25.723", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51583.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51583.json index 32ad088a0de..375af7e3617 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51583.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51583.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.200", "lastModified": "2024-11-21T08:38:25.843", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51584.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51584.json index b41a9f5e29b..766a7d9e3d5 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51584.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51584.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.377", "lastModified": "2024-11-21T08:38:25.960", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51585.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51585.json index fa8c194f435..15f872bbfd4 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51585.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51585.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.547", "lastModified": "2024-11-21T08:38:26.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51586.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51586.json index 47be02b2a20..d62242e061f 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51586.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51586.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.720", "lastModified": "2024-11-21T08:38:26.197", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51587.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51587.json index ea986cc61a7..6714b8f884c 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51587.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51587.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:18.893", "lastModified": "2024-11-21T08:38:26.310", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51588.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51588.json index 4cae79b8c21..ec18bcebfa7 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51588.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51588.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:19.070", "lastModified": "2024-11-21T08:38:26.427", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51590.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51590.json index 2e1762a992b..fd78fa44b77 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51590.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51590.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:19.407", "lastModified": "2024-11-21T08:38:26.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51591.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51591.json index d7cfd26f5cf..0fb98fe56fb 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51591.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51591.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:19.573", "lastModified": "2024-11-21T08:38:26.790", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51593.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51593.json index d89603434af..65e6086e2da 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51593.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51593.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:19.913", "lastModified": "2024-11-21T08:38:27.030", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51595.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51595.json index b63a086098c..5fc06634fa3 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51595.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51595.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-05-03T03:16:20.290", "lastModified": "2024-11-21T08:38:27.277", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51807.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51807.json index b5cfe340041..628753d21d6 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51807.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51807.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51807", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T23:15:08.140", - "lastModified": "2024-11-21T08:38:52.083", + "lastModified": "2025-06-20T18:15:23.040", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json index 72a20e9e5f3..b2548a9f709 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51810.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51810", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T01:15:34.900", - "lastModified": "2024-11-21T08:38:52.240", + "lastModified": "2025-06-20T18:15:23.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json index 3e35d6473a7..86f5e149a97 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51813.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51813", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:58.873", - "lastModified": "2024-11-21T08:38:52.623", + "lastModified": "2025-06-20T20:15:26.050", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51820.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51820.json index e51539a0e5f..97caa1db014 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51820.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51820.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51820", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T10:15:08.320", - "lastModified": "2024-11-21T08:38:52.777", + "lastModified": "2025-06-20T20:15:26.210", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-94" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json index bdf0e51d15d..bda8a81e928 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51839", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.047", - "lastModified": "2024-11-21T08:38:53.837", + "lastModified": "2025-06-20T20:15:26.380", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-327" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51887.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51887.json index d53391b8a48..992ff5c2448 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51887.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51887.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51887", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T17:15:08.360", - "lastModified": "2024-11-21T08:38:54.967", + "lastModified": "2025-06-20T20:15:26.543", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-77" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json index 19d54bdccbe..303c744cd4b 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51925.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51925", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-20T02:15:07.773", - "lastModified": "2024-11-21T08:38:56.147", + "lastModified": "2025-06-20T19:15:26.247", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-434" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json index dfff75c4e67..ef06aea6ddb 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51946.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51946", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.500", - "lastModified": "2024-11-21T08:38:57.090", + "lastModified": "2025-06-20T19:15:26.443", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json index a273db69b10..24e336ceaa9 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51947", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.553", - "lastModified": "2024-11-21T08:38:57.250", + "lastModified": "2025-06-20T19:15:26.633", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-306" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json index a54ab6e7a1d..80746e936f8 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51948", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.663", - "lastModified": "2024-11-21T08:38:57.393", + "lastModified": "2025-06-20T19:15:26.823", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-548" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51951.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51951.json index 74dd939b349..072fdc500d9 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51951.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51951.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51951", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T21:15:11.397", - "lastModified": "2024-11-21T08:38:57.697", + "lastModified": "2025-06-20T20:15:26.703", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52090.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52090.json index dede160ee8b..ec7fba27c7a 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52090.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52090.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52090", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.123", - "lastModified": "2024-11-21T08:39:08.700", + "lastModified": "2025-06-20T19:15:27.010", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-59" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52091.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52091.json index 260c8d0d42c..309b83d7279 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52091.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52091.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52091", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.170", - "lastModified": "2024-11-21T08:39:08.817", + "lastModified": "2025-06-20T19:15:27.183", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-59" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52092.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52092.json index 826b4c90d01..0df34196153 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52092.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52092.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52092", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.210", - "lastModified": "2024-11-21T08:39:08.930", + "lastModified": "2025-06-20T19:15:27.347", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-59" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json index 758349c1b44..1764f748af9 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52094.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52094", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.293", - "lastModified": "2024-11-21T08:39:09.247", + "lastModified": "2025-06-20T19:15:27.507", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-59" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52101.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52101.json index a9b3640dd1d..22d0a2eedd2 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52101.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52101.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52101", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T10:15:07.650", - "lastModified": "2024-11-21T08:39:10.523", + "lastModified": "2025-06-20T18:15:23.397", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52110.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52110.json index c70e8bbadf5..b715fae0d47 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52110.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52110.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52110", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:08.900", - "lastModified": "2024-11-21T08:39:11.833", + "lastModified": "2025-06-20T18:15:23.573", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52112.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52112.json index 5ed0740aaeb..655a014e2f8 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52112.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52112.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52112", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:09.050", - "lastModified": "2024-11-21T08:39:12.083", + "lastModified": "2025-06-20T18:15:23.733", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-552" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52113.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52113.json index 67392cc6d44..d974af8b5a6 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52113.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52113.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52113", "sourceIdentifier": "psirt@huawei.com", "published": "2024-01-16T08:15:09.110", - "lastModified": "2024-11-21T08:39:12.203", + "lastModified": "2025-06-20T18:15:23.897", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52326.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52326.json index ceff096226e..fcdf350c9a0 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52326.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52326.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52326", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.427", - "lastModified": "2024-11-21T08:39:34.327", + "lastModified": "2025-06-20T19:15:27.787", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52330.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52330.json index 9ce0d3e7a4e..21596c367f7 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52330.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52330.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52330", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.593", - "lastModified": "2024-11-21T08:39:34.823", + "lastModified": "2025-06-20T19:15:27.973", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52331.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52331.json index 4936cf77309..7d7a92ca36c 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52331.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52331.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52331", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.633", - "lastModified": "2024-11-21T08:39:34.940", + "lastModified": "2025-06-20T19:15:28.140", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52337.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52337.json index b218fbd69f1..41fbbec262a 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52337.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52337.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52337", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-23T21:15:09.677", - "lastModified": "2024-11-21T08:39:35.070", + "lastModified": "2025-06-20T19:15:28.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52584.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52584.json index 950061bc573..1035cc0c637 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52584.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52584.json @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6005.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6005.json index 7d3ecf0555a..40a093c6636 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6005.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6005.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6005", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:13.530", - "lastModified": "2024-11-21T08:42:57.863", + "lastModified": "2025-06-20T18:15:24.067", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6278.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6278.json index 4e39df0741c..e15d5132529 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6278.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6278.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6278", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.300", - "lastModified": "2024-11-21T08:43:31.457", + "lastModified": "2025-06-20T20:15:27.013", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6389.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6389.json index bdff24d2745..cc6b09287cb 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6389.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6389.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6389", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.410", - "lastModified": "2024-11-21T08:43:45.890", + "lastModified": "2025-06-20T20:15:27.173", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json index 928a553f9c1..716827e9c88 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6390.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6390", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.467", - "lastModified": "2024-11-21T08:43:46.023", + "lastModified": "2025-06-20T20:15:27.337", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6592.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6592.json index 44a4d12cd40..17d71539622 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6592.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6592.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6592", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:13.750", - "lastModified": "2024-11-21T08:44:09.837", + "lastModified": "2025-06-20T18:15:24.230", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6602.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6602.json index f9bb28d0cb8..4d9687968d1 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6602.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6602.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6602", "sourceIdentifier": "secalert@redhat.com", "published": "2024-12-31T15:15:06.240", - "lastModified": "2024-12-31T15:15:06.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:46:29.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,53 @@ "value": "CWE-99" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0", + "versionEndIncluding": "6.0", + "matchCriteriaId": "DE670466-3267-48D2-A826-99B23F7FBD12" + } + ] + } + ] } ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334338", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334338", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6603.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6603.json index 3888f34b06f..67a9e56dcdb 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6603.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6603.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6603", "sourceIdentifier": "secalert@redhat.com", "published": "2024-12-31T15:15:07.490", - "lastModified": "2024-12-31T15:15:07.490", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:45:12.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,6 +19,26 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -49,16 +69,53 @@ "value": "CWE-99" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0", + "versionEndIncluding": "6.0", + "matchCriteriaId": "DE670466-3267-48D2-A826-99B23F7FBD12" + } + ] + } + ] } ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334335", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334335", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json index 2bafc1723c0..fd3effb3415 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6625.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6625", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-22T20:15:47.647", - "lastModified": "2024-11-21T08:44:13.750", + "lastModified": "2025-06-20T19:15:28.487", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6741.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6741.json index d2aa9e8e5cf..ffcfe7c960f 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6741.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6741.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6741", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:13.867", - "lastModified": "2024-11-21T08:44:27.707", + "lastModified": "2025-06-20T18:15:24.393", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6786.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6786.json index 4980ba73f2e..f52e3876181 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6786.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6786.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-15T20:15:29.520", "lastModified": "2025-06-11T19:11:54.693", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json index 79ba488ae57..c42fa516da4 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7082.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7082", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-22T20:15:47.743", - "lastModified": "2024-11-21T08:45:12.920", + "lastModified": "2025-06-20T19:15:28.643", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7084.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7084.json index ec5f08a9192..54e6f34e67e 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7084.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7084.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7084", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:14.023", - "lastModified": "2024-11-21T08:45:13.180", + "lastModified": "2025-06-20T18:15:24.563", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json index a40b6d60fec..f68a29e0d69 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7089.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7089", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-29T15:15:09.840", - "lastModified": "2024-11-21T08:45:13.543", + "lastModified": "2025-06-20T20:15:27.490", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0233.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0233.json index 9dd8234926c..1ea9ac38f6b 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0233.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0233.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0233", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:14.280", - "lastModified": "2024-11-21T08:46:07.087", + "lastModified": "2025-06-20T18:15:24.723", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0235.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0235.json index e02a78f2673..e13a8cae0db 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0235.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0235.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0235", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:14.327", - "lastModified": "2024-11-21T08:46:07.210", + "lastModified": "2025-06-20T18:15:24.883", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0236.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0236.json index 99ae9046539..34ee1dee105 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0236.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0236.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0236", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:14.367", - "lastModified": "2024-11-21T08:46:07.330", + "lastModified": "2025-06-20T18:15:25.043", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json index 82fa686eaa9..5c84ffdc94d 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0605.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0605", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-22T19:15:09.423", - "lastModified": "2024-11-21T08:46:59.153", + "lastModified": "2025-06-20T19:15:28.803", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-362" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json index 9fd6d3a42f5..1cea084fce0 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0606.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0606", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-22T19:15:09.487", - "lastModified": "2024-11-21T08:46:59.270", + "lastModified": "2025-06-20T19:15:28.977", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json index be28abdd4e5..86ed125bff4 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0746.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0746", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.417", - "lastModified": "2024-11-21T08:47:16.460", + "lastModified": "2025-06-20T19:15:29.137", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json index 420cef65629..96f6839a84a 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0750.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0750", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.597", - "lastModified": "2024-11-21T08:47:17.590", + "lastModified": "2025-06-20T19:15:29.337", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json index de08eb61487..d44986bb3cb 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0751.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0751", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.643", - "lastModified": "2024-11-21T08:47:17.717", + "lastModified": "2025-06-20T19:15:29.573", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-269" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0752.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0752.json index b7e76c69a20..1a5cfed0415 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0752.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0752.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0752", "sourceIdentifier": "security@mozilla.org", "published": "2024-01-23T14:15:38.693", - "lastModified": "2024-11-21T08:47:17.857", + "lastModified": "2025-06-20T19:15:30.397", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0805.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0805.json index d7ed138cca8..dad64ee0742 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0805.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0805.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0805", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-24T00:15:07.787", - "lastModified": "2024-11-21T08:47:24.787", + "lastModified": "2025-06-20T19:15:30.580", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-451" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0806.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0806.json index 6dd9cde4966..ddb762db1be 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0806.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0806.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0806", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-24T00:15:07.847", - "lastModified": "2024-11-21T08:47:24.940", + "lastModified": "2025-06-20T19:15:30.793", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0807.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0807.json index f2e38c9811c..eb9d5d021c5 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0807.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0807.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0807", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-24T00:15:07.897", - "lastModified": "2024-11-21T08:47:25.070", + "lastModified": "2025-06-20T19:15:31.003", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0813.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0813.json index c33d25962c8..9e2aa7c2ef5 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0813.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0813.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0813", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-24T00:15:08.223", - "lastModified": "2024-11-21T08:47:25.830", + "lastModified": "2025-06-20T20:15:27.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0853.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0853.json index eddd200c3b2..0e653d87548 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0853.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0853.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0853", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2024-02-03T14:15:50.850", - "lastModified": "2024-11-21T08:47:30.450", + "lastModified": "2025-06-20T20:15:27.820", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10019.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10019.json index e4804cb06af..097bccc88a4 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10019.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10019.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:14.230", "lastModified": "2025-03-20T10:15:14.230", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json index 29e0ca6514a..8da7e4e7744 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10047.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10047.json index 29bc0404ed3..9578a1066f5 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10047.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10047.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:14.360", "lastModified": "2025-03-20T10:15:14.360", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10925.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10925.json index 6b7ff86fd2b..6e4da17eedd 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10925.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10925.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@gitlab.com", "published": "2025-03-03T11:15:10.253", "lastModified": "2025-03-03T12:15:34.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11089.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11089.json index 5875208666b..83df0123810 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11089.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11089.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-11-21T14:15:08.530", "lastModified": "2024-11-21T15:15:21.500", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11136.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11136.json index 33b15cca536..433dc046ab3 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11136.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11136.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "La aplicaci\u00f3n predeterminada de la c\u00e1mara TCL expone a un proveedor vulnerable a una vulnerabilidad de path traversal. La aplicaci\u00f3n maliciosa puede proporcionar una ruta URI maliciosa y eliminar archivos arbitrarios del almacenamiento externo del usuario." + "value": "La aplicaci\u00f3n predeterminada de TCL Camera expone a un proveedor vulnerable a una vulnerabilidad de path traversal. La aplicaci\u00f3n maliciosa puede proporcionar una ruta URI maliciosa y eliminar archivos arbitrarios del almacenamiento externo del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11283.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11283.json index e62cee0bc28..25dcd9ca9b3 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11283.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11283.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-14T05:15:37.577", "lastModified": "2025-03-14T05:15:37.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11284.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11284.json index d37bfcf6c52..dc1b9fc533f 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11284.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11284.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-14T05:15:40.463", "lastModified": "2025-03-14T05:15:40.463", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11285.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11285.json index a1310b2d56f..a2bd71aff84 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11285.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11285.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-14T05:15:40.693", "lastModified": "2025-03-14T05:15:40.693", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11286.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11286.json index 82149af63ca..7872eed69d2 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11286.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11286.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-14T05:15:40.917", "lastModified": "2025-03-14T05:15:40.917", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-115xx/CVE-2024-11584.json b/CVE-2024/CVE-2024-115xx/CVE-2024-11584.json index 0b187715db0..88890876542 100644 --- a/CVE-2024/CVE-2024-115xx/CVE-2024-11584.json +++ b/CVE-2024/CVE-2024-115xx/CVE-2024-11584.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "cloud-init\u00a0through 25.1.2 includes the systemd socket unit\u00a0cloud-init-hotplugd.socket with default\u00a0SocketMode\u00a0that grants 0666 permissions, making it world-writable.\u00a0This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger\u00a0hotplug-hook commands." + }, + { + "lang": "es", + "value": "Cloud-init hasta la versi\u00f3n 25.1.2 se incluye la unidad de socket systemd cloud-init-hotplugd.socket con el SocketMode predeterminado, que otorga permisos 0666, lo que le otorga permisos de escritura universal. Esto se utiliza para el FIFO \"/run/cloud-init/hook-hotplug-cmd\". Un usuario sin privilegios podr\u00eda ejecutar comandos hotplug-hook." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json index 26d28f62c99..03f1a8b753d 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11937.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Premium Addons para Elementor de WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de la URL del enlace del complemento en el elemento Men\u00fa M\u00f3vil en todas las versiones hasta la 4.10.69 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json index 068a9c503e7..5101882f641 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12085.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-14T18:15:25.123", "lastModified": "2025-03-20T07:15:37.273", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12086.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12086.json index b55e0586768..e646c680de0 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12086.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12086.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12086", "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-14T18:15:25.297", - "lastModified": "2025-02-26T15:15:21.020", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:40:03.263", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.0 } ] }, @@ -51,22 +71,196 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.3.0", + "matchCriteriaId": "477D69AB-8601-4994-9695-8DE48E1587A5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F34AA7F4-6ECE-4FA5-A310-3509648BD7C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*", + "matchCriteriaId": "57B93E9A-1483-4FF7-BF45-BD0D7D9F1747" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "66FD02F3-C1C2-4E1D-98C1-8889004437D4" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4824AE2D-462B-477D-9206-3E2090A32146" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.11", + "matchCriteriaId": "213883D5-9E62-4496-82E3-D5377995C257" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FB65EF0-0E6A-4178-8564-3CC96891A072" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20250123", + "matchCriteriaId": "8EBD774C-F48F-45EC-A5DD-B1E56E54EF71" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2024-12086", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://kb.cert.org/vuls/id/952657", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12087.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12087.json index d64780fe37f..624acb2ec85 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12087.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12087.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12087", "sourceIdentifier": "secalert@redhat.com", "published": "2025-01-14T18:15:25.467", - "lastModified": "2025-06-02T15:15:27.363", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:28:57.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,36 +69,274 @@ "value": "CWE-35" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.3.0", + "matchCriteriaId": "477D69AB-8601-4994-9695-8DE48E1587A5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F34AA7F4-6ECE-4FA5-A310-3509648BD7C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*", + "matchCriteriaId": "57B93E9A-1483-4FF7-BF45-BD0D7D9F1747" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "66FD02F3-C1C2-4E1D-98C1-8889004437D4" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4824AE2D-462B-477D-9206-3E2090A32146" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "24.11", + "matchCriteriaId": "213883D5-9E62-4496-82E3-D5377995C257" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1FB65EF0-0E6A-4178-8564-3CC96891A072" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "20250123", + "matchCriteriaId": "8EBD774C-F48F-45EC-A5DD-B1E56E54EF71" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "C4CF8D2F-DACA-49C2-A9F4-63496B0A9A80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "CA15BFFC-B8E8-4EE3-8E14-8C95DF6C99C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "778ACA25-ED77-4EFC-A183-DE094C58B268" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "0516993E-CBD5-44F1-8684-7172C9ABFD0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "0FDD919E-B7FE-4EC5-8D6B-EC9A4723D6E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "41F1A2F3-BCEF-4A8C-BA2F-DF1FF13E6179" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "554AA8CA-A930-4788-B052-497E09D48381" + } + ] + } + ] } ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2025:2600", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:7050", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2025:8385", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2024-12087", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://kb.cert.org/vuls/id/952657", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12120.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12120.json index 687de11b1d1..d752e1eafef 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12120.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12120.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-05-07T08:15:14.683", "lastModified": "2025-05-07T14:13:20.483", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12166.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12166.json index 7f4ff1cf9dd..a96d88d0fb1 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12166.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12166.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-07T02:15:18.923", "lastModified": "2024-12-07T02:15:18.923", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-121xx/CVE-2024-12167.json b/CVE-2024/CVE-2024-121xx/CVE-2024-12167.json index f9d0afa03e8..974ba4d1f83 100644 --- a/CVE-2024/CVE-2024-121xx/CVE-2024-12167.json +++ b/CVE-2024/CVE-2024-121xx/CVE-2024-12167.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-12-07T02:15:19.057", "lastModified": "2024-12-07T02:15:19.057", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12224.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12224.json index 185b117e424..9a26705234c 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12224.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12224.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12224", "sourceIdentifier": "security@mozilla.org", "published": "2025-05-30T02:15:19.670", - "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T15:33:17.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -71,20 +93,59 @@ "value": "CWE-1289" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*", + "versionEndExcluding": "1.0.0", + "matchCriteriaId": "2A9457A0-7004-4D5E-8C78-07A9BE0E13DA" + } + ] + } + ] } ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12607.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12607.json index d43b35e9069..7d7b1f6a153 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12607.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12607.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-07T09:15:14.700", "lastModified": "2025-03-07T09:15:14.700", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12609.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12609.json index 057dd4b19e3..e6d5a18be08 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12609.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12609.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-07T09:15:14.860", "lastModified": "2025-03-07T09:15:14.860", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12610.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12610.json index 6c5fb1d1da5..618d6551a7a 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12610.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12610.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-07T09:15:15.017", "lastModified": "2025-03-07T09:15:15.017", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-126xx/CVE-2024-12611.json b/CVE-2024/CVE-2024-126xx/CVE-2024-12611.json index 3dcb156ce2b..6e37e942717 100644 --- a/CVE-2024/CVE-2024-126xx/CVE-2024-12611.json +++ b/CVE-2024/CVE-2024-126xx/CVE-2024-12611.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-07T09:15:15.177", "lastModified": "2025-03-07T09:15:15.177", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-127xx/CVE-2024-12766.json b/CVE-2024/CVE-2024-127xx/CVE-2024-12766.json index 9845cfbc2ce..e8dfca0e84d 100644 --- a/CVE-2024/CVE-2024-127xx/CVE-2024-12766.json +++ b/CVE-2024/CVE-2024-127xx/CVE-2024-12766.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:30.000", "lastModified": "2025-03-20T14:15:18.387", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12915.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12915.json index ae2ecc42cc8..ced4c5e79db 100644 --- a/CVE-2024/CVE-2024-129xx/CVE-2024-12915.json +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12915.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Devinim Software Library Software permite XSS reflejado. Este problema afecta a Library Software: antes del 24.11.02." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1286.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1286.json index da6b9e2320b..36635b5dc38 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1286.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1286.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-30T06:15:01.777", "lastModified": "2024-11-21T08:50:14.037", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1287.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1287.json index b74c552f86c..4559e3b0354 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1287.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1287.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-30T06:15:02.210", "lastModified": "2024-11-21T08:50:14.227", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json b/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json index 48cc9f6d2a1..5facf65642a 100644 --- a/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json +++ b/CVE-2024/CVE-2024-132xx/CVE-2024-13209.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13209", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-09T04:15:11.683", - "lastModified": "2025-01-09T04:15:11.683", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:30:10.457", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -124,22 +144,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redaxo:redaxo:5.18.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2C19E4A4-3DEB-4107-A802-271B4C8C716A" + } + ] + } + ] + } + ], "references": [ { "url": "https://geochen.medium.com/redaxo-cms-5-18-1-cross-site-scripting-7c9a872c72f6", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.290814", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.290814", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.466396", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13337.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13337.json index 61ca20d7d58..e58d6950983 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13337.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13337.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T07:15:26.307", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13338.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13338.json index 0a971192d2f..eb7697dfaa1 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13338.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13338.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T07:15:26.707", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13915.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13915.json index 567984568da..4f63dafd8a6 100644 --- a/CVE-2024/CVE-2024-139xx/CVE-2024-13915.json +++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13915.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Los smartphones Android de fabricantes como Ulefone y Kr\u00fcger&Matz contienen la aplicaci\u00f3n \"com.pri.factorytest\" preinstalada durante el proceso de fabricaci\u00f3n. Esta aplicaci\u00f3n (nombre de la versi\u00f3n: 1.0, c\u00f3digo de la versi\u00f3n: 1) expone el servicio \"com.pri.factorytest.emmc.FactoryResetService\" que permite a cualquier aplicaci\u00f3n restablecer el dispositivo a la configuraci\u00f3n de f\u00e1brica. La actualizaci\u00f3n de la aplicaci\u00f3n no increment\u00f3 la versi\u00f3n del APK. En cambio, se incluy\u00f3 en compilaciones del sistema operativo publicadas despu\u00e9s de diciembre de 2024 (Ulefone) y, muy probablemente, en marzo de 2025 (Kr\u00fcger&Matz, aunque el fabricante no lo ha confirmado, por lo que las versiones m\u00e1s recientes tambi\u00e9n podr\u00edan ser vulnerables)." + "value": "Los smartphones Android de fabricantes como Ulefone and Kr\u00fcger&Matz contienen la aplicaci\u00f3n \"com.pri.factorytest\" preinstalada durante el proceso de fabricaci\u00f3n. Esta aplicaci\u00f3n (nombre de la versi\u00f3n: 1.0, c\u00f3digo de la versi\u00f3n: 1) expone el servicio \"com.pri.factorytest.emmc.FactoryResetService\" que permite a cualquier aplicaci\u00f3n restablecer el dispositivo a la configuraci\u00f3n de f\u00e1brica. La actualizaci\u00f3n de la aplicaci\u00f3n no increment\u00f3 la versi\u00f3n del APK. En cambio, se incluy\u00f3 en compilaciones del sistema operativo publicadas despu\u00e9s de diciembre de 2024 (Ulefone) y, muy probablemente, en marzo de 2025 (Kr\u00fcger&Matz, aunque el fabricante no lo ha confirmado, por lo que las versiones m\u00e1s recientes tambi\u00e9n podr\u00edan ser vulnerables)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13916.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13916.json index 5ad264a5307..c4bb0cd10ec 100644 --- a/CVE-2024/CVE-2024-139xx/CVE-2024-13916.json +++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13916.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "La aplicaci\u00f3n \"com.pri.applock\", preinstalada en los smartphones Kruger&Matz, permite cifrar cualquier aplicaci\u00f3n mediante el c\u00f3digo PIN proporcionado por el usuario o datos biom\u00e9tricos. El m\u00e9todo p\u00fablico \"query()\" del proveedor de contenido \"com.android.providers.settings.fingerprint.PriFpShareProvider\", expuesto, permite que cualquier otra aplicaci\u00f3n maliciosa, sin permisos del sistema Android, extraiga el c\u00f3digo PIN. El proveedor no proporcion\u00f3 informaci\u00f3n sobre las versiones vulnerables. Solo la versi\u00f3n (nombre de la versi\u00f3n: 13, c\u00f3digo de la versi\u00f3n: 33) fue probada y se confirm\u00f3 que presenta esta vulnerabilidad." + "value": "La aplicaci\u00f3n \"com.pri.applock\", preinstalada en los smartphones Kr\u00fcger&Matz, permite cifrar cualquier aplicaci\u00f3n mediante el c\u00f3digo PIN proporcionado por el usuario o datos biom\u00e9tricos. El m\u00e9todo p\u00fablico \"query()\" del proveedor de contenido \"com.android.providers.settings.fingerprint.PriFpShareProvider\", expuesto, permite que cualquier otra aplicaci\u00f3n maliciosa, sin permisos del sistema Android, extraiga el c\u00f3digo PIN. El proveedor no proporcion\u00f3 informaci\u00f3n sobre las versiones vulnerables. Solo la versi\u00f3n (nombre de la versi\u00f3n: 13, c\u00f3digo de la versi\u00f3n: 33) fue probada y se confirm\u00f3 que presenta esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13917.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13917.json index 2fea753682a..fbd63544925 100644 --- a/CVE-2024/CVE-2024-139xx/CVE-2024-13917.json +++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13917.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "La aplicaci\u00f3n \"com.pri.applock\", preinstalada en los smartphones Kruger&Matz, permite cifrar cualquier aplicaci\u00f3n mediante el c\u00f3digo PIN proporcionado por el usuario o datos biom\u00e9tricos. La actividad expuesta de \"com.pri.applock.LockUI\" permite que cualquier otra aplicaci\u00f3n maliciosa, sin permisos del sistema Android, inyecte una intenci\u00f3n arbitraria con privilegios de sistema en una aplicaci\u00f3n protegida. Es necesario conocer el n\u00famero PIN de protecci\u00f3n (podr\u00eda revelarse mediante la explotaci\u00f3n de CVE-2024-13916) o solicitar al usuario que lo proporcione. El proveedor no proporcion\u00f3 informaci\u00f3n sobre las versiones vulnerables. Solo la versi\u00f3n (nombre de la versi\u00f3n: 13, c\u00f3digo de la versi\u00f3n: 33) fue probada y se confirm\u00f3 que presenta esta vulnerabilidad." + "value": "La aplicaci\u00f3n \"com.pri.applock\", preinstalada en los smartphones Kr\u00fcger&Matz, permite cifrar cualquier aplicaci\u00f3n mediante el c\u00f3digo PIN proporcionado por el usuario o datos biom\u00e9tricos. La actividad expuesta de \"com.pri.applock.LockUI\" permite que cualquier otra aplicaci\u00f3n maliciosa, sin permisos del sistema Android, inyecte una intenci\u00f3n arbitraria con privilegios de sistema en una aplicaci\u00f3n protegida. Es necesario conocer el n\u00famero PIN de protecci\u00f3n (podr\u00eda revelarse mediante la explotaci\u00f3n de CVE-2024-13916) o solicitar al usuario que lo proporcione. El proveedor no proporcion\u00f3 informaci\u00f3n sobre las versiones vulnerables. Solo la versi\u00f3n (nombre de la versi\u00f3n: 13, c\u00f3digo de la versi\u00f3n: 33) fue probada y se confirm\u00f3 que presenta esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json index 4b25a7f2263..8c79cb0369b 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1511.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1511.json index 2c456701ed9..19c22e4ff72 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1511.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1511.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-10T17:15:51.670", "lastModified": "2024-11-21T08:50:44.160", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1520.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1520.json index 9926b02663f..0c664990cc7 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1520.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1520.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-10T17:15:51.930", "lastModified": "2024-11-21T08:50:44.787", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json index 6be58a5651f..7f7d8777b29 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-03-30T18:15:45.930", "lastModified": "2025-06-30T18:56:13.953", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json index d7c9aed94f0..0242bdff769 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.060", "lastModified": "2024-11-21T08:50:51.360", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1600.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1600.json index 329a7ec0f5c..310f6fd0d38 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1600.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1600.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-10T17:15:52.317", "lastModified": "2024-11-21T08:50:55.133", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json index 619d0c9a04f..961d83fbe35 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.597", "lastModified": "2024-11-21T08:50:55.263", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1602.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1602.json index 801d0dfc0e0..387f6d56025 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1602.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1602.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-10T17:15:52.537", "lastModified": "2024-11-21T08:50:55.387", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json index b0216e76870..73e4c753098 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.967", "lastModified": "2024-11-21T08:50:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1796.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1796.json index ec9f17ec77e..23150932a82 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1796.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1796.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-15T07:15:09.673", "lastModified": "2024-11-21T08:51:20.390", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json index 2620f4e74bc..b21292df04c 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20009.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20009", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.330", - "lastModified": "2024-11-21T08:51:47.310", + "lastModified": "2025-06-20T20:15:28.033", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json index 87564589599..fd011745a45 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20011.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20011", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.447", - "lastModified": "2024-11-21T08:51:47.577", + "lastModified": "2025-06-20T20:15:28.263", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-119" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json index 6f2b40f7c9e..6a7c09fb62a 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20013.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20013", "sourceIdentifier": "security@mediatek.com", "published": "2024-02-05T06:15:47.530", - "lastModified": "2024-11-21T08:51:47.850", + "lastModified": "2025-06-20T20:15:28.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-201xx/CVE-2024-20132.json b/CVE-2024/CVE-2024-201xx/CVE-2024-20132.json index f49c24728c5..d85cfac8a9b 100644 --- a/CVE-2024/CVE-2024-201xx/CVE-2024-20132.json +++ b/CVE-2024/CVE-2024-201xx/CVE-2024-20132.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20132", "sourceIdentifier": "security@mediatek.com", "published": "2024-12-02T04:15:05.460", - "lastModified": "2024-12-02T16:15:07.557", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T14:42:09.850", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,122 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9C2A1118-B5F7-4EF5-B329-0887B5F3430E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6298:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2EABFE5-4B6F-446C-9DE7-008D47C09ED7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE302F6F-170E-4350-A8F4-65BE0C50CB78" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78D4E9E1-B044-41EC-BE98-22DC0E5E9010" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20326.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20326.json index e94dac5e5d7..8282d3f143d 100644 --- a/CVE-2024/CVE-2024-203xx/CVE-2024-20326.json +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20326.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@cisco.com", "published": "2024-05-16T14:15:08.420", "lastModified": "2024-11-21T08:52:22.797", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20659.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20659.json index ed03be7f14e..1efa5383bcd 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20659.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20659.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20916.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20916.json index 533eec7e124..45af33c00bb 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20916.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20916.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20916", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:39.343", - "lastModified": "2024-11-21T08:53:25.550", + "lastModified": "2025-06-20T18:15:25.207", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json index 84e163f0e8a..530523040bd 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20918.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20918", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:39.510", - "lastModified": "2024-11-21T08:53:25.790", + "lastModified": "2025-06-20T18:15:25.377", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20920.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20920.json index cfb2c361a50..7e17bbdf173 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20920.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20920.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20920", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:39.687", - "lastModified": "2024-11-27T16:07:37.487", + "lastModified": "2025-06-20T18:15:25.547", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20934.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20934.json index 10f1d3937a3..130e5021f6a 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20934.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20934.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20934", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:40.937", - "lastModified": "2024-11-21T08:53:27.817", + "lastModified": "2025-06-20T18:15:25.700", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20940.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20940.json index da2d2b95aa0..a7b2b3353df 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20940.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20940.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20940", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:41.447", - "lastModified": "2024-11-21T08:53:28.510", + "lastModified": "2025-06-20T18:15:25.863", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20942.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20942.json index 993251de1aa..4db60e9240b 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20942.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20942.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20942", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:41.613", - "lastModified": "2024-11-21T08:53:28.740", + "lastModified": "2025-06-20T18:15:26.473", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20944.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20944.json index fc5229037d7..a8ea443830e 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20944.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20944.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20944", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:41.783", - "lastModified": "2024-11-21T08:53:28.977", + "lastModified": "2025-06-20T18:15:26.617", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20961.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20961.json index 8c39681b321..caa00cb8904 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20961.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20961.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20961", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:43.290", - "lastModified": "2024-11-21T08:53:30.967", + "lastModified": "2025-06-20T18:15:26.760", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20965.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20965.json index b11397a3f11..df11a75afc1 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20965.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20965.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20965", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:43.660", - "lastModified": "2024-11-21T08:53:31.440", + "lastModified": "2025-06-20T18:15:26.927", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20981.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20981.json index 478ea18a1c9..258719dc845 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20981.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20981.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20981", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:45.030", - "lastModified": "2024-11-21T08:53:33.523", + "lastModified": "2025-06-20T18:15:27.090", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20983.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20983.json index 36f09d69687..12e30afe8c2 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20983.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20983.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20983", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:45.200", - "lastModified": "2024-11-21T08:53:33.770", + "lastModified": "2025-06-20T18:15:27.253", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20985.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20985.json index 7afa6da1c52..90b0617d191 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20985.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20985.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20985", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-01-16T22:15:45.377", - "lastModified": "2024-11-21T08:53:34.007", + "lastModified": "2025-06-20T18:15:27.397", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert_us@oracle.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", @@ -49,6 +49,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2079.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2079.json index d8f4f2e59b8..86b9478a35d 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2079.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2079.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T22:15:11.910", "lastModified": "2024-11-21T09:09:00.000", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json index 02b271ec772..6cb938cd3e2 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21088", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:28.810", - "lastModified": "2024-11-21T08:53:45.673", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:11:44.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.4", + "versionEndIncluding": "12.2.12", + "matchCriteriaId": "D075EB78-C79F-47FB-8AF9-884F2583DB52" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json index 1703f42d6d8..e96bad5731d 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21765.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21765", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-24T02:15:07.110", - "lastModified": "2024-11-21T08:54:58.013", + "lastModified": "2025-06-20T20:15:28.683", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-611" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2169.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2169.json index d5c12ecfbde..8340922dfbf 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2169.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2169.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Las implementaciones del protocolo de aplicaci\u00f3n UDP son vulnerables a los bucles de red. Un atacante no autenticado puede utilizar paquetes manipulados con fines malintencionados contra una implementaci\u00f3n vulnerable que puede provocar una denegaci\u00f3n de servicio (DOS) y/o un abuso de recursos." + "value": "Las implementaciones de UDP application protocol son vulnerables a los bucles de red. Un atacante no autenticado puede utilizar paquetes manipulados con fines malintencionados contra una implementaci\u00f3n vulnerable que puede provocar una denegaci\u00f3n de servicio (DOS) y/o un abuso de recursos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2178.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2178.json index b80f699cd67..36601afda7b 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2178.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2178.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-06-02T11:15:07.390", "lastModified": "2024-11-21T09:09:11.810", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2193.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2193.json index b5beb6f86c2..eaefd33719b 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2193.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2193.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Se ha revelado una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas." + "value": "Se ha revelado una vulnerabilidad de Speculative Race Condition (SRC) que afecta a modern CPU architectures que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22113.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22113.json index bacc093a8e7..936cd7fd254 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22113.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22113.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22113", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-22T05:15:09.050", - "lastModified": "2024-11-21T08:55:36.803", + "lastModified": "2025-06-20T19:15:31.450", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-601" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22151.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22151.json index 338ffad3895..f73a09f5661 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22151.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22151.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-06-08T17:15:42.420", "lastModified": "2024-11-21T08:55:41.400", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22233.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22233.json index e72d94d8e8a..8353c472f82 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22233.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22233.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22233", "sourceIdentifier": "security@vmware.com", "published": "2024-01-22T13:15:25.453", - "lastModified": "2025-02-13T18:16:47.227", + "lastModified": "2025-06-20T19:15:31.627", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -69,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22351.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22351.json index 56cc12bdb6d..ef30ad27681 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22351.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22351.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-04-23T23:15:15.387", "lastModified": "2025-04-29T13:52:47.470", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22362.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22362.json index a6624e981ba..edf4d262011 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22362.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22362.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22362", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-16T04:15:07.993", - "lastModified": "2024-11-21T08:56:07.387", + "lastModified": "2025-06-20T18:15:27.553", "vulnStatus": "Modified", "cveTags": [ { @@ -43,6 +43,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -56,6 +76,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22366.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22366.json index 4db68aa5305..e368a7582c1 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22366.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22366.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22366", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-24T05:15:13.823", - "lastModified": "2024-11-21T08:56:07.920", + "lastModified": "2025-06-20T20:15:28.973", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json index b348d736c09..19e44cccb58 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22523.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22523", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T09:15:48.573", - "lastModified": "2024-11-21T08:56:24.053", + "lastModified": "2025-06-20T20:15:29.153", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json index b52ac6bea8b..485391a2d6e 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22549.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22549", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T15:15:09.670", - "lastModified": "2024-11-21T08:56:26.580", + "lastModified": "2025-06-20T19:15:31.770", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json index 48dddef9f26..135f45cc5a9 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22568.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22568", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T15:15:09.717", - "lastModified": "2024-11-21T08:56:27.713", + "lastModified": "2025-06-20T19:15:31.997", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json index 39678669cc5..b503e835902 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22570.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22570", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.420", - "lastModified": "2024-11-21T08:56:28.010", + "lastModified": "2025-06-20T20:15:29.323", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json index 6e1beb57e48..38eb55cb1ab 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22591.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22591", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T15:15:09.763", - "lastModified": "2024-11-21T08:56:28.613", + "lastModified": "2025-06-20T19:15:32.193", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json index fc039893d56..3040e2e9442 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22601.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22601", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-18T17:15:14.417", - "lastModified": "2024-11-21T08:56:29.163", + "lastModified": "2025-06-20T19:15:32.393", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22627.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22627.json index 6e536478fb0..20a69700aa1 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22627.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22627.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22627", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-16T18:15:11.167", - "lastModified": "2024-11-21T08:56:29.890", + "lastModified": "2025-06-20T18:15:27.740", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22635.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22635.json index 95c5b98c0a6..137083e0b19 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22635.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22635.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22635", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T21:15:09.333", - "lastModified": "2024-11-21T08:56:30.567", + "lastModified": "2025-06-20T20:15:29.483", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json index 29878c11a95..22b5d9326f2 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22648.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22648", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T07:15:08.200", - "lastModified": "2024-11-21T08:56:32.420", + "lastModified": "2025-06-20T20:15:29.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-918" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22660.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22660.json index 8326045383c..599c862d1b0 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22660.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22660.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22660", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T15:15:11.867", - "lastModified": "2024-11-21T08:56:32.850", + "lastModified": "2025-06-20T20:15:29.823", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22662.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22662.json index 36fb69bfb00..f88e0de0b56 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22662.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22662.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22662", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T15:15:11.913", - "lastModified": "2024-11-21T08:56:33.027", + "lastModified": "2025-06-20T20:15:29.990", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json index c6f201620cc..8f3f560e3d5 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22714.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22714", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T18:15:45.410", - "lastModified": "2024-11-21T08:56:33.897", + "lastModified": "2025-06-20T18:15:27.917", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json index 62e93dbc406..fd99d2a4e55 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22715.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22715", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-17T18:15:45.457", - "lastModified": "2024-11-21T08:56:34.070", + "lastModified": "2025-06-20T21:15:20.697", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22751.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22751.json index 10770098ec7..336841cf9a7 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22751.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22751.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22751", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-24T21:15:08.733", - "lastModified": "2024-11-21T08:56:36.950", + "lastModified": "2025-06-20T20:15:30.153", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json index fe48f858193..f2c1eddfc09 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22836", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T20:15:52.830", - "lastModified": "2024-11-21T08:56:41.727", + "lastModified": "2025-06-20T21:15:20.857", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22853.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22853.json index 1c648867544..d5d32f3bc63 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22853.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22853.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22853", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T02:15:08.757", - "lastModified": "2024-11-21T08:56:42.197", + "lastModified": "2025-06-20T21:15:21.023", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-798" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json index 4e8dfb2afa8..a95e3093cad 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22862.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22862", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-27T06:15:48.477", - "lastModified": "2024-11-21T08:56:43.717", + "lastModified": "2025-06-20T20:15:30.327", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-190" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22955.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22955.json index 98d02695b37..4e906dbf6b8 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22955.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22955.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22955", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T18:15:09.003", - "lastModified": "2024-11-21T08:56:50.440", + "lastModified": "2025-06-20T19:15:32.633", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22957.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22957.json index 21179bc038e..e49b223a7df 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22957.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22957.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22957", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T18:15:09.093", - "lastModified": "2024-11-21T08:56:50.740", + "lastModified": "2025-06-20T19:15:32.837", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2249.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2249.json index 2078d40007a..61fd35825f8 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2249.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2249.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-03-14T22:15:22.600", "lastModified": "2024-11-21T09:09:20.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2299.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2299.json index f1a93cb0f72..f3b4acce05e 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2299.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2299.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-14T15:18:47.760", "lastModified": "2024-11-21T09:09:27.393", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json index d3c863b5fea..1bde7326a5a 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23032.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23032", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T23:15:11.067", - "lastModified": "2024-11-21T08:56:51.487", + "lastModified": "2025-06-20T20:15:30.490", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-230xx/CVE-2024-23078.json b/CVE-2024/CVE-2024-230xx/CVE-2024-23078.json index 7523ad7534c..5ca0e338c41 100644 --- a/CVE-2024/CVE-2024-230xx/CVE-2024-23078.json +++ b/CVE-2024/CVE-2024-230xx/CVE-2024-23078.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-04-08T20:15:08.500", "lastModified": "2024-11-21T08:56:54.150", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23170.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23170.json index 0a30d9517be..19aa6a8ca1c 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23170.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23170.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23170", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T08:15:42.220", - "lastModified": "2024-11-21T08:57:06.877", + "lastModified": "2025-06-20T20:15:30.660", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-203" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-385" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23181.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23181.json index 7e68405679b..5226373c1ae 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23181.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23181.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23181", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-23T10:15:10.493", - "lastModified": "2024-11-21T08:57:08.347", + "lastModified": "2025-06-20T20:15:30.830", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23183.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23183.json index 420f8ac3de4..63e9fb0cf46 100644 --- a/CVE-2024/CVE-2024-231xx/CVE-2024-23183.json +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23183.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23183", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-01-23T10:15:10.590", - "lastModified": "2024-11-21T08:57:08.607", + "lastModified": "2025-06-20T20:15:31.003", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json index c73e8102af1..1dbb35b1c18 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23211.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23211", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.087", - "lastModified": "2024-11-21T08:57:11.873", + "lastModified": "2025-06-20T20:15:31.170", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-359" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json index a856ab7b26a..4b5ceb038e6 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23213.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23213", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.183", - "lastModified": "2024-11-21T08:57:12.177", + "lastModified": "2025-06-20T20:15:31.370", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23224.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23224.json index 6a375815537..88f7b0e24eb 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23224.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23224.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23224", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.600", - "lastModified": "2024-11-21T08:57:13.717", + "lastModified": "2025-06-20T20:15:31.590", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23347.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23347.json index 069910eaf9d..4cedb486b2f 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23347.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23347.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23347", "sourceIdentifier": "cve-assign@fb.com", "published": "2024-01-16T18:15:11.267", - "lastModified": "2024-11-21T08:57:33.577", + "lastModified": "2025-06-20T18:15:28.087", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23492.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23492.json index a69c42a4a02..9bc104fadb5 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23492.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23492.json @@ -19,7 +19,7 @@ }, { "lang": "es", - "value": "Se utiliza una codificaci\u00f3n d\u00e9bil para transmitir credenciales para WS203VICM." + "value": "se utiliza una codificaci\u00f3n d\u00e9bil para transmitir credenciales para WS203VICM." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json index 0a7a7e1ca10..f525dcf7a08 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23682.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23682", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.273", - "lastModified": "2024-11-21T08:58:09.943", + "lastModified": "2025-06-20T19:15:33.023", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.5, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 } ] }, diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json index 1b1409dbbda..28ccf1650fa 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23683.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23683", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.340", - "lastModified": "2024-11-21T08:58:10.077", + "lastModified": "2025-06-20T19:15:34.007", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.5, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-653" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23684.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23684.json index 474e337a4cb..d9414a691d6 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23684.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23684.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23684", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T21:15:10.387", - "lastModified": "2024-11-21T08:58:10.200", + "lastModified": "2025-06-20T19:15:34.250", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json index dc0156aba22..af937f10fb9 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23688.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23688", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-19T22:15:08.563", - "lastModified": "2024-11-21T08:58:10.720", + "lastModified": "2025-06-20T19:15:34.427", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json index a8cf2838c96..bba0c70cbac 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23732.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23732", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-21T17:15:44.497", - "lastModified": "2024-11-21T08:58:16.123", + "lastModified": "2025-06-20T19:15:34.680", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-1333" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23747.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23747.json index 64782c83960..09d53991467 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23747.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23747.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23747", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T14:15:09.993", - "lastModified": "2024-11-21T08:58:18.813", + "lastModified": "2025-06-20T20:15:31.770", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-639" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23750.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23750.json index 692466333f8..f8d186a819d 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23750.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23750.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23750", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T01:15:08.507", - "lastModified": "2024-11-21T08:58:19.137", + "lastModified": "2025-06-20T19:15:34.880", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-94" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23751.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23751.json index 5dfa70bc197..bf36d32023d 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23751.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23751.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23751", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-22T01:15:08.557", - "lastModified": "2024-11-21T08:58:19.283", + "lastModified": "2025-06-20T19:15:35.067", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json index ce9ba90aeca..84d8839a8d5 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23898.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23898", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.420", - "lastModified": "2024-11-21T08:58:39.923", + "lastModified": "2025-06-20T20:15:31.930", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-346" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23904.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23904.json index eaf2737896e..87fac514a73 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23904.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23904.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23904", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.707", - "lastModified": "2024-11-21T08:58:40.703", + "lastModified": "2025-06-20T20:15:32.097", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23905.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23905.json index 226a5e48574..8d2790ed63f 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23905.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23905.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23905", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2024-01-24T18:15:09.750", - "lastModified": "2024-11-21T08:58:40.820", + "lastModified": "2025-06-20T20:15:32.317", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json index b102407c5ba..045bd622a8a 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2337.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-07-20T03:15:02.290", "lastModified": "2024-11-21T09:09:32.557", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2358.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2358.json index 14cdff63ddd..e380d7c4235 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2358.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2358.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:09.800", "lastModified": "2024-11-21T09:09:35.293", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2361.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2361.json index ba0be76a074..faf583408ce 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2361.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2361.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:10.060", "lastModified": "2024-11-21T09:09:35.667", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2366.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2366.json index bf6149af1e8..4675891398a 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2366.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2366.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:10.287", "lastModified": "2024-11-21T09:09:36.327", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json index 62d6d1f3737..4cb044eee64 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24015", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T16:15:52.410", - "lastModified": "2024-11-21T08:58:49.523", + "lastModified": "2025-06-20T21:15:21.197", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json index 9c98791afce..049555daef7 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24136.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24136", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.467", - "lastModified": "2024-11-21T08:58:57.783", + "lastModified": "2025-06-20T20:15:32.483", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json index adee2a8e25e..bf2b4e518c5 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24189.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24189", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:52.967", - "lastModified": "2024-11-21T08:59:00.740", + "lastModified": "2025-06-20T21:15:21.370", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-416" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24215.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24215.json index ddb3b41a5b7..b067b78ea9b 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24215.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24215.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24215", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T19:15:08.233", - "lastModified": "2024-11-21T08:59:02.470", + "lastModified": "2025-06-20T21:15:21.533", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24267.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24267.json index 3f00cbb558e..bb60837cd01 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24267.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24267.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24267", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T18:15:52.427", - "lastModified": "2024-11-21T08:59:05.483", + "lastModified": "2025-06-20T20:15:32.657", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-401" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24321.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24321.json index e9bb79c73d7..2aa33e5f9c2 100644 --- a/CVE-2024/CVE-2024-243xx/CVE-2024-24321.json +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24321.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24321", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T18:15:08.293", - "lastModified": "2024-11-21T08:59:09.990", + "lastModified": "2025-06-20T21:15:21.693", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-77" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24324.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24324.json index e1969e9de38..f560da6a3a1 100644 --- a/CVE-2024/CVE-2024-243xx/CVE-2024-24324.json +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24324.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24324", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T15:15:09.277", - "lastModified": "2024-11-21T08:59:10.370", + "lastModified": "2025-06-20T20:15:32.830", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-798" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24325.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24325.json index b3f00c3b629..1544daf2f9f 100644 --- a/CVE-2024/CVE-2024-243xx/CVE-2024-24325.json +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24325.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24325", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T15:15:09.333", - "lastModified": "2024-11-21T08:59:10.503", + "lastModified": "2025-06-20T20:15:33.017", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24470.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24470.json index fd6d6f37ef5..bb681ae2cee 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24470.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24470.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24470", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T16:15:55.923", - "lastModified": "2024-11-21T08:59:18.627", + "lastModified": "2025-06-20T20:15:33.193", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-352" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json index ec754bc720e..29fd177ee12 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24474.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24474", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-20T18:15:52.463", - "lastModified": "2024-11-21T08:59:18.777", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T19:29:42.757", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,38 +55,84 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qemu:qemu:*:-:*:*:*:*:*:*", + "versionEndExcluding": "8.2.0", + "matchCriteriaId": "86B25D2C-10FE-46DC-B445-C31275650326" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.com/qemu-project/qemu/-/issues/1810", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240510-0012/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.com/qemu-project/qemu/-/issues/1810", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240510-0012/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24736.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24736.json index 4126f09ca8a..5e39c3f9d02 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24736.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24736.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24736", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T04:15:07.637", - "lastModified": "2024-11-21T08:59:35.727", + "lastModified": "2025-06-20T20:15:33.387", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24778.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24778.json index affc29b5e32..31cf76f7541 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24778.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24778.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2025-03-03T11:15:11.113", "lastModified": "2025-03-03T18:15:28.933", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2457.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2457.json index 2f6cb37c60a..3a8c03e750f 100644 --- a/CVE-2024/CVE-2024-24xx/CVE-2024-2457.json +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2457.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:34.193", "lastModified": "2024-11-21T09:09:47.580", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json index 520ebf54dfd..221f759137f 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25200", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:53.013", - "lastModified": "2024-11-21T09:00:26.753", + "lastModified": "2025-06-20T21:15:21.870", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25307.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25307.json index 53b1bbdaaa4..f177d82857a 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25307.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25307.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25307", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T14:15:08.750", - "lastModified": "2024-11-21T09:00:36.717", + "lastModified": "2025-06-20T21:15:22.033", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25310.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25310.json index a9d1e090e48..6f198cb8994 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25310.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25310.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25310", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T14:15:08.807", - "lastModified": "2024-11-21T09:00:37.193", + "lastModified": "2025-06-20T21:15:22.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25312.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25312.json index 55a7e857dae..74e91252500 100644 --- a/CVE-2024/CVE-2024-253xx/CVE-2024-25312.json +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25312.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25312", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T13:15:42.177", - "lastModified": "2024-11-21T09:00:37.333", + "lastModified": "2025-06-20T21:15:22.363", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25411.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25411.json index 29b784dd429..709191be405 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25411.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25411.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T18:15:04.000", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json index df078624b42..26d494ec6c4 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25445.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25445", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T15:15:08.860", - "lastModified": "2024-11-21T09:00:49.237", + "lastModified": "2025-06-20T21:15:22.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-617" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25658.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25658.json index 8502c6ee630..2eba98ca182 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25658.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25658.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-01T15:15:07.640", "lastModified": "2024-11-22T20:15:08.393", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25661.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25661.json index de0b3ff040f..6313a357aa4 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25661.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25661.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-01T15:15:07.740", "lastModified": "2024-10-04T13:51:25.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json index 512523c090c..1e7e07704fe 100644 --- a/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25678", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T10:15:08.683", - "lastModified": "2024-11-21T09:01:12.943", + "lastModified": "2025-06-20T21:15:22.707", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 } ] }, @@ -49,6 +69,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json b/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json index fdc1220e81c..36fe21cc317 100644 --- a/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json +++ b/CVE-2024/CVE-2024-26xx/CVE-2024-2659.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@lenovo.com", "published": "2024-04-15T18:15:10.837", "lastModified": "2024-11-21T09:10:13.803", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json index 3ef6a4f36d4..32bfbceb6e6 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:19.703", "lastModified": "2024-11-21T09:04:20.897", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json index 177bc21f738..e2af3615c56 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:20.253", "lastModified": "2024-11-21T09:04:21.023", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json index fec3f8c921c..987ab10eb3a 100644 --- a/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-01T22:15:20.773", "lastModified": "2024-11-21T09:04:21.157", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27766.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27766.json index 2012c08fc66..1046349cbc0 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27766.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27766.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-17T22:15:02.920", "lastModified": "2024-10-21T00:15:12.173", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28060.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28060.json index 27d18c11da4..986af44d47e 100644 --- a/CVE-2024/CVE-2024-280xx/CVE-2024-28060.json +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28060.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-05-28T20:16:35.747", "lastModified": "2025-05-30T16:15:37.183", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json index 712f9e1fae5..e3ff1d97959 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-01T16:15:08.277", "lastModified": "2024-11-06T17:35:30.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28747.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28747.json index 32dee31a4d3..a5d0af99d11 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28747.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28747.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": " Un atacante remoto no autenticado puede utilizar las credenciales codificadas para acceder a los dispositivos SmartSPS con altos privilegios." + "value": "Un atacante remoto no autenticado puede utilizar las credenciales codificadas para acceder a los dispositivos SmartSPS con altos privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28748.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28748.json index 106af6b0a44..d2e42eb1035 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28748.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28748.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": " Un atacante remoto con altos privilegios puede utilizar una funci\u00f3n de lectura de archivos para inyectar comandos del sistema operativo." + "value": "Un atacante remoto con altos privilegios puede utilizar una funci\u00f3n de lectura de archivos para inyectar comandos del sistema operativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28750.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28750.json index 9de538c2a83..f0f222d0491 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28750.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28750.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": " Un atacante remoto con altos privilegios puede utilizar una funci\u00f3n de eliminaci\u00f3n de archivos para inyectar comandos del sistema operativo." + "value": "Un atacante remoto con altos privilegios puede utilizar una funci\u00f3n de eliminaci\u00f3n de archivos para inyectar comandos del sistema operativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28751.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28751.json index f4561aaa57a..1614ec1832d 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28751.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28751.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": " Un atacante remoto con altos privilegios puede habilitar el acceso telnet que acepte credenciales codificadas." + "value": "Un atacante remoto con altos privilegios puede habilitar el acceso telnet que acepte credenciales codificadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2872.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2872.json index 0a323458433..5dd7a023d74 100644 --- a/CVE-2024/CVE-2024-28xx/CVE-2024-2872.json +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2872.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-08-01T06:15:02.443", "lastModified": "2024-08-02T19:35:35.923", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29028.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29028.json index 008f6461e26..03d2e296584 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29028.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29028.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-19T15:15:50.243", "lastModified": "2024-11-21T09:07:24.313", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29030.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29030.json index 1c44c5636c5..d84319d1033 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29030.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29030.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-19T15:15:50.430", "lastModified": "2024-11-21T09:07:24.583", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-292xx/CVE-2024-29213.json b/CVE-2024/CVE-2024-292xx/CVE-2024-29213.json index e2aea9edad9..3bfb61ae544 100644 --- a/CVE-2024/CVE-2024-292xx/CVE-2024-29213.json +++ b/CVE-2024/CVE-2024-292xx/CVE-2024-29213.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-10-18T23:15:03.180", "lastModified": "2024-10-21T18:35:11.263", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-292xx/CVE-2024-29215.json b/CVE-2024/CVE-2024-292xx/CVE-2024-29215.json index bdf10d8a584..c5dd0eb6035 100644 --- a/CVE-2024/CVE-2024-292xx/CVE-2024-29215.json +++ b/CVE-2024/CVE-2024-292xx/CVE-2024-29215.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-05-26T14:15:08.627", "lastModified": "2024-11-21T09:07:50.043", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-293xx/CVE-2024-29390.json b/CVE-2024/CVE-2024-293xx/CVE-2024-29390.json index 238007d8fe9..26071964684 100644 --- a/CVE-2024/CVE-2024-293xx/CVE-2024-29390.json +++ b/CVE-2024/CVE-2024-293xx/CVE-2024-29390.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29390", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-20T21:15:49.583", - "lastModified": "2025-03-27T20:15:25.893", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:55:47.947", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:anujk305:daily_expenses_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CF5FB6C2-F1F6-4500-A5CA-EC9BB94F9F76" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/CyberSentryX/CVE_Hunting/blob/main/CVE-2024-29390/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/CyberSentryX/CVE_Hunting/blob/main/CVE-2024-29390/README.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-298xx/CVE-2024-29821.json b/CVE-2024/CVE-2024-298xx/CVE-2024-29821.json index 931de3b67ac..49298adcaa6 100644 --- a/CVE-2024/CVE-2024-298xx/CVE-2024-29821.json +++ b/CVE-2024/CVE-2024-298xx/CVE-2024-29821.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-10-18T23:15:03.357", "lastModified": "2024-10-21T18:35:11.957", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-298xx/CVE-2024-29855.json b/CVE-2024/CVE-2024-298xx/CVE-2024-29855.json index 77663c199ee..5e00e6715ff 100644 --- a/CVE-2024/CVE-2024-298xx/CVE-2024-29855.json +++ b/CVE-2024/CVE-2024-298xx/CVE-2024-29855.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-06-11T04:15:12.953", "lastModified": "2025-03-27T21:15:48.220", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30370.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30370.json index 30e2312b7d5..4acf2bd6345 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30370.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30370.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30370", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-04-02T21:15:50.403", - "lastModified": "2024-11-21T09:11:47.807", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:15:03.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rarlab:winrar:7.00:beta4:*:*:*:*:*:*", + "matchCriteriaId": "3916EB0B-BCF0-4B6A-A0C5-FE9C2E1967AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-357/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-357/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json index debe93ec9f7..d73918d6836 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json @@ -2,8 +2,8 @@ "id": "CVE-2024-30656", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T22:15:08.870", - "lastModified": "2024-11-21T09:12:24.060", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:13:44.160", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,14 +59,61 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fireboltt:dream_firmware:bsw202_fb_aac_v2.0_20240110-20240110-1956:*:*:*:*:*:*:*", + "matchCriteriaId": "85B406FA-5DF0-4EA7-9053-2D999BD61A16" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:fireboltt:dream:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2BECBDAE-8B91-40D5-A2B7-8A659A0636F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Yashodhanvivek/Firebolt-wristphone-vulnerability", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Yashodhanvivek/Firebolt-wristphone-vulnerability", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json index 2d1a0942af4..4a86ce4c16a 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31030.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31030.json index a1fb99bc2f8..562517f213f 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31030.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31030.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31030", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-31T18:15:12.893", - "lastModified": "2024-11-21T09:12:44.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:16:18.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:keith-cullen:freecoap:0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "E92C8E66-1E72-409F-A020-416361E4FEFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/keith-cullen/FreeCoAP/issues/36", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory", + "Exploit" + ] }, { "url": "https://github.com/keith-cullen/FreeCoAP/issues/36", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Vendor Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31466.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31466.json index 4eb38cb6e9c..b2c4cd1b740 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31466.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31466.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31466", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T22:15:09.777", - "lastModified": "2025-06-05T15:26:15.253", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T14:15:25.733", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31467.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31467.json index 316b23fd9b1..0cc0d6f4808 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31467.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31467.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31467", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:08.250", - "lastModified": "2025-06-05T15:25:12.077", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T14:15:27.130", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31468.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31468.json index cea6a7f7a67..0b3f84cabfe 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31468.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31468.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31468", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:08.870", - "lastModified": "2025-06-05T15:25:18.423", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T14:15:27.320", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n \n\n" + "value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31469.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31469.json index d0d86f252ee..44abd5c180e 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31469.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31469.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31469", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:09.153", - "lastModified": "2025-06-05T15:25:26.090", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T14:15:27.493", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n \n\n" + "value": "There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31470.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31470.json index dcb755cbc8a..33c84d72123 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31470.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31470.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31470", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:09.443", - "lastModified": "2025-06-05T15:25:37.400", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T14:15:27.670", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + "value": "There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31471.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31471.json index 547d6f7ee12..d376d55b432 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31471.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31471.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31471", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:09.753", - "lastModified": "2025-06-05T15:25:40.620", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T15:15:22.450", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + "value": "There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31472.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31472.json index a7bf3692d2b..9c59810b478 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31472.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31472.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31472", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:10.020", - "lastModified": "2025-06-05T15:25:42.627", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T15:15:22.630", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + "value": "There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31478.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31478.json index 906781849ab..9d46f50a4ea 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31478.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31478.json @@ -2,13 +2,13 @@ "id": "CVE-2024-31478", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-05-14T23:15:11.710", - "lastModified": "2025-06-05T15:25:55.663", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-24T15:15:22.803", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point.\n\n" + "value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point." }, { "lang": "es", @@ -113,19 +113,15 @@ ], "references": [ { - "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", - "source": "security-alert@hpe.com", - "tags": [ - "Vendor Advisory", - "Broken Link" - ] + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US", + "source": "security-alert@hpe.com" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory", - "Broken Link" + "Broken Link", + "Vendor Advisory" ] } ] diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json index 97a1a86635d..8a0f23b6778 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31648", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T21:15:07.503", - "lastModified": "2024-11-21T09:13:47.353", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:14:07.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:munyweki:insurance_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "826B7388-F683-45AE-908E-A26D1D12CCAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31648.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31648.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json index 05780dd294d..868580aec56 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31651", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T22:15:09.023", - "lastModified": "2024-11-21T09:13:47.943", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:13:20.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:cosmetics_and_beauty_product_online_store:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "45F28AF1-82AD-49E5-BFA6-6EED05B876DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31651.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31651.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31914.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31914.json index 0cddc1c8ed8..cf70f96dc16 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31914.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31914.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31914", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-06T16:15:28.320", - "lastModified": "2025-01-06T17:15:36.653", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:10:14.347", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -81,10 +81,61 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", + "versionStartIncluding": "6.0.0.0", + "versionEndIncluding": "6.1.2.5", + "matchCriteriaId": "61E77E5A-B2DD-4ABA-BD86-7D097EB0AC8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", + "versionStartIncluding": "6.2", + "versionEndIncluding": "6.2.0.2", + "matchCriteriaId": "D8430DCD-DFB0-4420-9FBA-8E3D8F2A0A86" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7176081", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3126.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3126.json index 53f01d04f7d..c3ea835d156 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3126.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3126.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:13.840", "lastModified": "2024-11-21T09:28:57.510", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3129.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3129.json index 1b413a92a36..8dfa8ac39e8 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3129.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3129.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3129", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-01T16:15:59.810", - "lastModified": "2024-11-21T09:28:57.870", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:27:55.227", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -76,38 +76,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rems:image_accordion_gallery_app:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D0672F1A-1FA8-4A61-A352-5B444575968A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.258873", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.258873", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.308188", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.258873", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.258873", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.308188", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3183.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3183.json index 88a4066ef65..3019a19f4ea 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3183.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3183.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json b/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json index 8e735b0eec0..aff5a9e54b2 100644 --- a/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json +++ b/CVE-2024/CVE-2024-322xx/CVE-2024-32231.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-08-15T18:15:19.507", "lastModified": "2024-11-22T21:15:17.970", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-333xx/CVE-2024-33365.json b/CVE-2024/CVE-2024-333xx/CVE-2024-33365.json index a1c9ad6c6eb..953f506ef39 100644 --- a/CVE-2024/CVE-2024-333xx/CVE-2024-33365.json +++ b/CVE-2024/CVE-2024-333xx/CVE-2024-33365.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-29T17:15:10.947", "lastModified": "2024-11-21T09:16:50.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-333xx/CVE-2024-33368.json b/CVE-2024/CVE-2024-333xx/CVE-2024-33368.json index 517bbe34822..22f1a69bcfe 100644 --- a/CVE-2024/CVE-2024-333xx/CVE-2024-33368.json +++ b/CVE-2024/CVE-2024-333xx/CVE-2024-33368.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T19:15:09.830", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-333xx/CVE-2024-33369.json b/CVE-2024/CVE-2024-333xx/CVE-2024-33369.json index 5dd37703275..edbcfc221b5 100644 --- a/CVE-2024/CVE-2024-333xx/CVE-2024-33369.json +++ b/CVE-2024/CVE-2024-333xx/CVE-2024-33369.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T19:15:10.040", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-333xx/CVE-2024-33394.json b/CVE-2024/CVE-2024-333xx/CVE-2024-33394.json index 9b2538dd542..240bee06457 100644 --- a/CVE-2024/CVE-2024-333xx/CVE-2024-33394.json +++ b/CVE-2024/CVE-2024-333xx/CVE-2024-33394.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-05-02T18:15:07.523", "lastModified": "2024-11-21T09:16:52.647", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33601.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33601.json index b7c55a14581..c037eb4b094 100644 --- a/CVE-2024/CVE-2024-336xx/CVE-2024-33601.json +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33601.json @@ -3,7 +3,7 @@ "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "published": "2024-05-06T20:15:11.603", "lastModified": "2025-06-18T14:44:19.073", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -238,17 +238,6 @@ { "operator": "AND", "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF" - } - ] - }, { "operator": "OR", "negate": false, @@ -265,17 +254,6 @@ { "operator": "AND", "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", - "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC" - } - ] - }, { "operator": "OR", "negate": false, diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33610.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33610.json index e0fc45e8636..de49e61211c 100644 --- a/CVE-2024/CVE-2024-336xx/CVE-2024-33610.json +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33610.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "\"sessionlist.html\" y \"sys_trayentryreboot.html\" son accesibles sin autenticaci\u00f3n. \"sessionlist.html\" proporciona informaci\u00f3n de la sesi\u00f3n de los usuarios que han iniciado sesi\u00f3n, incluidas las cookies de sesi\u00f3n, y \"sys_trayentryreboot.html\" permite reiniciar el dispositivo. En cuanto a los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se enumeran en [Referencias]." + "value": "Sharp and Toshiba Tec MFPs\n\"sessionlist.html\" y \"sys_trayentryreboot.html\" son accesibles sin autenticaci\u00f3n. \"sessionlist.html\" proporciona informaci\u00f3n de la sesi\u00f3n de los usuarios que han iniciado sesi\u00f3n, incluidas las cookies de sesi\u00f3n, y \"sys_trayentryreboot.html\" permite reiniciar el dispositivo. En cuanto a los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se enumeran en [Referencias]." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-338xx/CVE-2024-33894.json b/CVE-2024/CVE-2024-338xx/CVE-2024-33894.json index b3366f57beb..df85516d50d 100644 --- a/CVE-2024/CVE-2024-338xx/CVE-2024-33894.json +++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33894.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33894", "sourceIdentifier": "cve@mitre.org", "published": "2024-08-02T18:16:18.837", - "lastModified": "2024-11-21T09:17:41.037", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:10:12.833", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,26 +51,106 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.0s0", + "versionEndExcluding": "21.2s10", + "matchCriteriaId": "04E2B00A-5F5D-455D-84DA-4ABFA82A1863" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "22.0s0", + "versionEndExcluding": "22.1s3", + "matchCriteriaId": "1873C613-5DB5-4BFB-A538-860E1BF6555B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.ewon.biz/products/cosy/ewon-cosy-wifi", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.hms-networks.com/cyber-security", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://seclists.org/fulldisclosure/2024/Aug/23", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-339xx/CVE-2024-33939.json b/CVE-2024/CVE-2024-339xx/CVE-2024-33939.json index 0cc58ce4423..ba16615828a 100644 --- a/CVE-2024/CVE-2024-339xx/CVE-2024-33939.json +++ b/CVE-2024/CVE-2024-339xx/CVE-2024-33939.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-19T16:15:25.820", "lastModified": "2025-05-21T20:25:33.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-344xx/CVE-2024-34451.json b/CVE-2024/CVE-2024-344xx/CVE-2024-34451.json index e55c11020ee..6c4b21ffab1 100644 --- a/CVE-2024/CVE-2024-344xx/CVE-2024-34451.json +++ b/CVE-2024/CVE-2024-344xx/CVE-2024-34451.json @@ -2,8 +2,8 @@ "id": "CVE-2024-34451", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-16T22:15:09.130", - "lastModified": "2024-11-21T09:18:42.080", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:06:23.123", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -58,30 +58,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "5.85.1", + "matchCriteriaId": "34CA423F-0F71-4CB7-95A0-177069B031F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/TryGhost/Ghost/releases", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://docs.google.com/document/d/1iy0X4Vc9xXYoBxFrcW6ATo8GKPV6ivuLVzn6GgEpwqE", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] }, { "url": "https://ghost.org/docs/faq/proxying-https-infinite-loops/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://github.com/TryGhost/Ghost/releases", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3435.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3435.json index 93b8e34f5c3..2dfd66dd576 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3435.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3435.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:14.290", "lastModified": "2024-11-21T09:29:36.027", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-350xx/CVE-2024-35079.json b/CVE-2024/CVE-2024-350xx/CVE-2024-35079.json index df9ad2bacee..9137bfe0f5f 100644 --- a/CVE-2024/CVE-2024-350xx/CVE-2024-35079.json +++ b/CVE-2024/CVE-2024-350xx/CVE-2024-35079.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35079", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-23T19:16:01.357", - "lastModified": "2024-11-21T09:19:44.643", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:19:38.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inxedu:inxedu:2024.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D9E1E159-DDBE-4463-A377-F7CAF485AFDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35079.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.inxedu.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35079.txt", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.inxedu.com/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-350xx/CVE-2024-35080.json b/CVE-2024/CVE-2024-350xx/CVE-2024-35080.json index c8d8572c7cc..cb8c35b9f4b 100644 --- a/CVE-2024/CVE-2024-350xx/CVE-2024-35080.json +++ b/CVE-2024/CVE-2024-350xx/CVE-2024-35080.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35080", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-23T19:16:01.470", - "lastModified": "2024-11-21T09:19:44.860", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:19:02.390", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inxedu:inxedu:2024.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D9E1E159-DDBE-4463-A377-F7CAF485AFDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35080.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.inxedu.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35080.txt", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.inxedu.com/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json index 5235d7908ef..4a205d4afe5 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35144.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-25T15:15:07.633", "lastModified": "2025-01-25T15:15:07.633", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json index e6bb1453a3f..7070d1a7f12 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35145.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-25T15:15:08.440", "lastModified": "2025-01-25T15:15:08.440", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json index a06d5b4d665..000d0aa50ed 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-06T15:15:19.247", "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json index 3a83b302c9d..2ee8193bad5 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35148.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-25T15:15:08.613", "lastModified": "2025-01-25T15:15:08.613", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json index 2177cefa462..b864f9d2275 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35150.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-25T15:15:08.770", "lastModified": "2025-01-25T15:15:08.770", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35236.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35236.json index fbeda33fa0f..b7dfaec3549 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35236.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35236.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-05-27T17:15:09.990", "lastModified": "2024-11-21T09:19:59.650", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json index 61cdd0688ee..13cc514e333 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.307", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json index cdf0b60f026..0929cab26a2 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.367", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json index 1928d058c28..664be593548 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.450", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json index 7ecf6a24513..69078ec3a5e 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.533", "lastModified": "2025-03-25T15:15:22.007", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json index 0e4dff7a4ab..896cc807975 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.613", "lastModified": "2024-10-23T21:35:04.820", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-355xx/CVE-2024-35570.json b/CVE-2024/CVE-2024-355xx/CVE-2024-35570.json index 914136d3d04..926b5f63c61 100644 --- a/CVE-2024/CVE-2024-355xx/CVE-2024-35570.json +++ b/CVE-2024/CVE-2024-355xx/CVE-2024-35570.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35570", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-23T19:16:01.747", - "lastModified": "2024-11-21T09:20:28.183", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:18:25.990", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:inxedu:inxedu:2.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8A1DB787-4CA9-466D-9D67-FB271A12BA20" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/KakeruJ/CVE/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/KakeruJ/CVE/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json index e2aef6251c6..ee897233607 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\n\nSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en varios productos WSO2 que permite el acceso no autorizado a archivos versionados almacenados en el registro. Debido a una l\u00f3gica de autorizaci\u00f3n defectuosa, un agente malicioso con acceso a la consola de administraci\u00f3n puede explotar un m\u00e9todo de omisi\u00f3n espec\u00edfico para recuperar archivos versionados sin la debida autorizaci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conllevar la divulgaci\u00f3n no autorizada de archivos de configuraci\u00f3n o recursos que podr\u00edan estar almacenados como versiones del registro, lo que podr\u00eda facilitar nuevos ataques o el reconocimiento del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36600.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36600.json index 23ad6f7d4ea..88a19585c9d 100644 --- a/CVE-2024/CVE-2024-366xx/CVE-2024-36600.json +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36600.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36600", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-14T19:15:50.967", - "lastModified": "2024-11-21T09:22:28.260", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:00:44.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:libcdio:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B997A67E-79DA-42BB-86B7-87770C5DD4D8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36755.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36755.json index 67913c4a874..c6565d67dcb 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36755.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36755.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-06-27T21:15:15.700", "lastModified": "2024-11-21T09:22:35.883", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37081.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37081.json index 81c4e9a8264..32eab53ef5b 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37081.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37081.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37081", "sourceIdentifier": "security@vmware.com", "published": "2024-06-18T06:15:11.900", - "lastModified": "2024-11-21T09:23:09.430", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:08:08.187", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,284 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*", + "matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*", + "matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*", + "matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:*", + "matchCriteriaId": "8002080A-D384-4CE4-B9FC-1C6C89BA756C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "5.2", + "matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json index 9adf984b9f2..9504450f383 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37381.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-07-29T06:15:01.827", "lastModified": "2024-11-21T09:23:44.310", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37479.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37479.json index a0c9bda586c..41676862899 100644 --- a/CVE-2024/CVE-2024-374xx/CVE-2024-37479.json +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-07-02T08:15:06.190", "lastModified": "2025-03-18T15:15:50.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-376xx/CVE-2024-37621.json b/CVE-2024/CVE-2024-376xx/CVE-2024-37621.json index a50d164714f..45188735795 100644 --- a/CVE-2024/CVE-2024-376xx/CVE-2024-37621.json +++ b/CVE-2024/CVE-2024-376xx/CVE-2024-37621.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37621", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-17T14:15:11.153", - "lastModified": "2024-11-21T09:24:07.063", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:06:38.780", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,22 +55,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:strongshop:strongshop:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C00D0882-D77C-4C00-BC4C-D0F94A2649D8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Hebing123/cve/issues/47", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://www.strongshop.cn", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Hebing123/cve/issues/47", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] }, { "url": "https://www.strongshop.cn", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-377xx/CVE-2024-37773.json b/CVE-2024/CVE-2024-377xx/CVE-2024-37773.json index aa770938ac2..31612ae0355 100644 --- a/CVE-2024/CVE-2024-377xx/CVE-2024-37773.json +++ b/CVE-2024/CVE-2024-377xx/CVE-2024-37773.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37773", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T22:15:05.947", - "lastModified": "2024-12-17T16:15:25.580", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:14:14.393", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E" + } + ] + } + ] + } + ], "references": [ { "url": "http://dctrack.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-377xx/CVE-2024-37774.json b/CVE-2024/CVE-2024-377xx/CVE-2024-37774.json index e7e275747f1..8409f7680e7 100644 --- a/CVE-2024/CVE-2024-377xx/CVE-2024-37774.json +++ b/CVE-2024/CVE-2024-377xx/CVE-2024-37774.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37774", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T22:15:06.127", - "lastModified": "2024-12-17T15:15:14.210", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:15:42.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E" + } + ] + } + ] + } + ], "references": [ { "url": "http://dctrack.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-377xx/CVE-2024-37775.json b/CVE-2024/CVE-2024-377xx/CVE-2024-37775.json index 4fde051983c..24eeed4eef1 100644 --- a/CVE-2024/CVE-2024-377xx/CVE-2024-37775.json +++ b/CVE-2024/CVE-2024-377xx/CVE-2024-37775.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37775", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T22:15:06.310", - "lastModified": "2024-12-17T15:15:14.637", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:16:23.187", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E" + } + ] + } + ] + } + ], "references": [ { "url": "http://dctrack.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-377xx/CVE-2024-37776.json b/CVE-2024/CVE-2024-377xx/CVE-2024-37776.json index 641d1a89c0c..48301931301 100644 --- a/CVE-2024/CVE-2024-377xx/CVE-2024-37776.json +++ b/CVE-2024/CVE-2024-377xx/CVE-2024-37776.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37776", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T22:15:06.490", - "lastModified": "2024-12-17T17:15:09.047", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:16:51.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E" + } + ] + } + ] + } + ], "references": [ { "url": "http://dctrack.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-378xx/CVE-2024-37818.json b/CVE-2024/CVE-2024-378xx/CVE-2024-37818.json index a7b59748a3d..d8564cba883 100644 --- a/CVE-2024/CVE-2024-378xx/CVE-2024-37818.json +++ b/CVE-2024/CVE-2024-378xx/CVE-2024-37818.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37818", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-20T19:15:50.260", - "lastModified": "2024-11-21T09:24:20.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-20T19:09:37.573", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -58,22 +58,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:strapi:strapi:4.24.4:*:*:*:*:*:*:*", + "matchCriteriaId": "E8B3DCE4-B469-43ED-8898-9CC9F7720BAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://medium.com/%40barkadevaibhav491/server-side-request-forgery-in-strapi-e02d5fe218ab", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://strapi.io/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://medium.com/%40barkadevaibhav491/server-side-request-forgery-in-strapi-e02d5fe218ab", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://strapi.io/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37976.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37976.json index ae07b7dcf69..f36bea93856 100644 --- a/CVE-2024/CVE-2024-379xx/CVE-2024-37976.json +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37976.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-381xx/CVE-2024-38149.json b/CVE-2024/CVE-2024-381xx/CVE-2024-38149.json index ca7c1a6acfe..c736a812687 100644 --- a/CVE-2024/CVE-2024-381xx/CVE-2024-38149.json +++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38149.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-381xx/CVE-2024-38179.json b/CVE-2024/CVE-2024-381xx/CVE-2024-38179.json index 3203e7ded86..5bdadf55e9f 100644 --- a/CVE-2024/CVE-2024-381xx/CVE-2024-38179.json +++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38179.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38290.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38290.json index a74dd810c28..a0dc7fd93c7 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38290.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38290.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T22:15:38.357", "lastModified": "2025-02-28T18:15:27.187", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38291.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38291.json index 76eb5138c29..8c2ef14218f 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38291.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38291.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T22:15:38.473", "lastModified": "2025-02-28T18:15:27.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38292.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38292.json index 331529c062c..c43c2b9da9d 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38292.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38292.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T22:15:38.583", "lastModified": "2025-03-14T02:15:14.287", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json index ce426beaf5e..b1d104cedb9 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38314.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-24T18:15:07.957", "lastModified": "2024-10-25T12:56:07.750", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json index 0c45b143d06..4c45d46cbb8 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38380.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad ocurre cuando la entrada proporcionada por el usuario se desinfecta incorrectamente y luego se refleja en el navegador del usuario, lo que permite a un atacante ejecutar JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima." + "value": "Esta vulnerabilidad ocurre cuando la entrada proporcionada por el usuario se depura incorrectamente y luego se refleja en el navegador del usuario, lo que permite a un atacante ejecutar JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38396.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38396.json index cb81c0c2c43..2d868d263a7 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38396.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38396.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38396", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-16T21:15:50.730", - "lastModified": "2024-11-21T09:25:36.147", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:05:57.870", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,38 +51,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5.0", + "versionEndExcluding": "3.5.2", + "matchCriteriaId": "53E02516-12F6-4237-819A-08BD2E17DC23" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/06/17/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://iterm2.com/downloads.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/06/17/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://iterm2.com/downloads.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38446.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38446.json index 86d463e67a3..eda98ff6e02 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38446.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38446.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38446", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-17T17:15:15.340", - "lastModified": "2024-11-21T09:25:53.547", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:09:19.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ncia:advisor_network:3.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "722CCA25-E614-4727-B765-ADB89C325629" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.linkedin.com/pulse/idors-ncia-anet-v341-visionspace-technologies-hepxe", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.linkedin.com/pulse/idors-ncia-anet-v341-visionspace-technologies-hepxe", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38447.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38447.json index afca499fba2..c9d2e751f9d 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38447.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38447.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38447", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-17T18:15:03.990", - "lastModified": "2024-11-21T09:25:53.860", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:09:39.037", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ncia:advisor_network:3.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "722CCA25-E614-4727-B765-ADB89C325629" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.linkedin.com/pulse/idors-ncia-anet-v341-visionspace-technologies-hepxe", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.linkedin.com/pulse/idors-ncia-anet-v341-visionspace-technologies-hepxe", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38467.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38467.json index cb46d663dcd..e587fd3bacd 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38467.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38467.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38467", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-16T16:15:09.877", - "lastModified": "2024-11-21T09:26:00.000", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:01:24.993", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +61,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:guoxinled:synthesis_image_system:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.3.0", + "matchCriteriaId": "815BECF4-A5C8-499A-B147-CEF6A3F923E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38649.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38649.json index 0f3749c1ddf..d30ef6c50e5 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38649.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38649.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.337", "lastModified": "2024-11-23T21:15:13.280", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38657.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38657.json index b0630cbb38f..ec1dd50abc3 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38657.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38657.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2025-02-21T02:15:28.860", "lastModified": "2025-02-21T16:15:32.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38824.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38824.json index a77ece98989..17cb2d22585 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38824.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38824.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@vmware.com", "published": "2025-06-13T08:15:18.800", "lastModified": "2025-06-16T18:15:21.033", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38951.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38951.json index 233cc2b843f..ca221586eec 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38951.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38951.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38951", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-25T14:15:12.403", - "lastModified": "2024-11-21T09:27:00.490", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:54:18.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:1.12.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A68865DA-AC4C-4FEC-B777-31AAD61A6519" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PX4/PX4-Autopilot/issues/23251", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/issues/23251", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38952.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38952.json index 10daa3d977d..98e4c105466 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38952.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38952.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38952", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-25T14:15:12.517", - "lastModified": "2024-11-21T09:27:00.710", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:54:02.413", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,30 +51,69 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:1.14.3:*:*:*:*:*:*:*", + "matchCriteriaId": "4BDF0836-0866-42BF-8FF0-AD793C659EF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L440", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L561", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/issues/23258", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L440", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L561", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/issues/23258", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38993.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38993.json index 2fb756a612b..03c060c3710 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38993.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:04.987", "lastModified": "2024-11-21T09:27:03.943", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38994.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38994.json index ef21beee71b..07d2c923c51 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38994.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38994.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:05.047", "lastModified": "2024-11-21T09:27:04.170", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-389xx/CVE-2024-38997.json b/CVE-2024/CVE-2024-389xx/CVE-2024-38997.json index c0bdd8ecb6d..a065b0a631b 100644 --- a/CVE-2024/CVE-2024-389xx/CVE-2024-38997.json +++ b/CVE-2024/CVE-2024-389xx/CVE-2024-38997.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:05.160", "lastModified": "2024-11-21T09:27:04.613", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-390xx/CVE-2024-39000.json b/CVE-2024/CVE-2024-390xx/CVE-2024-39000.json index c8af2b91555..4cc926f0a2b 100644 --- a/CVE-2024/CVE-2024-390xx/CVE-2024-39000.json +++ b/CVE-2024/CVE-2024-390xx/CVE-2024-39000.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:05.340", "lastModified": "2024-11-21T09:27:05.280", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-390xx/CVE-2024-39002.json b/CVE-2024/CVE-2024-390xx/CVE-2024-39002.json index 16b55a904e0..9c2907c2308 100644 --- a/CVE-2024/CVE-2024-390xx/CVE-2024-39002.json +++ b/CVE-2024/CVE-2024-390xx/CVE-2024-39002.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:05.450", "lastModified": "2024-11-21T09:27:05.710", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-390xx/CVE-2024-39003.json b/CVE-2024/CVE-2024-390xx/CVE-2024-39003.json index 2601de47e90..99e2e554798 100644 --- a/CVE-2024/CVE-2024-390xx/CVE-2024-39003.json +++ b/CVE-2024/CVE-2024-390xx/CVE-2024-39003.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:05.513", "lastModified": "2024-11-21T09:27:05.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-391xx/CVE-2024-39123.json b/CVE-2024/CVE-2024-391xx/CVE-2024-39123.json index 1ca095c5caf..f126cc5711a 100644 --- a/CVE-2024/CVE-2024-391xx/CVE-2024-39123.json +++ b/CVE-2024/CVE-2024-391xx/CVE-2024-39123.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-19T20:15:07.797", "lastModified": "2024-11-21T09:27:12.653", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-391xx/CVE-2024-39133.json b/CVE-2024/CVE-2024-391xx/CVE-2024-39133.json index 414ff05e1d1..eb449c058ab 100644 --- a/CVE-2024/CVE-2024-391xx/CVE-2024-39133.json +++ b/CVE-2024/CVE-2024-391xx/CVE-2024-39133.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-06-27T20:15:22.463", "lastModified": "2024-11-21T09:27:13.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-391xx/CVE-2024-39134.json b/CVE-2024/CVE-2024-391xx/CVE-2024-39134.json index 8ae58e12b88..0262dcbcc18 100644 --- a/CVE-2024/CVE-2024-391xx/CVE-2024-39134.json +++ b/CVE-2024/CVE-2024-391xx/CVE-2024-39134.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-06-27T21:15:15.883", "lastModified": "2024-11-21T09:27:14.207", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-392xx/CVE-2024-39250.json b/CVE-2024/CVE-2024-392xx/CVE-2024-39250.json index b594bfb017e..0fe27b4343d 100644 --- a/CVE-2024/CVE-2024-392xx/CVE-2024-39250.json +++ b/CVE-2024/CVE-2024-392xx/CVE-2024-39250.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-22T20:15:04.057", "lastModified": "2024-11-21T09:27:22.363", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-393xx/CVE-2024-39332.json b/CVE-2024/CVE-2024-393xx/CVE-2024-39332.json index f7071ac4167..6b0f5e2bebd 100644 --- a/CVE-2024/CVE-2024-393xx/CVE-2024-39332.json +++ b/CVE-2024/CVE-2024-393xx/CVE-2024-39332.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-31T19:15:12.897", "lastModified": "2024-11-01T16:35:21.290", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39709.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39709.json index 16f92fc33ea..2a429a3a4f6 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39709.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39709.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.993", "lastModified": "2024-11-23T21:15:14.647", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39710.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39710.json index d64a12d8d11..ad3216002df 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39710.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39710.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:19.150", "lastModified": "2024-12-01T19:15:04.667", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39711.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39711.json index 7c676f0ca9c..bc182242590 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39711.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39711.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:19.317", "lastModified": "2024-12-01T19:15:04.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json index a879cc3571b..cfd0b3594a1 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:19.480", "lastModified": "2024-12-01T19:15:04.890", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-398xx/CVE-2024-39853.json b/CVE-2024/CVE-2024-398xx/CVE-2024-39853.json index d2ec56c5257..d9cd3a64415 100644 --- a/CVE-2024/CVE-2024-398xx/CVE-2024-39853.json +++ b/CVE-2024/CVE-2024-398xx/CVE-2024-39853.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-01T13:15:06.013", "lastModified": "2024-11-21T09:28:26.447", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39924.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39924.json index f5f7c4165c8..44753947bb1 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39924.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39924.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-13T18:15:03.810", "lastModified": "2025-03-18T20:15:22.283", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39925.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39925.json index 3ced2f466e3..837b0f43703 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39925.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39925.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-13T18:15:03.927", "lastModified": "2025-03-22T14:15:14.477", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39926.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39926.json index 776484d004e..455adb6074b 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39926.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39926.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-13T18:15:04.013", "lastModified": "2025-03-18T19:15:43.093", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39929.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39929.json index 70d30006bdb..65fe3193665 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39929.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39929.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-04T15:15:10.323", "lastModified": "2025-03-18T16:15:21.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39962.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39962.json index 8ea298ea2c0..0585f0722ec 100644 --- a/CVE-2024/CVE-2024-399xx/CVE-2024-39962.json +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39962.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-19T15:15:10.320", "lastModified": "2024-11-21T09:28:38.377", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json index 42c71a50ca3..71a414ec777 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.770", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json index cf429c4d787..337262b7ecb 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.003", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json index e735759d29c..e531009a54e 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.080", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json index ef69f3472db..912d8b4a0b2 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.150", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json index 98bdf0a576c..7ad406f9492 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.223", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json index 2ae749842ec..6edb52a813d 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.313", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40112.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40112.json index d2ec2423dd7..3876f3c70dc 100644 --- a/CVE-2024/CVE-2024-401xx/CVE-2024-40112.json +++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40112.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40112", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-02T16:15:26.880", - "lastModified": "2025-06-02T19:15:25.003", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T19:29:17.833", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:sitecom:wlx-2006_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.5", + "matchCriteriaId": "1041B225-883C-4ACB-A6B5-07A998BB7645" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:sitecom:wlx-2006:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4DE8515F-223E-48F8-A875-C8B551D6623C" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40124.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40124.json index c11c0d1795b..9de141fda84 100644 --- a/CVE-2024/CVE-2024-401xx/CVE-2024-40124.json +++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40124.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40124", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T17:15:31.853", - "lastModified": "2025-04-18T15:15:53.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T18:49:27.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.2.5", + "matchCriteriaId": "7C0F23E0-94B9-4060-825E-F9C58048677A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Xib3rR4dAr/711195d5793bfbb4364dc179ecaae25d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://pydio.com/en/community/releases/pydio-core/pydio-core-pydio-enterprise-825-hotfix-824", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://gist.github.com/Xib3rR4dAr/711195d5793bfbb4364dc179ecaae25d", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-403xx/CVE-2024-40348.json b/CVE-2024/CVE-2024-403xx/CVE-2024-40348.json index 54c27901172..a0a8333f6e4 100644 --- a/CVE-2024/CVE-2024-403xx/CVE-2024-40348.json +++ b/CVE-2024/CVE-2024-403xx/CVE-2024-40348.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-20T04:15:05.037", "lastModified": "2024-11-21T09:31:01.867", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-403xx/CVE-2024-40394.json b/CVE-2024/CVE-2024-403xx/CVE-2024-40394.json index 7b5f7a9b86e..a10391804a7 100644 --- a/CVE-2024/CVE-2024-403xx/CVE-2024-40394.json +++ b/CVE-2024/CVE-2024-403xx/CVE-2024-40394.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T19:15:12.957", "lastModified": "2024-11-21T09:31:02.443", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40412.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40412.json index 62f3ecdec3e..f0c71edf081 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40412.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40412.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-10T16:15:04.290", "lastModified": "2024-11-21T09:31:03.587", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40427.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40427.json index f73ebbe0ee8..efbf4bdfe75 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40427.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40427.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40427", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-07T19:15:32.260", - "lastModified": "2025-01-08T19:15:31.043", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:04:20.787", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.14.3", + "matchCriteriaId": "D017B1CE-81B3-49B9-9B75-BB650B12B328" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PX4/PX4-Autopilot/commit/e03e0261a1a0c82f545e66a1e3795956c886db71", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-55wq-2hgm-75m4", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40492.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40492.json index 2fffa601a85..09b853000c5 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40492.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40492.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-17T22:15:03.923", "lastModified": "2024-11-21T09:31:10.977", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40503.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40503.json index 8b15876dfc3..40ae9d947ac 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40503.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40503.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T19:15:13.043", "lastModified": "2024-11-21T09:31:12.497", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-405xx/CVE-2024-40515.json b/CVE-2024/CVE-2024-405xx/CVE-2024-40515.json index 60e5cf4005b..adf7b707588 100644 --- a/CVE-2024/CVE-2024-405xx/CVE-2024-40515.json +++ b/CVE-2024/CVE-2024-405xx/CVE-2024-40515.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-16T20:15:03.863", "lastModified": "2024-11-21T09:31:14.117", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json index 3858af10038..35181bd0d9e 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40715.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2024-11-07T17:15:08.083", "lastModified": "2025-03-25T17:15:59.260", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-412xx/CVE-2024-41262.json b/CVE-2024/CVE-2024-412xx/CVE-2024-41262.json index 1642998b15b..26cb0b58e60 100644 --- a/CVE-2024/CVE-2024-412xx/CVE-2024-41262.json +++ b/CVE-2024/CVE-2024-412xx/CVE-2024-41262.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-31T22:15:02.427", "lastModified": "2024-08-01T16:35:11.627", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-415xx/CVE-2024-41597.json b/CVE-2024/CVE-2024-415xx/CVE-2024-41597.json index 359dc6b84a9..1aeda8b799e 100644 --- a/CVE-2024/CVE-2024-415xx/CVE-2024-41597.json +++ b/CVE-2024/CVE-2024-415xx/CVE-2024-41597.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-07-19T20:15:08.993", "lastModified": "2024-11-21T09:32:49.140", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41659.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41659.json index 2745955733a..303ebd00a87 100644 --- a/CVE-2024/CVE-2024-416xx/CVE-2024-41659.json +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41659.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-20T20:15:08.207", "lastModified": "2024-08-22T16:15:08.993", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json index 804f9bf1cb1..912bf050918 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42404.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T06:15:02.223", "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json index a9ee1ee48b0..b0d4aa35d54 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42760.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-11T19:15:14.983", "lastModified": "2024-09-12T16:35:07.910", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-428xx/CVE-2024-42815.json b/CVE-2024/CVE-2024-428xx/CVE-2024-42815.json index 95fad8d89a1..ef57a50081d 100644 --- a/CVE-2024/CVE-2024-428xx/CVE-2024-42815.json +++ b/CVE-2024/CVE-2024-428xx/CVE-2024-42815.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-08-19T20:15:07.193", "lastModified": "2024-10-24T20:35:07.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-428xx/CVE-2024-42898.json b/CVE-2024/CVE-2024-428xx/CVE-2024-42898.json index 677ebe0bad0..fbf23c62698 100644 --- a/CVE-2024/CVE-2024-428xx/CVE-2024-42898.json +++ b/CVE-2024/CVE-2024-428xx/CVE-2024-42898.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42898", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T20:15:38.093", - "lastModified": "2025-01-10T18:15:21.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:27:00.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.4:*:*:*:*:*:*", + "matchCriteriaId": "76946B2D-093C-4981-8465-5ADBB98C0676" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/simalamuel/Research/tree/main/CVE-2024-42898", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.nagios.com/products/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/simalamuel/Research/tree/main/CVE-2024-42898", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-429xx/CVE-2024-42922.json b/CVE-2024/CVE-2024-429xx/CVE-2024-42922.json index 54c6a50bc19..2beb498f111 100644 --- a/CVE-2024/CVE-2024-429xx/CVE-2024-42922.json +++ b/CVE-2024/CVE-2024-429xx/CVE-2024-42922.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42922", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-21T14:15:26.183", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:26:25.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aapanel:aapanel:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.0.7", + "matchCriteriaId": "F4496E18-B825-472B-AECD-48D9C599CC3A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/mstfsec/c4c05ddfb1cf8779422ff780587723c8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43186.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43186.json index d23e59cde93..7b507dfe5db 100644 --- a/CVE-2024/CVE-2024-431xx/CVE-2024-43186.json +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43186.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-03-29T00:15:23.620", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json index eda160fef18..ffb6d12de1f 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43346.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-08-18T14:15:08.403", "lastModified": "2024-08-19T12:59:59.177", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43501.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43501.json index d6924649ddd..ff7dd826d4a 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43501.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43501.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43506.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43506.json index dfda56c4330..26d925dbd08 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43506.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43506.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43509.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43509.json index ca16ded3a74..0a8748f8b24 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43509.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43509.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43511.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43511.json index 594dad051c2..85411c38b56 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43511.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43511.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43513.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43513.json index e2b732266a5..d3278983a40 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43513.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43513.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43514.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43514.json index 4ee6217dce2..4558060ab45 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43514.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43514.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43515.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43515.json index 5f6e5af5dda..df1cf5aa042 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43515.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43515.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43516.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43516.json index 900f973213e..859d2cf7326 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43516.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43516.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43517.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43517.json index 3ec5dc7daf9..d83edc6c579 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43517.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43517.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43518.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43518.json index 114aa535920..c7283b4fd14 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43518.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43518.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43519.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43519.json index 67fd5c0ba63..9d6f983c4d3 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43519.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43519.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43520.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43520.json index 366f88a5e69..c588108140e 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43520.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43520.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43523.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43523.json index c97ab97d06a..42aa919e48b 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43523.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43523.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43524.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43524.json index e5d3e279b86..e567d48c93f 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43524.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43524.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43525.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43525.json index 95d7db89098..047d15826c3 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43525.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43525.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43526.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43526.json index d8d89f02687..fe386aeae20 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43526.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43526.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43528.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43528.json index c8dc4072148..bdae4a2a548 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43528.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43528.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43529.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43529.json index cd2b39725f2..518e7320ed3 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43529.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43529.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43532.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43532.json index 04d1a346451..067a990b0fb 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43532.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43532.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43533.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43533.json index 69e0b8b2c6f..47a217a0257 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43533.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43533.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43534.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43534.json index 55f0d1a25c2..490b8e208d7 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43534.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43534.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43535.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43535.json index 410f5c2e366..1fba5c1b001 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43535.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43535.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43536.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43536.json index cefd9b60fbd..2887600ef36 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43536.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43536.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43537.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43537.json index 6a4acad4ce9..e64e147e57f 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43537.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43537.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43538.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43538.json index 3303c092ca6..4ed1bc33a34 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43538.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43538.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43540.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43540.json index 652be659cdb..e0ee8d9819c 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43540.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43540.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43542.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43542.json index 60eec4ebe3b..367826cfe54 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43542.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43542.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43543.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43543.json index 1191571a536..91230457e8e 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43543.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43543.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43546.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43546.json index f939b1428e5..332a2be0212 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43546.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43546.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43550.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43550.json index 9bc1bbfbe40..a2dd97de71e 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43550.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43550.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43551.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43551.json index 2e244876928..ea2472bc640 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43551.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43551.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43554.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43554.json index 70cfc750d6e..705434d3f93 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43554.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43554.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43555.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43555.json index 043c8c706bd..051ce913d35 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43555.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43555.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43556.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43556.json index 4971a54a4f5..e682fed551a 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43556.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43556.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43557.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43557.json index 4373118c851..7da409ecddd 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43557.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43557.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43558.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43558.json index 6ba17031f41..9444f623ede 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43558.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43558.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43559.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43559.json index 86dc5a6d199..845be43d134 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43559.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43559.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43560.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43560.json index 663968979bd..1972cb67fb7 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43560.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43560.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43561.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43561.json index 3219ea4a197..19dc24ad795 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43561.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43561.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43562.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43562.json index 69c7068f475..0be2d1eb9da 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43562.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43562.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43563.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43563.json index 0ef4b6fc88a..0a0fc053edf 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43563.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43563.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43565.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43565.json index e346078b5b2..e8118e6d370 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43565.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43565.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43572.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43572.json index 9d741c7b7ac..1ca517bfda6 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43572.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43572.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43574.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43574.json index 0085455cf62..100b6d6a28e 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43574.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43574.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43581.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43581.json index b7b90ce161b..4eb8e67b7dd 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43581.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43581.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43582.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43582.json index 49bd5af3507..801b2062b53 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43582.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43582.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43583.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43583.json index d4d13c91360..b9d27dcfe51 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43583.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43583.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43585.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43585.json index 27c8d161fba..e06bd0de63b 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43585.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43585.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", diff --git a/CVE-2024/CVE-2024-435xx/CVE-2024-43599.json b/CVE-2024/CVE-2024-435xx/CVE-2024-43599.json index 1a2ae49c39e..6e8f08e2351 100644 --- a/CVE-2024/CVE-2024-435xx/CVE-2024-43599.json +++ b/CVE-2024/CVE-2024-435xx/CVE-2024-43599.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json index 4aa99e56380..d3a111cf6f7 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43615.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4322.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4322.json index 62038b3a5c8..ffe04445aa2 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4322.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4322.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:16.613", "lastModified": "2024-11-21T09:42:37.400", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4326.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4326.json index 0b336d9ce31..8c3b7aaf66c 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4326.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4326.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-16T09:15:16.887", "lastModified": "2024-11-21T09:42:37.887", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4330.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4330.json index 31f9f18d981..f02fde04d0a 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4330.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4330.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-05-30T15:15:49.890", "lastModified": "2024-11-21T09:42:38.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44080.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44080.json index 681c5a5270e..46498aad0eb 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44080.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44080.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-29T22:15:03.633", "lastModified": "2024-11-01T12:57:35.843", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44081.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44081.json index 6c11477733e..09b8976915f 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44081.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44081.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-29T22:15:03.730", "lastModified": "2024-11-21T09:36:15.807", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44860.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44860.json index 836e1f776db..39285deb962 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44860.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44860.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-26T17:15:03.713", "lastModified": "2024-09-30T12:46:20.237", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44867.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44867.json index 9e476b343c3..46334bf5588 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44867.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44867.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-10T14:15:13.103", "lastModified": "2024-09-10T15:50:57.713", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-449xx/CVE-2024-44905.json b/CVE-2024/CVE-2024-449xx/CVE-2024-44905.json index 32c9bc644aa..466edb36c7b 100644 --- a/CVE-2024/CVE-2024-449xx/CVE-2024-44905.json +++ b/CVE-2024/CVE-2024-449xx/CVE-2024-44905.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-12T16:15:22.007", "lastModified": "2025-06-17T20:15:30.667", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4498.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4498.json index 48cba28141b..a36cd5b28bc 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4498.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4498.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-06-25T20:15:12.127", "lastModified": "2024-11-21T09:42:57.323", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json index b304f8979da..a4a26a2acb4 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim\u2019s device." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de acceso no autorizado en Xiaomi Mi Connect Service APP. Esta vulnerabilidad se debe a un fallo en la l\u00f3gica de validaci\u00f3n y puede ser explotada por atacantes para acceder sin autorizaci\u00f3n al dispositivo de la v\u00edctima." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json index c1a8bba3c17..452c2319f9f 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45366.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-18T06:15:02.413", "lastModified": "2024-11-05T22:35:10.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45619.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45619.json index 1665904afde..413a874e70c 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45619.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45619.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45620.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45620.json index 6408df2d857..e16b3718de8 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45620.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45620.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45778.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45778.json index c4442cdf1cd..c54ee7767f6 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45778.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45778.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45779.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45779.json index bae6aa47d9e..e872fbe0be2 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45779.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45779.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45780.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45780.json index 64811b5a1e6..c2a5749a559 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45780.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45780.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45782.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45782.json index 65be99b59fc..284d231e84c 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45782.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45782.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45797.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45797.json index e9321c84975..48a9b584ddd 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45797.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45797.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-16T19:15:27.177", "lastModified": "2024-10-18T12:53:04.627", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-459xx/CVE-2024-45920.json b/CVE-2024/CVE-2024-459xx/CVE-2024-45920.json index a823073846f..c95d8be2aff 100644 --- a/CVE-2024/CVE-2024-459xx/CVE-2024-45920.json +++ b/CVE-2024/CVE-2024-459xx/CVE-2024-45920.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-30T13:15:02.450", "lastModified": "2024-10-04T13:51:25.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-459xx/CVE-2024-45993.json b/CVE-2024/CVE-2024-459xx/CVE-2024-45993.json index 281d0057239..c61fa57cfff 100644 --- a/CVE-2024/CVE-2024-459xx/CVE-2024-45993.json +++ b/CVE-2024/CVE-2024-459xx/CVE-2024-45993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-30T17:15:04.473", "lastModified": "2024-10-04T13:51:25.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-460xx/CVE-2024-46097.json b/CVE-2024/CVE-2024-460xx/CVE-2024-46097.json index 8cc17cfa110..f363b4aafed 100644 --- a/CVE-2024/CVE-2024-460xx/CVE-2024-46097.json +++ b/CVE-2024/CVE-2024-460xx/CVE-2024-46097.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T18:15:05.687", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46313.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46313.json index f4c1ce809a2..d66c871d58c 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46313.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46313.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-30T15:15:06.243", "lastModified": "2024-10-04T13:51:25.567", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46327.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46327.json index 6745c7954ad..f164b437bd4 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46327.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46327.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46327", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-26T14:15:09.173", - "lastModified": "2024-09-30T12:46:20.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:58:09.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:vonets:vap11g-300_firmware:3.3.23.6.9:*:*:*:*:*:*:*", + "matchCriteriaId": "8BB578CE-F4E2-4ABE-AFF5-D45B46DC4682" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:vonets:vap11g-300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B23375E-0E77-4423-AEDA-9A9F26052834" + } + ] + } + ] + } + ], "references": [ { "url": "https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/ab3b22c9-1fbf-4dbb-a1cd-8c69f6723a4a.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json index 98c94921c45..30ebf1e6003 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46340.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46340", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T20:15:15.003", - "lastModified": "2025-04-03T16:15:32.550", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:51:42.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,103 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr845n_firmware:201214:*:*:*:*:*:*:*", + "matchCriteriaId": "1D59784C-71BA-4212-8141-04EE7D675F4B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr845n:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "86A77EB5-CA7F-417C-8DB6-0141E95827EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr845n_firmware:200909:*:*:*:*:*:*:*", + "matchCriteriaId": "0D942522-2F2B-4CDB-BDC7-23F9BBDAD844" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr845n:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "86A77EB5-CA7F-417C-8DB6-0141E95827EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr845n_firmware:190219:*:*:*:*:*:*:*", + "matchCriteriaId": "735CFB5E-C8B3-4BC5-87A7-97F36A432D9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr845n:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "86A77EB5-CA7F-417C-8DB6-0141E95827EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.iiita.ac.in/iot/factory-reset.docx", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.iiita.ac.in/iot/factory-reset.docx", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json index c38c6efce6b..2ca7db486da 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46341.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46341", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T20:15:15.110", - "lastModified": "2024-12-11T15:15:10.090", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:50:21.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr845n_firmware:190219:*:*:*:*:*:*:*", + "matchCriteriaId": "735CFB5E-C8B3-4BC5-87A7-97F36A432D9C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr845n:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "86A77EB5-CA7F-417C-8DB6-0141E95827EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.iiita.ac.in/iot/base64-authorization.docx", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.iiita.ac.in/iot/base64-authorization.docx", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46366.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46366.json index a11a708cb87..71574545e2c 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46366.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46366.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T17:15:13.400", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46367.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46367.json index 20984c7cab8..eae19925dbb 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46367.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46367.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-09-27T17:15:13.487", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46450.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46450.json index 6741c3c97df..0f29b72e6ad 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46450.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46450.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T22:15:39.840", "lastModified": "2025-02-03T21:15:13.043", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json index 3ba9e010e71..1db55fc79cb 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.697", "lastModified": "2024-11-04T22:35:09.220", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json index bb4aef1a9c8..5ed812e6306 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.770", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47248.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47248.json index 83cff706c3d..5dca12966cb 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47248.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47248.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-11-26T12:15:19.007", "lastModified": "2024-12-06T11:15:08.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47249.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47249.json index 30147bb1e80..c9b91c26bd2 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47249.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47249.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-11-26T12:15:19.123", "lastModified": "2024-12-06T11:15:08.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47250.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47250.json index 0d1b00576de..a74fcd3ecf1 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47250.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47250.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-11-26T12:15:19.230", "lastModified": "2024-12-06T11:15:08.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json index 80916a7e540..8da7819098e 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.877", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48036.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48036.json index cc1079a422e..ea90677d3c6 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48036.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48036.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-17T13:15:13.677", "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-481xx/CVE-2024-48192.json b/CVE-2024/CVE-2024-481xx/CVE-2024-48192.json index e6f02ae1fc9..d3244a2c51e 100644 --- a/CVE-2024/CVE-2024-481xx/CVE-2024-48192.json +++ b/CVE-2024/CVE-2024-481xx/CVE-2024-48192.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-17T17:15:12.380", "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48232.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48232.json index 52dc6056e00..96ddae8a199 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48232.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48232.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-25T21:15:04.170", "lastModified": "2024-10-30T19:35:26.257", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48233.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48233.json index bd01ea14253..12b777f7638 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48233.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48233.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-25T21:15:04.243", "lastModified": "2024-10-30T19:35:27.360", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48270.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48270.json index f77deeedcad..abeced89c94 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48270.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48270.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-01T14:15:06.953", "lastModified": "2024-11-04T19:35:11.057", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json index 0f5fe8be221..a5a7b4544a5 100644 --- a/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:15.010", "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4839.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4839.json index 69d2f53f152..6346f007947 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4839.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4839.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-06-24T13:15:11.900", "lastModified": "2024-11-21T09:43:42.800", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4841.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4841.json index 203d13f8389..72601776e8f 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4841.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4841.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-06-23T15:15:09.233", "lastModified": "2024-11-21T09:43:43.037", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4897.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4897.json index 50d2e126923..5d1b5faafb3 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4897.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4897.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-07-02T15:15:11.853", "lastModified": "2024-11-21T09:43:49.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49040.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49040.json index 1939948651d..0ff84f8ae15 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49040.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49040.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2024-11-12T18:15:44.410", "lastModified": "2024-11-16T00:05:03.997", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-490xx/CVE-2024-49060.json b/CVE-2024/CVE-2024-490xx/CVE-2024-49060.json index 3519019a9a0..7eb9af4c4fa 100644 --- a/CVE-2024/CVE-2024-490xx/CVE-2024-49060.json +++ b/CVE-2024/CVE-2024-490xx/CVE-2024-49060.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", diff --git a/CVE-2024/CVE-2024-491xx/CVE-2024-49197.json b/CVE-2024/CVE-2024-491xx/CVE-2024-49197.json index 18ff46b3ba9..2a091f95b51 100644 --- a/CVE-2024/CVE-2024-491xx/CVE-2024-49197.json +++ b/CVE-2024/CVE-2024-491xx/CVE-2024-49197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49197", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-27T18:15:30.420", - "lastModified": "2025-05-29T19:15:26.810", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:58:57.347", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,292 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "526A0088-BDA7-4373-8966-AEED69C1AE8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A9657C28-AA6B-4C1A-ACAA-E90645CF2A73" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-49197/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json index 6302e71f16c..86ed167dacc 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json index a714f3d4cc5..502f9152fc2 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50382.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50382.json index da412adbc52..8afe7498db8 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50382.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50382.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-23T17:15:19.453", "lastModified": "2024-10-25T12:56:36.827", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50383.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50383.json index 69aee4887b9..7604a7f16eb 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50383.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50383.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-23T17:15:19.540", "lastModified": "2024-10-25T12:56:36.827", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50659.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50659.json index 60432ca9d2b..4cc3faff31e 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50659.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50659.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50659", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-07T18:15:19.153", - "lastModified": "2025-01-08T16:15:34.597", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:06:54.010", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ipublishmedia:adportal:3.0.39:*:*:*:*:*:*:*", + "matchCriteriaId": "4D1DEA65-D968-4279-A9A1-5EF1FB9BEFCC" + } + ] + } + ] + } + ], "references": [ { "url": "http://adportal.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] }, { "url": "http://ipublish.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://petercipolone.info/wp-content/uploads/2025/01/iPublishMedia_AdPortal3.0.39_CVEs.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50983.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50983.json index 833fb0f994b..6ae832e49db 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50983.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50983.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T22:15:15.907", "lastModified": "2024-11-18T19:35:05.963", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50986.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50986.json index 87437ac244b..cad9a3fd7ea 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50986.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50986.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T15:15:07.773", "lastModified": "2024-11-29T22:15:06.677", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51091.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51091.json index f95cf478680..c3838aaf2a0 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51091.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51091.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T18:15:29.523", "lastModified": "2025-03-04T17:15:12.870", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51164.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51164.json index 23373aa4760..e8a9832774c 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51164.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51164.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51164", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T16:15:37.057", - "lastModified": "2024-12-09T17:15:09.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:37:12.777", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ketr:jepaas:7.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "586A6F83-5418-4E07-8F7B-26E3C6B7E4DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://abcc111.github.io/posts/CVE-2024-51164/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://gitee.com/ketr/jepaas-release", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcc111/vulns/blob/main/JEPaaS/Multiple%20parameters%20have%20SQL%20injection%20issues%20in%20JEPAAS.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51459.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51459.json index e9c3007c99b..427c53c03d8 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51459.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51459.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-03-19T19:15:42.180", "lastModified": "2025-03-19T19:15:42.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51472.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51472.json index 5b81602e556..93b26617114 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51472.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51472.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51472", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-06T17:15:38.517", - "lastModified": "2025-01-06T17:15:38.517", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:09:43.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -69,12 +69,58 @@ "value": "CWE-80" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0.0", + "versionEndIncluding": "8.0.1.3", + "matchCriteriaId": "EF7EAB3A-064E-4815-931B-87BC203E32B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2", + "versionEndIncluding": "7.2.3.13", + "matchCriteriaId": "F9B8C275-D9C0-4C4F-8039-9E86E894FED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3", + "versionEndIncluding": "7.3.2.8", + "matchCriteriaId": "59D32AFE-8152-4417-868D-382DF5D3DD52" + } + ] + } + ] } ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7177856", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51477.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51477.json index 71e99725de7..d0139c5699c 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51477.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51477.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-03-29T00:15:23.950", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51568.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51568.json index 6eb35187d91..8cc079334a0 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51568.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51568.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-10-29T23:15:04.520", "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51569.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51569.json index 42c0a80ff8a..bdac205b5cd 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51569.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51569.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2024-11-26T12:15:21.113", "lastModified": "2024-12-06T11:15:08.630", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5125.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5125.json index 101f8d29b25..251811058cf 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5125.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5125.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-11-14T18:15:26.760", "lastModified": "2024-11-15T16:35:09.290", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5148.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5148.json index 07b5b97f733..4a67648a879 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5148.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5148.json @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52702.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52702.json index 63863f5d68b..882f5b99dde 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52702.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52702.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-20T21:15:08.667", "lastModified": "2024-11-21T13:57:24.187", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52726.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52726.json index b0ee8a2b5f7..987c755dfd9 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52726.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52726.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-22T19:15:07.297", "lastModified": "2024-11-27T17:15:13.463", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52871.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52871.json index 85384759eeb..6982ff55678 100644 --- a/CVE-2024/CVE-2024-528xx/CVE-2024-52871.json +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52871.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-17T04:15:03.973", "lastModified": "2024-11-18T18:35:09.027", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52872.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52872.json index 1bec7639e33..5d0aa096a9d 100644 --- a/CVE-2024/CVE-2024-528xx/CVE-2024-52872.json +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52872.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-17T04:15:04.047", "lastModified": "2024-11-18T18:35:09.270", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json index 1c110b7bc5f..59e9fd747be 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5285.json @@ -3,7 +3,7 @@ "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-29T06:15:02.463", "lastModified": "2024-11-21T09:47:21.403", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53305.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53305.json index fa2429064b8..36f1d8569c8 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53305.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53305.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53305", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-16T18:16:03.657", - "lastModified": "2025-04-17T20:22:16.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T15:01:57.303", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:benbusby:whoogle_search:0.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B8324DFC-DCF8-4EEA-A93A-060C1999A620" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/fern89/ca5fe76ad81b4bc363e7341e523a1651", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/benbusby/whoogle-search/commit/223f00c3c0533423114f99b30c561278bc0b42ba", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53384.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53384.json index 754a1e29e80..839970ad5ec 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53384.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53384.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T18:15:29.670", "lastModified": "2025-03-05T19:15:37.560", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53387.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53387.json index eac66a3af4e..1a0b09b661c 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53387.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53387.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T17:15:13.050", "lastModified": "2025-03-04T17:15:13.043", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53388.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53388.json index 72d24982aca..2eabc4642e5 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53388.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53388.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T17:15:13.167", "lastModified": "2025-03-04T17:15:13.217", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53619.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53619.json index 59537656587..35e9323c7d7 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53619.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53619.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2024-11-26T19:15:30.727", "lastModified": "2024-11-26T20:15:33.880", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53621.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53621.json index f76354dbf98..4c51581553a 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53621.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53621.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request." + }, + { + "lang": "es", + "value": "Un desbordamiento de b\u00fafer en la funci\u00f3n formSetCfm() de Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud POST manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53800.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53800.json index eb10f4bd11d..e7b7c137300 100644 --- a/CVE-2024/CVE-2024-538xx/CVE-2024-53800.json +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53800.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53800", "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-07T16:15:35.883", - "lastModified": "2025-01-07T16:15:35.883", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:08:22.213", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -81,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rezgo:rezgo_online_booking:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.17.1", + "matchCriteriaId": "6C11D612-A0A0-4D57-A2AB-909A0BB8E5C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/rezgo/vulnerability/wordpress-rezgo-online-booking-plugin-4-15-local-file-inclusion-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53907.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53907.json index 9472cc4c13c..73cac55a2a9 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53907.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53907.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53907", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-06T12:15:17.730", - "lastModified": "2024-12-31T18:15:38.657", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:55:06.263", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,70 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2", + "versionEndExcluding": "4.2.17", + "matchCriteriaId": "43AD4E98-EF36-4D24-9F42-3235DFBCFF75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.0.10", + "matchCriteriaId": "6EAB5D22-7E1E-45E7-A577-95051DC91E5E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1", + "versionEndExcluding": "5.1.4", + "matchCriteriaId": "1231C967-2BD2-4263-B892-500964ED3C12" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.djangoproject.com/en/dev/releases/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://groups.google.com/g/django-announce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53924.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53924.json index 1f2e5a4b60c..973cba51492 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53924.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53924.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T18:15:47.603", "lastModified": "2025-04-22T15:16:09.847", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54169.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54169.json index d778619e40a..8b0cfeb954d 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54169.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54169.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.100", "lastModified": "2025-02-27T15:15:39.100", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54170.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54170.json index f3cb11b2757..378bddf4bd5 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54170.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54170.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.240", "lastModified": "2025-02-27T15:15:39.240", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54171.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54171.json index 0dac18495e3..becce2d130a 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54171.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54171.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-06T21:15:21.453", "lastModified": "2025-02-06T21:15:21.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json b/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json index cd506359f0e..73eeec602e2 100644 --- a/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json +++ b/CVE-2024/CVE-2024-542xx/CVE-2024-54252.json @@ -2,13 +2,13 @@ "id": "CVE-2024-54252", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-13T15:15:29.667", - "lastModified": "2024-12-13T15:15:29.667", + "lastModified": "2025-06-25T15:15:24.380", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Missing Authorization vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.2." + "value": "Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6." }, { "lang": "es", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "audit@patchstack.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-548xx/CVE-2024-54887.json b/CVE-2024/CVE-2024-548xx/CVE-2024-54887.json index 0251662afd3..f6e51746efa 100644 --- a/CVE-2024/CVE-2024-548xx/CVE-2024-54887.json +++ b/CVE-2024/CVE-2024-548xx/CVE-2024-54887.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54887", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T20:15:39.277", - "lastModified": "2025-01-15T21:15:13.820", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:35:16.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr940n_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.16.9", + "matchCriteriaId": "AC7E28D3-12BE-4E95-BAA5-7AD20B2EA79A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr940n:v3:*:*:*:*:*:*:*", + "matchCriteriaId": "DF722F24-7D43-4535-B013-545109CB1D98" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*", + "matchCriteriaId": "2537DC7E-8024-45B5-924C-18C9B702DAFC" + } + ] + } + ] + } + ], "references": [ { "url": "http://tp-link.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/JBince/vulnerability-research/tree/main/CVE-2024-54887", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54957.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54957.json index 2a1b929677f..6a899d89922 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54957.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54957.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T20:16:01.980", "lastModified": "2025-03-03T16:15:38.450", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-549xx/CVE-2024-54960.json b/CVE-2024/CVE-2024-549xx/CVE-2024-54960.json index b50f1626fe6..b9105b9dff1 100644 --- a/CVE-2024/CVE-2024-549xx/CVE-2024-54960.json +++ b/CVE-2024/CVE-2024-549xx/CVE-2024-54960.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-20T18:15:25.457", "lastModified": "2025-02-20T20:15:45.927", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-551xx/CVE-2024-55160.json b/CVE-2024/CVE-2024-551xx/CVE-2024-55160.json index 8da125cbcf1..91271c28434 100644 --- a/CVE-2024/CVE-2024-551xx/CVE-2024-55160.json +++ b/CVE-2024/CVE-2024-551xx/CVE-2024-55160.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T21:15:37.213", "lastModified": "2025-03-03T16:15:38.617", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55224.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55224.json index 44b14acab92..83ceda2742f 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55224.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55224.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55224", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T21:15:29.387", - "lastModified": "2025-01-10T18:15:24.053", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:30:37.867", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.32.5", + "matchCriteriaId": "74F4EBB5-0065-4074-9663-366CDC184D8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55225.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55225.json index fd0561f8887..188a8e07d71 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55225.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55225.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55225", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T21:15:29.567", - "lastModified": "2025-01-10T18:15:24.530", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:29:52.130", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.32.5", + "matchCriteriaId": "74F4EBB5-0065-4074-9663-366CDC184D8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-552xx/CVE-2024-55226.json b/CVE-2024/CVE-2024-552xx/CVE-2024-55226.json index 78ab55cde65..be8137bce70 100644 --- a/CVE-2024/CVE-2024-552xx/CVE-2024-55226.json +++ b/CVE-2024/CVE-2024-552xx/CVE-2024-55226.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55226", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T21:15:29.760", - "lastModified": "2025-01-10T17:15:17.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:01:15.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dani-garcia:vaultwarden:1.32.5:*:*:*:*:*:*:*", + "matchCriteriaId": "85341B62-646F-42FC-8AB7-A97FC6A9F9B8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-555xx/CVE-2024-55551.json b/CVE-2024/CVE-2024-555xx/CVE-2024-55551.json index 583b3146227..716000ce283 100644 --- a/CVE-2024/CVE-2024-555xx/CVE-2024-55551.json +++ b/CVE-2024/CVE-2024-555xx/CVE-2024-55551.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-19T14:15:37.733", "lastModified": "2025-04-02T14:15:46.250", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55895.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55895.json index 9489908da72..1aac2282bd2 100644 --- a/CVE-2024/CVE-2024-558xx/CVE-2024-55895.json +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55895.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-03-29T13:15:40.410", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-558xx/CVE-2024-55897.json b/CVE-2024/CVE-2024-558xx/CVE-2024-55897.json index 7c34ef432a6..aee2a4f2b9e 100644 --- a/CVE-2024/CVE-2024-558xx/CVE-2024-55897.json +++ b/CVE-2024/CVE-2024-558xx/CVE-2024-55897.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55897", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-01-03T23:15:08.573", - "lastModified": "2025-03-13T16:15:25.453", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:11:09.177", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,47 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:powerha_system_mirror:-:*:*:*:*:*:*:*", + "matchCriteriaId": "09B74B3C-6BBD-4BF7-94E3-CB8B88CC68F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*", + "matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*", + "matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7180036", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55965.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55965.json index 0d3c3ded0bb..ed330dcaf67 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55965.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55965.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-26T21:15:23.063", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56056.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56056.json index 67d4bc54156..7081ffae16c 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56056.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56056.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56056", "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-07T16:15:37.140", - "lastModified": "2025-01-07T16:15:37.140", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:07:54.400", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -81,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kmfoysal06:simplecharm:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.3", + "matchCriteriaId": "2BD34C64-2287-46F3-BCD0-5819E2A97504" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/theme/simplecharm/vulnerability/wordpress-simplecharm-theme-1-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56072.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56072.json index 54e4c161cea..0e2d6b168c0 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56072.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56072.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56072", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-15T03:15:16.323", - "lastModified": "2024-12-16T17:15:13.500", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:48:49.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:ce:*:*:*", + "versionEndIncluding": "1.2.7", + "matchCriteriaId": "4752C918-9737-4FB6-ABA1-8120E19B65FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56073.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56073.json index b8d6450f2ee..c1e17dfd4d5 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56073.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56073.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56073", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-15T03:15:16.433", - "lastModified": "2024-12-16T17:15:13.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:48:23.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:ce:*:*:*", + "versionEndIncluding": "1.2.7", + "matchCriteriaId": "4752C918-9737-4FB6-ABA1-8120E19B65FC" + } + ] + } + ] + } + ], "references": [ { "url": "https://cwe.mitre.org/data/definitions/369.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json b/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json index 980f25827e9..a0db6f39ec5 100644 --- a/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json +++ b/CVE-2024/CVE-2024-560xx/CVE-2024-56084.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56084", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-16T06:15:07.070", - "lastModified": "2024-12-23T18:15:07.440", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:47:13.333", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,10 +61,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:logpoint:universal_normalizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.7.0", + "matchCriteriaId": "1AC64DB6-34CC-48B5-9D0B-E1C47EDBBDA0" + } + ] + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/22137632418845-Remote-Code-Execution-while-creating-Universal-Normalizer", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56114.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56114.json index 723c12c5bf3..f93486a02f9 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56114.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56114.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56114", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-09T20:15:39.730", - "lastModified": "2025-01-16T19:15:28.787", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:20:11.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "99D0FCE8-56FE-4421-9ED8-13B836382712" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.e-connectsolutions.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-561xx/CVE-2024-56128.json b/CVE-2024/CVE-2024-561xx/CVE-2024-56128.json index 67e8bc65789..cd03e7772e4 100644 --- a/CVE-2024/CVE-2024-561xx/CVE-2024-56128.json +++ b/CVE-2024/CVE-2024-561xx/CVE-2024-56128.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56128", "sourceIdentifier": "security@apache.org", "published": "2024-12-18T14:15:23.277", - "lastModified": "2024-12-18T17:15:15.003", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:13:13.550", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,28 +49,79 @@ "value": "CWE-303" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.10.2.0", + "versionEndExcluding": "3.7.2", + "matchCriteriaId": "7358B30A-00B4-4357-9A54-A169438B685D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:kafka:3.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EF7C474D-9CB2-441B-9B30-782031AC1576" + } + ] + } + ] } ], "references": [ { "url": "https://datatracker.ietf.org/doc/html/rfc5802", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://kafka.apache.org/documentation/#security_sasl_scram_security", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Product" + ] }, { "url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/12/18/3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56428.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56428.json index eb4cd158786..22efb91abd9 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56428.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56428.json @@ -2,8 +2,8 @@ "id": "CVE-2024-56428", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-21T17:15:55.077", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:10:49.127", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:itech-gmbh:ilabclient:3.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8BDE85E-2DA8-4803-9C08-54596972B28F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lisa-2905/CVE-2024-56428", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://itech-gmbh.de/#ueber-itech", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56467.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56467.json index 4f48b9814ee..6cdf96b5853 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56467.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56467.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-06T21:15:21.600", "lastModified": "2025-02-06T21:15:21.600", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56493.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56493.json index e4f4b7cf6a7..62f5c5e2a1a 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56493.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56493.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.377", "lastModified": "2025-02-27T15:15:39.377", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56494.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56494.json index 4c8ffd88487..4f30c2a8fc9 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56494.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56494.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.517", "lastModified": "2025-02-27T15:15:39.517", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56495.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56495.json index c3a1a5db8f6..5170affe9db 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56495.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56495.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.657", "lastModified": "2025-02-27T15:15:39.657", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-564xx/CVE-2024-56496.json b/CVE-2024/CVE-2024-564xx/CVE-2024-56496.json index f40736e207b..54c4f84b1f6 100644 --- a/CVE-2024/CVE-2024-564xx/CVE-2024-56496.json +++ b/CVE-2024/CVE-2024-564xx/CVE-2024-56496.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.793", "lastModified": "2025-02-27T15:15:39.793", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56518.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56518.json index 72bd21edbc4..5da827c2ee7 100644 --- a/CVE-2024/CVE-2024-565xx/CVE-2024-56518.json +++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56518.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T16:15:27.900", "lastModified": "2025-04-22T15:16:10.023", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-568xx/CVE-2024-56810.json b/CVE-2024/CVE-2024-568xx/CVE-2024-56810.json index 3076d393edb..64eda417103 100644 --- a/CVE-2024/CVE-2024-568xx/CVE-2024-56810.json +++ b/CVE-2024/CVE-2024-568xx/CVE-2024-56810.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:39.930", "lastModified": "2025-02-27T15:15:39.930", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-568xx/CVE-2024-56811.json b/CVE-2024/CVE-2024-568xx/CVE-2024-56811.json index e457658ebb5..1062f59dd54 100644 --- a/CVE-2024/CVE-2024-568xx/CVE-2024-56811.json +++ b/CVE-2024/CVE-2024-568xx/CVE-2024-56811.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:40.067", "lastModified": "2025-02-27T15:15:40.067", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-568xx/CVE-2024-56812.json b/CVE-2024/CVE-2024-568xx/CVE-2024-56812.json index 0a260cfc2a7..66c3f9c10bf 100644 --- a/CVE-2024/CVE-2024-568xx/CVE-2024-56812.json +++ b/CVE-2024/CVE-2024-568xx/CVE-2024-56812.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:40.200", "lastModified": "2025-02-27T15:15:40.200", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json b/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json index 36f85be76f3..c71054d96b4 100644 --- a/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json +++ b/CVE-2024/CVE-2024-569xx/CVE-2024-56924.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-01-22T21:15:09.987", "lastModified": "2025-01-23T17:15:16.710", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-570xx/CVE-2024-57096.json b/CVE-2024/CVE-2024-570xx/CVE-2024-57096.json index 36b7b0df58e..2fe7e2d1d20 100644 --- a/CVE-2024/CVE-2024-570xx/CVE-2024-57096.json +++ b/CVE-2024/CVE-2024-570xx/CVE-2024-57096.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57096", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-14T20:15:21.300", - "lastModified": "2025-05-16T14:43:26.160", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:30:50.023", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kingsoft:wps_office:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19032", + "matchCriteriaId": "A30B935F-E27A-4364-9B81-FC327EA06516" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/paokuwansui/wps_exp/blob/main/README", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57240.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57240.json index 5322598a4b1..078ff79ba46 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57240.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57240.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T17:15:13.320", "lastModified": "2025-03-04T17:15:13.733", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json index 4380eb08911..5b472b929b7 100644 --- a/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json +++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57493", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T20:15:15.913", - "lastModified": "2025-04-22T14:15:24.613", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T18:47:47.383", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redox-os:redox:0.8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FD00714F-214D-495D-BE8C-DD6FD28D9092" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2024-57493", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/201", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/566", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/201", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-576xx/CVE-2024-57605.json b/CVE-2024/CVE-2024-576xx/CVE-2024-57605.json index 3a001e5059d..0c2222a0e10 100644 --- a/CVE-2024/CVE-2024-576xx/CVE-2024-57605.json +++ b/CVE-2024/CVE-2024-576xx/CVE-2024-57605.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-12T22:15:41.210", "lastModified": "2025-03-19T15:15:52.740", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57969.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57969.json index d088171ef4f..0e0113ea1d4 100644 --- a/CVE-2024/CVE-2024-579xx/CVE-2024-57969.json +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57969.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-14T07:15:32.340", "lastModified": "2025-02-14T07:15:32.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5716.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5716.json index 7694f53ae34..11d72020227 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5716.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5716.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.100", "lastModified": "2024-11-22T20:15:10.100", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5717.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5717.json index 4403d67ad09..1dabd6fc547 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5717.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5717.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.227", "lastModified": "2024-11-22T20:15:10.227", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5718.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5718.json index fcf7c021e4f..f14acd4e23e 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5718.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5718.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.340", "lastModified": "2024-11-22T20:15:10.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5719.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5719.json index 5b17b57c2b0..c6102448977 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5719.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5719.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.450", "lastModified": "2024-11-22T20:15:10.450", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5720.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5720.json index d575677432b..f00e44b4464 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5720.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5720.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.563", "lastModified": "2024-11-22T20:15:10.563", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5721.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5721.json index 2c3e125c6da..6273126e22d 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5721.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5721.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.677", "lastModified": "2024-11-22T20:15:10.677", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5722.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5722.json index 608b613a2db..f6dea970168 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5722.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5722.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T20:15:10.787", "lastModified": "2024-11-22T20:15:10.787", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5742.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5742.json index 7f223f0c0d4..bdbe66362a2 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5742.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5742.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58128.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58128.json index 8d8aaa982ab..7af9ebb93fe 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58128.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58128.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-28T22:15:17.197", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58129.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58129.json index 0a5009d0b9c..d56a1cbf50c 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58129.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58129.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-28T22:15:17.333", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-581xx/CVE-2024-58130.json b/CVE-2024/CVE-2024-581xx/CVE-2024-58130.json index 300461a0987..6a275dce18b 100644 --- a/CVE-2024/CVE-2024-581xx/CVE-2024-58130.json +++ b/CVE-2024/CVE-2024-581xx/CVE-2024-58130.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-28T22:15:17.463", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6040.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6040.json index 9439ac5bad9..7434e4df6ed 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6040.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6040.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-08-01T16:15:06.750", "lastModified": "2024-08-01T16:45:25.400", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6174.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6174.json index e9eaee75045..97b116af493 100644 --- a/CVE-2024/CVE-2024-61xx/CVE-2024-6174.json +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6174.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,\u00a0cloud-init default configurations disable platform enumeration." + }, + { + "lang": "es", + "value": "Cuando se detecta una plataforma distinta a x86, Cloud-init otorga acceso root a una URL codificada con una direcci\u00f3n IP local. Para evitarlo, la configuraci\u00f3n predeterminada de Cloud-init deshabilita la enumeraci\u00f3n de plataformas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6250.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6250.json index 5abe4f73ab0..4215fc403ab 100644 --- a/CVE-2024/CVE-2024-62xx/CVE-2024-6250.json +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6250.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-06-27T19:15:20.280", "lastModified": "2024-11-21T09:49:16.530", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6394.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6394.json index d7f89fd17b5..5ddd7ce50e7 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6394.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6394.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2024-09-30T08:15:03.850", "lastModified": "2024-09-30T12:45:57.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6763.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6763.json index 2359361158f..bcab432d8a9 100644 --- a/CVE-2024/CVE-2024-67xx/CVE-2024-6763.json +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6763.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6763", "sourceIdentifier": "emo@eclipse.org", "published": "2024-10-14T16:15:04.163", - "lastModified": "2025-03-07T01:15:11.793", - "vulnStatus": "Modified", + "lastModified": "2025-06-25T13:04:03.537", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -92,8 +92,8 @@ "vulnerable": true, "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", - "versionEndExcluding": "12.0.12", - "matchCriteriaId": "42139A4F-DE37-4B6A-B7AC-6CA22999F733" + "versionEndIncluding": "9.4.57", + "matchCriteriaId": "0DE11725-5BD8-4631-A117-4F5AA5C66675" } ] } @@ -105,7 +105,8 @@ "url": "https://github.com/jetty/jetty.project/pull/12012", "source": "emo@eclipse.org", "tags": [ - "Patch" + "Patch", + "Third Party Advisory" ] }, { @@ -126,7 +127,10 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20250306-0005/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6986.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6986.json index a97910ddb97..42f5ca1eb87 100644 --- a/CVE-2024/CVE-2024-69xx/CVE-2024-6986.json +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6986.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:34.860", "lastModified": "2025-03-20T10:15:34.860", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-70xx/CVE-2024-7058.json b/CVE-2024/CVE-2024-70xx/CVE-2024-7058.json index a5ec0def376..9fdf470a7a3 100644 --- a/CVE-2024/CVE-2024-70xx/CVE-2024-7058.json +++ b/CVE-2024/CVE-2024-70xx/CVE-2024-7058.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:36.340", "lastModified": "2025-03-20T10:15:36.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7209.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7209.json index 4705af95b75..f6d82407793 100644 --- a/CVE-2024/CVE-2024-72xx/CVE-2024-7209.json +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7209.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": " Existe una vulnerabilidad en el uso de registros SPF compartidos en proveedores de alojamiento multiinquilino, lo que permite a los atacantes utilizar la autorizaci\u00f3n de red para falsificar la identificaci\u00f3n del correo electr\u00f3nico del remitente." + "value": "Existe una vulnerabilidad en el uso de registros SPF compartidos en proveedores de alojamiento multiinquilino, lo que permite a los atacantes utilizar la autorizaci\u00f3n de red para falsificar la identificaci\u00f3n del correo electr\u00f3nico del remitente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7577.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7577.json index a457305343f..774930f8e4d 100644 --- a/CVE-2024/CVE-2024-75xx/CVE-2024-7577.json +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7577.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-03-29T00:15:24.257", "lastModified": "2025-04-01T20:26:30.593", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8267.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8267.json index 14111762375..7b6cb28b0e6 100644 --- a/CVE-2024/CVE-2024-82xx/CVE-2024-8267.json +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8267.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2024-09-25T01:15:45.997", "lastModified": "2024-09-26T13:32:02.803", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8443.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8443.json index d9e5e012bca..7ff2d980d1b 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8443.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8443.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8465.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8465.json index d7d000fa4e5..2c68ac0f1e5 100644 --- a/CVE-2024/CVE-2024-84xx/CVE-2024-8465.json +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8465.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Vulnerabilidad de inyecci\u00f3n SQL, mediante la cual un atacante podr\u00eda enviar una consulta especialmente manipulada a trav\u00e9s del par\u00e1metro user_id en /jobportal/admin/user/controller.php y recuperar toda la informaci\u00f3n almacenada en \u00e9l." + "value": "Vulnerabilidad de inyecci\u00f3n SQL, mediante la cual un atacante podr\u00eda enviar una consulta especialmente manipulada a trav\u00e9s del par\u00e1metro user_id en /jobportal/admin/user/controller.php y recuperar toda la informaci\u00f3n almacenada en \u00e9l" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8581.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8581.json index 0dc829d150e..a37f802048a 100644 --- a/CVE-2024/CVE-2024-85xx/CVE-2024-8581.json +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8581.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:43.350", "lastModified": "2025-03-20T10:15:43.350", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json index 54192a821ed..dbb1a8789d9 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9017.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento PeepSo Core: Groups para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del campo Descripci\u00f3n del Grupo en todas las versiones hasta la 6.4.6.0 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9341.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9341.json index be7a4f342a6..d2a974b4441 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9341.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9341.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9437.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9437.json index ab2b02f6c77..5a6e843d064 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9437.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9437.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:48.953", "lastModified": "2025-03-20T10:15:48.953", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9439.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9439.json index 2b1c7855623..5aa87dafc5d 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9439.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9439.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:49.077", "lastModified": "2025-03-20T10:15:49.077", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json index 6bb091d5be6..bf00922faa0 100644 --- a/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9453.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Red Hat OpenShift Jenkins. El token portador no est\u00e1 ofuscado en los registros y podr\u00eda suponer un alto riesgo si estos registros se centralizan al momento de su recopilaci\u00f3n. El token suele tener una validez de un a\u00f1o. Esta falla permite que un usuario malintencionado ponga en peligro el entorno si accede a informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9699.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9699.json index bc411c5110b..b09974f596b 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9699.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9699.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9699", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:49.797", - "lastModified": "2025-03-20T10:15:49.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:37:51.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,14 +73,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4", + "matchCriteriaId": "EA4D125F-CD88-4951-8066-05871F2E4EDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/flatpressblog/flatpress/commit/f364391085334a7eae02aa2320edd6de7466ec85", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/a993a05f-be50-4983-a44a-3bbff1ec00db", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9847.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9847.json index cf29af2c4cd..88d989c912e 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9847.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9847.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9847", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:50.177", - "lastModified": "2025-03-20T10:15:50.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:38:04.610", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4", + "matchCriteriaId": "EA4D125F-CD88-4951-8066-05871F2E4EDD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/flatpressblog/flatpress/commit/a81c968f51f134b5e5f9bbe208aa12f4fbc329df", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/b30ef7b0-74ea-4cac-adc4-1cc8a5cb559e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9919.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9919.json index 5ec6fce02ea..3f758ad9bf6 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9919.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9919.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:50.660", "lastModified": "2025-03-20T10:15:50.660", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9993.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9993.json index dd3fe3499e4..43668bacc36 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9993.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9993.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-07T12:15:21.360", "lastModified": "2025-06-09T12:15:47.880", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9994.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9994.json index 14989300145..ad3c8ed77f3 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9994.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9994.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-07T12:15:22.963", "lastModified": "2025-06-09T12:15:47.880", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0158.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0158.json index 115cb659a85..d47b0815b28 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0158.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0158.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-06T21:15:21.923", "lastModified": "2025-02-06T21:15:21.923", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0285.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0285.json index 076b96416db..61635131c15 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0285.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0285.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0285", "sourceIdentifier": "cret@cert.org", "published": "2025-03-03T17:15:13.430", - "lastModified": "2025-04-14T21:15:17.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:49:13.900", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,18 +39,93 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1284" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4", + "versionEndIncluding": "5", + "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C" + } + ] + } + ] + } + ], "references": [ { "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.kb.cert.org/vuls/id/726882", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.paragon-software.com/support/#patches", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0286.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0286.json index 1119b16c307..3e43523a0f8 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0286.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0286.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0286", "sourceIdentifier": "cret@cert.org", "published": "2025-03-03T17:15:13.537", - "lastModified": "2025-04-14T21:15:17.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:49:16.837", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,18 +39,93 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1284" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4", + "versionEndIncluding": "5", + "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C" + } + ] + } + ] + } + ], "references": [ { "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.kb.cert.org/vuls/id/726882", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.paragon-software.com/support/#patches", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0287.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0287.json index e1c84dbcb86..96ae68ab2bd 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0287.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0287.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0287", "sourceIdentifier": "cret@cert.org", "published": "2025-03-03T17:15:13.710", - "lastModified": "2025-04-14T21:15:17.803", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:49:19.670", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4", + "versionEndIncluding": "5", + "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C" + } + ] + } + ] + } + ], "references": [ { "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.kb.cert.org/vuls/id/726882", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.paragon-software.com/support/#patches", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0288.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0288.json index 4bfd3970f84..8e1bad8d308 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0288.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0288.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0288", "sourceIdentifier": "cret@cert.org", "published": "2025-03-03T17:15:13.823", - "lastModified": "2025-04-14T21:15:17.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:49:22.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,18 +39,93 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4", + "versionEndIncluding": "5", + "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C" + } + ] + } + ] + } + ], "references": [ { "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.kb.cert.org/vuls/id/726882", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.paragon-software.com/support/#patches", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0289.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0289.json index d1a3c70c508..98d5950c524 100644 --- a/CVE-2025/CVE-2025-02xx/CVE-2025-0289.json +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0289.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0289", "sourceIdentifier": "cret@cert.org", "published": "2025-03-03T17:15:13.943", - "lastModified": "2025-04-14T21:15:18.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:49:25.730", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,18 +39,93 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_backup_\\&_recovery:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "79494FF3-97A2-4DFA-AFE8-3A4E1C4F2C67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_disk_wiper:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "2B71A5C9-A1A5-4965-B430-6401C5D87704" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_drive_copy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "16", + "matchCriteriaId": "7AEEBDE5-02CD-469E-84BC-4EADCB3BEFC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_hard_disk_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "F70FA517-5000-41D9-BAF4-4853C0C2E2F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_migrate_os_to_ssd:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4", + "versionEndIncluding": "5", + "matchCriteriaId": "54699509-C197-4AE6-B1DC-D53365128BD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paragon-software:paragon_partition_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15", + "versionEndIncluding": "17.39", + "matchCriteriaId": "BDBED8CE-A90D-48DC-89F6-CA5EF10DD12C" + } + ] + } + ] + } + ], "references": [ { "url": "https://paragon-software.zendesk.com/hc/en-us/articles/32993902732817-IMPORTANT-Paragon-Driver-Security-Patch-for-All-Products-of-Hard-Disk-Manager-Product-Line-Biontdrv-sys", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.kb.cert.org/vuls/id/726882", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.paragon-software.com/support/#patches", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-03xx/CVE-2025-0320.json b/CVE-2025/CVE-2025-03xx/CVE-2025-0320.json index 3ca0644c335..19347bc7e04 100644 --- a/CVE-2025/CVE-2025-03xx/CVE-2025-0320.json +++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0320.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows" + }, + { + "lang": "es", + "value": "La escalada de privilegios locales permite que un usuario con pocos privilegios obtenga permisos de SYSTEM en Citrix Secure Access Client para Windows" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json index f84b6ca1695..3cea9053b34 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json @@ -3,7 +3,7 @@ "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2025-04-18T01:15:32.130", "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0626.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0626.json index ffa78bab667..1aca40cdbed 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0626.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0626.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "El producto afectado env\u00eda solicitudes de acceso remoto a una direcci\u00f3n IP codificada, omitiendo la configuraci\u00f3n de red existente del dispositivo para hacerlo. Esto podr\u00eda funcionar como una puerta trasera y permitir que un actor malintencionado pueda cargar y sobrescribir archivos en el dispositivo." + "value": "El binario \"monitor\" del firmware del producto afectado intenta conectarse a una direcci\u00f3n IP enrutable predefinida, ignorando la configuraci\u00f3n de red del dispositivo. Esta funci\u00f3n tambi\u00e9n habilita la interfaz de red del dispositivo si est\u00e1 deshabilitada. Se activa al intentar actualizar el dispositivo desde el men\u00fa de usuario. Esto podr\u00eda actuar como una puerta trasera al dispositivo y permitir que un atacante malicioso cargue y sobrescriba archivos en \u00e9l." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json index 895757560a8..9e8f4a70ce6 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0634.json @@ -3,7 +3,7 @@ "sourceIdentifier": "PSIRT@samsung.com", "published": "2025-06-30T02:15:20.920", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0666.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0666.json index 8cde6d00ece..b2c69672d03 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0666.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0666.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2025-05-07T08:15:14.910", "lastModified": "2025-05-07T14:15:39.450", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0667.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0667.json index 17566ab5299..9f86c43ea24 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0667.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0667.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2025-05-07T08:15:15.057", "lastModified": "2025-05-07T14:15:39.550", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0668.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0668.json index 31c26f31298..27b5cd10e9f 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0668.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0668.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2025-05-07T08:15:15.207", "lastModified": "2025-05-07T14:15:39.637", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0669.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0669.json index ee675b23a06..59fcbca3d52 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0669.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0669.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2025-05-07T08:15:15.340", "lastModified": "2025-05-07T14:15:39.767", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0678.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0678.json index 42bf9e00796..8d242ecbb6f 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0678.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0678.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0683.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0683.json index 5165a8512b9..691d7978adc 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0683.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0683.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "En su configuraci\u00f3n predeterminada, el producto afectado transmite datos del paciente en texto plano a una direcci\u00f3n IP p\u00fablica codificada cuando un paciente est\u00e1 conectado al monitor. Esto podr\u00eda provocar una fuga de datos confidenciales del paciente a cualquier dispositivo con esa direcci\u00f3n IP o a un atacante en un escenario de m\u00e1quina intermedia." + "value": "En su configuraci\u00f3n predeterminada, el monitor de pacientes Contec Health CMS8000 transmite datos del paciente en texto plano a una direcci\u00f3n IP p\u00fablica predefinida cuando el paciente se conecta al monitor. Esto podr\u00eda provocar una filtraci\u00f3n de datos confidenciales del paciente a cualquier dispositivo con esa direcci\u00f3n IP o a un atacante en un escenario de \"m\u00e1quina en el medio\"." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0684.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0684.json index 4e44f2cfc17..29c73680378 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0684.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0684.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0685.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0685.json index 3e3b24b8fe4..99349f051c9 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0685.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0685.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0686.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0686.json index bfc4956ee02..a6a75af173a 100644 --- a/CVE-2025/CVE-2025-06xx/CVE-2025-0686.json +++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0686.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0759.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0759.json index 73dfb34a952..60a8dfa3123 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0759.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0759.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-02-27T15:15:40.603", "lastModified": "2025-02-27T15:15:40.603", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0900.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0900.json index 1f7211ee834..02f94be31f4 100644 --- a/CVE-2025/CVE-2025-09xx/CVE-2025-0900.json +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0900.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:41.887", "lastModified": "2025-03-11T21:15:41.887", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0966.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0966.json index 4126a12d73a..9d563e5c5dd 100644 --- a/CVE-2025/CVE-2025-09xx/CVE-2025-0966.json +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0966.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-25T03:15:26.580", "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1039.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1039.json index 01df08966fc..070fb18e17f 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1039.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1039.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-02-20T13:15:08.387", "lastModified": "2025-02-20T14:15:33.627", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1057.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1057.json index 71b2e13f06d..e44d9d2b6ae 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1057.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1057.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1067.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1067.json index 815872a58f3..89297d68d87 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1067.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1067.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1067", "sourceIdentifier": "psirt@esri.com", "published": "2025-02-25T17:15:13.717", - "lastModified": "2025-03-04T17:37:53.743", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:48:19.247", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -60,23 +60,23 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:-:*:*:*:*:*:*", - "matchCriteriaId": "7D2CA319-F8C4-4611-A4CF-536085420591" + "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "DF0AC615-79ED-44D1-836F-FF939AC4D1D2" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:-:*:*:*:*:*:*", - "matchCriteriaId": "22FCC3F7-3ED4-4CFC-9668-48FA4BB37AE6" + "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F612E4AF-96E8-4487-B442-E179F2078EFE" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:-:*:*:*:*:*:*", - "matchCriteriaId": "2C69472E-B8D9-4EE2-A548-9CD61A1A22B3" + "criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F7E64454-52CA-4472-B201-41B81D06A961" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:-:*:*:*:*:*:*", - "matchCriteriaId": "1D4A9671-48FC-4ACD-8AB4-3AAF9264EF93" + "criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "C607134D-76F9-48A8-8246-1A2CAD479A6F" } ] } diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1068.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1068.json index 597483232b2..81b8f487d0f 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1068.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1068.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1068", "sourceIdentifier": "psirt@esri.com", "published": "2025-02-25T17:15:13.890", - "lastModified": "2025-03-04T17:37:41.050", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T19:48:30.127", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -60,23 +60,23 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:-:*:*:*:*:*:*", - "matchCriteriaId": "7D2CA319-F8C4-4611-A4CF-536085420591" + "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "DF0AC615-79ED-44D1-836F-FF939AC4D1D2" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:-:*:*:*:*:*:*", - "matchCriteriaId": "22FCC3F7-3ED4-4CFC-9668-48FA4BB37AE6" + "criteria": "cpe:2.3:a:esri:arcgis_allsource:1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F612E4AF-96E8-4487-B442-E179F2078EFE" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:-:*:*:*:*:*:*", - "matchCriteriaId": "2C69472E-B8D9-4EE2-A548-9CD61A1A22B3" + "criteria": "cpe:2.3:a:esri:arcgis_pro:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F7E64454-52CA-4472-B201-41B81D06A961" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:-:*:*:*:*:*:*", - "matchCriteriaId": "1D4A9671-48FC-4ACD-8AB4-3AAF9264EF93" + "criteria": "cpe:2.3:a:esri:arcgis_pro:3.4:*:*:*:*:*:*:*", + "matchCriteriaId": "C607134D-76F9-48A8-8246-1A2CAD479A6F" } ] } diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json index 0ac39fb6a5a..5a95dfc5c37 100644 --- a/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1088.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.\nThis issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher." + }, + { + "lang": "es", + "value": "En Grafana, un t\u00edtulo o nombre de panel excesivamente largo provocar\u00e1 que los navegadores Chromium dejen de responder debido a una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Este problema afecta a Grafana en versiones anteriores a la 11.6.2 y se ha corregido en la 11.6.2 y posteriores." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1290.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1290.json index 36a1903d1d8..926250b11a4 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1290.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1290.json @@ -3,7 +3,7 @@ "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-17T01:15:46.317", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1437.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1437.json index 804e8a8b52e..a50f39c1731 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1437.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1437.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T10:15:14.930", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1439.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1439.json index 487a5c20bb6..fbc67e24f18 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1439.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1439.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T10:15:15.093", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1440.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1440.json index 1b4dae221c5..481a540fc51 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1440.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1440.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T10:15:15.260", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1455.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1455.json index 8810639055d..f4b16cc4eea 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1455.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1455.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T09:15:14.660", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1456.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1456.json index e435631d3ca..3ddf31e3ec7 100644 --- a/CVE-2025/CVE-2025-14xx/CVE-2025-1456.json +++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1456.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T09:15:16.600", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1500.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1500.json index cbc76d8dc49..78aacdf0030 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1500.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1500.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-04-05T01:15:42.000", "lastModified": "2025-04-07T14:17:50.220", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1532.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1532.json index 793e609c33f..fd82df90f66 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1532.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1532.json @@ -3,7 +3,7 @@ "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2025-04-17T10:15:14.337", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json index 4f6bba9c87d..7488417083a 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit para WordPress es vulnerable a la instalaci\u00f3n no autorizada de complementos arbitrarios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n install_or_activate_addon_plugins() y a un hash nonce d\u00e9bil en todas las versiones hasta la 3.5.3 incluida. Esto permite que atacantes no autenticados instalen complementos arbitrarios en el sitio web que pueden utilizarse para infectar a\u00fan m\u00e1s un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json index 3d6c30fc21c..1be58c8b856 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1566.json @@ -3,7 +3,7 @@ "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.767", "lastModified": "2025-05-06T01:15:50.030", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json index 5fd2d7a386e..e30baabb6fe 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1568.json @@ -3,7 +3,7 @@ "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.853", "lastModified": "2025-05-08T20:15:29.257", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json index ec8e0bf1fc7..aef1f57a0ce 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1704.json @@ -3,7 +3,7 @@ "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:44.937", "lastModified": "2025-05-06T01:15:50.293", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1708.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1708.json index 33d14d5810f..58486fc8e7e 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1708.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1708.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n es vulnerable a ataques de inyecci\u00f3n SQL. Un atacante puede volcar la base de datos PostgreSQL y leer su contenido." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1709.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1709.json index ea1ae5e0f78..bb91c43e443 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1709.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1709.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded)." + }, + { + "lang": "es", + "value": "Varias credenciales para la base de datos PostgreSQL local se almacenan en texto sin formato (parcialmente codificado en base64)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1710.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1710.json index c32c2b9b304..6f2f98c779e 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1710.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1710.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks." + }, + { + "lang": "es", + "value": "maxView Storage Manager no implementa medidas suficientes para evitar m\u00faltiples intentos fallidos de autenticaci\u00f3n en un corto per\u00edodo de tiempo, lo que lo hace susceptible a ataques de fuerza bruta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1711.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1711.json index 79a3b0f1d4e..595e68970d7 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1711.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1711.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Multiple services of the DUT as well as different scopes of the same service reuse the same credentials." + }, + { + "lang": "es", + "value": "M\u00faltiples servicios del DUT as\u00ed como diferentes \u00e1mbitos del mismo servicio reutilizan las mismas credenciales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1769.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1769.json index 5311a5bd2db..81ac7c27032 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1769.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1769.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T12:15:15.040", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1770.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1770.json index c319b2ec993..8232f901e9f 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1770.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1770.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-20T06:15:22.903", "lastModified": "2025-03-20T06:15:22.903", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1785.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1785.json index 7a8290d864b..2f5ec6b75a1 100644 --- a/CVE-2025/CVE-2025-17xx/CVE-2025-1785.json +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1785.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-13T08:15:10.950", "lastModified": "2025-03-13T08:15:10.950", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json index a5a152e3b5b..3d0213f9fcb 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1854", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-03T07:15:35.030", - "lastModified": "2025-03-03T07:15:35.030", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:37:04.267", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,22 +144,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:gym_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8609E306-3171-4B5D-AD7A-5E95C463E015" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yhj09/CVE/blob/main/CVE_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.298122", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.298122", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506053", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json index 4690ef17341..5ccf1f3518d 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1856", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-03T08:15:16.303", - "lastModified": "2025-03-03T08:15:16.303", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:37:13.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,22 +144,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:gym_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8609E306-3171-4B5D-AD7A-5E95C463E015" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/smartttt1/CVE/blob/main/CVE_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.298124", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.298124", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506107", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1858.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1858.json index 99a07a3f2e6..614ef16b0f8 100644 --- a/CVE-2025/CVE-2025-18xx/CVE-2025-1858.json +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1858.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1858", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-03T09:15:38.857", - "lastModified": "2025-03-03T09:15:38.857", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-24T14:37:24.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -80,6 +80,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -124,22 +144,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:online_shopping_website:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9700AC-E333-40C6-B8B3-40E25A9771E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Centurion-cyber/CVE/blob/main/CVE_1.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.298126", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.298126", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506315", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1911.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1911.json index be2c3ad1c95..d2fe49bf2e0 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1911.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1911.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T12:15:15.197", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1912.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1912.json index 57f315d9aa2..2a4dd835409 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1912.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1912.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T12:15:15.353", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1913.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1913.json index daf422eaee2..82d74453645 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1913.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1913.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-26T12:15:15.513", "lastModified": "2025-03-27T16:45:27.850", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1970.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1970.json index 905239564ae..8dc65821fdd 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1970.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1970.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-22T12:15:25.797", "lastModified": "2025-03-22T12:15:25.797", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1971.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1971.json index d714e77ac3b..5edba6a83c9 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1971.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1971.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-22T12:15:26.250", "lastModified": "2025-03-22T12:15:26.250", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1972.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1972.json index 108685366e1..ed0f1ea8e41 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1972.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1972.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-22T12:15:26.453", "lastModified": "2025-03-22T12:15:26.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1973.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1973.json index 38a277e4f5e..8341c8d8cca 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1973.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1973.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-03-22T12:15:26.653", "lastModified": "2025-03-22T12:15:26.653", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-201xx/CVE-2025-20197.json b/CVE-2025/CVE-2025-201xx/CVE-2025-20197.json index af3cd145abd..97932c17eef 100644 --- a/CVE-2025/CVE-2025-201xx/CVE-2025-20197.json +++ b/CVE-2025/CVE-2025-201xx/CVE-2025-20197.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@cisco.com", "published": "2025-05-07T18:15:40.100", "lastModified": "2025-05-08T14:39:09.683", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-201xx/CVE-2025-20198.json b/CVE-2025/CVE-2025-201xx/CVE-2025-20198.json index 9ebdd2ed314..73eb975b90f 100644 --- a/CVE-2025/CVE-2025-201xx/CVE-2025-20198.json +++ b/CVE-2025/CVE-2025-201xx/CVE-2025-20198.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@cisco.com", "published": "2025-05-07T18:15:40.303", "lastModified": "2025-05-08T14:39:09.683", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-201xx/CVE-2025-20199.json b/CVE-2025/CVE-2025-201xx/CVE-2025-20199.json index 411c9b18d84..46faef1db15 100644 --- a/CVE-2025/CVE-2025-201xx/CVE-2025-20199.json +++ b/CVE-2025/CVE-2025-201xx/CVE-2025-20199.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@cisco.com", "published": "2025-05-07T18:15:40.483", "lastModified": "2025-05-08T14:39:09.683", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-202xx/CVE-2025-20278.json b/CVE-2025/CVE-2025-202xx/CVE-2025-20278.json index 809acd98862..4ecf911305b 100644 --- a/CVE-2025/CVE-2025-202xx/CVE-2025-20278.json +++ b/CVE-2025/CVE-2025-202xx/CVE-2025-20278.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Una vulnerabilidad en la CLI de varios productos de Cisco Unified Communications podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos de comando proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad ejecutando comandos manipulados en la CLI de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas." + "value": "Una vulnerabilidad en la CLI de varios productos de Cisco Unified Communications podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos de comando proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad ejecutando comandos manipulados en la CLI de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de administrador v\u00e1lidas.\n" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20676.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20676.json index 69d80627d36..417b3617fe5 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20676.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20676.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@mediatek.com", "published": "2025-06-02T03:15:24.987", "lastModified": "2025-06-03T18:15:24.470", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20677.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20677.json index 46cbd662374..184f1548206 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20677.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20677.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@mediatek.com", "published": "2025-06-02T03:15:25.103", "lastModified": "2025-06-03T18:15:24.633", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-206xx/CVE-2025-20678.json b/CVE-2025/CVE-2025-206xx/CVE-2025-20678.json index 71604a3f854..dd2f9a55f44 100644 --- a/CVE-2025/CVE-2025-206xx/CVE-2025-20678.json +++ b/CVE-2025/CVE-2025-206xx/CVE-2025-20678.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@mediatek.com", "published": "2025-06-02T03:15:25.230", "lastModified": "2025-06-02T17:32:17.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2012.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2012.json index 9a925685800..2a37befb725 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2012.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2012.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:52.333", "lastModified": "2025-03-11T21:15:52.333", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2013.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2013.json index c37bd77d17b..f2fded5bfb9 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2013.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2013.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:52.473", "lastModified": "2025-03-11T21:15:52.473", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2014.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2014.json index ab3ac394315..956c9c7e4e4 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2014.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2014.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:52.613", "lastModified": "2025-03-11T21:15:52.613", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2015.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2015.json index a4e2deb05f3..25a2809efa5 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2015.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2015.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:52.763", "lastModified": "2025-03-11T21:15:52.763", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2016.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2016.json index 6716934994a..42fe4b48ea1 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2016.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2016.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:52.903", "lastModified": "2025-03-11T21:15:52.903", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2017.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2017.json index a5115decddc..2efd3373aaf 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2017.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2017.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.050", "lastModified": "2025-03-11T21:15:53.050", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2018.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2018.json index 4f01e5e122b..2086484e48f 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2018.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2018.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.197", "lastModified": "2025-03-11T21:15:53.197", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2019.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2019.json index cc6debbbf73..49adb69b37b 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2019.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2019.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.337", "lastModified": "2025-03-11T21:15:53.337", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2020.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2020.json index b4637947b07..9d4715ae5cc 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2020.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2020.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.477", "lastModified": "2025-03-11T21:15:53.477", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2021.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2021.json index 7ad2810e86f..d4f3ec591ea 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2021.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2021.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.613", "lastModified": "2025-03-11T21:15:53.613", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2022.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2022.json index 2853fd36324..deadbbc21e1 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2022.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2022.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.750", "lastModified": "2025-03-11T21:15:53.750", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2023.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2023.json index 26c83ff2b77..8b5b31dd6a8 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2023.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2023.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-11T21:15:53.890", "lastModified": "2025-03-11T21:15:53.890", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2040.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2040.json index bcdc61ea63b..7a5846e74c7 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2040.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2040.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-06T20:15:38.920", "lastModified": "2025-03-06T20:15:38.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2056.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2056.json index f661fe82f48..bc6dc5d4b16 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2056.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2056.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2056", "sourceIdentifier": "security@wordfence.com", "published": "2025-03-14T05:15:42.523", - "lastModified": "2025-03-14T05:15:42.523", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:13:13.507", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpplugins:hide_my_wp_ghost:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.4.02", + "matchCriteriaId": "C02F7EE9-466A-4182-838E-F360048B56E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/hide-my-wp/tags/5.4.02/models/Files.php#L336", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f43db496-80ea-442c-9417-7aa03ec95f02?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json index eba2fb0ce30..dfb057478e8 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2073.json @@ -3,7 +3,7 @@ "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-16T23:15:45.610", "lastModified": "2025-05-06T01:15:50.433", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21174.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21174.json index a6da1c5d9f8..fc9ab7e4c04 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21174.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21174.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:44.667", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21191.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21191.json index f4547613e6a..e0be37cd00c 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21191.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21191.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:44.857", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21194.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21194.json index 9a65409c875..8a519c77a9f 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21194.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21194.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-02-11T18:15:30.820", "lastModified": "2025-02-11T18:15:30.820", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21197.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21197.json index 698cdf7c2e6..55c437b3419 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21197.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21197.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:45.020", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-211xx/CVE-2025-21199.json b/CVE-2025/CVE-2025-211xx/CVE-2025-21199.json index 41caa9988eb..1385a1319c2 100644 --- a/CVE-2025/CVE-2025-211xx/CVE-2025-21199.json +++ b/CVE-2025/CVE-2025-211xx/CVE-2025-21199.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:19.670", "lastModified": "2025-03-11T17:16:19.670", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-212xx/CVE-2025-21203.json b/CVE-2025/CVE-2025-212xx/CVE-2025-21203.json index 5ce747ce817..d76ae994659 100644 --- a/CVE-2025/CVE-2025-212xx/CVE-2025-21203.json +++ b/CVE-2025/CVE-2025-212xx/CVE-2025-21203.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:45.190", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-212xx/CVE-2025-21204.json b/CVE-2025/CVE-2025-212xx/CVE-2025-21204.json index 9766a4c36df..838cd03816e 100644 --- a/CVE-2025/CVE-2025-212xx/CVE-2025-21204.json +++ b/CVE-2025/CVE-2025-212xx/CVE-2025-21204.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:45.343", "lastModified": "2025-05-29T14:15:34.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-212xx/CVE-2025-21205.json b/CVE-2025/CVE-2025-212xx/CVE-2025-21205.json index 64100fe70f3..5828b81cf97 100644 --- a/CVE-2025/CVE-2025-212xx/CVE-2025-21205.json +++ b/CVE-2025/CVE-2025-212xx/CVE-2025-21205.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:45.513", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-212xx/CVE-2025-21221.json b/CVE-2025/CVE-2025-212xx/CVE-2025-21221.json index e0215ebbff5..dbc5b631573 100644 --- a/CVE-2025/CVE-2025-212xx/CVE-2025-21221.json +++ b/CVE-2025/CVE-2025-212xx/CVE-2025-21221.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:45.673", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-212xx/CVE-2025-21264.json b/CVE-2025/CVE-2025-212xx/CVE-2025-21264.json index 26c04446ddd..be6e87897d2 100644 --- a/CVE-2025/CVE-2025-212xx/CVE-2025-21264.json +++ b/CVE-2025/CVE-2025-212xx/CVE-2025-21264.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-213xx/CVE-2025-21354.json b/CVE-2025/CVE-2025-213xx/CVE-2025-21354.json index 01c1cc4aa96..b021b8157d3 100644 --- a/CVE-2025/CVE-2025-213xx/CVE-2025-21354.json +++ b/CVE-2025/CVE-2025-213xx/CVE-2025-21354.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-01-14T18:16:00.947", "lastModified": "2025-01-21T19:36:51.650", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-213xx/CVE-2025-21384.json b/CVE-2025/CVE-2025-213xx/CVE-2025-21384.json index 6b018bf2de4..bf388cbaa02 100644 --- a/CVE-2025/CVE-2025-213xx/CVE-2025-21384.json +++ b/CVE-2025/CVE-2025-213xx/CVE-2025-21384.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-01T01:15:17.127", "lastModified": "2025-04-01T20:26:11.547", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", diff --git a/CVE-2025/CVE-2025-214xx/CVE-2025-21479.json b/CVE-2025/CVE-2025-214xx/CVE-2025-21479.json index 579a0d4d995..2a36131efb0 100644 --- a/CVE-2025/CVE-2025-214xx/CVE-2025-21479.json +++ b/CVE-2025/CVE-2025-214xx/CVE-2025-21479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "product-security@qualcomm.com", "published": "2025-06-03T07:15:20.933", "lastModified": "2025-06-04T17:46:44.090", - "vulnStatus": "Analyzed", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21550.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21550.json index 21618d05bcc..6dfa9dcc8b6 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21550.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21550.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21550", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:21.510", - "lastModified": "2025-03-13T15:15:51.980", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T15:25:05.683", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BBB9F8E-7374-4426-A269-FB669644538F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", + "matchCriteriaId": "C28D8453-2E02-43C3-8998-8B694F4B7505" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*", + "matchCriteriaId": "49BE74EB-7D30-47FF-B1BD-21A57CD091B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21616.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21616.json index a8c627458b6..15e91b3f68c 100644 --- a/CVE-2025/CVE-2025-216xx/CVE-2025-21616.json +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21616.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21616", "sourceIdentifier": "security-advisories@github.com", "published": "2025-01-06T22:15:11.023", - "lastModified": "2025-01-07T16:15:40.390", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:08:44.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.23.0", + "matchCriteriaId": "B71D6DB9-FD53-489A-AF83-855FBF28B78F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json index de0f807143d..14593cbec96 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN" + }, + { + "lang": "es", + "value": "Las versiones de Aviatrix Controller anteriores a 7.1.4208, 7.2.5090 y 8.0.0 no aplican un l\u00edmite de velocidad en los intentos de restablecimiento de contrase\u00f1a, lo que permite a los adversarios adivinar por fuerza bruta el PIN de restablecimiento de contrase\u00f1a de 6 d\u00edgitos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json index 985b938c260..d1ead4fed39 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames" + }, + { + "lang": "es", + "value": "Las versiones de Aviatrix Controller anteriores a 7.1.4208, 7.2.5090 y 8.0.0 no depuran la entrada del usuario antes de pasarla a las utilidades de l\u00ednea de comandos, lo que permite la inyecci\u00f3n de comandos a trav\u00e9s de caracteres especiales en los nombres de archivos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2188.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2188.json index 01e41bd6f9c..8aaf87fcbc7 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2188.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2188.json @@ -3,7 +3,7 @@ "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2025-04-17T10:15:15.693", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2190.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2190.json index b18b94b9857..12c3b3e912d 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2190.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2190.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2190", "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "published": "2025-03-11T07:15:37.950", - "lastModified": "2025-03-11T14:15:27.163", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:36:54.460", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tecno:com.transsnet.store:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndIncluding": "9.2.6", + "matchCriteriaId": "E2E788EE-40AD-4CB9-81AF-604D5DEDAE96" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.tecno.com/SRC/blogdetail/393?lang=en_US", - "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.tecno.com/SRC/securityUpdates", - "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea" + "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2197.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2197.json index 6bfe66b5b96..d6d64e36118 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2197.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2197.json @@ -3,7 +3,7 @@ "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "published": "2025-04-17T10:15:15.810", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22275.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22275.json index 2b3e4e0e08c..695f00ba2a8 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22275.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22275.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22275", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-03T05:15:08.243", - "lastModified": "2025-01-03T07:15:25.297", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:10:51.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5.6", + "versionEndExcluding": "3.5.11", + "matchCriteriaId": "53EB11E1-F547-407A-A808-8E9C3042A4E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://news.ycombinator.com/item?id=42579472", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-223xx/CVE-2025-22377.json b/CVE-2025/CVE-2025-223xx/CVE-2025-22377.json index 81784a25aa8..5e4fc0041fc 100644 --- a/CVE-2025/CVE-2025-223xx/CVE-2025-22377.json +++ b/CVE-2025/CVE-2025-223xx/CVE-2025-22377.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22377", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-27T17:15:25.463", - "lastModified": "2025-05-29T19:15:27.447", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T16:03:56.140", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,501 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16D9272E-1794-48FF-B6A4-8F48395BA38E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "932F5FB3-5527-44D7-9DD9-EF03963E3CA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1896BFF-D709-481B-AD4F-37D1A8B30C06" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6748EF2-3C63-41CD-B3D1-4B3FEC614B40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BCF6C91D-DECE-4630-85FE-C22EF2B9160A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87FE8214-E165-4874-BB5A-3C4298708039" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06B60F97-1320-44F5-970C-BBA29F375524" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72419735-076A-4E72-869F-0C7D801371C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F66A096-7BA3-47D6-98F4-879C3A4C1FFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE202894-D48A-4B9E-B3BD-28529967A0B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5400_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE283E70-150F-4A64-AF37-F12856C55637" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FE405A6-E0E3-47D5-9901-B370A3AAD423" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "526A0088-BDA7-4373-8966-AEED69C1AE8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A9657C28-AA6B-4C1A-ACAA-E90645CF2A73" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-22377/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-225xx/CVE-2025-22531.json b/CVE-2025/CVE-2025-225xx/CVE-2025-22531.json index 970f224cd16..b740d3f8d63 100644 --- a/CVE-2025/CVE-2025-225xx/CVE-2025-22531.json +++ b/CVE-2025/CVE-2025-225xx/CVE-2025-22531.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22531", "sourceIdentifier": "audit@patchstack.com", "published": "2025-01-07T16:15:48.520", - "lastModified": "2025-01-07T16:15:48.520", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-20T18:07:27.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -81,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mbilalm:urdu_formatter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.1", + "matchCriteriaId": "00403AC5-BAE9-4315-AB69-AD8BDF9D7DE8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/urdu-formatter-shamil/vulnerability/wordpress-urdu-formatter-shamil-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-226xx/CVE-2025-22659.json b/CVE-2025/CVE-2025-226xx/CVE-2025-22659.json index a5e042f7eb7..6d04481f7b6 100644 --- a/CVE-2025/CVE-2025-226xx/CVE-2025-22659.json +++ b/CVE-2025/CVE-2025-226xx/CVE-2025-22659.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-03-27T15:15:58.283", "lastModified": "2025-03-27T16:45:12.210", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22829.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22829.json index b4efe62a9ec..fbb2f76dfd0 100644 --- a/CVE-2025/CVE-2025-228xx/CVE-2025-22829.json +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22829.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22829", "sourceIdentifier": "security@apache.org", "published": "2025-06-10T23:15:22.740", - "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T19:38:05.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "AMBER" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } ] }, "weaknesses": [ @@ -73,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:cloudstack:4.20.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EF75DE62-7CFF-4E3E-8658-A0E1AFA4B52A" + } + ] + } + ] + } + ], "references": [ { "url": "https://cloudstack.staged.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22952.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22952.json index f12ccde702c..3ffeb75f798 100644 --- a/CVE-2025/CVE-2025-229xx/CVE-2025-22952.json +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22952.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-27T20:16:04.983", "lastModified": "2025-03-03T16:15:40.010", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2214.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2214.json index 8f1a2a18d3d..eddcd2681c5 100644 --- a/CVE-2025/CVE-2025-22xx/CVE-2025-2214.json +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2214.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-12T00:15:11.770", "lastModified": "2025-03-12T14:15:20.373", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2231.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2231.json index 34028e45590..922d8c01d0e 100644 --- a/CVE-2025/CVE-2025-22xx/CVE-2025-2231.json +++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2231.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-03-24T20:15:18.370", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json index beed248297b..97e32dd601a 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled." + }, + { + "lang": "es", + "value": "Meridian Technique Materialise OrthoView hasta la versi\u00f3n 7.5.1 permite la inyecci\u00f3n de comandos del sistema operativo cuando el uso compartido de servlets est\u00e1 habilitado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json index 7fade9d029e..ace204f01c6 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T21:15:24.460", "lastModified": "2025-06-26T18:58:14.280", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23114.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23114.json index d27b7c12703..afd389e9822 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23114.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23114.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2025-02-05T02:15:28.610", "lastModified": "2025-03-13T19:15:51.643", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json index 656a6a605a3..5a2e70e0d75 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.377", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json index d310a43f16e..67aa9dab40a 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json @@ -3,7 +3,7 @@ "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.977", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-232xx/CVE-2025-23252.json b/CVE-2025/CVE-2025-232xx/CVE-2025-23252.json index 131f14323a5..5f37be299e7 100644 --- a/CVE-2025/CVE-2025-232xx/CVE-2025-23252.json +++ b/CVE-2025/CVE-2025-232xx/CVE-2025-23252.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure." + }, + { + "lang": "es", + "value": "La herramienta NVIDIA NVDebug contiene una vulnerabilidad que podr\u00eda permitir que un actor acceda a componentes restringidos. Explotar esta vulnerabilidad podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23968.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23968.json index d193b59276b..8a7ddd681ee 100644 --- a/CVE-2025/CVE-2025-239xx/CVE-2025-23968.json +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23968.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en WPCenter AiBud WP permite cargar un shell web a un servidor web. Este problema afecta a AiBud WP: desde n/a hasta 1.8.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json index 9d561b5f25b..f4f22c58806 100644 --- a/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23972.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Request Forgery (CSRF) en Brian S. Reed Contact Form 7 reCAPTCHA permite Cross Site Request Forgery. Este problema afecta al reCAPTCHA del Formulario de Contacto 7 desde n/d hasta la versi\u00f3n 1.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json b/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json index 3fba7ca1278..e46c90f06ee 100644 --- a/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json +++ b/CVE-2025/CVE-2025-239xx/CVE-2025-23999.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de autorizaci\u00f3n faltante en Cloudways Breeze permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Breeze: desde n/a hasta 2.2.13." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24044.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24044.json index 185896527e1..de84e103070 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24044.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24044.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:26.093", "lastModified": "2025-03-11T17:16:26.093", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24058.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24058.json index 75f826a5b9a..66c7aef7378 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24058.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24058.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:46.037", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24072.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24072.json index 11c2d3fe1b4..54f188d9073 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24072.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24072.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:30.070", "lastModified": "2025-03-11T17:16:30.070", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24076.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24076.json index ce5d17d8cae..7e4f5b8c254 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24076.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24076.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:30.480", "lastModified": "2025-03-11T17:16:30.480", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24084.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24084.json index f994277172a..6cfe89d1748 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24084.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24084.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:33.523", "lastModified": "2025-03-11T17:16:33.523", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24329.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24329.json index 9ce8902ce20..c648fa321da 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24329.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24329.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "El env\u00edo de un campo de archivo de mensaje de operaci\u00f3n SOAP \"aprovisionamiento\" manipulado dentro de la red de gesti\u00f3n de la Red de Acceso Radio (RAN) interna del Operador de Red M\u00f3vil (MNO) puede causar un problema de path traversal en el software de banda base de RAN \u00danica de Nokia con versiones anteriores a la 24R1-SR 1.0 MP. Este problema se ha corregido en la versi\u00f3n 24R1-SR 1.0 MP y posteriores. A partir de la versi\u00f3n 24R1-SR 1.0 MP, el software del servicio OAM utiliza las API de libarchive con opciones de seguridad habilitadas, lo que mitiga eficazmente el problema de path traversal reportado." + "value": "El env\u00edo de un campo de archivo de mensaje de operaci\u00f3n SOAP \"aprovisionamiento\" manipulado dentro de la red de gesti\u00f3n de la Red de Acceso Radio (RAN) interna del Operador de Red M\u00f3vil (MNO) puede causar un problema de path traversal en el software de banda base de Nokia Single RAN con versiones anteriores a la 24R1-SR 1.0 MP. Este problema se ha corregido en la versi\u00f3n 24R1-SR 1.0 MP y posteriores. A partir de la versi\u00f3n 24R1-SR 1.0 MP, el software del servicio OAM utiliza las API de libarchive con opciones de seguridad habilitadas, lo que mitiga eficazmente el problema de path traversal reportado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24388.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24388.json index 226a38057b3..2cc39c10df6 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24388.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24388.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected" + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n y la interfaz de agente de OTRS (versiones anteriores a OTRS 8) permite la inyecci\u00f3n de par\u00e1metros debido a un agente o usuario administrador autenticado. Este problema afecta a: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X * ((OTRS)) Community Edition: 6.0.x. Los productos basados en ((OTRS)) Community Edition tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json index 991b388dc3c..6158c2a1247 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24735.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live Chat + ChatBot + Cart Saver: from n/a through 1.0.11." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Chatra Chatra Live Chat + ChatBot + Cart Saver permite XSS almacenado. Este problema afecta a Chatra Live Chat + ChatBot + Cart Saver desde n/d hasta la versi\u00f3n 1.0.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json index a05f8947fff..c3eea9a4d38 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24748.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This issue affects All In One Slider Responsive: from n/a through 3.7.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en LambertGroup All In One Slider Responsive permite la inyecci\u00f3n SQL. Este problema afecta a All In One Slider Responsive desde n/d hasta la versi\u00f3n 3.7.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json index 803fe193714..46f8909a69a 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24757.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This issue affects MyRewards: from n/a through 5.4.13.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Long Watch Studio MyRewards permite XSS almacenado. Este problema afecta a MyRewards desde n/d hasta la versi\u00f3n 5.4.13.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24761.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24761.json index 3a2aafe4487..df37703afed 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24761.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24761.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en snstheme DSK permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a DSK desde n/d hasta la versi\u00f3n 2.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json index 09bd99546b0..8f45b7a2e92 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24764.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones (Simply) Guest Author Name allows DOM-Based XSS. This issue affects (Simply) Guest Author Name: from n/a through 4.36." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en A. Jones (Simply) Guest Author Name permite XSS basado en DOM. Este problema afecta a (Simply) Guest Author Name: desde n/d hasta la versi\u00f3n 4.36." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-247xx/CVE-2025-24773.json b/CVE-2025/CVE-2025-247xx/CVE-2025-24773.json index 4c11a1620cc..65a3d0c0cf1 100644 --- a/CVE-2025/CVE-2025-247xx/CVE-2025-24773.json +++ b/CVE-2025/CVE-2025-247xx/CVE-2025-24773.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce permite la inyecci\u00f3n SQL. Este problema afecta a WPCRM - CRM para formulario de contacto CF7 y WooCommerce desde n/d hasta la versi\u00f3n 3.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-248xx/CVE-2025-24814.json b/CVE-2025/CVE-2025-248xx/CVE-2025-24814.json index 756d47ed983..879ea647a8f 100644 --- a/CVE-2025/CVE-2025-248xx/CVE-2025-24814.json +++ b/CVE-2025/CVE-2025-248xx/CVE-2025-24814.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24814", "sourceIdentifier": "security@apache.org", "published": "2025-01-27T09:15:14.947", - "lastModified": "2025-02-15T01:15:11.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:41:43.923", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -49,20 +69,59 @@ "value": "CWE-250" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.8.0", + "matchCriteriaId": "D59403D1-1B17-4DF8-9100-F3A87BCA78B1" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/01/26/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20250214-0002/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-249xx/CVE-2025-24986.json b/CVE-2025/CVE-2025-249xx/CVE-2025-24986.json index 545d852fa7c..d619c3b5ce7 100644 --- a/CVE-2025/CVE-2025-249xx/CVE-2025-24986.json +++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24986.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:34.563", "lastModified": "2025-03-11T17:16:34.563", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-249xx/CVE-2025-24987.json b/CVE-2025/CVE-2025-249xx/CVE-2025-24987.json index d8de4b71611..78f9c31bcd0 100644 --- a/CVE-2025/CVE-2025-249xx/CVE-2025-24987.json +++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24987.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:34.767", "lastModified": "2025-03-11T17:16:34.767", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-249xx/CVE-2025-24988.json b/CVE-2025/CVE-2025-249xx/CVE-2025-24988.json index 02e9da3a0a9..b41c4ff6658 100644 --- a/CVE-2025/CVE-2025-249xx/CVE-2025-24988.json +++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24988.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:35.013", "lastModified": "2025-03-11T17:16:35.013", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25000.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25000.json index b1c3b1bdc7f..7ad39132422 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25000.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25000.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-04T01:15:38.070", "lastModified": "2025-04-07T14:18:34.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25001.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25001.json index d7798d75fdc..6cd2bddca82 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25001.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25001.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-04T01:15:39.153", "lastModified": "2025-04-07T14:18:34.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25002.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25002.json index 32e6189fa42..cd4446e3747 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25002.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25002.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:47.030", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25045.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25045.json index a468278ccfc..597f1a6d1ec 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25045.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25045.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-04-23T23:15:16.213", "lastModified": "2025-04-29T13:52:47.470", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-251xx/CVE-2025-25179.json b/CVE-2025/CVE-2025-251xx/CVE-2025-25179.json index 75029beb97f..1bbe64779ba 100644 --- a/CVE-2025/CVE-2025-251xx/CVE-2025-25179.json +++ b/CVE-2025/CVE-2025-251xx/CVE-2025-25179.json @@ -3,7 +3,7 @@ "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2025-06-02T05:15:20.160", "lastModified": "2025-06-02T17:32:17.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25264.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25264.json index f268307c128..62d9cda0916 100644 --- a/CVE-2025/CVE-2025-252xx/CVE-2025-25264.json +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25264.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25265.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25265.json index 67a2e184e6a..2042399fd22 100644 --- a/CVE-2025/CVE-2025-252xx/CVE-2025-25265.json +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25265.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "info@cert.vde.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25461.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25461.json index c5fdb783acf..7c092307b53 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25461.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25461.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T16:15:39.387", "lastModified": "2025-02-28T16:15:39.387", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25476.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25476.json index 4ee36863b6e..bc510a6d5bc 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25476.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25476.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T23:15:11.063", "lastModified": "2025-03-04T16:15:40.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25477.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25477.json index aca67cbc509..a7e77c64d61 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25477.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25477.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T00:15:36.380", "lastModified": "2025-02-28T16:15:39.550", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25478.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25478.json index 043fccde727..5dbe88692fc 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25478.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25478.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-28T23:15:11.170", "lastModified": "2025-03-05T16:15:39.297", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-255xx/CVE-2025-25539.json b/CVE-2025/CVE-2025-255xx/CVE-2025-25539.json index a0f99d92dca..2c43c8613f1 100644 --- a/CVE-2025/CVE-2025-255xx/CVE-2025-25539.json +++ b/CVE-2025/CVE-2025-255xx/CVE-2025-25539.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25539", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-21T17:15:57.757", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:06:14.123", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:onespan:vasco_self-service_portal:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.14", + "matchCriteriaId": "DE06E571-BD81-40EE-9127-E8AA018D63F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1Va0QP5TtsRprk-pXL3bUfCwTSjYbqnLK?usp=sharing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/sornram9254/15eb12579b7acda8ba021217366960bd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-256xx/CVE-2025-25618.json b/CVE-2025/CVE-2025-256xx/CVE-2025-25618.json index c2ea72f5c40..1d2853eb94c 100644 --- a/CVE-2025/CVE-2025-256xx/CVE-2025-25618.json +++ b/CVE-2025/CVE-2025-256xx/CVE-2025-25618.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25618", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-17T15:15:44.040", - "lastModified": "2025-03-17T18:15:21.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:59:48.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:changeweb:unifiedtransform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "883EFC82-98B6-4094-8472-3A520B2F0196" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/armaansidana2003/CVE-2025-25618", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/changeweb/Unifiedtransform", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-256xx/CVE-2025-25621.json b/CVE-2025/CVE-2025-256xx/CVE-2025-25621.json index c115f90559c..431a4281666 100644 --- a/CVE-2025/CVE-2025-256xx/CVE-2025-25621.json +++ b/CVE-2025/CVE-2025-256xx/CVE-2025-25621.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25621", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-17T15:15:44.173", - "lastModified": "2025-03-17T18:15:21.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-24T14:59:56.510", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:changeweb:unifiedtransform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "883EFC82-98B6-4094-8472-3A520B2F0196" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/armaansidana2003/CVE-2025-25621", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/changeweb/Unifiedtransform", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-256xx/CVE-2025-25680.json b/CVE-2025/CVE-2025-256xx/CVE-2025-25680.json index 3c275922cb5..359b18091f6 100644 --- a/CVE-2025/CVE-2025-256xx/CVE-2025-25680.json +++ b/CVE-2025/CVE-2025-256xx/CVE-2025-25680.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-11T16:15:17.413", "lastModified": "2025-03-21T21:15:36.390", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-257xx/CVE-2025-25763.json b/CVE-2025/CVE-2025-257xx/CVE-2025-25763.json index 7ea638f06c2..b6a6ab3c30b 100644 --- a/CVE-2025/CVE-2025-257xx/CVE-2025-25763.json +++ b/CVE-2025/CVE-2025-257xx/CVE-2025-25763.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-06T21:15:15.020", "lastModified": "2025-03-07T20:15:38.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-257xx/CVE-2025-25772.json b/CVE-2025/CVE-2025-257xx/CVE-2025-25772.json index 6aa84aa6810..eeff3d127bb 100644 --- a/CVE-2025/CVE-2025-257xx/CVE-2025-25772.json +++ b/CVE-2025/CVE-2025-257xx/CVE-2025-25772.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-21T19:15:14.690", "lastModified": "2025-02-21T22:15:12.813", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25905.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25905.json index 7841acf0b5c..1ca89d1311b 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25905.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25905.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-25T16:15:26.173", "lastModified": "2025-06-26T18:57:43.670", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25928.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25928.json index c4b87378d8e..9dc84953fa5 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25928.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25928.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-11T20:15:17.247", "lastModified": "2025-03-17T19:15:26.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25929.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25929.json index 9ed1cc3294d..18d857c081e 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25929.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25929.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-11T20:15:17.377", "lastModified": "2025-03-12T16:15:23.767", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25957.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25957.json index 4fa0e0b3025..c83c44f9291 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25957.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25957.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-20T23:15:13.280", "lastModified": "2025-02-21T15:15:13.067", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json index 2be0502b760..0682b1516af 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25983", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T20:15:16.137", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T18:43:00.227", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,14 +55,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:macro-video:v380_pro:2.1.44:*:*:*:*:android:*:*", + "matchCriteriaId": "27A271D8-1AC3-40E3-BC31-3A26236C95EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:macro-video:v380_pro:2.1.64:*:*:*:*:android:*:*", + "matchCriteriaId": "4656A5CE-E2B1-44B7-99D6-600984FA5AE4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vladko312/Research_v380_IP_camera", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "Product" + ] }, { "url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25983.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json index d548e0d37f4..cba1617686b 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25984", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T20:15:16.240", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T18:40:36.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,52 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:macro-video:v380e6_c1_firmware:1020302:*:*:*:*:*:*:*", + "matchCriteriaId": "96E05A0A-6366-41FB-A1C3-D014805030E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:macro-video:v380e6_c1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B503166-7ECB-4788-894F-6D94895391BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vladko312/Research_v380_IP_camera", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "Product" + ] }, { "url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25984.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json index cf7066231b9..6e6f6b2c4be 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25985", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T20:15:16.347", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T18:40:13.240", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:macro-video:v380e6_c1_firmware:1020302:*:*:*:*:*:*:*", + "matchCriteriaId": "96E05A0A-6366-41FB-A1C3-D014805030E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:macro-video:v380e6_c1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B503166-7ECB-4788-894F-6D94895391BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vladko312/Research_v380_IP_camera", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25985.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2537.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2537.json index 1d996ebb7b3..e8683808f13 100644 --- a/CVE-2025/CVE-2025-25xx/CVE-2025-2537.json +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2537.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Varios complementos para WordPress son vulnerables a cross-site scripting almacenado a trav\u00e9s de la librer\u00eda de JavaScript ThickBox (versi\u00f3n 3.1) incluida en el complemento en varias versiones, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2540.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2540.json index d8113f8e183..f20119f12ba 100644 --- a/CVE-2025/CVE-2025-25xx/CVE-2025-2540.json +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2540.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Varios complementos para WordPress son vulnerables a cross-site scripting almacenado a trav\u00e9s de la librer\u00eda prettyPhoto (versi\u00f3n 3.1.6) incluida en el complemento en varias versiones, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json index 5a80f8463ac..8364442f033 100644 --- a/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2545.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Vulnerabilidad en el Request Tracker v5.0.7 de Best Practical Solutions, LLC, donde se utiliza el algoritmo criptogr\u00e1fico Triple DES (3DES) dentro del c\u00f3digo SMIME para cifrar correos electr\u00f3nicos S/MIME. Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumplea\u00f1os, que podr\u00edan comprometer la confidencialidad de los mensajes cifrados." + "value": "Vulnerabilidad en las versiones de Request Tracker anteriores a 5.0.8 de Best Practical Solutions, LLC,, donde se utiliza el algoritmo criptogr\u00e1fico Triple DES (3DES) para proteger los correos enviados con cifrado S/MIME. El algoritmo Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumplea\u00f1os, lo que podr\u00eda comprometer la confidencialidad de los mensajes cifrados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-260xx/CVE-2025-26058.json b/CVE-2025/CVE-2025-260xx/CVE-2025-26058.json index 35927e23212..687ffc6f6cd 100644 --- a/CVE-2025/CVE-2025-260xx/CVE-2025-26058.json +++ b/CVE-2025/CVE-2025-260xx/CVE-2025-26058.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-02-18T18:15:35.653", "lastModified": "2025-02-19T21:15:15.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-260xx/CVE-2025-26074.json b/CVE-2025/CVE-2025-260xx/CVE-2025-26074.json index 1efa332dca4..d9faa4fbfdd 100644 --- a/CVE-2025/CVE-2025-260xx/CVE-2025-26074.json +++ b/CVE-2025/CVE-2025-260xx/CVE-2025-26074.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes." + }, + { + "lang": "es", + "value": "Orkes Conductor v3.21.11 permite a atacantes remotos ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s del acceso sin restricciones a las clases Java." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json b/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json index 58b6d03bfb6..cd408b5c0b4 100644 --- a/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json +++ b/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T18:15:24.097", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json b/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json index 1ad16433284..b268106a392 100644 --- a/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json +++ b/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T20:15:19.667", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-262xx/CVE-2025-26206.json b/CVE-2025/CVE-2025-262xx/CVE-2025-26206.json index 047328b8679..4d87df6d65d 100644 --- a/CVE-2025/CVE-2025-262xx/CVE-2025-26206.json +++ b/CVE-2025/CVE-2025-262xx/CVE-2025-26206.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-03T19:15:35.507", "lastModified": "2025-03-04T17:15:18.487", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-262xx/CVE-2025-26269.json b/CVE-2025/CVE-2025-262xx/CVE-2025-26269.json index c576e574160..65874c40aaa 100644 --- a/CVE-2025/CVE-2025-262xx/CVE-2025-26269.json +++ b/CVE-2025/CVE-2025-262xx/CVE-2025-26269.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T18:15:49.073", "lastModified": "2025-04-23T16:15:35.960", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-263xx/CVE-2025-26320.json b/CVE-2025/CVE-2025-263xx/CVE-2025-26320.json index 9745559390e..07cf8fd967d 100644 --- a/CVE-2025/CVE-2025-263xx/CVE-2025-26320.json +++ b/CVE-2025/CVE-2025-263xx/CVE-2025-26320.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-04T16:15:40.240", "lastModified": "2025-03-05T19:15:39.173", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json index a2c5dc2008e..81db8018c73 100644 --- a/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26591.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox allows Stored XSS. This issue affects WP fancybox: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Noor Alam WP fancybox que permite XSS almacenado. Este problema afecta a WP fancybox desde n/d hasta la versi\u00f3n 1.0.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json b/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json index ac860cf1523..be180f7f465 100644 --- a/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json +++ b/CVE-2025/CVE-2025-265xx/CVE-2025-26596.json @@ -62,7 +62,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26627.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26627.json index e08fb53c58e..6cbe17ab8cb 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26627.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26627.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:38.930", "lastModified": "2025-03-11T17:16:38.930", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26628.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26628.json index 374cc0c4ee1..554776b09b1 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26628.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26628.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:47.180", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26640.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26640.json index 8480a09f428..5616eb824d4 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26640.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26640.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:47.817", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26641.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26641.json index e0038877218..a9e13ca5673 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26641.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26641.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:47.990", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26642.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26642.json index cf0b85c36e4..bb07b8c6c67 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26642.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26642.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:48.160", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26644.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26644.json index 0ccc20ca364..d822b656815 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26644.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26644.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:48.347", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26645.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26645.json index c27e76f629c..fed411c91e3 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26645.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26645.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-11T17:16:44.200", "lastModified": "2025-03-11T17:16:44.200", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26647.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26647.json index 09b20873212..bfc74bed6c5 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26647.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26647.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:48.510", "lastModified": "2025-04-11T20:15:17.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26648.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26648.json index a9d8824d736..e3ed1f5d176 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26648.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26648.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:48.667", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26649.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26649.json index a73a83566c7..3c32eefa3ba 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26649.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26649.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:48.843", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26651.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26651.json index 23f67a64e9c..54545af400d 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26651.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26651.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.007", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26652.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26652.json index b34c85cbb80..615f55a2987 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26652.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26652.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.157", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26663.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26663.json index 39622377052..4c86579b7c8 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26663.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26663.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.337", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26664.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26664.json index 1b05288cd47..6d4f634fa1d 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26664.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26664.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.510", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26665.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26665.json index c01cdcbb8dd..268f4220c55 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26665.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26665.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.670", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26666.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26666.json index 2e3cc07675e..967838b6913 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26666.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26666.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:49.833", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26667.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26667.json index d2196a5fa1b..878e54bc3d8 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26667.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26667.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:50.000", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26668.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26668.json index fed2ef1ce3a..2c9fe8b235f 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26668.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26668.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:50.160", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26669.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26669.json index 5880d45a777..ffee109661a 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26669.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26669.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:50.347", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26670.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26670.json index 9f220bc7bb4..adc62060c88 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26670.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26670.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:50.817", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26671.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26671.json index d7c7a7e84cc..d0bd0f7540b 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26671.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26671.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:51.003", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26672.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26672.json index eab0ce53b00..db49c9f9091 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26672.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26672.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:51.177", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26673.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26673.json index 9a9a0213b7d..954faf08990 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26673.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26673.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:51.350", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26674.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26674.json index b07df9c9816..efc76c7b639 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26674.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26674.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:51.553", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26675.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26675.json index 6da10cf6d84..91765012094 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26675.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26675.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:51.757", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26676.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26676.json index d1ff9c428ad..bf14def4b8b 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26676.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26676.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:52.023", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26678.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26678.json index ef5b350121d..e49c6f292e9 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26678.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26678.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:52.303", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26679.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26679.json index 7ccd4c923b4..ccd81f0f613 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26679.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26679.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:52.463", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26680.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26680.json index d16c29227b9..0d5b36a1f36 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26680.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26680.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:52.667", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26681.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26681.json index 9fafc2a3225..d2e799a93f2 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26681.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26681.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:52.863", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26682.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26682.json index 76f174036ef..50285289af6 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26682.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26682.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:53.033", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26686.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26686.json index 58cb2e7dc2f..0f1e867acd4 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26686.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26686.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:53.220", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26687.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26687.json index 9b2469b2712..478703a1321 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26687.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26687.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:53.383", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-266xx/CVE-2025-26688.json b/CVE-2025/CVE-2025-266xx/CVE-2025-26688.json index edb9eddddd6..f32b43d996e 100644 --- a/CVE-2025/CVE-2025-266xx/CVE-2025-26688.json +++ b/CVE-2025/CVE-2025-266xx/CVE-2025-26688.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:53.550", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26784.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26784.json index c118103e282..255ca3211aa 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26784.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26784.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26784", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-14T17:15:47.697", - "lastModified": "2025-05-19T18:15:27.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:11:34.180", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,481 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BCF6C91D-DECE-4630-85FE-C22EF2B9160A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87FE8214-E165-4874-BB5A-3C4298708039" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16D9272E-1794-48FF-B6A4-8F48395BA38E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "932F5FB3-5527-44D7-9DD9-EF03963E3CA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1896BFF-D709-481B-AD4F-37D1A8B30C06" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6748EF2-3C63-41CD-B3D1-4B3FEC614B40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "526A0088-BDA7-4373-8966-AEED69C1AE8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A9657C28-AA6B-4C1A-ACAA-E90645CF2A73" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06B60F97-1320-44F5-970C-BBA29F375524" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72419735-076A-4E72-869F-0C7D801371C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F66A096-7BA3-47D6-98F4-879C3A4C1FFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE202894-D48A-4B9E-B3BD-28529967A0B3" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-26784/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26785.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26785.json index c16b8c098cd..aecb6f7de26 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26785.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26785.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26785", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-14T17:15:47.873", - "lastModified": "2025-05-27T18:15:31.037", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:08:42.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,481 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16D9272E-1794-48FF-B6A4-8F48395BA38E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "932F5FB3-5527-44D7-9DD9-EF03963E3CA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1896BFF-D709-481B-AD4F-37D1A8B30C06" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E6748EF2-3C63-41CD-B3D1-4B3FEC614B40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "801E188F-C71B-4933-9099-151A4A1B1BC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8FC82D-57C5-4F00-BDF4-4261A32C4246" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "526A0088-BDA7-4373-8966-AEED69C1AE8A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A9657C28-AA6B-4C1A-ACAA-E90645CF2A73" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06B60F97-1320-44F5-970C-BBA29F375524" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*", + "matchCriteriaId": "72419735-076A-4E72-869F-0C7D801371C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F66A096-7BA3-47D6-98F4-879C3A4C1FFC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE202894-D48A-4B9E-B3BD-28529967A0B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BCF6C91D-DECE-4630-85FE-C22EF2B9160A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "87FE8214-E165-4874-BB5A-3C4298708039" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-26785/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26849.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26849.json index 54fac4d6876..1f71723985d 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26849.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26849.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-04T09:15:10.917", "lastModified": "2025-03-05T04:15:12.367", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json index a0f9f6ff41a..ee861b9d8e4 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26877.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-02-25T15:15:24.380", "lastModified": "2025-02-25T15:15:24.380", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26990.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26990.json index 3a74dae2124..347ea9b421b 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26990.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26990.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T12:15:21.597", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27094.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27094.json index c9f48954024..863e43e9098 100644 --- a/CVE-2025/CVE-2025-270xx/CVE-2025-27094.json +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27094.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-03-03T16:15:43.023", "lastModified": "2025-03-03T17:15:15.433", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27099.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27099.json index bbbb81b592c..60c0783af32 100644 --- a/CVE-2025/CVE-2025-270xx/CVE-2025-27099.json +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27099.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-03-03T16:15:43.173", "lastModified": "2025-03-03T17:15:15.533", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-271xx/CVE-2025-27130.json b/CVE-2025/CVE-2025-271xx/CVE-2025-27130.json index 82447e45d71..ad1876ef93c 100644 --- a/CVE-2025/CVE-2025-271xx/CVE-2025-27130.json +++ b/CVE-2025/CVE-2025-271xx/CVE-2025-27130.json @@ -3,7 +3,7 @@ "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2025-04-01T09:15:15.657", "lastModified": "2025-04-01T20:26:11.547", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-272xx/CVE-2025-27207.json b/CVE-2025/CVE-2025-272xx/CVE-2025-27207.json index 6b8e2ea189f..4c10c6776e0 100644 --- a/CVE-2025/CVE-2025-272xx/CVE-2025-27207.json +++ b/CVE-2025/CVE-2025-272xx/CVE-2025-27207.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T16:15:36.433", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json index 7e248be9472..c4afdef9e2d 100644 --- a/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27326.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Video Gallery Block \u2013 Display your videos as a gallery in a professional way allows Stored XSS. This issue affects Video Gallery Block \u2013 Display your videos as a gallery in a professional way: from n/a through 1.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en bPlugins Video Gallery Block \u2013 Display your videos as a gallery in a professional way permite XSS almacenado. Este problema afecta al bloque Galer\u00eda de v\u00eddeos: Visualiza tus v\u00eddeos como una galer\u00eda de forma profesional: desde n/d hasta la versi\u00f3n 1.1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json index 0a3336aee5f..3c703eea6ba 100644 --- a/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27358.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code Injection. This issue affects Frontend File Manager: from n/a through 23.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de etiquetas HTML relacionadas con scripts en una p\u00e1gina web (XSS b\u00e1sico) en mndpsingh287 Frontend File Manager permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta al gestor de archivos frontend desde la versi\u00f3n n/d hasta la 23.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json index d7649014ccd..51eaaf68425 100644 --- a/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure." + }, + { + "lang": "es", + "value": "OPPO Clone Phone utiliza un punto de acceso WiFi con contrase\u00f1a d\u00e9bil para transferir archivos, lo que resulta en la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27447.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27447.json index 0deca70d267..26414d0b750 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27447.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27447.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n web es susceptible a ataques de cross-site-scripting. Un atacante puede crear una URL preparada que inyecta c\u00f3digo JavaScript en el sitio web. El c\u00f3digo se ejecuta en el navegador de la v\u00edctima cuando un administrador autenticado hace clic en el enlace." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27448.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27448.json index 7eac7fa7e97..beba6d35d21 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27448.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27448.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n web es susceptible a ataques de cross-site-scripting. Un atacante que cree nuevos paneles puede inyectar c\u00f3digo JavaScript en el nombre del panel, el cual se ejecutar\u00e1 al cargar el sitio web." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27449.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27449.json index 0ce5cdd6cba..1349400db5d 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27449.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27449.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks." + }, + { + "lang": "es", + "value": "El MEAC300-FNADE4 no implementa medidas suficientes para evitar m\u00faltiples intentos fallidos de autenticaci\u00f3n en un corto per\u00edodo de tiempo, lo que lo hace susceptible a ataques de fuerza bruta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27450.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27450.json index 3a4bca15ec0..332b55e41c4 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27450.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27450.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and intercept the request containing the PHPSESSID cookie." + }, + { + "lang": "es", + "value": "El atributo Secure falta en varias cookies proporcionadas por MEAC300-FNADE4. Un atacante puede enga\u00f1ar a un usuario para que establezca una conexi\u00f3n HTTP sin cifrar con el servidor e interceptar la solicitud que contiene la cookie PHPSESSID." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27451.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27451.json index cb8b3395489..2162acc9bbe 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27451.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27451.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one." + }, + { + "lang": "es", + "value": "En caso de intentos fallidos de inicio de sesi\u00f3n, la aplicaci\u00f3n muestra diferentes mensajes de error seg\u00fan si el inicio de sesi\u00f3n fall\u00f3 debido a una contrase\u00f1a incorrecta o a un nombre de usuario inexistente. Esto permite a un atacante adivinar nombres de usuario hasta encontrar uno." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27452.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27452.json index 2e9c633a1fc..191d3773597 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27452.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27452.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules \n\npose a risk to the webserver which enable dircetory listing." + }, + { + "lang": "es", + "value": "La configuraci\u00f3n del servidor web Apache httpd, que sirve a la aplicaci\u00f3n web MEAC300-FNADE4, es parcialmente insegura. Hay m\u00f3dulos activados que no son necesarios para el funcionamiento de la aplicaci\u00f3n web FNADE4. La funcionalidad de algunos m\u00f3dulos supone un riesgo para el servidor web que permite el listado de directorios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27453.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27453.json index 7b624a31c92..7f8afbeaa7d 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27453.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27453.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript." + }, + { + "lang": "es", + "value": "El indicador HttpOnly est\u00e1 configurado como falso en la cookie PHPSESSION. Por lo tanto, otras fuentes, como JavaScript, pueden acceder a la cookie." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27454.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27454.json index cbaaf47a3dc..b0bf15020ea 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27454.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27454.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n es vulnerable a cross-site request forgery. Un atacante puede enga\u00f1ar a un usuario con sesi\u00f3n iniciada para que env\u00ede una solicitud web no deseada. La solicitud utiliza la autorizaci\u00f3n guardada del navegador de la v\u00edctima para ejecutarse." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27455.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27455.json index 93adcb6ca6c..ff31bc87a98 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27455.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27455.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n web es vulnerable a ataques de clickjacking. El sitio puede estar incrustado en otro frame, lo que permite a un atacante enga\u00f1ar al usuario para que haga clic en algo distinto a lo que percibe, lo que podr\u00eda revelar informaci\u00f3n confidencial o permitir que otros tomen el control de su ordenador mientras hacen clic en objetos aparentemente inofensivos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27456.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27456.json index 0f84426d4a2..7d80e2435e8 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27456.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27456.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks." + }, + { + "lang": "es", + "value": "El mecanismo de inicio de sesi\u00f3n del SMB Server no implementa medidas suficientes para evitar m\u00faltiples intentos fallidos de autenticaci\u00f3n en un corto per\u00edodo de tiempo, lo que lo hace susceptible a ataques de fuerza bruta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27457.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27457.json index 6a9ee50fdfb..e45ebc55be2 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27457.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27457.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data." + }, + { + "lang": "es", + "value": "Toda la comunicaci\u00f3n entre el servidor VNC y los clientes no est\u00e1 cifrada. Esto permite a un atacante interceptar el tr\u00e1fico y obtener datos confidenciales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27458.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27458.json index 2f28fbe0eac..b037f1cdac4 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27458.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27458.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information." + }, + { + "lang": "es", + "value": "El mecanismo de autenticaci\u00f3n de VNC se basa en un sistema de desaf\u00edo-respuesta donde tanto el servidor como el cliente usan la misma contrase\u00f1a para el cifrado. El desaf\u00edo se env\u00eda del servidor al cliente, este lo cifra y lo devuelve. El servidor realiza el mismo cifrado localmente y, si las respuestas coinciden, se comprueba que el cliente conoce la contrase\u00f1a correcta. Dado que toda la comunicaci\u00f3n de VNC no est\u00e1 cifrada, un atacante puede obtener el desaf\u00edo y la respuesta e intentar obtener la contrase\u00f1a a partir de esta informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27459.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27459.json index f9957ee1723..9b7520fb58b 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27459.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27459.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n VNC almacena sus contrase\u00f1as cifradas en el registro, pero utiliza DES para el cifrado. Si DES se rompe, se pueden recuperar las contrase\u00f1as originales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27460.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27460.json index 91357aeb89b..6c0b2b8a3ec 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27460.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27460.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives." + }, + { + "lang": "es", + "value": "Los discos duros del dispositivo no est\u00e1n cifrados con una funci\u00f3n de cifrado de volumen completo como BitLocker. Esto permite a un atacante con acceso f\u00edsico al dispositivo usar un sistema operativo alternativo para interactuar con los discos duros, evadiendo por completo el inicio de sesi\u00f3n de Windows. El atacante puede leer y escribir en todos los archivos de los discos duros." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27461.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27461.json index 0df444acefc..3fddfb2f383 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27461.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27461.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "During startup, the device automatically logs in the EPC2 Windows user without requesting a password." + }, + { + "lang": "es", + "value": "Durante el inicio, el dispositivo inicia sesi\u00f3n autom\u00e1ticamente como usuario de Windows EPC2 sin solicitar una contrase\u00f1a." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27467.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27467.json index 69c16fe8937..b664f67ed8f 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27467.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27467.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:56.453", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27469.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27469.json index b34578ad58c..608b9def560 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27469.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27469.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:56.613", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27470.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27470.json index 4af56c6e6d9..efb7fe6da9c 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27470.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27470.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:56.797", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27471.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27471.json index 2747f88ffb9..5d85df293d1 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27471.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27471.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:56.970", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27472.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27472.json index 06e83e7af3d..e6da257855d 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27472.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27472.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.140", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27473.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27473.json index 2524fc1d3d7..dad40121477 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27473.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27473.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.290", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27474.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27474.json index 6ef39850670..bfedf82708b 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27474.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27474.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.457", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27475.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27475.json index db166c6090f..9fd1517cba6 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27475.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27475.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.620", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27476.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27476.json index 88acc6b06db..47a279d6f24 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27476.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27476.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.777", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27477.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27477.json index b8cc7edbf3d..8088c4e5348 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27477.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27477.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:57.947", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27478.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27478.json index dbdfb4257e0..61b2508339d 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27478.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27478.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.120", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27479.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27479.json index 92311946b82..746c2e58e69 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27479.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.287", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27480.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27480.json index 1b83fed0479..2c573ba5f26 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27480.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27480.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.447", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27481.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27481.json index 6bb05d13734..d27df800101 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27481.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27481.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.610", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27482.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27482.json index 23a867f9705..0a6b3bd4387 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27482.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27482.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.773", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27483.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27483.json index 431707bcf27..3360fce186a 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27483.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27483.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:58.943", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27484.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27484.json index c937f3c126f..20a80e35289 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27484.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27484.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.130", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27485.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27485.json index 92f704282ec..990b36ebff0 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27485.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27485.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.300", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27486.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27486.json index 802c5410ad0..43235c49ec4 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27486.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27486.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.450", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27487.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27487.json index 4c88cfc27a5..1a3759d1112 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27487.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27487.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.620", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27489.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27489.json index bbb07914437..3116af60a2d 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27489.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27489.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.787", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27490.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27490.json index d85996e6d57..a2a3565bde0 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27490.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27490.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:15:59.953", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27491.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27491.json index b6fb31f11f5..2c2d186cfca 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27491.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27491.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.140", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27492.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27492.json index ee0b205e928..a6e3de8fb6e 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27492.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27492.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.313", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27727.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27727.json index 378bd0c03ed..2dbc401ec38 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27727.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27727.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.477", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27728.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27728.json index c0426f92580..1b6d46c6a5d 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27728.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27728.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.653", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27729.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27729.json index 022dc2eb1bd..0d32af72d5f 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27729.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27729.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.813", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27730.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27730.json index 82d755d3a14..cc8773e892d 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27730.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27730.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:00.990", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27731.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27731.json index ae5e74bd36f..cd312403b56 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27731.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27731.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:01.163", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27732.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27732.json index e1efe14cbd7..20a74670314 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27732.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27732.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:01.333", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27733.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27733.json index f433cbf565d..f9305fdec38 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27733.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27733.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:01.517", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27735.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27735.json index 5d010a060b2..4a75f34d1db 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27735.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27735.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:01.697", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27736.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27736.json index 43f6152e162..8da49b6830f 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27736.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27736.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:01.913", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27737.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27737.json index 94dbdcccc83..e651e8fd9d5 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27737.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27737.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:02.097", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27738.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27738.json index e6fbd018a4c..9c349046089 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27738.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27738.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:02.280", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27739.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27739.json index 93ad9c418ca..8395e825c1c 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27739.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27739.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:02.470", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27740.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27740.json index 930a55f070a..cba01516d02 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27740.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27740.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:02.653", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27741.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27741.json index 132d3c0153a..6403344dfcd 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27741.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27741.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:02.833", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27742.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27742.json index b4148e74b9b..434b563f109 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27742.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27742.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:03.040", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27743.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27743.json index f31b72da513..25263a681e5 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27743.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27743.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:03.260", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27744.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27744.json index 3f6b980ee98..938589c073a 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27744.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27744.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:03.497", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27745.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27745.json index b0dc2b664a6..f3412c82dcc 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27745.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27745.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:03.670", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27746.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27746.json index 2c04ceddc8c..38cb251d1a6 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27746.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27746.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:03.877", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27747.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27747.json index 2e0859ef5c3..9d21e7698bd 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27747.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27747.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.047", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27748.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27748.json index baee56cd77a..948f1a7acd1 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27748.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27748.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.213", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27749.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27749.json index 6ab315e1202..34650134411 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27749.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27749.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.370", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27750.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27750.json index 82c74b78bc5..7039b8f27b5 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27750.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27750.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.520", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27751.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27751.json index ebd4b997561..0da0428321a 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27751.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27751.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.680", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27752.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27752.json index e5664b259d6..ba6cb0aa1a8 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27752.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27752.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:04.840", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2707.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2707.json index 50ee319e000..76e8f51a7e7 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2707.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2707.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T19:15:50.963", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2708.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2708.json index 95045c4ac7b..c379ebc8b33 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2708.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2708.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T20:15:18.950", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2709.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2709.json index 37e8ce8419d..54ec47548f8 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2709.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2709.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T20:15:19.133", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2710.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2710.json index 91fa4be7b0d..941d93c0463 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2710.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2710.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T21:15:18.547", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2711.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2711.json index dd17d557204..02e67ccb976 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2711.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2711.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T21:15:18.760", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2712.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2712.json index 2a11e1231ed..e62bec9cea0 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2712.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2712.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-24T22:15:14.110", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2742.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2742.json index 993a84f6c82..050186aa0d7 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2742.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2742.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-25T07:15:38.700", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2743.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2743.json index cc26293d52f..05b3ab77e02 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2743.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2743.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-25T07:15:38.883", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-27xx/CVE-2025-2744.json b/CVE-2025/CVE-2025-27xx/CVE-2025-2744.json index 6925b965941..603abd7c065 100644 --- a/CVE-2025/CVE-2025-27xx/CVE-2025-2744.json +++ b/CVE-2025/CVE-2025-27xx/CVE-2025-2744.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-25T07:15:39.103", "lastModified": "2025-03-27T16:45:46.410", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json index 5716bc0b13d..4044776c508 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T17:15:34.700", "lastModified": "2025-04-22T15:16:10.627", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json index 32884b2dc37..71c1d7afa5e 100644 --- a/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json +++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.070", "lastModified": "2025-04-22T15:16:10.817", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json index a42da75de44..ca5810435ed 100644 --- a/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json +++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.170", "lastModified": "2025-04-22T15:16:10.997", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json index 6d450758f68..b719e8a2d17 100644 --- a/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json +++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.280", "lastModified": "2025-04-22T15:16:11.173", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json index 34f6667a2d9..6fa0bc03e85 100644 --- a/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json +++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.387", "lastModified": "2025-04-22T15:16:11.497", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json index f49ba153b89..4f8c3e6bac2 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28951.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en CreedAlly Bulk Featured Image permite subir un Web Shell a un servidor web. Este problema afecta a Bulk Featured Image desde n/d hasta la versi\u00f3n 1.2.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json index f5c7d74b1c2..ba28bde0df7 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28957.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OwnerRez OwnerRez allows Stored XSS. This issue affects OwnerRez: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en OwnerRez OwnerRez permite XSS almacenado. Este problema afecta a OwnerRez desde n/d hasta la versi\u00f3n 1.2.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json index 0cca3169a6c..7262b5629f3 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28963.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Server Side Request Forgery (SSRF) en Md Yeasin Ul Haider URL Shortener permite Server Side Request Forgery. Este problema afecta al acortador de URL desde n/d hasta la versi\u00f3n 3.0.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json index ef55b7814bb..7a1d47f300d 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28967.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Steve Truman Contact Us page - Contact people LITE permite la inyecci\u00f3n SQL. Este problema afecta a la p\u00e1gina de contacto - Contact people LITE desde n/d hasta la versi\u00f3n 3.7.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json index 3b9d9eee96a..124d9368d59 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28969.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en cybio Gallery Widget permite la inyecci\u00f3n SQL. Este problema afecta al widget de galer\u00eda desde n/d hasta la versi\u00f3n 1.2.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json index 0b69e1e033c..72f8a692157 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28971.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider allows Stored XSS. This issue affects Easy Elements Hider: from n/a through 2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CWD Web Designer Easy Elements Hider permite XSS almacenado. Este problema afecta a Easy Elements Hider desde n/d hasta la versi\u00f3n 2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28972.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28972.json index 293b21b7b88..a7fc87b9782 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28972.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28972.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Suhas Surse WP Employee Attendance System permite la inyecci\u00f3n SQL ciega. Este problema afecta al sistema de asistencia de empleados WP desde n/d hasta la versi\u00f3n 3.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-289xx/CVE-2025-28991.json b/CVE-2025/CVE-2025-289xx/CVE-2025-28991.json index 9719f91b7dc..a014d645fae 100644 --- a/CVE-2025/CVE-2025-289xx/CVE-2025-28991.json +++ b/CVE-2025/CVE-2025-289xx/CVE-2025-28991.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon allows PHP Local File Inclusion. This issue affects Evon: from n/a through 3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme Evon, que permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Evon desde n/d hasta la versi\u00f3n 3.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2895.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2895.json index 869f0e216b1..9bac6422984 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2895.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2895.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site." + }, + { + "lang": "es", + "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1 y 2.3.4.1 iFix1 es vulnerable a la inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al visualizarse, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web que lo aloja." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json index 196fc430d40..b5149eb9a05 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29001.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en ZoomIt WooCommerce Shop Page Builder permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Constructor de P\u00e1ginas de Tienda WooCommerce desde la versi\u00f3n n/d hasta la 2.27.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29002.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29002.json index 397d093ee21..066b1b14e5f 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29002.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29002.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen allows PHP Local File Inclusion. This issue affects Simen: from n/a through 4.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en snstheme Simen, que permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Simen desde n/d hasta la versi\u00f3n 4.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json index 14c7da732b1..1ea5cd7120b 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29007.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en LMSACE LMSACE Connect permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a LMSACE Connect desde la versi\u00f3n n/d hasta la 3.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json index 66a8070b7c2..f247dec4c5f 100644 --- a/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json +++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29012.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 7 Mailchimp Add-on: from n/a through 2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en kamleshyadav CF7 7 Mailchimp Add-on permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al complemento CF7 7 de Mailchimp desde la versi\u00f3n n/d hasta la 2.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-291xx/CVE-2025-29152.json b/CVE-2025/CVE-2025-291xx/CVE-2025-29152.json index f71840dd92f..2201b3f2e19 100644 --- a/CVE-2025/CVE-2025-291xx/CVE-2025-29152.json +++ b/CVE-2025/CVE-2025-291xx/CVE-2025-29152.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-05-07T14:15:41.250", "lastModified": "2025-05-08T14:39:18.800", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-291xx/CVE-2025-29153.json b/CVE-2025/CVE-2025-291xx/CVE-2025-29153.json index c2eaa3be369..50f4a7aa3ac 100644 --- a/CVE-2025/CVE-2025-291xx/CVE-2025-29153.json +++ b/CVE-2025/CVE-2025-291xx/CVE-2025-29153.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-05-07T14:15:42.493", "lastModified": "2025-05-08T14:39:18.800", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-293xx/CVE-2025-29316.json b/CVE-2025/CVE-2025-293xx/CVE-2025-29316.json index e6e80d4d588..560ccf5dc8c 100644 --- a/CVE-2025/CVE-2025-293xx/CVE-2025-29316.json +++ b/CVE-2025/CVE-2025-293xx/CVE-2025-29316.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T19:16:08.913", "lastModified": "2025-05-05T18:15:41.723", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", diff --git a/CVE-2025/CVE-2025-293xx/CVE-2025-29331.json b/CVE-2025/CVE-2025-293xx/CVE-2025-29331.json index 0a1d7ab6adf..1830059e95e 100644 --- a/CVE-2025/CVE-2025-293xx/CVE-2025-29331.json +++ b/CVE-2025/CVE-2025-293xx/CVE-2025-29331.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates" + }, + { + "lang": "es", + "value": "Un problema en MHSanaei 3x-ui anterior a v.2.5.3 y anteriores permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del script de administraci\u00f3n x-ui pasa la opci\u00f3n de no verificar certificado a wget al descargar actualizaciones" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29448.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29448.json index fc91f69d6a9..f274132b0c9 100644 --- a/CVE-2025/CVE-2025-294xx/CVE-2025-29448.json +++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29448.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-05-07T15:15:57.320", "lastModified": "2025-05-12T19:15:49.080", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json index caf54894905..4be92335792 100644 --- a/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json +++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T15:15:58.770", "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29632.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29632.json index 79cf6a9a13b..a8edb499fa9 100644 --- a/CVE-2025/CVE-2025-296xx/CVE-2025-29632.json +++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29632.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29632", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-29T18:15:23.667", - "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T15:43:17.670", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:free5gc:free5gc:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6AAA449D-BC30-48D9-BD40-912F36A6BB12" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OHnogood/CVE-2025-29632/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/free5gc/free5gc/issues/657", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json index 21daf08baf7..d3e95a671a6 100644 --- a/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json +++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T18:15:24.447", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29662.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29662.json index c38f63925be..f7041bf9b53 100644 --- a/CVE-2025/CVE-2025-296xx/CVE-2025-29662.json +++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29662.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-17T17:15:33.350", "lastModified": "2025-04-18T16:15:21.970", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29791.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29791.json index c08b1889bbb..ba9db3b7a08 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29791.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29791.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.003", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29792.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29792.json index 7671046f5b9..8bfb1876be0 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29792.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29792.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.160", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29793.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29793.json index c8224d81768..af17a58a155 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29793.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29793.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.320", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29794.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29794.json index c493085c0d0..b3e1b4795cd 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29794.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29794.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.467", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29795.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29795.json index f2b5394829f..0f3a55a3fe7 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29795.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29795.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-03-23T17:15:28.920", "lastModified": "2025-03-23T17:15:28.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29796.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29796.json index 997ace62643..c4e29963078 100644 --- a/CVE-2025/CVE-2025-297xx/CVE-2025-29796.json +++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29796.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-04T01:15:39.310", "lastModified": "2025-04-07T14:18:34.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29800.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29800.json index 9c9cec3f839..ee0a6e933b1 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29800.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29800.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.680", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29801.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29801.json index 4358b237d2e..4be8bef2315 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29801.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29801.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:05.840", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29802.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29802.json index 8af64987cf3..64dfaf959f1 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29802.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29802.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.017", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29804.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29804.json index 81a7351962e..34cdca702ea 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29804.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29804.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.180", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29805.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29805.json index 9311e1fc786..ccf9f788f21 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29805.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29805.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.330", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29808.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29808.json index ba17a0225d3..6c6e57718fa 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29808.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29808.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.483", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29809.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29809.json index 7d671a3daa6..2542ff48f7b 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29809.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29809.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.633", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29810.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29810.json index bac5baab267..06c4162671f 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29810.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29810.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.797", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29811.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29811.json index 2166d64ee52..1da03850da1 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29811.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29811.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:06.977", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29812.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29812.json index 1d9aae7ea7b..811ba3f02a9 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29812.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29812.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:07.160", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29815.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29815.json index 7c3f11797c3..6a2c1450dea 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29815.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29815.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-04T01:15:39.487", "lastModified": "2025-04-07T14:18:34.453", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29816.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29816.json index 3b28f9e0abc..e1713540268 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29816.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29816.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:07.370", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29819.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29819.json index ff35a8b7817..d5ee45df03e 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29819.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29819.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-08T18:16:07.520", "lastModified": "2025-04-09T20:03:01.577", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json index eac16dc7d29..e4a27fe723c 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2025-04-18T16:15:22.317", "lastModified": "2025-04-23T16:15:47.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29994.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29994.json index d48491371fd..5831ce12eac 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29994.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29994.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n de back office CAP debido a una comprobaci\u00f3n de autenticaci\u00f3n incorrecta en el endpoint de la API. Un atacante remoto no autenticado con un ID de inicio de sesi\u00f3n v\u00e1lido podr\u00eda explotar esta vulnerabilidad manipulando los par\u00e1metros de entrada de la API mediante la URL/payload de la solicitud de la API, lo que conlleva el acceso no autorizado a otras cuentas de usuario." + "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n CAP back office debido a una comprobaci\u00f3n de autenticaci\u00f3n incorrecta en el endpoint de la API. Un atacante remoto no autenticado con un ID de inicio de sesi\u00f3n v\u00e1lido podr\u00eda explotar esta vulnerabilidad manipulando los par\u00e1metros de entrada de la API mediante la URL/payload de la solicitud de la API, lo que conlleva el acceso no autorizado a otras cuentas de usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29995.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29995.json index a1f4fba6d46..ca35fd8883b 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29995.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29995.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n administrativa CAP debido a un mecanismo de restablecimiento de contrase\u00f1a d\u00e9bil implementado en los endpoints de la API. Un atacante remoto autenticado con un ID de inicio de sesi\u00f3n v\u00e1lido podr\u00eda explotar esta vulnerabilidad a trav\u00e9s de un endpoint de la API vulnerable, lo que podr\u00eda llevar al robo de cuentas de los usuarios objetivo." + "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n CAP back office debido a un mecanismo de restablecimiento de contrase\u00f1a d\u00e9bil implementado en los endpoints de la API. Un atacante remoto autenticado con un ID de inicio de sesi\u00f3n v\u00e1lido podr\u00eda explotar esta vulnerabilidad a trav\u00e9s de un endpoint de la API vulnerable, lo que podr\u00eda llevar al robo de cuentas de los usuarios objetivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29996.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29996.json index bec477851c9..21067c6afaa 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29996.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29996.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n administrativa CAP debido a la implementaci\u00f3n incorrecta del mecanismo de verificaci\u00f3n OTP en su inicio de sesi\u00f3n basado en API. Un atacante remoto con credenciales v\u00e1lidas podr\u00eda explotar esta vulnerabilidad manipulando la URL/payload de la solicitud de API. Si se aprovecha con \u00e9xito, el atacante podr\u00eda eludir la autenticaci\u00f3n de dos factores (2FA) para otras cuentas de usuario." + "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n CAP back office debido a la implementaci\u00f3n incorrecta del mecanismo de verificaci\u00f3n OTP en su inicio de sesi\u00f3n basado en API. Un atacante remoto con credenciales v\u00e1lidas podr\u00eda explotar esta vulnerabilidad manipulando la URL/payload de la solicitud de API. Si se aprovecha con \u00e9xito, el atacante podr\u00eda eludir la autenticaci\u00f3n de dos factores (2FA) para otras cuentas de usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29997.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29997.json index ebc9526e31f..344df6e486a 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29997.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29997.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n administrativa CAP debido a comprobaciones de autorizaci\u00f3n incorrectas en ciertos endpoints de la API. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad manipulando la URL de solicitud de la API para obtener acceso no autorizado a otras cuentas de usuario." + "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n CAP back office debido a comprobaciones de autorizaci\u00f3n incorrectas en ciertos endpoints de la API. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad manipulando la URL de solicitud de la API para obtener acceso no autorizado a otras cuentas de usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29998.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29998.json index 45af9316a63..902c9e0ecfe 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29998.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29998.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n de back office CAP debido a la falta de limitaci\u00f3n de velocidad en las solicitudes OTP en un endpoint de API. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad enviando m\u00faltiples solicitudes OTP a trav\u00e9s de un endpoint de API vulnerable, lo que podr\u00eda provocar un bombardeo o inundaci\u00f3n de OTP en el sistema objetivo." + "value": "Esta vulnerabilidad existe en la aplicaci\u00f3n CAP back office debido a la falta de limitaci\u00f3n de velocidad en las solicitudes OTP en un endpoint de API. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad enviando m\u00faltiples solicitudes OTP a trav\u00e9s de un endpoint de API vulnerable, lo que podr\u00eda provocar un bombardeo o inundaci\u00f3n de OTP en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2918.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2918.json index 2ab7070fab1..0953c0a6430 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2918.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2918.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-10T12:15:23.867", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2932.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2932.json index e1514c01f9f..434d7921638 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2932.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2932.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). If WooCommerce is enabled, attackers will need Contributor-level access and above." + }, + { + "lang": "es", + "value": "El complemento JKDEVKIT para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n \"font_upload_handler\" en todas las versiones hasta la 1.9.4 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo al eliminar el archivo correcto (como wp-config.php). Si WooCommerce est\u00e1 habilitado, los atacantes necesitar\u00e1n acceso de colaborador o superior." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2939.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2939.json index 652451b4882..50b28751846 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2939.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2939.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-03T03:15:27.137", "lastModified": "2025-06-04T14:54:33.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json index 62839c21c25..822a7c128ac 100644 --- a/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json +++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2940.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-27T09:15:25.250", "lastModified": "2025-06-30T18:38:48.477", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-300xx/CVE-2025-30084.json b/CVE-2025/CVE-2025-300xx/CVE-2025-30084.json index 7400708bcb5..19adb99185b 100644 --- a/CVE-2025/CVE-2025-300xx/CVE-2025-30084.json +++ b/CVE-2025/CVE-2025-300xx/CVE-2025-30084.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@joomla.org", "published": "2025-06-05T14:15:31.863", "lastModified": "2025-06-13T19:15:20.723", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-301xx/CVE-2025-30131.json b/CVE-2025/CVE-2025-301xx/CVE-2025-30131.json index 1ea27d9d137..94a57a7b934 100644 --- a/CVE-2025/CVE-2025-301xx/CVE-2025-30131.json +++ b/CVE-2025/CVE-2025-301xx/CVE-2025-30131.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en los dispositivos IROAD Dashcam FX2. Un endpoint de carga de archivos no autenticado puede utilizarse para ejecutar comandos arbitrarios cargando un webshell basado en CGI. Una vez cargado el archivo, el atacante puede ejecutar comandos con privilegios de root, obteniendo as\u00ed control total sobre la dashcam. Adem\u00e1s, al cargar un binario netcat (nc), el atacante puede establecer un shell inverso, manteniendo acceso remoto persistente y privilegiado al dispositivo. Esto permite el control total del dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-301xx/CVE-2025-30137.json b/CVE-2025/CVE-2025-301xx/CVE-2025-30137.json index da447b406b6..e72c66683ab 100644 --- a/CVE-2025/CVE-2025-301xx/CVE-2025-30137.json +++ b/CVE-2025/CVE-2025-301xx/CVE-2025-30137.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-03-18T20:15:26.407", "lastModified": "2025-03-25T17:16:24.817", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-305xx/CVE-2025-30562.json b/CVE-2025/CVE-2025-305xx/CVE-2025-30562.json index 4580336a63d..44625e654e3 100644 --- a/CVE-2025/CVE-2025-305xx/CVE-2025-30562.json +++ b/CVE-2025/CVE-2025-305xx/CVE-2025-30562.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind SQL Injection. This issue affects Navigation Tree Elementor: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en wpdistillery Navigation Tree Elementor permite la inyecci\u00f3n SQL ciega. Este problema afecta a Elementor del \u00e1rbol de navegaci\u00f3n desde n/d hasta la versi\u00f3n 1.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30618.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30618.json index a3def40424f..434a1cc690d 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30618.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30618.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce allows Object Injection. This issue affects Rapyd Payment Extension for WooCommerce: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en yuliaz Rapyd Payment Extension for WooCommerce permite la inyecci\u00f3n de objetos. Este problema afecta a la extensi\u00f3n de pago Rapyd para WooCommerce desde n/d hasta la versi\u00f3n 1.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30640.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30640.json index dd5f0111a9c..c06a11da470 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30640.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30640.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad que sigue un enlace en los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante primero debe poder ejecutar c\u00f3digo con pocos privilegios en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30641.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30641.json index 7899f8df453..267c828d62c 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30641.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30641.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad que sigue un enlace en la soluci\u00f3n antimalware de los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante debe primero ejecutar c\u00f3digo con pocos privilegios en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30642.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30642.json index 32dec281b81..7bafd5956b5 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30642.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30642.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad que sigue un enlace en los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local crear una situaci\u00f3n de denegaci\u00f3n de servicio (DoS) en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante primero debe poder ejecutar c\u00f3digo con privilegios bajos en el sistema objetivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30678.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30678.json index ae11a73261a..3413536c591 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30678.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30678.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en el componente modTMSM de Trend Micro Apex Central (local) podr\u00eda permitir que un atacante manipule ciertos par\u00e1metros, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30679.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30679.json index 61d05cedb5a..c70452e88e9 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30679.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30679.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en el componente modOSCE de Trend Micro Apex Central (local) podr\u00eda permitir que un atacante manipule ciertos par\u00e1metros, lo que lleva a la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30680.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30680.json index 93e87d93da0..20838bca444 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30680.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30680.json @@ -16,6 +16,10 @@ { "lang": "en", "value": "A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. \r\n\r\nPlease note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Server-side Request Forgery (SSRF) en Trend Micro Apex Central (SaaS) podr\u00eda permitir a un atacante manipular ciertos par\u00e1metros, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n en las instalaciones afectadas. Nota: Esta vulnerabilidad solo afecta a la instancia SaaS de Apex Central; los clientes que aplican autom\u00e1ticamente las actualizaciones de mantenimiento mensuales de Trend Micro a la instancia SaaS no tienen que realizar ninguna acci\u00f3n adicional." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json index 642f76b9083..ca60a4adcf9 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30929.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en amazewp fluXtore permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a fluXtore desde n/d hasta la versi\u00f3n 1.6.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json index 2dac1b366f7..153997b0b68 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30943.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Posts Slider Shortcode allows DOM-Based XSS. This issue affects Posts Slider Shortcode: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aakif Kadiwala Posts Slider Shortcode permite XSS basado en DOM. Este problema afecta al shortcode del control deslizante de publicaciones desde n/d hasta la versi\u00f3n 1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json index ed8f2d2d32a..502e9c473fa 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30947.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup allows Blind SQL Injection. This issue affects Cool fade popup: from n/a through 10.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en gopiplus Cool fade popup permite la inyecci\u00f3n SQL ciega. Este problema afecta a la ventana emergente Cool fade desde n/d hasta la versi\u00f3n 10.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json index a18a3f332af..f22555fb6d9 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30969.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery allows SQL Injection. This issue affects iFrame Images Gallery: from n/a through 9.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en gopiplus iFrame Images Gallery permite la inyecci\u00f3n SQL. Este problema afecta a la Galer\u00eda de Im\u00e1genes iFrame desde n/d hasta la versi\u00f3n 9.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json index 62e90450ad3..b20dc75d59f 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30979.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en gopiplus Pixelating image slideshow gallery permite la inyecci\u00f3n SQL. Este problema afecta a la galer\u00eda de presentaciones de im\u00e1genes pixeladas desde n/d hasta la versi\u00f3n 8.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json index 584a71351fe..a17becae995 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30983.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Card flip image slideshow allows DOM-Based XSS. This issue affects Card flip image slideshow: from n/a through 1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en gopiplus Card flip image slideshow permite XSS basado en DOM. Este problema afecta a la presentaci\u00f3n de im\u00e1genes invertidas de gopiplus desde n/d hasta la versi\u00f3n 1.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30988.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30988.json index 01c31408665..942b61add80 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30988.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30988.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Stored XSS. This issue affects Elite Video Player: from n/a through 10.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en _CreativeMedia_ Elite Video Player permite XSS almacenado. Este problema afecta a Elite Video Player desde n/d hasta la versi\u00f3n 10.0.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3076.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3076.json index 4c09698c9ca..e6e79857d61 100644 --- a/CVE-2025/CVE-2025-30xx/CVE-2025-3076.json +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3076.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-10T05:15:22.503", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-318xx/CVE-2025-31828.json b/CVE-2025/CVE-2025-318xx/CVE-2025-31828.json index 95d9764c7ab..5658fec1cc3 100644 --- a/CVE-2025/CVE-2025-318xx/CVE-2025-31828.json +++ b/CVE-2025/CVE-2025-318xx/CVE-2025-31828.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-01T15:16:22.887", "lastModified": "2025-04-01T20:26:01.990", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31919.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31919.json index c8248ea354d..8cb60f9dcec 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31919.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31919.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en themeton Spare permite la inyecci\u00f3n de objetos. Este problema afecta a Spare desde n/d hasta la versi\u00f3n 1.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3100.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3100.json index f58f141d684..9e353fba88e 100644 --- a/CVE-2025/CVE-2025-31xx/CVE-2025-3100.json +++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3100.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-09T05:15:43.253", "lastModified": "2025-04-09T20:02:41.860", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32412.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32412.json index bcec82fa580..b23481e79ec 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32412.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32412.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Fuji Electric Smart Editor es vulnerable a una lectura fuera de los l\u00edmites, lo que puede permitir que un atacante ejecute c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32440.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32440.json index 87d877399aa..3a4fb67a6ac 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32440.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32440.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-27T22:15:21.980", "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32510.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32510.json index 243b95abad6..007ea16c319 100644 --- a/CVE-2025/CVE-2025-325xx/CVE-2025-32510.json +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32510.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager allows Using Malicious Files. This issue affects Ovatheme Events Manager: from n/a through 1.7.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en ovatheme Ovatheme Events Manager permite el uso de archivos maliciosos. Este problema afecta al Administrador de Eventos de Ovatheme desde la versi\u00f3n n/d hasta la 1.7.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32526.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32526.json index 810d3928304..acd53f3f4dd 100644 --- a/CVE-2025/CVE-2025-325xx/CVE-2025-32526.json +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32526.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-17T16:15:41.333", "lastModified": "2025-04-17T20:21:05.203", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-325xx/CVE-2025-32549.json b/CVE-2025/CVE-2025-325xx/CVE-2025-32549.json index 22414e48071..21bc1fe41a9 100644 --- a/CVE-2025/CVE-2025-325xx/CVE-2025-32549.json +++ b/CVE-2025/CVE-2025-325xx/CVE-2025-32549.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en mojoomla WPGYM permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a WPGYM desde n/d hasta la versi\u00f3n 65.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32717.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32717.json index 4d65472cdd1..a02ab6be626 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32717.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32717.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-11T00:15:25.317", "lastModified": "2025-06-12T16:06:20.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json index 52210dda2ef..18473fcc737 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:27.877", "lastModified": "2025-06-24T16:15:26.357", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json index 4d06602640b..1c9da3bf343 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.250", "lastModified": "2025-06-24T16:15:26.523", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json index f4499b78ce4..07a5bd74a5d 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.490", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json index 580f69bf0f5..5ed30edfc22 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json @@ -2,16 +2,59 @@ "id": "CVE-2025-32879", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.783", - "lastModified": "2025-06-20T14:15:28.783", - "vulnStatus": "Received", + "lastModified": "2025-06-24T14:15:28.623", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos COROS PACE 3 hasta la versi\u00f3n 3.0808.0. Este problema inicia la publicidad si no hay ning\u00fan dispositivo conectado por Bluetooth. Esto permite a un atacante conectarse al dispositivo mediante Bluetooth de baja energ\u00eda (BLE) si no hay ning\u00fan otro dispositivo conectado. Mientras est\u00e9 conectado, ninguno de los servicios ni caracter\u00edsticas de Bluetooth de este dispositivo requiere autenticaci\u00f3n ni nivel de seguridad. Por lo tanto, cualquier caracter\u00edstica, seg\u00fan su modo de funcionamiento (lectura/escritura/notificaci\u00f3n), puede ser utilizada por el atacante conectado. Esto permite, por ejemplo, configurar el dispositivo, enviar notificaciones, restablecer la configuraci\u00f3n de f\u00e1brica o instalar software." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + }, + { + "lang": "en", + "value": "CWE-306" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes", diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json index 9ab400a037c..9fa155cd545 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.967", "lastModified": "2025-06-24T16:15:26.747", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json index bc4f350472a..9976606c03c 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2025-06-19T11:15:24.190", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json index a5922dc32a3..3017a5658ce 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32918.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands." + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de los delimitadores del comando Livestatus en el endpoint de autocompletar dentro de RestAPI de las versiones de Checkmk <2.4.0p6, <2.3.0p35, <2.2.0p44 y 2.1.0 (EOL) permite que un usuario autenticado inyecte comandos Livestatus arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json index 9db58845297..3375d285ae8 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-21T13:15:21.850", "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json index a2c9f76e5c5..cc671ecfa4e 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-20T15:15:20.430", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json index f53cebf8445..713658dc0cf 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-20T15:15:20.573", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json index 4cd4b77cbc5..98da1bdc6fe 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T06:15:42.933", "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3282.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3282.json index e8885b0db9d..77c62d9a8a8 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3282.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3282.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T07:15:27.003", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3292.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3292.json index 7dbbf0f842b..52e990b8c17 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3292.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3292.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-12T07:15:27.143", "lastModified": "2025-04-15T18:39:27.967", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3294.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3294.json index 3bf23760557..208e67e02cb 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3294.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3294.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-17T06:15:43.977", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3295.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3295.json index 4113c9991d6..89192c248a1 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3295.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3295.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-17T06:15:44.257", "lastModified": "2025-04-17T20:21:48.243", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-330xx/CVE-2025-33075.json b/CVE-2025/CVE-2025-330xx/CVE-2025-33075.json index d39711cb877..618905c1a84 100644 --- a/CVE-2025/CVE-2025-330xx/CVE-2025-33075.json +++ b/CVE-2025/CVE-2025-330xx/CVE-2025-33075.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:08.797", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34042.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34042.json index ceb80ae0948..30f83d7dddd 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34042.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34042.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which are unsafely embedded into backend system calls without proper input sanitization. Successful exploitation results in remote code execution with root privileges." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticados en la versi\u00f3n de firmware M2.1.6.04C014 de Beward N100 IP Camera a trav\u00e9s de los par\u00e1metros ServerName y TimeZone en la p\u00e1gina CGI de Servetest. Un atacante con acceso a la interfaz web puede inyectar comandos arbitrarios del sistema en estos par\u00e1metros, que se integran de forma insegura en las llamadas del sistema backend sin la debida limpieza de entrada. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n remota de c\u00f3digo con privilegios de root." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34043.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34043.json index 8eb4ba281b9..016e8ea14b9 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34043.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34043.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests. These commands are executed with the privileges of the web server process, enabling remote code execution and potential full device compromise." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n remota de comandos en los dispositivos Vacron Network Video Recorder (NVR) v1.4 debido a una depuraci\u00f3n incorrecta de la entrada en el script board.cgi. Esta vulnerabilidad permite a atacantes no autenticados enviar comandos arbitrarios al sistema operativo subyacente mediante solicitudes HTTP manipuladas. Estos comandos se ejecutan con los privilegios del proceso del servidor web, lo que permite la ejecuci\u00f3n remota de c\u00f3digo y la posible vulneraci\u00f3n total del dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34044.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34044.json index 1d1e52dd3c9..5e44fa8a114 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34044.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34044.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n remota de comandos en la interfaz confirm.php de WIFISKY 7-layer Flow Control Router mediante una solicitud HTTP GET especialmente manipulada al par\u00e1metro t. Una validaci\u00f3n de entrada insuficiente permite a atacantes no autenticados ejecutar comandos arbitrarios del sistema operativo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34045.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34045.json index dee610c544c..23eae9a0917 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34045.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34045.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en WeiPHP 5.0, un framework de desarrollo de c\u00f3digo abierto para la plataforma de cuentas p\u00fablicas de WeChat de Shenzhen Yuanmengyun Technology Co., Ltd. La falla se produce en el par\u00e1metro picUrl del endpoint /public/index.php/material/Material/_download_imgage, donde una validaci\u00f3n de entrada insuficiente permite a atacantes remotos no autenticados navegar por directorios mediante solicitudes POST manipuladas. Esto permite la lectura arbitraria de archivos en el servidor, lo que podr\u00eda exponer informaci\u00f3n confidencial, como archivos de configuraci\u00f3n y c\u00f3digo fuente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34046.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34046.json index 5bdc9c14248..df8fda8f8ec 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34046.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34046.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending a crafted HTTP POST request to upload arbitrary files without requiring authentication. Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de carga de archivos no autenticados en la interfaz de administraci\u00f3n web de Fanwei E-Office (versi\u00f3n anterior a la v9.4). La vulnerabilidad afecta al endpoint /general/index/UploadFile.php, que valida incorrectamente los archivos subidos al invocarse con ciertos par\u00e1metros (uploadType=eoffice_logo o uploadType=theme). Un atacante puede explotar esta vulnerabilidad enviando una solicitud HTTP POST manipulada para cargar archivos arbitrarios sin requerir autenticaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo en el servidor afectado, lo que comprometer\u00eda por completo la aplicaci\u00f3n web y, potencialmente, el sistema subyacente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34047.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34047.json index b013cc4ab71..feaa21fcc46 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34047.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34047.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences\u00a0to escape the intended directory and access sensitive files." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en Leadsec SSL VPN (anteriormente Lenovo NetGuard), que permite a atacantes no autenticados leer archivos arbitrarios en el sistema subyacente mediante el par\u00e1metro ostype en el endpoint /vpn/user/download/client. Esta falla se debe a una depuraci\u00f3n de entrada insuficiente, lo que permite que las secuencias de cruce escapen del directorio de destino y accedan a archivos confidenciales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34048.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34048.json index d635482a898..c894752bc0f 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34048.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34048.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la interfaz de administraci\u00f3n web de los routers D-Link DSL-2730U, DSL-2750U, y DSL-2750E ADSL con versiones de firmware IN_1.02, SEA_1.04 y SEA_1.07. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente en el par\u00e1metro getpage del script CGI /cgi-bin/webproc. Esta falla permite a un atacante remoto no autenticado realizar ataques de path traversal mediante solicitudes manipuladas, lo que permite la lectura de archivos arbitrarios en el dispositivo afectado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34049.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34049.json index b7e83585a2f..96baaf2a55f 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34049.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34049.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router\u2019s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el firmware del router OptiLink ONT1GEW GPON, versi\u00f3n V2.1.11_X101, compilaci\u00f3n 1127.190306 y anteriores. La interfaz de administraci\u00f3n web del router no depura correctamente la entrada del usuario en el par\u00e1metro target_addr de los endpoints administrativos formTracert y formPing. Un atacante autenticado puede inyectar comandos arbitrarios del sistema operativo, que se ejecutan con privilegios de root, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo. Una explotaci\u00f3n exitosa permite la vulneraci\u00f3n total del dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34061.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34061.json index 8b8c6715212..5a62df7c604 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34061.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34061.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system." + }, + { + "lang": "es", + "value": "Una puerta trasera en las versiones 2016 a 2018 de PHPStudy permite a atacantes remotos no autenticados ejecutar c\u00f3digo PHP arbitrario en las instalaciones afectadas. La puerta trasera detecta payloads PHP codificadas en base64 en el encabezado HTTP Accept-Charset de las solicitudes entrantes, las decodifica y las ejecuta sin la validaci\u00f3n adecuada. Esto provoca la ejecuci\u00f3n remota de c\u00f3digo como si fuera el usuario del servidor web, lo que compromete el sistema afectado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34082.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34082.json index 9d7f547bcd2..79329a4158a 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34082.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34082.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges.\n\nNOTE: IGEL OS v10.x has reached end-of-life (EOL) status." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en versiones de IGEL OS anteriores a la 11.04.270 dentro de los servicios Secure Terminal y Secure Shadow. La falla surge debido a una depuraci\u00f3n de entrada incorrecta al gestionar comandos PROXYCMD especialmente manipulados en los puertos TCP 30022 y 5900. Un atacante no autenticado con acceso de red a un dispositivo vulnerable puede inyectar comandos arbitrarios, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo con privilegios elevados. NOTA: El sistema operativo IGEL v10.x ha alcanzado el fin de su ciclo de vida (EOL)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34086.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34086.json index 58af1fc5065..ca6f7856cf9 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34086.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34086.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file.\n\nNOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021." + }, + { + "lang": "es", + "value": "Las versiones 3.7.0 y anteriores de Bolt CMS contienen una serie de vulnerabilidades que, en conjunto, permiten a un usuario autenticado ejecutar c\u00f3digo remoto. Un usuario con credenciales v\u00e1lidas puede inyectar c\u00f3digo PHP arbitrario en el campo de nombre para mostrar del perfil de usuario, que queda sin depurar en las plantillas de backend. El atacante puede entonces listar y renombrar los archivos de sesi\u00f3n en cach\u00e9 mediante los endpoints /async/browse/cache/.sessions y /async/folder/rename. Al renombrar un archivo .session a una ruta dentro del directorio p\u00fablico /files/ con la extensi\u00f3n .php, el atacante puede convertir el c\u00f3digo inyectado en un shell web ejecutable. Finalmente, el atacante activa el payload mediante una solicitud HTTP GET manipulada al archivo no autorizado. NOTA: El proveedor anunci\u00f3 que Bolt 3 lleg\u00f3 al final de su vida \u00fatil despu\u00e9s del 31 de diciembre de 2021." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34087.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34087.json index 8a10d2995b0..21ea4bf9224 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34087.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34087.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user.\n\n\n\n\nThis behavior was present in the legacy AdminLTE interface and has since been patched in later versions." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticados en las versiones de Pi-hole hasta la 3.3. Al a\u00f1adir un dominio a la lista de permitidos mediante la interfaz web, el par\u00e1metro de dominio no se depura correctamente, lo que permite a un atacante a\u00f1adir comandos del sistema operativo a la cadena de dominio. Estos comandos se ejecutan en el sistema operativo subyacente con los privilegios del usuario del servicio Pi-hole. Este comportamiento ya exist\u00eda en la interfaz AdminLTE heredada y se ha corregido en versiones posteriores." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34088.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34088.json index 2ca1a3339a0..6fb50593c06 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34088.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34088.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado en Pandora FMS versi\u00f3n 7.0NG y anteriores. La funci\u00f3n net_tools.php permite a los usuarios autenticados ejecutar comandos arbitrarios del sistema operativo mediante el par\u00e1metro select_ips al realizar operaciones con herramientas de red, como hacer ping. Esto se debe a que la entrada del usuario no se depura correctamente antes de pasarla a los comandos del sistema, lo que permite la inyecci\u00f3n de comandos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34089.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34089.json index b6391ce9429..af3eceaa8d5 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34089.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34089.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the \"Allow unknown devices\" option is enabled), the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo no autenticado en Remote for Mac, una utilidad de control remoto para macOS desarrollada por Aexol Studio, en versiones hasta la 2025.7 incluida. Cuando la aplicaci\u00f3n se configura con la autenticaci\u00f3n deshabilitada (es decir, con la opci\u00f3n \"Permitir dispositivos desconocidos\" habilitada), el endpoint /api/executeScript queda expuesto sin control de acceso. Esto permite a atacantes remotos no autenticados inyectar payloads arbitrarias de AppleScript a trav\u00e9s de la cabecera HTTP X-Script, lo que resulta en la ejecuci\u00f3n de c\u00f3digo mediante un script de shell. Una explotaci\u00f3n exitosa permite a los atacantes ejecutar comandos arbitrarios en el host macOS con los privilegios del proceso en segundo plano de Remote for Mac." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-345xx/CVE-2025-34508.json b/CVE-2025/CVE-2025-345xx/CVE-2025-34508.json index 32d4f36ffa1..da68d5ab8e4 100644 --- a/CVE-2025/CVE-2025-345xx/CVE-2025-34508.json +++ b/CVE-2025/CVE-2025-345xx/CVE-2025-34508.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path traversal vulnerability exists in the file dropoff functionality \nof ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host \nsystem, or cause a denial of service." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la funci\u00f3n de eliminaci\u00f3n de archivos de ZendTo (versiones 6.15-7 y anteriores). Esto podr\u00eda permitir que un atacante remoto autenticado recupere los archivos de otros usuarios de ZendTo, recupere archivos en el sistema host o provoque una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-345xx/CVE-2025-34509.json b/CVE-2025/CVE-2025-345xx/CVE-2025-34509.json index 447b80e03d7..02e4e57664a 100644 --- a/CVE-2025/CVE-2025-345xx/CVE-2025-34509.json +++ b/CVE-2025/CVE-2025-345xx/CVE-2025-34509.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP." + }, + { + "lang": "es", + "value": "Sitecore Experience Manager (XM) y Experience Platform (XP) versiones 10.1 a 10.1.4 rev. 011974 PRE, todas las versiones 10.2, 10.3 a 10.3.3 rev. 011967 PRE y 10.4 a 10.4.1 rev. 011941 PRE contienen una cuenta de usuario codificada. Atacantes remotos no autenticados pueden usar esta cuenta para acceder a la API administrativa a trav\u00e9s de HTTP." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-345xx/CVE-2025-34510.json b/CVE-2025/CVE-2025-345xx/CVE-2025-34510.json index 3e4b9e34829..81f086ff3b9 100644 --- a/CVE-2025/CVE-2025-345xx/CVE-2025-34510.json +++ b/CVE-2025/CVE-2025-345xx/CVE-2025-34510.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution." + }, + { + "lang": "es", + "value": "Las versiones 9.0 a 9.3 y 10.0 a 10.4 de Sitecore Experience Manager (XM), Experience Platform (XP) y Experience Commerce (XC) se ven afectadas por una vulnerabilidad de Zip Slip. Un atacante remoto autenticado puede explotar este problema enviando una solicitud HTTP manipulada para cargar un archivo ZIP que contenga secuencias de path traversal, lo que permite escrituras arbitrarias en archivos y provoca la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-345xx/CVE-2025-34511.json b/CVE-2025/CVE-2025-345xx/CVE-2025-34511.json index 185549de9a4..eb95bcef721 100644 --- a/CVE-2025/CVE-2025-345xx/CVE-2025-34511.json +++ b/CVE-2025/CVE-2025-345xx/CVE-2025-34511.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution." + }, + { + "lang": "es", + "value": "Las extensiones de PowerShell de Sitecore, un complemento para Sitecore Experience Manager (XM) y Experience Platform (XP), hasta la versi\u00f3n 7.0, son vulnerables a un problema de carga de archivos sin restricciones. Un atacante remoto y autenticado puede cargar archivos arbitrarios al servidor mediante solicitudes HTTP manipuladas, lo que provoca la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3427.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3427.json index 0eb8b37d5ad..aca2dfdf63f 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3427.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3427.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-08T07:15:42.740", "lastModified": "2025-04-08T18:13:53.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3428.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3428.json index 6254fb8a594..a40cbc4a9b9 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3428.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3428.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-08T07:15:42.943", "lastModified": "2025-04-08T18:13:53.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3429.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3429.json index 47be1f1a37c..95218feb8d4 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3429.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3429.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-08T07:15:43.120", "lastModified": "2025-04-08T18:13:53.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3430.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3430.json index fdd7872691b..28d354a3f6e 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3430.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3430.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-04-08T07:15:43.303", "lastModified": "2025-04-08T18:13:53.347", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3481.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3481.json index b1210d5e192..47b1fb2034b 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3481.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3481.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-05-22T01:15:53.023", "lastModified": "2025-05-23T15:55:02.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3482.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3482.json index 2450f1830ca..e284dc84aff 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3482.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3482.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-05-22T01:15:53.180", "lastModified": "2025-05-23T15:55:02.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3483.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3483.json index 193b776de6f..a374577ac20 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3483.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3483.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-05-22T01:15:53.330", "lastModified": "2025-05-23T15:55:02.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3484.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3484.json index e08e6459539..1eb4833ef14 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3484.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3484.json @@ -3,7 +3,7 @@ "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-05-22T01:15:53.473", "lastModified": "2025-05-23T15:55:02.040", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-350xx/CVE-2025-35003.json b/CVE-2025/CVE-2025-350xx/CVE-2025-35003.json index 75eb7ed753b..429dc8a51d6 100644 --- a/CVE-2025/CVE-2025-350xx/CVE-2025-35003.json +++ b/CVE-2025/CVE-2025-350xx/CVE-2025-35003.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@apache.org", "published": "2025-05-26T10:15:19.750", "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36034.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36034.json index a6c51a1eaee..865bd472db4 100644 --- a/CVE-2025/CVE-2025-360xx/CVE-2025-36034.json +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36034.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques." + }, + { + "lang": "es", + "value": "IBM InfoSphere DataStage Flow Designer en IBM InfoSphere Information Server 11.7 revela informaci\u00f3n confidencial del usuario en solicitudes API en texto claro que podr\u00eda ser interceptada mediante t\u00e9cnicas de intermediario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3600.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3600.json index af7cb4d6bfd..7d7c85d6845 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3600.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3600.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3600", "sourceIdentifier": "security@progress.com", "published": "2025-05-14T14:15:29.200", - "lastModified": "2025-05-16T14:43:56.797", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:29:14.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -71,10 +71,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:progress:telerik_ui_for_asp.net_ajax:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2011.2712", + "versionEndIncluding": "2025.1.218", + "matchCriteriaId": "C70541A7-BB83-4E23-927A-0676BD5A0E1E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-unsafe-reflection-cve-2025-3600", - "source": "security@progress.com" + "source": "security@progress.com", + "tags": [ + "Vendor Advisory", + "Mitigation" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3611.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3611.json index 2e8197e6887..be40fa89741 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3611.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3611.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-05-30T15:15:41.197", "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json index 12e65e3e73e..78d3143bbc5 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json @@ -3,7 +3,7 @@ "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-21T13:15:21.993", "lastModified": "2025-06-23T20:16:21.633", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json index 1412c406feb..cd0aaaf298d 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3686", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T12:15:17.093", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T18:53:22.990", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -120,22 +120,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misstt123:oasys:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F16D3DCC-787D-4FB0-B1DD-4B8CBA106162" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/misstt123/oasys/issues/10", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.304975", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.304975", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.553372", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json index 4ed7181d6af..00b310e0aad 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3687", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T12:15:17.267", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T18:52:43.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -122,24 +122,68 @@ "value": "CWE-862" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misstt123:oasys:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F16D3DCC-787D-4FB0-B1DD-4B8CBA106162" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/misstt123/oasys/issues/11", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.304976", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.304976", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.553429", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3702.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3702.json index 97fcdb3f4de..7a8238a0301 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3702.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3702.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-07-03T13:15:28.387", "lastModified": "2025-07-03T15:13:53.147", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Melapress Melapress File Monitor permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Melapress File Monitor: desde n/a antes de 2.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3722.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3722.json index 3887be87682..b89478f9f73 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3722.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3722.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de path traversal en System Information Reporter (SIR) 1.0.3 y anteriores permit\u00eda a un usuario autenticado con privilegios elevados emitir solicitudes POD maliciosas a System Information Reporter, lo que llevaba a la creaci\u00f3n de archivos en cualquier parte del sistema de archivos y posiblemente a sobrescribir archivos existentes y exponer informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3771.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3771.json index 394f3927b84..54ffa50a792 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3771.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3771.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de manipulaci\u00f3n de rutas o enlaces simb\u00f3licos en SIR 1.0.3 y versiones anteriores permite que un usuario local no administrador autenticado sobrescriba archivos del sistema con archivos de respaldo de SIR, lo que podr\u00eda provocar un bloqueo del sistema. Esto se lograba a\u00f1adiendo una entrada maliciosa al registro en la carpeta de registro de Trellix SIR, mediante una pol\u00edtica o con un enlace simb\u00f3lico de uni\u00f3n a archivos a los que el usuario normalmente no tendr\u00eda acceso." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3773.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3773.json index 88b2f5eafc6..ea91f8fd6d0 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3773.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3773.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial en System Information Reporter (SIR) 1.0.3 y anteriores permite que un usuario local no administrador autenticado extraiga informaci\u00f3n confidencial almacenada en una carpeta de respaldo del registro." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38002.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38002.json index fe3c7b241cb..7acec6bbcf0 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38002.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38002.json @@ -2,7 +2,7 @@ "id": "CVE-2025-38002", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-06-06T14:15:22.313", - "lastModified": "2025-06-09T12:15:47.880", + "lastModified": "2025-06-26T15:15:22.843", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -24,6 +24,10 @@ { "url": "https://git.kernel.org/stable/c/d871198ee431d90f5308d53998c1ba1d5db5619a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://project-zero.issues.chromium.org/issues/417522668", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json index 63a55da3e5d..e5745b834e7 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38005.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma: Add missing locking\n\nRecent kernels complain about a missing lock in k3-udma.c when the lock\nvalidator is enabled:\n\n[ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238\n[ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28\n[ 4.144867] Hardware name: pp-v12 (DT)\n[ 4.148648] Workqueue: events udma_check_tx_completion\n[ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.160834] pc : udma_start.isra.0+0x34/0x238\n[ 4.165227] lr : udma_start.isra.0+0x30/0x238\n[ 4.169618] sp : ffffffc083cabcf0\n[ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005\n[ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000\n[ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670\n[ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030\n[ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048\n[ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001\n[ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68\n[ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8\n[ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000\n[ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000\n[ 4.244986] Call trace:\n[ 4.247463] udma_start.isra.0+0x34/0x238\n[ 4.251509] udma_check_tx_completion+0xd0/0xdc\n[ 4.256076] process_one_work+0x244/0x3fc\n[ 4.260129] process_scheduled_works+0x6c/0x74\n[ 4.264610] worker_thread+0x150/0x1dc\n[ 4.268398] kthread+0xd8/0xe8\n[ 4.271492] ret_from_fork+0x10/0x20\n[ 4.275107] irq event stamp: 220\n[ 4.278363] hardirqs last enabled at (219): [] _raw_spin_unlock_irq+0x38/0x50\n[ 4.287183] hardirqs last disabled at (220): [] el1_dbg+0x24/0x50\n[ 4.294879] softirqs last enabled at (182): [] handle_softirqs+0x1c0/0x3cc\n[ 4.303437] softirqs last disabled at (177): [] __do_softirq+0x1c/0x28\n[ 4.311559] ---[ end trace 0000000000000000 ]---\n\nThis commit adds the missing locking." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma: Agregar bloqueo faltante Los kernels recientes se quejan de un bloqueo faltante en k3-udma.c cuando el validador de bloqueo est\u00e1 habilitado: [ 4.128073] ADVERTENCIA: CPU: 0 PID: 746 en drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 No contaminado 6.12.9-arm64 #28 [ 4.144867] Nombre del hardware: pp-v12 (DT) [ 4.148648] Cola de trabajo: eventos events udma_check_tx_completion [ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.160834] pc : udma_start.isra.0+0x34/0x238 [ 4.165227] lr : udma_start.isra.0+0x30/0x238 [ 4.169618] sp : ffffffc083cabcf0 [ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005 [ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000 [ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670 [ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030 [ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048 [ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001 [ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68 [ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8 [ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000 [ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000 [ 4.244986] Call trace: [ 4.247463] udma_start.isra.0+0x34/0x238 [ 4.251509] udma_check_tx_completion+0xd0/0xdc [ 4.256076] process_one_work+0x244/0x3fc [ 4.260129] process_scheduled_works+0x6c/0x74 [ 4.264610] worker_thread+0x150/0x1dc [ 4.268398] kthread+0xd8/0xe8 [ 4.271492] ret_from_fork+0x10/0x20 [ 4.275107] irq event stamp: 220 [ 4.278363] hardirqs last enabled at (219): [] _raw_spin_unlock_irq+0x38/0x50 [ 4.287183] hardirqs last disabled at (220): [] el1_dbg+0x24/0x50 [ 4.294879] softirqs last enabled at (182): [] handle_softirqs+0x1c0/0x3cc [ 4.303437] softirqs last disabled at (177): [] __do_softirq+0x1c/0x28 [ 4.311559] ---[ fin del seguimiento 0000000000000000 ]--- Esta confirmaci\u00f3n agrega el bloqueo faltante." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json index 5001f2318e4..bc227744eaf 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38006.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don't access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mctp: No acceder a ifa_index si falta. En mctp_dump_addrinfo, ifa_index puede usarse para filtrar interfaces, pero solo cuando se proporciona la estructura ifaddrmsg. De lo contrario, se comparar\u00e1 con memoria no inicializada, lo cual es reproducible en el caso de syzkaller desde dhcpd o \"ip addr show\" de busybox. La implementaci\u00f3n de MCTP del kernel siempre ha filtrado por ifa_index, por lo que los programas de espacio de usuario que esperan volcar direcciones MCTP ya deben estar pasando un valor v\u00e1lido de ifa_index (0 o un \u00edndice real). ERROR: KMSAN: valor no inicializado en mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380 rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824 netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json index 702b5b78da2..5a9899c7cea 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38007.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: uclogic: Add NULL check in uclogic_input_configured()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nuclogic_input_configured() does not check for this case, which results\nin a NULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: uclogic: A\u00f1adir comprobaci\u00f3n de valores NULL en uclogic_input_configured(). Devm_kasprintf() devuelve NULL cuando falla la asignaci\u00f3n de memoria. Actualmente, uclogic_input_configured() no comprueba este caso, lo que provoca una desreferencia de puntero NULL. A\u00f1adir comprobaci\u00f3n de valores NULL despu\u00e9s de devm_kasprintf() para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json index 54bb47f6a1e..adbaa0775e8 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38008.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the '-1' case though; since that means a\n\t * decrement is concurrent with a first (0->1) increment. IOW\n\t * people are trying to disable something that wasn't yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/page_alloc: arregla la condici\u00f3n de ejecuci\u00f3n en el manejo de memoria no aceptada El asignador de p\u00e1ginas rastrea el n\u00famero de zonas que tienen memoria no aceptada usando static_branch_enc/dec() y usa esa rama est\u00e1tica en rutas activas para determinar si necesita lidiar con memoria no aceptada. Borislav y Thomas se\u00f1alaron que el rastreo es acelerado: las operaciones en static_branch no se serializan contra la adici\u00f3n/eliminaci\u00f3n de p\u00e1ginas no aceptadas a/desde la zona. Las comprobaciones de cordura dentro de la maquinaria static_branch lo detectan: ADVERTENCIA: CPU: 0 PID: 10 en kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0 El comentario alrededor de WARN() explica el problema: /* * Sin embargo, advierte sobre el caso '-1'; ya que eso significa que un * decremento es concurrente con un primer incremento (0->1). Es decir, * se est\u00e1 intentando deshabilitar algo que a\u00fan no estaba completamente habilitado. Esto sugiere un problema de ordenamiento del usuario. */ El efecto de esta optimizaci\u00f3n de static_branch solo es visible en microbenchmark. En lugar de a\u00f1adir m\u00e1s complejidad, elim\u00ednenla por completo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json index f8fa853981c..0a5611ae156 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38009.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: disable napi on driver removal\n\nA warning on driver removal started occurring after commit 9dd05df8403b\n(\"net: warn if NAPI instance wasn't shut down\"). Disable tx napi before\ndeleting it in mt76_dma_cleanup().\n\n WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100\n CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy)\n Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024\n RIP: 0010:__netif_napi_del_locked+0xf0/0x100\n Call Trace:\n \n mt76_dma_cleanup+0x54/0x2f0 [mt76]\n mt7921_pci_remove+0xd5/0x190 [mt7921e]\n pci_device_remove+0x47/0xc0\n device_release_driver_internal+0x19e/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xb0\n __do_sys_delete_module.isra.0+0x197/0x2e0\n do_syscall_64+0x7b/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTested with mt7921e but the same pattern can be actually applied to other\nmt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled\nin their *_dma_init() functions and only toggled off and on again inside\ntheir suspend/resume/reset paths. So it should be okay to disable tx\nnapi in such a generic way.\n\nFound by Linux Verification Center (linuxtesting.org)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: deshabilitar NAPI al eliminar el controlador. Una advertencia al eliminar el controlador comenz\u00f3 a aparecer despu\u00e9s de el commit 9dd05df8403b (\"net: advertir si la instancia de NAPI no se apag\u00f3\"). Desactive la transacci\u00f3n NAPI antes de eliminarla en mt76_dma_cleanup(). ADVERTENCIA: CPU: 4 PID: 18828 en net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe No contaminado 6.15.0-rc4 #4 PREEMPT(lazy) Nombre del hardware: Nombre del producto del sistema ASUS/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:__netif_napi_del_locked+0xf0/0x100 Rastreo de llamadas: mt76_dma_cleanup+0x54/0x2f0 [mt76] mt7921_pci_remove+0xd5/0x190 [mt7921e] pci_device_remove+0x47/0xc0 device_release_driver_internal+0x19e/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xb0 __do_sys_delete_module.isra.0+0x197/0x2e0 do_syscall_64+0x7b/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e Se prob\u00f3 con mt7921e, pero el mismo patr\u00f3n se puede aplicar a otros controladores mt76 que invoquen mt76_dma_cleanup() durante la eliminaci\u00f3n. Tx napi est\u00e1 habilitado en sus funciones *_dma_init() y solo se activa y desactiva dentro de sus rutas de suspensi\u00f3n/reinicio/reinicio. Por lo tanto, deber\u00eda ser aceptable deshabilitar tx napi de forma gen\u00e9rica. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org)." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json index a317382292d..4ea218eea6a 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38010.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Use a bitmask for UTMI pad power state tracking\n\nThe current implementation uses bias_pad_enable as a reference count to\nmanage the shared bias pad for all UTMI PHYs. However, during system\nsuspension with connected USB devices, multiple power-down requests for\nthe UTMI pad result in a mismatch in the reference count, which in turn\nproduces warnings such as:\n\n[ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170\n[ 237.763103] Call trace:\n[ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170\n[ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30\n[ 237.763110] phy_power_off+0x48/0x100\n[ 237.763113] tegra_xusb_enter_elpg+0x204/0x500\n[ 237.763119] tegra_xusb_suspend+0x48/0x140\n[ 237.763122] platform_pm_suspend+0x2c/0xb0\n[ 237.763125] dpm_run_callback.isra.0+0x20/0xa0\n[ 237.763127] __device_suspend+0x118/0x330\n[ 237.763129] dpm_suspend+0x10c/0x1f0\n[ 237.763130] dpm_suspend_start+0x88/0xb0\n[ 237.763132] suspend_devices_and_enter+0x120/0x500\n[ 237.763135] pm_suspend+0x1ec/0x270\n\nThe root cause was traced back to the dynamic power-down changes\nintroduced in commit a30951d31b25 (\"xhci: tegra: USB2 pad power controls\"),\nwhere the UTMI pad was being powered down without verifying its current\nstate. This unbalanced behavior led to discrepancies in the reference\ncount.\n\nTo rectify this issue, this patch replaces the single reference counter\nwith a bitmask, renamed to utmi_pad_enabled. Each bit in the mask\ncorresponds to one of the four USB2 PHYs, allowing us to track each pad's\nenablement status individually.\n\nWith this change:\n - The bias pad is powered on only when the mask is clear.\n - Each UTMI pad is powered on or down based on its corresponding bit\n in the mask, preventing redundant operations.\n - The overall power state of the shared bias pad is maintained\n correctly during suspend/resume cycles.\n\nThe mutex used to prevent race conditions during UTMI pad enable/disable\noperations has been moved from the tegra186_utmi_bias_pad_power_on/off\nfunctions to the parent functions tegra186_utmi_pad_power_on/down. This\nchange ensures that there are no race conditions when updating the bitmask." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: tegra: xusb: utilizar una m\u00e1scara de bits para el seguimiento del estado de energ\u00eda del panel UTMI. La implementaci\u00f3n actual utiliza bias_pad_enable como un recuento de referencia para administrar el panel de polarizaci\u00f3n compartido para todos los PHY UTMI. Sin embargo, durante la suspensi\u00f3n del sistema con dispositivos USB conectados, varias solicitudes de apagado del panel UTMI resultan en una discrepancia en el recuento de referencia, lo que a su vez produce advertencias como: [ 237.762967] ADVERTENCIA: CPU: 10 PID: 1618 en tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763103] Rastreo de llamadas: [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30 [ 237.763110] phy_power_off+0x48/0x100 [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500 [ 237.763119] tegra_xusb_suspend+0x48/0x140 [ 237.763122] platform_pm_suspend+0x2c/0xb0 [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0 [ 237.763127] __device_suspend+0x118/0x330 [ 237.763129] dpm_suspend+0x10c/0x1f0 [ 237.763130] dpm_suspend_start+0x88/0xb0 [ 237.763132] suspend_devices_and_enter+0x120/0x500 [ 237.763135] pm_suspend+0x1ec/0x270 La causa ra\u00edz se remonta a los cambios de apagado din\u00e1mico introducidos en el commit a30951d31b25 (\"xhci: tegra: USB2 pad power controls\"), donde el pad UTMI se apagaba sin verificar su estado actual. Este comportamiento desequilibrado provoc\u00f3 discrepancias en el recuento de referencias. Para rectificar este problema, este parche reemplaza el contador de referencia \u00fanico con una m\u00e1scara de bits, renombrada como utmi_pad_enabled. Cada bit en la m\u00e1scara corresponde a uno de los cuatro PHY USB2, lo que nos permite rastrear el estado de habilitaci\u00f3n de cada pad individualmente. Con este cambio: - El pad de polarizaci\u00f3n se enciende solo cuando la m\u00e1scara est\u00e1 despejada. - Cada pad UTMI se enciende o apaga seg\u00fan su bit correspondiente en la m\u00e1scara, lo que evita operaciones redundantes. El estado general de energ\u00eda del pad de polarizaci\u00f3n compartido se mantiene correctamente durante los ciclos de suspensi\u00f3n/reinicio. El mutex utilizado para evitar condiciones de ejecuci\u00f3n durante las operaciones de activaci\u00f3n/desactivaci\u00f3n del pad UTMI se ha trasladado de las funciones tegra186_utmi_bias_pad_power_on/off a las funciones principales tegra186_utmi_pad_power_on/down. Este cambio garantiza que no se produzcan condiciones de ejecuci\u00f3n al actualizar la m\u00e1scara de bits." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json index 0cb6e589c9c..c9b43277577 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38011.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: csa unmap use uninterruptible lock\n\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\nand then waiting to take vm lock is interrupted and return, it causes\nmemory leaking and below warning backtrace.\n\nChange to use uninterruptible wait lock fix the issue.\n\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\n Call Trace:\n \n drm_file_free.part.0+0x1da/0x230 [drm]\n drm_close_helper.isra.0+0x65/0x70 [drm]\n drm_release+0x6a/0x120 [drm]\n amdgpu_drm_release+0x51/0x60 [amdgpu]\n __fput+0x9f/0x280\n ____fput+0xe/0x20\n task_work_run+0x67/0xa0\n do_exit+0x217/0x3c0\n do_group_exit+0x3b/0xb0\n get_signal+0x14a/0x8d0\n arch_do_signal_or_restart+0xde/0x100\n exit_to_user_mode_loop+0xc1/0x1a0\n exit_to_user_mode_prepare+0xf4/0x100\n syscall_exit_to_user_mode+0x17/0x40\n do_syscall_64+0x69/0xc0\n\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: csa unmap usa un bloqueo ininterrumpible. Tras salir del proceso para desasignar csa y liberar la m\u00e1quina virtual de la GPU, si se acepta la se\u00f1al y se interrumpe la espera para obtener el bloqueo de la m\u00e1quina virtual y se retorna, se produce una fuga de memoria y un seguimiento inverso inferior a la advertencia. Cambiar al uso de un bloqueo de espera ininterrumpible soluciona el problema. ADVERTENCIA: CPU: 69 PID: 167800 en amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Seguimiento de llamadas: drm_file_free.part.0+0x1da/0x230 [drm] drm_close_helper.isra.0+0x65/0x70 [drm] drm_release+0x6a/0x120 [drm] amdgpu_drm_release+0x51/0x60 [amdgpu] __fput+0x9f/0x280 ____fput+0xe/0x20 task_work_run+0x67/0xa0 do_exit+0x217/0x3c0 do_group_exit+0x3b/0xb0 get_signal+0x14a/0x8d0 arch_do_signal_or_restart+0xde/0x100 exit_to_user_mode_loop+0xc1/0x1a0 exit_to_user_mode_prepare+0xf4/0x100 syscall_exit_to_user_mode+0x17/0x40 do_syscall_64+0x69/0xc0 (seleccionado de el commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json index 0ca6261aa6e..a6f7fccbd07 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38012.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: bpf_iter_scx_dsq_new() should always initialize iterator\n\nBPF programs may call next() and destroy() on BPF iterators even after new()\nreturns an error value (e.g. bpf_for_each() macro ignores error returns from\nnew()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized\nstate after an error return causing bpf_iter_scx_dsq_next() to dereference\ngarbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so that\nnext() and destroy() become noops." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched_ext: bpf_iter_scx_dsq_new() siempre debe inicializar el iterador. Los programas BPF pueden llamar a next() y destroy() en iteradores BPF incluso despu\u00e9s de que new() devuelva un valor de error (p. ej., la macro bpf_for_each() ignora los errores devueltos por new()). bpf_iter_scx_dsq_new() podr\u00eda dejar el iterador sin inicializar despu\u00e9s de un error, lo que provoca que bpf_iter_scx_dsq_next() desreferencia datos innecesarios. Aseg\u00farese de que bpf_iter_scx_dsq_new() siempre borre $kit->dsq para que next() y destroy() se conviertan en noops." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json index 29387d31a0f..0953f44d8a8 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38013.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request\n\nMake sure that n_channels is set after allocating the\nstruct cfg80211_registered_device::int_scan_req member. Seen with\nsyzkaller:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5\nindex 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')\n\nThis was missed in the initial conversions because I failed to locate\nthe allocation likely due to the \"sizeof(void *)\" not matching the\n\"channels\" array type." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: Establecer n_channels tras asignar la estructura cfg80211_scan_request. Aseg\u00farese de que n_channels est\u00e9 establecido tras asignar el miembro de la estructura cfg80211_registered_device::int_scan_req. Observada con syzkaller: UBSAN: array-index-out-of-bounds en net/mac80211/scan.c:1208:5. El \u00edndice 0 est\u00e1 fuera de rango para el tipo 'struct ieee80211_channel *[] __counted_by(n_channels)' (tambi\u00e9n conocido como 'struct ieee80211_channel *[]'). Esto no se detect\u00f3 en las conversiones iniciales porque no se localiz\u00f3 la asignaci\u00f3n, probablemente debido a que \"sizeof(void *)\" no coincide con el tipo de matriz \"channels\"." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json index 4ec21682074..1c727431825 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38014.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Refactor remove call with idxd_cleanup() helper\n\nThe idxd_cleanup() helper cleans up perfmon, interrupts, internals and\nso on. Refactor remove call with the idxd_cleanup() helper to avoid code\nduplication. Note, this also fixes the missing put_device() for idxd\ngroups, enginces and wqs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: Refactorizar la llamada de eliminaci\u00f3n con el asistente idxd_cleanup(). Este asistente limpia el monitor de rendimiento, las interrupciones, los componentes internos, etc. Refactorizar la llamada de eliminaci\u00f3n con el asistente idxd_cleanup() para evitar la duplicaci\u00f3n de c\u00f3digo. Cabe destacar que esto tambi\u00e9n corrige la funci\u00f3n put_device() que faltaba para los grupos, motores y m\u00e1quinas virtuales idxd." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json index b38fbb1a0e0..f6c02bb52a8 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38015.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix memory leak in error handling path of idxd_alloc\n\nMemory allocated for idxd is not freed if an error occurs during\nidxd_alloc(). To fix it, free the allocated memory in the reverse order\nof allocation before exiting the function in case of an error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: se corrige una fuga de memoria en la ruta de gesti\u00f3n de errores de idxd_alloc. La memoria asignada a idxd no se libera si se produce un error durante idxd_alloc(). Para solucionarlo, libere la memoria asignada en orden inverso a la asignaci\u00f3n antes de salir de la funci\u00f3n en caso de error." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json index ebcfe163c26..a720ff8c8e7 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38016.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: bpf: abort dispatch if device destroyed\n\nThe current HID bpf implementation assumes no output report/request will\ngo through it after hid_bpf_destroy_device() has been called. This leads\nto a bug that unplugging certain types of HID devices causes a cleaned-\nup SRCU to be accessed. The bug was previously a hidden failure until a\nrecent x86 percpu change [1] made it access not-present pages.\n\nThe bug will be triggered if the conditions below are met:\n\nA) a device under the driver has some LEDs on\nB) hid_ll_driver->request() is uninplemented (e.g., logitech-djreceiver)\n\nIf condition A is met, hidinput_led_worker() is always scheduled *after*\nhid_bpf_destroy_device().\n\nhid_destroy_device\n` hid_bpf_destroy_device\n ` cleanup_srcu_struct(&hdev->bpf.srcu)\n` hid_remove_device\n ` ...\n ` led_classdev_unregister\n ` led_trigger_set(led_cdev, NULL)\n ` led_set_brightness(led_cdev, LED_OFF)\n ` ...\n ` input_inject_event\n ` input_event_dispose\n ` hidinput_input_event\n ` schedule_work(&hid->led_work) [hidinput_led_worker]\n\nThis is fine when condition B is not met, where hidinput_led_worker()\ncalls hid_ll_driver->request(). This is the case for most HID drivers,\nwhich implement it or use the generic one from usbhid. The driver itself\nor an underlying driver will then abort processing the request.\n\nOtherwise, hidinput_led_worker() tries hid_hw_output_report() and leads\nto the bug.\n\nhidinput_led_worker\n` hid_hw_output_report\n ` dispatch_hid_bpf_output_report\n ` srcu_read_lock(&hdev->bpf.srcu)\n ` srcu_read_unlock(&hdev->bpf.srcu, idx)\n\nThe bug has existed since the introduction [2] of\ndispatch_hid_bpf_output_report(). However, the same bug also exists in\ndispatch_hid_bpf_raw_requests(), and I've reproduced (no visible effect\nbecause of the lack of [1], but confirmed bpf.destroyed == 1) the bug\nagainst the commit (i.e., the Fixes:) introducing the function. This is\nbecause hidinput_led_worker() falls back to hid_hw_raw_request() when\nhid_ll_driver->output_report() is uninplemented (e.g., logitech-\ndjreceiver).\n\nhidinput_led_worker\n` hid_hw_output_report: -ENOSYS\n` hid_hw_raw_request\n ` dispatch_hid_bpf_raw_requests\n ` srcu_read_lock(&hdev->bpf.srcu)\n ` srcu_read_unlock(&hdev->bpf.srcu, idx)\n\nFix the issue by returning early in the two mentioned functions if\nhid_bpf has been marked as destroyed. Though\ndispatch_hid_bpf_device_event() handles input events, and there is no\nevidence that it may be called after the destruction, the same check, as\na safety net, is also added to it to maintain the consistency among all\ndispatch functions.\n\nThe impact of the bug on other architectures is unclear. Even if it acts\nas a hidden failure, this is still dangerous because it corrupts\nwhatever is on the address calculated by SRCU. Thus, CC'ing the stable\nlist.\n\n[1]: commit 9d7de2aa8b41 (\"x86/percpu/64: Use relative percpu offsets\")\n[2]: commit 9286675a2aed (\"HID: bpf: add HID-BPF hooks for\nhid_hw_output_report\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: bpf: abortar env\u00edo si dispositivo destruido La implementaci\u00f3n actual de HID bpf asume que no pasar\u00e1 por ella ning\u00fan informe/solicitud de salida despu\u00e9s de que se haya llamado a hid_bpf_destroy_device(). Esto lleva a un error que al desconectar ciertos tipos de dispositivos HID hace que se acceda a una SRCU limpiada. El error era anteriormente un fallo oculto hasta que un cambio reciente de x86 por CPU [1] hizo que accediera a p\u00e1ginas no presentes. El error se activar\u00e1 si se cumplen las siguientes condiciones: A) un dispositivo bajo el controlador tiene algunos LED encendidos B) hid_ll_driver->request() no est\u00e1 implementado (por ejemplo, logitech-djreceiver) Si se cumple la condici\u00f3n A, hidinput_led_worker() siempre se programa *despu\u00e9s* de hid_bpf_destroy_device(). hid_destroy_device ` hid_bpf_destroy_device ` cleanup_srcu_struct(&hdev->bpf.srcu) ` hid_remove_device ` ... ` led_classdev_unregister ` led_trigger_set(led_cdev, NULL) ` led_set_brightness(led_cdev, LED_OFF) ` ... ` input_inject_event ` input_event_dispose ` hidinput_input_event ` schedule_work(&hid->led_work) [hidinput_led_worker] Esto funciona correctamente cuando no se cumple la condici\u00f3n B, en cuyo caso hidinput_led_worker() invoca hid_ll_driver->request(). Este es el caso de la mayor\u00eda de los controladores HID, que lo implementan o utilizan el gen\u00e9rico de usbhid. El propio controlador o uno subyacente abortar\u00e1 el procesamiento de la solicitud. De lo contrario, hidinput_led_worker() intenta hid_hw_output_report() y genera el error. hidinput_led_worker ` hid_hw_output_report ` dispatch_hid_bpf_output_report ` srcu_read_lock(&hdev->bpf.srcu) ` srcu_read_unlock(&hdev->bpf.srcu, idx) El error existe desde la introducci\u00f3n [2] de dispatch_hid_bpf_output_report(). Sin embargo, el mismo error tambi\u00e9n existe en dispatch_hid_bpf_raw_requests(), y he reproducido (sin efecto visible debido a la falta de [1], pero confirmado bpf.destroyed == 1) el error contra el commit (es decir, las correcciones:) que introduce la funci\u00f3n. Esto se debe a que hidinput_led_worker() recurre a hid_hw_raw_request() cuando hid_ll_driver->output_report() no est\u00e1 implementado (p. ej., logitech- djreceiver). hidinput_led_worker ` hid_hw_output_report: -ENOSYS ` hid_hw_raw_request ` dispatch_hid_bpf_raw_requests ` srcu_read_lock(&hdev->bpf.srcu) ` srcu_read_unlock(&hdev->bpf.srcu, idx) Corrija el problema retornando antes en las dos funciones mencionadas si hid_bpf se marc\u00f3 como destruido. Aunque dispatch_hid_bpf_device_event() maneja eventos de entrada y no hay evidencia de que pueda llamarse despu\u00e9s de la destrucci\u00f3n, tambi\u00e9n se le agrega la misma verificaci\u00f3n, como red de seguridad, para mantener la consistencia entre todas las funciones de despacho. El impacto del error en otras arquitecturas no est\u00e1 claro. Incluso si se trata de un fallo oculto, sigue siendo peligroso, ya que corrompe la direcci\u00f3n calculada por SRCU. Por lo tanto, se copia la lista estable. [1]: commit 9d7de2aa8b41 (\"x86/percpu/64: Usar desplazamientos relativos por CPU\") [2]: commit 9286675a2aed (\"HID: bpf: a\u00f1adir enlaces HID-BPF para hid_hw_output_report\")" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json index e5e8f76ecb9..65a8ee12bd3 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38017.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/eventpoll: fix endless busy loop after timeout has expired\n\nAfter commit 0a65bc27bd64 (\"eventpoll: Set epoll timeout if it's in\nthe future\"), the following program would immediately enter a busy\nloop in the kernel:\n\n```\nint main() {\n int e = epoll_create1(0);\n struct epoll_event event = {.events = EPOLLIN};\n epoll_ctl(e, EPOLL_CTL_ADD, 0, &event);\n const struct timespec timeout = {.tv_nsec = 1};\n epoll_pwait2(e, &event, 1, &timeout, 0);\n}\n```\n\nThis happens because the given (non-zero) timeout of 1 nanosecond\nusually expires before ep_poll() is entered and then\nep_schedule_timeout() returns false, but `timed_out` is never set\nbecause the code line that sets it is skipped. This quickly turns\ninto a soft lockup, RCU stalls and deadlocks, inflicting severe\nheadaches to the whole system.\n\nWhen the timeout has expired, we don't need to schedule a hrtimer, but\nwe should set the `timed_out` variable. Therefore, I suggest moving\nthe ep_schedule_timeout() check into the `timed_out` expression\ninstead of skipping it.\n\nbrauner: Note that there was an earlier fix by Joe Damato in response to\nmy bug report in [1]." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/eventpoll: corrige un bucle ocupado sin fin despu\u00e9s de que expira el tiempo de espera Despu\u00e9s de el commit 0a65bc27bd64 (\"eventpoll: establece el tiempo de espera de epoll si es en el futuro\"), el siguiente programa ingresar\u00eda inmediatamente en un bucle ocupado en el kernel: ``` int main() { int e = epoll_create1(0); struct epoll_event event = {.events = EPOLLIN}; epoll_ctl(e, EPOLL_CTL_ADD, 0, &event); const struct timespec timeout = {.tv_nsec = 1}; epoll_pwait2(e, &event, 1, &timeout, 0); } ``` Esto sucede porque el tiempo de espera dado (distinto de cero) de 1 nanosegundo generalmente expira antes de que se ingrese ep_poll() y luego ep_schedule_timeout() devuelve falso, pero `timed_out` nunca se establece porque se omite la l\u00ednea de c\u00f3digo que lo establece. Esto r\u00e1pidamente se convierte en un bloqueo suave, RCU se bloquea y se bloquea, lo que inflige graves dolores de cabeza a todo el sistema. Cuando el tiempo de espera ha expirado, no necesitamos programar un hrtimer, pero debemos establecer la variable `timed_out`. Por lo tanto, sugiero mover la comprobaci\u00f3n de ep_schedule_timeout() a la expresi\u00f3n `timed_out` en lugar de omitirla. brauner: Tenga en cuenta que hubo una correcci\u00f3n anterior por Joe Damato en respuesta a mi informe de error en [1]." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json index 7e2254e0e87..cc8b3193ded 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38018.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix kernel panic when alloc_page failed\n\nWe cannot set frag_list to NULL pointer when alloc_page failed.\nIt will be used in tls_strp_check_queue_ok when the next time\ntls_strp_read_sock is called.\n\nThis is because we don't reset full_len in tls_strp_flush_anchor_copy()\nso the recv path will try to continue handling the partial record\non the next call but we dettached the rcvq from the frag list.\nAlternative fix would be to reset full_len.\n\nUnable to handle kernel NULL pointer dereference\nat virtual address 0000000000000028\n Call trace:\n tls_strp_check_rcv+0x128/0x27c\n tls_strp_data_ready+0x34/0x44\n tls_data_ready+0x3c/0x1f0\n tcp_data_ready+0x9c/0xe4\n tcp_data_queue+0xf6c/0x12d0\n tcp_rcv_established+0x52c/0x798" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/tls: correcci\u00f3n del p\u00e1nico del kernel cuando alloc_page falla. No se puede establecer frag_list como un puntero nulo cuando alloc_page falla. Se usar\u00e1 en tls_strp_check_queue_ok la pr\u00f3xima vez que se invoque tls_strp_read_sock. Esto se debe a que no se restablece full_len en tls_strp_flush_anchor_copy(), por lo que la ruta de recepci\u00f3n intentar\u00e1 continuar gestionando el registro parcial en la siguiente llamada, pero se ha desvinculado el rcvq de la lista de fragmentos. Una soluci\u00f3n alternativa ser\u00eda restablecer full_len. No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000028 Rastreo de llamadas: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data_ready+0x9c/0xe4 tcp_data_queue+0xf6c/0x12d0 tcp_rcv_established+0x52c/0x798" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json index 835923391bf..a0a9523216f 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38019.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices\n\nThe driver only offloads neighbors that are constructed on top of net\ndevices registered by it or their uppers (which are all Ethernet). The\ndevice supports GRE encapsulation and decapsulation of forwarded\ntraffic, but the driver will not offload dummy neighbors constructed on\ntop of GRE net devices as they are not uppers of its net devices:\n\n # ip link add name gre1 up type gre tos inherit local 192.0.2.1 remote 198.51.100.1\n # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 NOARP\n\n(Note that the neighbor is not marked with 'offload')\n\nWhen the driver is reloaded and the existing configuration is replayed,\nthe driver does not perform the same check regarding existing neighbors\nand offloads the previously added one:\n\n # devlink dev reload pci/0000:01:00.0\n $ ip neigh show dev gre1 nud noarp\n 0.0.0.0 lladdr 0.0.0.0 offload NOARP\n\nIf the neighbor is later deleted, the driver will ignore the\nnotification (given the GRE net device is not its upper) and will\ntherefore keep referencing freed memory, resulting in a use-after-free\n[1] when the net device is deleted:\n\n # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1\n # ip link del dev gre1\n\nFix by skipping neighbor replay if the net device for which the replay\nis performed is not our upper.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x1ea/0x200\nRead of size 8 at addr ffff888155b0e420 by task ip/2282\n[...]\nCall Trace:\n \n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6f/0x350\n print_report+0x108/0x205\n kasan_report+0xdf/0x110\n mlxsw_sp_neigh_entry_update+0x1ea/0x200\n mlxsw_sp_router_rif_gone_sync+0x2a8/0x440\n mlxsw_sp_rif_destroy+0x1e9/0x750\n mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0\n mlxsw_sp_router_netdevice_event+0x3ac/0x15e0\n notifier_call_chain+0xca/0x150\n call_netdevice_notifiers_info+0x7f/0x100\n unregister_netdevice_many_notify+0xc8c/0x1d90\n rtnl_dellink+0x34e/0xa50\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x131/0x360\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n __sys_sendmsg+0x121/0x1b0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: spectrum_router: Se corrige el use-after-free al eliminar dispositivos de red GRE. El controlador solo descarga a los vecinos que se construyen sobre dispositivos de red registrados por \u00e9l o sus superiores (que son todos Ethernet). El dispositivo admite la encapsulaci\u00f3n y desencapsulaci\u00f3n GRE del tr\u00e1fico reenviado, pero el controlador no descargar\u00e1 vecinos ficticios construidos sobre dispositivos de red GRE ya que no son superiores a sus dispositivos de red: # ip link add name gre1 up type gre tos heritage local 192.0.2.1 remote 198.51.100.1 # ip neigh add 0.0.0.0 lladdr 0.0.0.0 nud noarp dev gre1 $ ip neigh show dev gre1 nud noarp 0.0.0.0 lladdr 0.0.0.0 NOARP (Tenga en cuenta que el vecino no est\u00e1 marcado con 'offload') Cuando se vuelve a cargar el controlador y se reproduce la configuraci\u00f3n existente, el controlador no realiza la misma comprobaci\u00f3n con respecto a los vecinos existentes y descarga el agregado previamente: # devlink dev reload pci/0000:01:00.0 $ ip neigh show dev gre1 nud noarp 0.0.0.0 lladdr 0.0.0.0 offload NOARP Si el vecino se elimina m\u00e1s tarde, el controlador ignorar\u00e1 la notificaci\u00f3n (dado que el dispositivo de red GRE no es su superior) y, por lo tanto, seguir\u00e1 haciendo referencia a la memoria liberada, lo que dar\u00e1 como resultado un use-after-free [1] cuando se elimine el dispositivo de red: # ip neigh del 0.0.0.0 lladdr 0.0.0.0 dev gre1 # ip link del dev gre1 Se soluciona omitiendo la reproducci\u00f3n del vecino si el dispositivo de red para el que se realiza la reproducci\u00f3n no es nuestro superior. [1] ERROR: KASAN: slab-use-after-free en mlxsw_sp_neigh_entry_update+0x1ea/0x200 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888155b0e420 por la tarea ip/2282 [...] Rastreo de llamadas: dump_stack_lvl+0x6f/0xa0 print_address_description.constprop.0+0x6f/0x350 print_report+0x108/0x205 kasan_report+0xdf/0x110 mlxsw_sp_neigh_entry_update+0x1ea/0x200 mlxsw_sp_router_rif_gone_sync+0x2a8/0x440 mlxsw_sp_rif_destroy+0x1e9/0x750 mlxsw_sp_netdevice_ipip_ol_event+0x3c9/0xdc0 mlxsw_sp_router_netdevice_event+0x3ac/0x15e0 notifier_call_chain+0xca/0x150 call_netdevice_notifiers_info+0x7f/0x100 unregister_netdevice_many_notify+0xc8c/0x1d90 rtnl_dellink+0x34e/0xa50 rtnetlink_rcv_msg+0x6fb/0xb70 netlink_rcv_skb+0x131/0x360 netlink_unicast+0x426/0x710 netlink_sendmsg+0x75a/0xc20 __sock_sendmsg+0xc1/0x150 ____sys_sendmsg+0x5aa/0x7b0 ___sys_sendmsg+0xfc/0x180 __sys_sendmsg+0x121/0x1b0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json index 088a208c7ba..ed2c357ba96 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38020.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Disable MACsec offload for uplink representor profile\n\nMACsec offload is not supported in switchdev mode for uplink\nrepresentors. When switching to the uplink representor profile, the\nMACsec offload feature must be cleared from the netdevice's features.\n\nIf left enabled, attempts to add offloads result in a null pointer\ndereference, as the uplink representor does not support MACsec offload\neven though the feature bit remains set.\n\nClear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().\n\nKernel log:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]\nCPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__mutex_lock+0x128/0x1dd0\nCode: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff\nRSP: 0018:ffff888147a4f160 EFLAGS: 00010206\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078\nRBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000\nFS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nCall Trace:\n \n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? __mutex_lock+0x128/0x1dd0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mutex_lock_io_nested+0x1ae0/0x1ae0\n ? lock_acquire+0x1c2/0x530\n ? macsec_upd_offload+0x145/0x380\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n ? __kasan_kmalloc+0x77/0x90\n ? __kmalloc_noprof+0x249/0x6b0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core]\n macsec_update_offload+0x26c/0x820\n ? macsec_set_mac_address+0x4b0/0x4b0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? _raw_spin_unlock_irqrestore+0x47/0x50\n macsec_upd_offload+0x2c8/0x380\n ? macsec_update_offload+0x820/0x820\n ? __nla_parse+0x22/0x30\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240\n genl_family_rcv_msg_doit+0x1cc/0x2a0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240\n ? cap_capable+0xd4/0x330\n genl_rcv_msg+0x3ea/0x670\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? macsec_update_offload+0x820/0x820\n netlink_rcv_skb+0x12b/0x390\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? netlink_ack+0xd80/0xd80\n ? rwsem_down_read_slowpath+0xf90/0xf90\n ? netlink_deliver_tap+0xcd/0xac0\n ? netlink_deliver_tap+0x155/0xac0\n ? _copy_from_iter+0x1bb/0x12c0\n genl_rcv+0x24/0x40\n netlink_unicast+0x440/0x700\n ? netlink_attachskb+0x760/0x760\n ? lock_acquire+0x1c2/0x530\n ? __might_fault+0xbb/0x170\n netlink_sendmsg+0x749/0xc10\n ? netlink_unicast+0x700/0x700\n ? __might_fault+0xbb/0x170\n ? netlink_unicast+0x700/0x700\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x53f/0x760\n ? import_iovec+0x7/0x10\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x3c0/0x3c0\n ? filter_irq_stacks+0x90/0x90\n ? stack_depot_save_flags+0x28/0xa30\n ___sys_sen\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Deshabilitar la descarga de MACsec para el perfil de representante de enlace ascendente. La descarga de MACsec no es compatible con el modo switchdev para los representantes de enlace ascendente. Al cambiar al perfil de representante de enlace ascendente, se debe desactivar la funci\u00f3n de descarga de MACsec de las caracter\u00edsticas del dispositivo de red. Si se deja activada, los intentos de agregar descargas resultan en una desreferencia de puntero nulo, ya que el representante de enlace ascendente no admite la descarga de MACsec, aunque el bit de caracter\u00edstica permanezca activado. Desactive NETIF_F_HW_MACSEC en mlx5e_fix_uplink_rep_features(). Registro del n\u00facleo: Ups: fallo de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc000000000f: 0000 [#1] SMP KASAN KASAN: null-ptr-deref en el rango [0x000000000000078-0x000000000000007f] CPU: 29 UID: 0 PID: 4714 Comm: ip No contaminado 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x128/0x1dd0 C\u00f3digo: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff RSP: 0018:ffff888147a4f160 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 000000000000000f RSI: 000000000000000000 RDI: 0000000000000078 RBP: ffff888147a4f2e0 R08: fffffffffa05d2c19 R09: 0000000000000000 R10: 0000000000000001 R11: 00000000000000000 R12: 00000000000000000 R13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000 FS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0 DR0: 000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 Rastreo de llamadas: ? die_addr+0x3d/0xa0 ? exc_general_protection+0x144/0x220 ? asm_exc_general_protection+0x22/0x30 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? __mutex_lock+0x128/0x1dd0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mutex_lock_io_nested+0x1ae0/0x1ae0 ? lock_acquire+0x1c2/0x530 ? macsec_upd_offload+0x145/0x380 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 ? __kasan_kmalloc+0x77/0x90 ? __kmalloc_noprof+0x249/0x6b0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core] macsec_update_offload+0x26c/0x820 ? macsec_set_mac_address+0x4b0/0x4b0 ? lockdep_hardirqs_on_prepare+0x284/0x400 ? _raw_spin_unlock_irqrestore+0x47/0x50 macsec_upd_offload+0x2c8/0x380 ? macsec_update_offload+0x820/0x820 ? __nla_parse+0x22/0x30 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240 genl_family_rcv_msg_doit+0x1cc/0x2a0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240 ? cap_capable+0xd4/0x330 genl_rcv_msg+0x3ea/0x670 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? macsec_update_offload+0x820/0x820 netlink_rcv_skb+0x12b/0x390 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? netlink_ack+0xd80/0xd80 ? rwsem_down_read_slowpath+0xf90/0xf90 ? netlink_deliver_tap+0xcd/0xac0 ? netlink_deliver_tap+0x155/0xac0 ? _copy_from_iter+0x1bb/0x12c0 genl_rcv+0x24/0x40 netlink_unicast+0x440/0x700 ? netlink_attachskb+0x760/0x760 ? lock_acquire+0x1c2/0x530 ? __might_fault+0xbb/0x170 netlink_sendmsg+0x749/0xc10 ? netlink_unicast+0x700/0x700 ? __might_fault+0xbb/0x170 ? netlink_unicast+0x700/0x700 __sock_sendmsg+0xc5/0x190 ____sys_sendmsg+0x53f/0x760 ? import_iovec+0x7/0x10 ? kernel_sendmsg+0x30/0x30 ? __copy_msghdr+0x3c0/0x3c0 ? filter_irq_stacks ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json index 2e55d37e479..69192bbddce 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38021.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp\n\nSimilar to commit 6a057072ddd1 (\"drm/amd/display: Fix null check for\npipe_ctx->plane_state in dcn20_program_pipe\") that addresses a null\npointer dereference on dcn20_update_dchubp_dpp. This is the same\nfunction hooked for update_dchubp_dpp in dcn401, with the same issue.\nFix possible null pointer deference on dcn401_program_pipe too.\n\n(cherry picked from commit d8d47f739752227957d8efc0cb894761bfe1d879)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se corrige la comprobaci\u00f3n nula de pipe_ctx->plane_state para update_dchubp_dpp. Similar a el commit 6a057072ddd1 (\"drm/amd/display: Se corrige la comprobaci\u00f3n nula de pipe_ctx->plane_state en dcn20_program_pipe\"), que soluciona una desreferencia de puntero nulo en dcn20_update_dchubp_dpp. Esta es la misma funci\u00f3n asociada a update_dchubp_dpp en dcn401, con el mismo problema. Tambi\u00e9n se corrige una posible desreferencia de puntero nulo en dcn401_program_pipe. (Seleccionado de el commit d8d47f739752227957d8efc0cb894761bfe1d879)" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json index d3f38f38136..73f5834f196 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38022.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\n\nCall Trace:\n\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n strlen+0x93/0xa0 lib/string.c:420\n __fortify_strlen include/linux/fortify-string.h:268 [inline]\n get_kobj_path_length lib/kobject.c:118 [inline]\n kobject_get_path+0x3f/0x2a0 lib/kobject.c:158\n kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\n ib_register_device drivers/infiniband/core/device.c:1472 [inline]\n ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\n rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\n rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\n nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\n rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n __sys_sendmsg+0x16d/0x220 net/socket.c:2652\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\n\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\n\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/core: Soluci\u00f3n del problema \"KASAN: slab-use-after-free Read in ib_register_device\" Seguimiento de llamadas: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_length lib/kobject.c:118 [inline] kobject_get_path+0x3f/0x2a0 lib/kobject.c:158 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545 ib_register_device drivers/infiniband/core/device.c:1472 [inline] ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393 rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552 rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225 nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796 rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmsg+0x16d/0x220 net/socket.c:2652 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Este problema es Similar al problema corregido en el commit 1d6a9e7449e2 (\"RDMA/core: Correcci\u00f3n del problema de use-after-free al cambiar el nombre del dispositivo\"). La causa principal es que la funci\u00f3n ib_device_rename() cambia el nombre con bloqueo. Sin embargo, en la funci\u00f3n kobject_uevent(), se accede a este nombre sin protecci\u00f3n de bloqueo. La soluci\u00f3n es a\u00f1adir la protecci\u00f3n de bloqueo al acceder a este nombre en la funci\u00f3n kobject_uevent()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json index fab23e5f49a..cce69284e01 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38023.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: handle failure of nfs_get_lock_context in unlock path\n\nWhen memory is insufficient, the allocation of nfs_lock_context in\nnfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat\nan nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM)\nas valid and proceed to execute rpc_run_task(), this will trigger a NULL\npointer dereference in nfs4_locku_prepare. For example:\n\nBUG: kernel NULL pointer dereference, address: 000000000000000c\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40\nWorkqueue: rpciod rpc_async_schedule\nRIP: 0010:nfs4_locku_prepare+0x35/0xc2\nCode: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3\nRSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246\nRAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40\nRBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38\nR10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030\nR13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30\nFS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0\nCall Trace:\n \n __rpc_execute+0xbc/0x480\n rpc_async_schedule+0x2f/0x40\n process_one_work+0x232/0x5d0\n worker_thread+0x1da/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x10d/0x240\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \nModules linked in:\nCR2: 000000000000000c\n---[ end trace 0000000000000000 ]---\n\nFree the allocated nfs4_unlockdata when nfs_get_lock_context() fails and\nreturn NULL to terminate subsequent rpc_run_task, preventing NULL pointer\ndereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs: fallo en el manejo de nfs_get_lock_context en la ruta de desbloqueo. Cuando la memoria es insuficiente, la asignaci\u00f3n de nfs_lock_context en nfs_get_lock_context() falla y devuelve -ENOMEM. Si por error tratamos una estructura nfs4_unlockdata (cuyo miembro l_ctx se ha establecido en -ENOMEM) como v\u00e1lida y procedemos a ejecutar rpc_run_task(), se activar\u00e1 una desreferencia de puntero NULL en nfs4_locku_prepare. Por ejemplo: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 000000000000000c PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 Workqueue: rpciod rpc_async_schedule RIP: 0010:nfs4_locku_prepare+0x35/0xc2 Code: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3 RSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246 RAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40 RBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38 R10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030 R13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30 FS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0 Call Trace: __rpc_execute+0xbc/0x480 rpc_async_schedule+0x2f/0x40 process_one_work+0x232/0x5d0 worker_thread+0x1da/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x10d/0x240 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Modules linked in: CR2: 000000000000000c [ fin de seguimiento 0000000000000000 ]--- Libera el nfs4_unlockdata asignado cuando nfs_get_lock_context() falla y devuelve NULL para finalizar la rpc_run_task posterior, lo que evita la desreferencia del puntero NULL." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json index 9f28e7ce51a..c0225d729d7 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38024.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\n\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcf/0x610 mm/kasan/report.c:489\n kasan_report+0xb5/0xe0 mm/kasan/report.c:602\n rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195\n rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132\n __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232\n rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109\n create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052\n ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095\n ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679\n vfs_write fs/read_write.c:677 [inline]\n vfs_write+0x26a/0xcc0 fs/read_write.c:659\n ksys_write+0x1b8/0x200 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn the function rxe_create_cq, when rxe_cq_from_init fails, the function\nrxe_cleanup will be called to handle the allocated resources. In fact,\nsome memory resources have already been freed in the function\nrxe_cq_from_init. Thus, this problem will occur.\n\nThe solution is to let rxe_cleanup do all the work." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rxe: Correcci\u00f3n del error de lectura slab-use-after-free en rxe_queue_cleanup Seguimiento de llamadas: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcf/0x610 mm/kasan/report.c:489 kasan_report+0xb5/0xe0 mm/kasan/report.c:602 rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195 rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132 __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232 rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109 create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052 ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095 ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679 vfs_write fs/read_write.c:677 [inline] vfs_write+0x26a/0xcc0 fs/read_write.c:659 ksys_write+0x1b8/0x200 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f En la funci\u00f3n rxe_create_cq, cuando rxe_cq_from_init falla, se llamar\u00e1 a la funci\u00f3n rxe_cleanup para gestionar los recursos asignados. De hecho, ya se han liberado algunos recursos de memoria en la funci\u00f3n rxe_cq_from_init. Por lo tanto, se producir\u00e1 este problema. La soluci\u00f3n es dejar que rxe_cleanup haga todo el trabajo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json index 7056a142600..5928186343a 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38025.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7606: check for NULL before calling sw_mode_config()\n\nCheck that the sw_mode_config function pointer is not NULL before\ncalling it. Not all buses define this callback, which resulted in a NULL\npointer dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: ad7606: comprobar si el puntero a la funci\u00f3n sw_mode_config() es nulo. Compruebe que el puntero a la funci\u00f3n sw_mode_config no sea nulo antes de llamarlo. No todos los buses definen esta funci\u00f3n, lo que provocaba una desreferencia del puntero nulo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json index 0c1969d51a7..72e2e4202db 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38027.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it's out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulator: max20086: corrige acceso de memoria no v\u00e1lido max20086_parse_regulators_dt() llama a of_regulator_match() utilizando una matriz de struct of_regulator_match asignada en la pila para el argumento matches. of_regulator_match() llama a devm_of_regulator_put_matches(), que llama a devres_alloc() para asignar un struct devm_of_regulator_matches que se desasignar\u00e1 utilizando devm_of_regulator_put_matches(). struct devm_of_regulator_matches se rellena con la matriz matches asignada a la pila. Si el dispositivo no realiza el sondeo, se llamar\u00e1 a devm_of_regulator_put_matches() e intentar\u00e1 llamar a of_node_put() en ese puntero de pila, lo que generar\u00e1 las siguientes entradas dmesg: max20086 6-0028: Failed to read DEVICE_ID reg: -121 kobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): no se ha inicializado, pero se est\u00e1 llamando a kobject_put(). Seguido de un seguimiento de la pila que coincide con el flujo de llamada descrito anteriormente. Cambie a la asignaci\u00f3n de la matriz de coincidencias mediante devm_kcalloc() para evitar acceder al puntero de pila mucho despu\u00e9s de que est\u00e9 fuera del alcance. Esto tambi\u00e9n tiene la ventaja de permitir que varios max20086 realicen el sondeo sin sobrescribir los datos almacenados dentro del global of_regulator_match." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json index c15d0b080a6..cf245f79e57 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38028.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS/localio: Fix a race in nfs_local_open_fh()\n\nOnce the clp->cl_uuid.lock has been dropped, another CPU could come in\nand free the struct nfsd_file that was just added. To prevent that from\nhappening, take the RCU read lock before dropping the spin lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFS/localio: Se corrige una ejecuci\u00f3n en nfs_local_open_fh(). Una vez eliminado el bloqueo clp->cl_uuid.lock, otra CPU podr\u00eda entrar y liberar la estructura nfsd_file reci\u00e9n agregada. Para evitarlo, tome el bloqueo de lectura de la RCU antes de eliminar el bloqueo de giro." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json index 2a176500a7f..18b79547488 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38029.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and\narch_leave_lazy_mmu_mode() -> preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700\n[ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40\n[ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0\n[ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90\n[ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0\n[ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0\n[ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0\n[ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kasan: evitar la asignaci\u00f3n de p\u00e1ginas inactivas desde un contexto at\u00f3mico. apply_to_pte_range() entra en el modo MMU perezoso e invoca la devoluci\u00f3n de llamada kasan_populate_vmalloc_pte() en cada iteraci\u00f3n del recorrido de la tabla de p\u00e1ginas. Sin embargo, la devoluci\u00f3n de llamada puede entrar en modo inactivo al intentar asignar una sola p\u00e1gina, por ejemplo, si una arquitectura deshabilita la preempci\u00f3n al entrar en el modo MMU perezoso. En s390, si se hace arch_enter_lazy_mmu_mode() -> preempt_enable() y arch_leave_lazy_mmu_mode() -> preempt_disable(), se produce el siguiente fallo: [0.663336] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en ./include/linux/sched/mm.h:321 [0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd [0.663358] preempt_count: 1, esperado: 0 [0.663366] Profundidad de anidamiento de RCU: 0, esperado: 0 [0.663375] kthreadd/2 no mantiene bloqueos. [ 0.663383] Preempci\u00f3n deshabilitada en: [ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0 [ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd No contaminado 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT [ 0.663408] Nombre del hardware: IBM 3931 A01 701 (KVM/Linux) [ 0.663409] Rastreo de llamadas: [ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140 [ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700 [ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0 [ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0 [ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0 [ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120 [ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0 [ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120 [ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0 [ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0 [ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0 [ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40 [ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0 [ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10 [ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0 [ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310 [ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110 [ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330 [ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0 [ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90 [ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0 [ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0 [ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0 [ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0 [ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38 En su lugar de asignar p\u00e1ginas individuales por PTE, asigne en masa la memoria de sombra antes de aplicar la devoluci\u00f3n de llamada kasan_populate_vmalloc_pte() en un rango de p\u00e1ginas." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json index 5db45898042..abd3e778905 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38031.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: do not leak refcount in reorder_work\n\nA recent patch that addressed a UAF introduced a reference count leak:\nthe parallel_data refcount is incremented unconditionally, regardless\nof the return value of queue_work(). If the work item is already queued,\nthe incremented refcount is never decremented.\n\nFix this by checking the return value of queue_work() and decrementing\nthe refcount when necessary.\n\nResolves:\n\nUnreferenced object 0xffff9d9f421e3d80 (size 192):\n comm \"cryptomgr_probe\", pid 157, jiffies 4294694003\n hex dump (first 32 bytes):\n 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............\n d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.\n backtrace (crc 838fb36):\n __kmalloc_cache_noprof+0x284/0x320\n padata_alloc_pd+0x20/0x1e0\n padata_alloc_shell+0x3b/0xa0\n 0xffffffffc040a54d\n cryptomgr_probe+0x43/0xc0\n kthread+0xf6/0x1f0\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: padata: no se filtra el recuento de referencias en reorder_work. Un parche reciente que solucion\u00f3 un UAF introdujo una fuga en el recuento de referencias: el recuento de referencias de parallel_data se incrementa incondicionalmente, independientemente del valor de retorno de queue_work(). Si el elemento de trabajo ya est\u00e1 en cola, el recuento incrementado nunca se decrementa. Para solucionar esto, verifique el valor de retorno de queue_work() y decremente el recuento cuando sea necesario. Resuelve: Objeto no referenciado 0xffff9d9f421e3d80 (tama\u00f1o 192): comm \"cryptomgr_probe\", pid 157, jiffies 4294694003 volcado hexadecimal (primeros 32 bytes): 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............ d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#. seguimiento inverso (crc 838fb36): __kmalloc_cache_noprof+0x284/0x320 padata_alloc_pd+0x20/0x1e0 padata_alloc_shell+0x3b/0xa0 0xffffffffc040a54d cryptomgr_probe+0x43/0xc0 kthread+0xf6/0x1f0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json index 64681f198e4..2c098cc6251 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38032.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmr: consolidate the ipmr_can_free_table() checks.\n\nGuoyu Yin reported a splat in the ipmr netns cleanup path:\n\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nWARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nModules linked in:\nCPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 Not tainted 6.14.0 #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [inline]\nRIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361\nCode: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8\nRSP: 0018:ffff888109547c58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868\nRDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 0000000000000005\nRBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9\nR10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001\nR13: ffff888108c13320 R14: ffff888108c12dc0 R15: fffffbfff0b74058\nFS: 00007f84f39316c0(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f84f3930f98 CR3: 0000000113b56000 CR4: 0000000000350ef0\nCall Trace:\n \n ipmr_net_exit_batch+0x50/0x90 net/ipv4/ipmr.c:3160\n ops_exit_list+0x10c/0x160 net/core/net_namespace.c:177\n setup_net+0x47d/0x8e0 net/core/net_namespace.c:394\n copy_net_ns+0x25d/0x410 net/core/net_namespace.c:516\n create_new_namespaces+0x3f6/0xaf0 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc3/0x180 kernel/nsproxy.c:228\n ksys_unshare+0x78d/0x9a0 kernel/fork.c:3342\n __do_sys_unshare kernel/fork.c:3413 [inline]\n __se_sys_unshare kernel/fork.c:3411 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3411\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f84f532cc29\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f84f3931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00007f84f5615fa0 RCX: 00007f84f532cc29\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000400\nRBP: 00007f84f53fba18 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f84f5615fa0 R15: 00007fff51c5f328\n \n\nThe running kernel has CONFIG_IP_MROUTE_MULTIPLE_TABLES disabled, and\nthe sanity check for such build is still too loose.\n\nAddress the issue consolidating the relevant sanity check in a single\nhelper regardless of the kernel configuration. Also share it between\nthe ipv4 and ipv6 code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mr: consolidar las comprobaciones ipmr_can_free_table(). Guoyu Yin inform\u00f3 un splat en la ruta de limpieza de ipmr netns: ADVERTENCIA: CPU: 2 PID: 14564 en net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [en l\u00ednea] ADVERTENCIA: CPU: 2 PID: 14564 en net/ipv4/ipmr.c:440 ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 M\u00f3dulos vinculados: CPU: 2 UID: 0 PID: 14564 Comm: syz.4.838 No contaminado 6.14.0 #1 Nombre del hardware: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 RIP: 0010:ipmr_free_table net/ipv4/ipmr.c:440 [en l\u00ednea] RIP: 0010:ipmr_rules_exit+0x135/0x1c0 net/ipv4/ipmr.c:361 C\u00f3digo: ff df 48 c1 ea 03 80 3c 02 00 75 7d 48 c7 83 60 05 00 00 00 00 00 00 5b 5d 41 5c 41 5d 41 5e e9 71 67 7f 00 e8 4c 2d 8a fd 90 <0f> 0b 90 eb 93 e8 41 2d 8a fd 0f b6 2d 80 54 ea 01 31 ff 89 ee e8 RSP: 0018:ffff888109547c58 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff888108c12dc0 RCX: ffffffff83e09868 RDX: ffff8881022b3300 RSI: ffffffff83e098d4 RDI: 000000000000000005 RBP: ffff888104288000 R08: 0000000000000000 R09: ffffed10211825c9 R10: 0000000000000001 R11: ffff88801816c4a0 R12: 0000000000000001 R13: ffff888108c13320 R14: ffff888108c12dc0 R15: fffffbfff0b74058 FS: 00007f84f39316c0(0000) GS:ffff88811b100000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f84f3930f98 CR3: 0000000113b56000 CR4: 0000000000350ef0 Rastreo de llamadas: ipmr_net_exit_batch+0x50/0x90 net/ipv4/ipmr.c:3160 ops_exit_list+0x10c/0x160 net/core/net_namespace.c:177 setup_net+0x47d/0x8e0 net/core/net_namespace.c:394 copy_net_ns+0x25d/0x410 net/core/net_namespace.c:516 create_new_namespaces+0x3f6/0xaf0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc3/0x180 kernel/nsproxy.c:228 ksys_unshare+0x78d/0x9a0 kernel/fork.c:3342 __do_sys_unshare kernel/fork.c:3413 [inline] __se_sys_unshare kernel/fork.c:3411 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:3411 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f84f532cc29 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f84f3931038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f84f5615fa0 RCX: 00007f84f532cc29 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000400 RBP: 00007f84f53fba18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f84f5615fa0 R15: 00007fff51c5f328 El kernel en ejecuci\u00f3n tiene CONFIG_IP_MROUTE_MULTIPLE_TABLES deshabilitado, y la comprobaci\u00f3n de integridad para dicha compilaci\u00f3n sigue siendo demasiado imprecisa. Solucione el problema consolidando la comprobaci\u00f3n de integridad relevante en un \u00fanico asistente, independientemente de la configuraci\u00f3n del kernel. Adem\u00e1s, comp\u00e1rtala entre el c\u00f3digo IPv4 e IPv6." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json index cc7d0b055d3..14c622bf920 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38033.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88\n\nCalling core::fmt::write() from rust code while FineIBT is enabled\nresults in a kernel panic:\n\n[ 4614.199779] kernel BUG at arch/x86/kernel/cet.c:132!\n[ 4614.205343] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 4614.211781] CPU: 2 UID: 0 PID: 6057 Comm: dmabuf_dump Tainted: G U O 6.12.17-android16-0-g6ab38c534a43 #1 9da040f27673ec3945e23b998a0f8bd64c846599\n[ 4614.227832] Tainted: [U]=USER, [O]=OOT_MODULE\n[ 4614.241247] RIP: 0010:do_kernel_cp_fault+0xea/0xf0\n...\n[ 4614.398144] RIP: 0010:_RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x0/0x20\n[ 4614.407792] Code: 48 f7 df 48 0f 48 f9 48 89 f2 89 c6 5d e9 18 fd ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 41 81 ea 14 61 af 2c 74 03 0f 0b 90 <66> 0f 1f 00 55 48 89 e5 48 89 f2 48 8b 3f be 01 00 00 00 5d e9 e7\n[ 4614.428775] RSP: 0018:ffffb95acfa4ba68 EFLAGS: 00010246\n[ 4614.434609] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000000\n[ 4614.442587] RDX: 0000000000000007 RSI: ffffb95acfa4ba70 RDI: ffffb95acfa4bc88\n[ 4614.450557] RBP: ffffb95acfa4bae0 R08: ffff0a00ffffff05 R09: 0000000000000070\n[ 4614.458527] R10: 0000000000000000 R11: ffffffffab67eaf0 R12: ffffb95acfa4bcc8\n[ 4614.466493] R13: ffffffffac5d50f0 R14: 0000000000000000 R15: 0000000000000000\n[ 4614.474473] ? __cfi__RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x10/0x10\n[ 4614.484118] ? _RNvNtCs3o2tGsuHyou_4core3fmt5write+0x1d2/0x250\n\nThis happens because core::fmt::write() calls\ncore::fmt::rt::Argument::fmt(), which currently has CFI disabled:\n\nlibrary/core/src/fmt/rt.rs:\n171 // FIXME: Transmuting formatter in new and indirectly branching to/calling\n172 // it here is an explicit CFI violation.\n173 #[allow(inline_no_sanitize)]\n174 #[no_sanitize(cfi, kcfi)]\n175 #[inline]\n176 pub(super) unsafe fn fmt(&self, f: &mut Formatter<'_>) -> Result {\n\nThis causes a Control Protection exception, because FineIBT has sealed\noff the original function's endbr64.\n\nThis makes rust currently incompatible with FineIBT. Add a Kconfig\ndependency that prevents FineIBT from getting turned on by default\nif rust is enabled.\n\n[ Rust 1.88.0 (scheduled for 2025-06-26) should have this fixed [1],\n and thus we relaxed the condition with Rust >= 1.88.\n\n When `objtool` lands checking for this with e.g. [2], the plan is\n to ideally run that in upstream Rust's CI to prevent regressions\n early [3], since we do not control `core`'s source code.\n\n Alice tested the Rust PR backported to an older compiler.\n\n Peter would like that Rust provides a stable `core` which can be\n pulled into the kernel: \"Relying on that much out of tree code is\n 'unfortunate'\".\n\n - Miguel ]\n\n[ Reduced splat. - Miguel ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/Kconfig: hacer que CFI_AUTO_DEFAULT dependa de !RUST o Rust >= 1.88 Llamar a core::fmt::write() desde el c\u00f3digo rust mientras FineIBT est\u00e1 habilitado da como resultado un p\u00e1nico del kernel: [ 4614.199779] \u00a1ERROR del kernel en arch/x86/kernel/cet.c:132! [ 4614.205343] Ups: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI [ 4614.211781] CPU: 2 UID: 0 PID: 6057 Comm: dmabuf_dump Contaminado: GUO 6.12.17-android16-0-g6ab38c534a43 #1 9da040f27673ec3945e23b998a0f8bd64c846599 [ 4614.227832] Contaminado: [U]=USUARIO, [O]=OOT_M\u00d3DULO [ 4614.241247] RIP: 0010:do_kernel_cp_fault+0xea/0xf0 ... [ 4614.398144] RIP: 0010:_RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x0/0x20 [ 4614.407792] C\u00f3digo: 48 f7 gl 48 0f 48 f9 48 89 f2 89 c6 5d e9 18 fd ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 41 81 ea 14 61 af 2c 74 03 0f 0b 90 <66> 0f 1f 00 55 48 89 e5 48 89 f2 48 8b 3f be 01 00 00 00 5d e9 e7 [ 4614.428775] RSP: 0018:ffffb95acfa4ba68 EFLAGS: 00010246 [ 4614.434609] RAX: 000000000000000 RBX: 0000000000000010 RCX: 0000000000000000 [ 4614.442587] RDX: 0000000000000007 RSI: ffffb95acfa4ba70 RDI: ffffb95acfa4bc88 [ 4614.450557] RBP: ffffb95acfa4bae0 R08: ffff0a00ffffff05 R09: 0000000000000070 [ 4614.458527] R10: 0000000000000000 R11: ffffffffab67eaf0 R12: ffffb95acfa4bcc8 [ 4614.466493] R13: ffffffffac5d50f0 R14: 0000000000000000 R15: 0000000000000000 [ 4614.474473] ? __cfi__RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x10/0x10 [ 4614.484118] ? _RNvNtCs3o2tGsuHyou_4core3fmt5write+0x1d2/0x250 Esto sucede porque core::fmt::write() llama a core::fmt::rt::Argument::fmt(), que actualmente tiene CFI deshabilitado: library/core/src/fmt/rt.rs: 171 // FIXME: Transmutando el formateador en new y ramificando indirectamente a/llamando a 172 // aqu\u00ed es una violaci\u00f3n expl\u00edcita de CFI. 173 #[allow(inline_no_sanitize)] 174 #[no_sanitize(cfi, kcfi)] 175 #[inline] 176 pub(super) unsafe fn fmt(&self, f: &mut Formatter<'_>) -> Result { Esto causa una excepci\u00f3n de Protecci\u00f3n de Control, porque FineIBT ha sellado el endbr64 de la funci\u00f3n original. Esto hace que rust actualmente sea incompatible con FineIBT. Agregue una dependencia de Kconfig que evite que FineIBT se active de manera predeterminada si Rust est\u00e1 habilitado. [ Rust 1.88.0 (programado para el 26/06/2025) deber\u00eda tener esto solucionado [1], y por lo tanto relajamos la condici\u00f3n con Rust >= 1.88. Cuando `objtool` aterrice verificando esto con, por ejemplo, [2], el plan es ejecutarlo idealmente en la CI de Rust ascendente para evitar regresiones tempranas [3], ya que no controlamos el c\u00f3digo fuente de `core`. Alice prob\u00f3 el PR de Rust retroportado a un compilador m\u00e1s antiguo. A Peter le gustar\u00eda que Rust proporcionara un n\u00facleo estable que se pueda integrar en el kernel: \"Depender de tanto c\u00f3digo fuera del \u00e1rbol es 'desafortunado'\". - Miguel ] [Menudas palabras. - Miguel ]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json index 6f4bc04f6e9..a347ebcd2fa 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38034.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corregir el orden de los argumentos prelim_ref en btrfs__prelim_ref. btrfs_prelim_ref() llama a las variables de referencia antiguas y nuevas en un orden incorrecto. Esto provoca una desreferencia de puntero nulo, ya que oldref se pasa como nulo a trace_btrfs_prelim_ref_insert(). Tenga en cuenta que trace_btrfs_prelim_ref_insert() se llama con newref como oldref (y oldref como nulo) a prop\u00f3sito para imprimir los valores de newref. Para reproducir: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable. Realice algunas operaciones de escritura diferida. Backtrace: BUG: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000018 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress No contaminado 6.15.0-rc2-tester+ #47 PREEMPT(voluntario) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 01/04/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 C\u00f3digo: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 CR2: 000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Rastreo de llamadas: prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json index cbe94217d3d..61b1edd9838 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38035.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don't restore null sk_state_change\n\nqueue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn't established when nvmet_tcp_set_queue_sock() is\ncalled then queue->state_change isn't set and sock->sk->sk_state_change\nisn't replaced.\n\nAs such we don't need to restore sock->sk->sk_state_change if\nqueue->state_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-tcp: no restaurar el valor nulo de sk_state_change. La funci\u00f3n queue->state_change se configura como parte de nvmet_tcp_set_queue_sock(), pero si la conexi\u00f3n TCP no se establece al llamar a nvmet_tcp_set_queue_sock(), la funci\u00f3n queue->state_change no se configura y la funci\u00f3n sock->sk->sk_state_change no se reemplaza. Por lo tanto, no es necesario restaurar sock->sk->sk_state_change si la funci\u00f3n queue->state_change es nula. Esto evita desreferencias de puntero NULL como esta: [ 286.462026][ C0] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 [ 286.462814][ C0] #PF: obtenci\u00f3n de instrucci\u00f3n de supervisor en modo n\u00facleo [ 286.463796][ C0] #PF: error_code(0x0010) - p\u00e1gina no presente [ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0 [ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI [ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme No contaminado 6.15.0-rc2+ #11 PREEMPT(voluntario) [ 286.466393][ C0] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 01/04/2014 [ 286.467147][ C0] RIP: 0010:0x0 [ 286.467420][ C0] C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0xffffffffffffffd6. [ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246 [ 286.468425][ C0] RAX: 000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43 [ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 000000000000008 RDI: ffff88813fd34100 [ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c [ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3 [ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268 [ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000 [ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0 [ 286.473500][ C0] DR0: 0000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 [ 286.474467][C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 [ 286.475453][ C0] Rastreo de llamadas: [ 286.476102][ C0] [ 286.476719][ C0] tcp_fin+0x2bb/0x440 [ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60 [ 286.478174][ C0] ? __build_skb_around+0x234/0x330 [ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0 [ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30 [ 286.482769][ C0] ? ktime_get+0x66/0x150 [ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050 [ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0 [ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 286.486917][ C0] ? lock_release+0x217/0x2c0 [ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0 [ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30 [ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0 [ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10 [ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack] [ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370 [ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420 [ 286.494268][ C0] ip_local_deliver+0x168/0x430 [ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20 [ 286.496806][ C0] ? lock_release+0x217/0x2c0 [ 286.497414][ C0] ip_rcv+0x455/0x6e0 [ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json index d944ef92bed..e41a8c203e4 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38036.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit's MMIO members already setup. However, due to recent refactoring\nthe gt->mmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it's a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt->mmio which will make those GuC functions work again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/vf: Realizar una inicializaci\u00f3n temprana de MMIO de GT para leer GMDID. Los VF deben comunicarse con el GuC para obtener el valor GMDID y las funciones GuC existentes utilizadas para eso suponen que el GT ya tiene configurados sus miembros MMIO. Sin embargo, debido a una refactorizaci\u00f3n reciente, gt->mmio se inicializa m\u00e1s tarde y cualquier intento del VF de usar xe_mmio_read|write() desde las funciones GuC provocar\u00e1 un bloqueo de NPD debido a una direcci\u00f3n de registro MMIO no establecida: [] xe 0000:00:02.1: [drm] Ejecutando en modo SR-IOV VF [] xe 0000:00:02.1: [drm] GT0: enviando H2G MMIO 0x5507 [] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000190240 Dado que ya estamos ajustando el id y el tipo del GT principal para imitar que es un Media GT antes de inicializar la comunicaci\u00f3n GuC, tambi\u00e9n podemos llamar a xe_gt_mmio_init() para realizar una configuraci\u00f3n temprana de gt->mmio que har\u00e1 que esas funciones GuC funcionen nuevamente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json index 0b84e729ea2..5d9548eccda 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38037.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Annotate FDB data races\n\nThe 'used' and 'updated' fields in the FDB entry structure can be\naccessed concurrently by multiple threads, leading to reports such as\n[1]. Can be reproduced using [2].\n\nSuppress these reports by annotating these accesses using\nREAD_ONCE() / WRITE_ONCE().\n\n[1]\nBUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit\n\nwrite to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:\n vxlan_xmit+0xb29/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:\n vxlan_xmit+0xadf/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000fffbac6e -> 0x00000000fffbac6f\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n\n[2]\n #!/bin/bash\n\n set +H\n echo whitelist > /sys/kernel/debug/kcsan\n echo !vxlan_xmit > /sys/kernel/debug/kcsan\n\n ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1\n taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &\n taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vxlan: Anotaci\u00f3n de ejecuciones de datos FDB. M\u00faltiples subprocesos pueden acceder simult\u00e1neamente a los campos \"usado\" y \"actualizado\" de la estructura de entrada FDB, lo que genera informes como [1]. Se puede reproducir con [2]. Para suprimir estos informes, anote estos accesos con READ_ONCE() / WRITE_ONCE(). [1] ERROR: KCSAN: ejecuci\u00f3n de datos en vxlan_xmit / vxlan_xmit escribe en 0xffff942604d263a8 de 8 bytes por la tarea 286 en la CPU 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f lectura a 0xffff942604d263a8 de 8 bytes por la tarea 287 en la CPU 2: vxlan_xmit+0xadf/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f valor cambiado: 0x00000000fffbac6e -> 0x00000000fffbac6f Informado por Kernel Concurrency Sanitizer en: CPU: 2 UID: 0 PID: 287 Comm: mausezahn No contaminado 6.13.0-rc7-01544-gb4b270f11a02 #5 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 01/04/2014 [2] #!/bin/bash set +H echo whitelist > /sys/kernel/debug/kcsan echo !vxlan_xmit > /sys/kernel/debug/kcsan ip enlace agregar nombre vx0 activo tipo vxlan id 10010 dstport 4789 local 192.0.2.1 puente fdb agregar 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 conjunto de tareas -c 0 mausezahn vx0 -a propio -b 00:11:22:33:44:55 -c 0 -q & conjunto de tareas -c 2 mausezahn vx0 -a propio -b 00:11:22:33:44:55 -c 0 -q &" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json index 793be0007e5..36fad406f9c 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38038.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: amd-pstate: Eliminar driver_lock innecesario en set_boost. set_boost es una llamada a funci\u00f3n por pol\u00edtica, por lo que no es necesario un bloqueo a nivel de controlador. Adem\u00e1s, este mutex_acquire puede colisionar con el mutex_acquire de la ruta de cambio de modo en status_store(), lo que puede provocar un interbloqueo. Por lo tanto, elim\u00ednelo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json index 103f97e420c..1f83d356742 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38039.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled\n\nWhen attempting to enable MQPRIO while HTB offload is already\nconfigured, the driver currently returns `-EINVAL` and triggers a\n`WARN_ON`, leading to an unnecessary call trace.\n\nUpdate the code to handle this case more gracefully by returning\n`-EOPNOTSUPP` instead, while also providing a helpful user message." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Evitar WARN_ON al configurar MQPRIO con la descarga de HTB habilitada. Al intentar habilitar MQPRIO con la descarga de HTB ya configurada, el controlador devuelve `-EINVAL` y activa `WARN_ON`, lo que genera un seguimiento de llamadas innecesario. Actualice el c\u00f3digo para gestionar este caso de forma m\u00e1s eficiente devolviendo `-EOPNOTSUPP` en su lugar y proporcionando un mensaje \u00fatil al usuario." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json index e982def5e0a..c169096e065 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38040.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mctrl_gpio: split disable_ms into sync and no_sync APIs\n\nThe following splat has been observed on a SAMA5D27 platform using\natmel_serial:\n\nBUG: sleeping function called from invalid context at kernel/irq/manage.c:738\nin_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0\npreempt_count: 1, expected: 0\nINFO: lockdep is turned off.\nirq event stamp: 0\nhardirqs last enabled at (0): [<00000000>] 0x0\nhardirqs last disabled at (0): [] copy_process+0x1c4c/0x7bec\nsoftirqs last enabled at (0): [] copy_process+0x1ca0/0x7bec\nsoftirqs last disabled at (0): [<00000000>] 0x0\nCPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74\nHardware name: Atmel SAMA5\nWorkqueue: hci0 hci_power_on [bluetooth]\nCall trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x44/0x70\n dump_stack_lvl from __might_resched+0x38c/0x598\n __might_resched from disable_irq+0x1c/0x48\n disable_irq from mctrl_gpio_disable_ms+0x74/0xc0\n mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4\n atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8\n atmel_set_termios from uart_change_line_settings+0x15c/0x994\n uart_change_line_settings from uart_set_termios+0x2b0/0x668\n uart_set_termios from tty_set_termios+0x600/0x8ec\n tty_set_termios from ttyport_set_flow_control+0x188/0x1e0\n ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]\n wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]\n hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]\n hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]\n hci_power_on [bluetooth] from process_one_work+0x998/0x1a38\n process_one_work from worker_thread+0x6e0/0xfb4\n worker_thread from kthread+0x3d4/0x484\n kthread from ret_from_fork+0x14/0x28\n\nThis warning is emitted when trying to toggle, at the highest level,\nsome flow control (with serdev_device_set_flow_control) in a device\ndriver. At the lowest level, the atmel_serial driver is using\nserial_mctrl_gpio lib to enable/disable the corresponding IRQs\naccordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to\ndisable_irq (called in mctrl_gpio_disable_ms) being possibly called in\nsome atomic context (some tty drivers perform modem lines configuration\nin regions protected by port lock).\n\nSplit mctrl_gpio_disable_ms into two differents APIs, a non-blocking one\nand a blocking one. Replace mctrl_gpio_disable_ms calls with the\nrelevant version depending on whether the call is protected by some port\nlock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: mctrl_gpio: divide disabled_ms en API sync y no_sync Se ha observado el siguiente splat en una plataforma SAMA5D27 usando atmel_serial: BUG: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep est\u00e1 desactivado. Marca de evento irq: 0 hardirqs habilitados por \u00faltima vez en (0): [<00000000>] 0x0 hardirqs deshabilitados por \u00faltima vez en (0): [] copy_process+0x1c4c/0x7bec softirqs habilitados por \u00faltima vez en (0): [] copy_process+0x1ca0/0x7bec softirqs deshabilitados por \u00faltima vez en (0): [<00000000>] 0x0 CPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 No contaminado 6.13.0-rc7+ #74 Nombre del hardware: Atmel SAMA5 Cola de trabajo: hci0 hci_power_on [bluetooth] Rastreo de llamadas: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x44/0x70 dump_stack_lvl from __might_resched+0x38c/0x598 __might_resched from disable_irq+0x1c/0x48 disable_irq from mctrl_gpio_disable_ms+0x74/0xc0 mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4 atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8 atmel_set_termios from uart_change_line_settings+0x15c/0x994 uart_change_line_settings from uart_set_termios+0x2b0/0x668 uart_set_termios from tty_set_termios+0x600/0x8ec tty_set_termios from ttyport_set_flow_control+0x188/0x1e0 ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc] wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth] hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth] hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth] hci_power_on [bluetooth] from process_one_work+0x998/0x1a38 process_one_work from worker_thread+0x6e0/0xfb4 worker_thread from kthread+0x3d4/0x484 kthread from ret_from_fork+0x14/0x28 Esta advertencia se emite al intentar alternar, en el nivel m\u00e1s alto, alg\u00fan control de flujo (con serdev_device_set_flow_control) en un controlador de dispositivo. En el nivel m\u00e1s bajo, el controlador atmel_serial est\u00e1 usando la librer\u00eda serial_mctrl_gpio para habilitar/deshabilitar las IRQ correspondientes seg\u00fan corresponda. La advertencia emitida por CONFIG_DEBUG_ATOMIC_SLEEP se debe a que la funci\u00f3n disabled_irq (llamada en mctrl_gpio_disable_ms) posiblemente se llama en alg\u00fan contexto at\u00f3mico (algunos controladores tty realizan la configuraci\u00f3n de l\u00edneas de m\u00f3dem en regiones protegidas por bloqueo de puerto). Divida mctrl_gpio_disable_ms en dos API diferentes, una sin bloqueo y otra con bloqueo. Reemplace las llamadas a mctrl_gpio_disable_ms con la versi\u00f3n relevante dependiendo de si la llamada est\u00e1 protegida por alg\u00fan bloqueo de puerto." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json index 8c25a027c3c..f7434b38906 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38041.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: sunxi-ng: h616: Reasignaci\u00f3n del reloj de la GPU durante cambios de frecuencia. El manual de H616 no indica que el PLL de la GPU admita la configuraci\u00f3n din\u00e1mica de frecuencia, por lo que debemos tener especial cuidado al cambiarla. Actualmente, cualquier intento de realizar la configuraci\u00f3n din\u00e1mica de frecuencia (DVFS) del dispositivo en la GPU provoca varios errores de panfrost y bloqueos de la GPU. El manual describe el algoritmo para cambiar la frecuencia del PLL, que ya es compatible con el c\u00f3digo del notificador del PLL de la CPU, por lo que lo reutilizamos para reasignar el reloj de la GPU al reloj de la GPU1 durante los cambios de frecuencia." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json index 9090fe2ad36..b4632c1d0bd 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38042.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n> ip link set eth1 down\n> ip link set eth0 down\n> ethtool -L eth0 rx 8\n> ip link set eth0 up\n> modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma-glue: Eliminar argumento skip_fdq de k3_udma_glue_reset_rx_chn El usuario de k3_udma_glue_reset_rx_chn(), p. ej., ti_am65_cpsw_nuss, puede ejecutarse en m\u00faltiples plataformas que tengan diferentes arquitecturas DMA. En algunas plataformas puede haber un FDQ para todos los flujos en el canal RX, mientras que en otras hay un FDQ independiente para cada flujo en el canal RX. Hasta ahora, hemos dependido del argumento skip_fdq de k3_udma_glue_reset_rx_chn(). En lugar de depender de que el usuario proporcione esta informaci\u00f3n, infi\u00e9rala en funci\u00f3n de la arquitectura DMA durante k3_udma_glue_request_rx_chn() y gu\u00e1rdela en un indicador interno 'single_fdq'. Utilice esa bandera en k3_udma_glue_reset_rx_chn() para decidir si el FDQ necesita ser borrado para cada flujo o s\u00f3lo para el flujo 0. Corrige el siguiente problema en el controlador ti_am65_cpsw_nuss en AM62-SK. > enlace ip establecer eth1 inactivo > enlace ip establecer eth0 inactivo > ethtool -L eth0 rx 8 > enlace ip establecer eth0 activo > modprobe -r ti_am65_cpsw_nuss [ 103.045726] ------------[ cortar aqu\u00ed ]------------ [ 103.050505] k3_knav_desc_pool tama\u00f1o 512000 != avail 64000 [ 103.050703] ADVERTENCIA: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas p drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r fkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool] [ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011 [ 103.119968] Hardware name: Texas Instruments AM625 SK (DT) [ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.154709] sp : ffff8000826ebbc0 [ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000 [ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0 [ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88 [ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000 [ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde [ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000 [ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20 [ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100 [ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000 [ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000 [ 103.229274] Call trace: [ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P) [ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss] [ 103.244942] devm_action_release+0x14/0x20 [ 103.249040] release_nodes+0x3c/0x68 [ 103.252610] devres_release_all+0x8c/0xdc [ 103.256614] device_unbind_cleanup+0x18/0x60 [ 103.260876] device_release_driver_internal+0xf8/0x178 [ 103.266004] driver_detach+0x50/0x9c [ 103.269571] bus_remove_driver+0x6c/0xbc [ 103.273485] driver_unregister+0x30/0x60 [ 103.277401] platform_driver_unregister+0x14/0x20 [ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss] [ 103.288620] __arm64_sys_delete_module+0x17c/0x25c [ 103.293404] invoke_syscall+0x44/0x100 [ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0 [ 103.301845] do_el0_svc+0x1c/0x28 [ 103.305155] el0_svc+0x28/0x98 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json index ef503755627..9948b71022e 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38043.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Set dma_mask for ffa devices\n\nSet dma_mask for FFA devices, otherwise DMA allocation using the device pointer\nlead to following warning:\n\nWARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_ffa: Establecer dma_mask para dispositivos ffa Establecer dma_mask para dispositivos FFA, de lo contrario la asignaci\u00f3n de DMA mediante el puntero del dispositivo genera la siguiente advertencia: ADVERTENCIA: CPU: 1 PID: 1 en kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json index 4c59a94ca50..b1d72984d3a 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38044.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx231xx: set device_caps for 417\n\nThe video_device for the MPEG encoder did not set device_caps.\n\nAdd this, otherwise the video device can't be registered (you get a\nWARN_ON instead).\n\nNot seen before since currently 417 support is disabled, but I found\nthis while experimenting with it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: cx231xx: se estableci\u00f3 device_caps para 417. El dispositivo de video del codificador MPEG no estableci\u00f3 device_caps. A\u00f1ada esto; de lo contrario, el dispositivo de video no se podr\u00e1 registrar (en su lugar, se obtendr\u00e1 un WARN_ON). No se hab\u00eda observado antes, ya que la compatibilidad con 417 est\u00e1 deshabilitada, pero lo encontr\u00e9 al experimentar con \u00e9l." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json index 88dc07fa685..461697ac73f 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38045.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix debug actions order\n\nThe order of actions taken for debug was implemented incorrectly.\nNow we implemented the dump split and do the FW reset only in the\nmiddle of the dump (rather than the FW killing itself on error.)\nAs a result, some of the actions taken when applying the config\nwill now crash the device, so we need to fix the order." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: corregir el orden de las acciones de depuraci\u00f3n. El orden de las acciones de depuraci\u00f3n se implement\u00f3 incorrectamente. Ahora implementamos la divisi\u00f3n del volcado y el reinicio del firmware se realiza solo en medio del volcado (en lugar de que el firmware se autodestruya en caso de error). Como resultado, algunas acciones al aplicar la configuraci\u00f3n ahora bloquear\u00e1n el dispositivo, por lo que debemos corregir el orden." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json index b45ac42b5ea..7eb0a9b7a08 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38047.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/fred: Se solucion\u00f3 el bloqueo del sistema durante la reanudaci\u00f3n de S4 con FRED habilitado. Al reactivarse desde S4, el kernel de restauraci\u00f3n se inicia e inicializa los MSR de FRED seg\u00fan sea necesario. A continuaci\u00f3n, carga una imagen de hibernaci\u00f3n, incluyendo el kernel de imagen, e intenta cargar las p\u00e1ginas de la imagen directamente en los marcos de p\u00e1gina originales utilizados antes de la hibernaci\u00f3n, a menos que dichos marcos est\u00e9n en uso. Una vez que todas las p\u00e1ginas se mueven a sus ubicaciones originales, se accede a una p\u00e1gina \"trampol\u00edn\" en el kernel de imagen. En este punto, el kernel de imagen toma el control, pero los MSR de FRED a\u00fan contienen valores establecidos por el kernel de restauraci\u00f3n, que pueden diferir de los establecidos por el kernel de imagen antes de la hibernaci\u00f3n. Por lo tanto, el kernel de imagen debe garantizar que los MSR de FRED tengan los mismos valores que antes de la hibernaci\u00f3n. Dado que estos valores dependen \u00fanicamente de la ubicaci\u00f3n del texto y los datos del kernel, pueden recalcularse desde cero." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json index f5de2877c0b..3977a488f7b 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38048.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_ring: Fix data race by tagging event_triggered as racy for KCSAN\n\nsyzbot reports a data-race when accessing the event_triggered, here is the\nsimplified stack when the issue occurred:\n\n==================================================================\nBUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed\n\nwrite to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0:\n virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653\n start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3800 [inline]\n\nread to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1:\n virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline]\n virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566\n skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777\n vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715\n __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158\n handle_irq_event_percpu kernel/irq/handle.c:193 [inline]\n\nvalue changed: 0x01 -> 0x00\n==================================================================\n\nWhen the data race occurs, the function virtqueue_enable_cb_delayed() sets\nevent_triggered to false, and virtqueue_disable_cb_split/packed() reads it\nas false due to the race condition. Since event_triggered is an unreliable\nhint used for optimization, this should only cause the driver temporarily\nsuggest that the device not send an interrupt notification when the event\nindex is used.\n\nFix this KCSAN reported data-race issue by explicitly tagging the access as\ndata_racy." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio_ring: corrige la ejecuci\u00f3n de datos etiquetando event_triggered como racy para KCSAN syzbot informa una ejecuci\u00f3n de datos al acceder a event_triggered, aqu\u00ed est\u00e1 la pila simplificada cuando ocurri\u00f3 el problema: ===================================================================== ERROR: KCSAN: ejecuci\u00f3n de datos en virtqueue_disable_cb / virtqueue_enable_cb_delayed escribe en 0xffff8881025bc452 de 1 byte por la tarea 3288 en la CPU 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653 start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264 __netdev_start_xmit include/linux/netdevice.h:5151 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:5160 [en l\u00ednea] xmit_one net/core/dev.c:3800 [en l\u00ednea] lectura a 0xffff8881025bc452 de 1 byte por interrupci\u00f3n en la CPU 1: virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [en l\u00ednea] virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566 skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777 vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715 __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] valor cambiado: 0x01 -> 0x00 ===================================================================== Cuando ocurre la ejecuci\u00f3n de datos, la funci\u00f3n virtqueue_enable_cb_delayed() establece event_triggered en falso, y virtqueue_disable_cb_split/packed() lo lee como falso debido a la condici\u00f3n de ejecuci\u00f3n. Dado que event_triggered es una indicaci\u00f3n poco fiable utilizada para la optimizaci\u00f3n, esto solo deber\u00eda provocar que el controlador sugiera temporalmente que el dispositivo no env\u00ede una notificaci\u00f3n de interrupci\u00f3n cuando se utilice el \u00edndice de evento. Solucione este problema de ejecuci\u00f3n de datos informado por KCSAN etiquetando expl\u00edcitamente el acceso como data_racy." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json index f26d3708798..f5a8b06320b 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38050.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios\n\nA kernel crash was observed when replacing free hugetlb folios:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000028\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 28 UID: 0 PID: 29639 Comm: test_cma.sh Tainted 6.15.0-rc6-zp #41 PREEMPT(voluntary)\nRIP: 0010:alloc_and_dissolve_hugetlb_folio+0x1d/0x1f0\nRSP: 0018:ffffc9000b30fa90 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000342cca RCX: ffffea0043000000\nRDX: ffffc9000b30fb08 RSI: ffffea0043000000 RDI: 0000000000000000\nRBP: ffffc9000b30fb20 R08: 0000000000001000 R09: 0000000000000000\nR10: ffff88886f92eb00 R11: 0000000000000000 R12: ffffea0043000000\nR13: 0000000000000000 R14: 00000000010c0200 R15: 0000000000000004\nFS: 00007fcda5f14740(0000) GS:ffff8888ec1d8000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000028 CR3: 0000000391402000 CR4: 0000000000350ef0\nCall Trace:\n\n replace_free_hugepage_folios+0xb6/0x100\n alloc_contig_range_noprof+0x18a/0x590\n ? srso_return_thunk+0x5/0x5f\n ? down_read+0x12/0xa0\n ? srso_return_thunk+0x5/0x5f\n cma_range_alloc.constprop.0+0x131/0x290\n __cma_alloc+0xcf/0x2c0\n cma_alloc_write+0x43/0xb0\n simple_attr_write_xsigned.constprop.0.isra.0+0xb2/0x110\n debugfs_attr_write+0x46/0x70\n full_proxy_write+0x62/0xa0\n vfs_write+0xf8/0x420\n ? srso_return_thunk+0x5/0x5f\n ? filp_flush+0x86/0xa0\n ? srso_return_thunk+0x5/0x5f\n ? filp_close+0x1f/0x30\n ? srso_return_thunk+0x5/0x5f\n ? do_dup2+0xaf/0x160\n ? srso_return_thunk+0x5/0x5f\n ksys_write+0x65/0xe0\n do_syscall_64+0x64/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThere is a potential race between __update_and_free_hugetlb_folio() and\nreplace_free_hugepage_folios():\n\nCPU1 CPU2\n__update_and_free_hugetlb_folio replace_free_hugepage_folios\n folio_test_hugetlb(folio)\n -- It's still hugetlb folio.\n\n __folio_clear_hugetlb(folio)\n hugetlb_free_folio(folio)\n h = folio_hstate(folio)\n -- Here, h is NULL pointer\n\nWhen the above race condition occurs, folio_hstate(folio) returns NULL,\nand subsequent access to this NULL pointer will cause the system to crash.\nTo resolve this issue, execute folio_hstate(folio) under the protection\nof the hugetlb_lock lock, ensuring that folio_hstate(folio) does not\nreturn NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/hugetlb: correcci\u00f3n de la desreferencia del puntero NULL del kernel al reemplazar folios hugetlb libres Se observ\u00f3 un fallo del kernel al reemplazar folios hugetlb libres: ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000028 PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 28 UID: 0 PID: 29639 Comm: test_cma.sh Tainted 6.15.0-rc6-zp #41 PREEMPT(voluntario) RIP: 0010:alloc_and_dissolve_hugetlb_folio+0x1d/0x1f0 RSP: 0018:ffffc9000b30fa90 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000342cca RCX: ffffea0043000000 RDX: ffffc9000b30fb08 RSI: ffffea0043000000 RDI: 0000000000000000 RBP: ffffc9000b30fb20 R08: 0000000000001000 R09: 0000000000000000 R10: ffff88886f92eb00 R11: 000000000000000000 R12: ffffea0043000000 R13: 0000000000000000 R14: 00000000010c0200 R15: 0000000000000004 FS: 00007fcda5f14740(0000) GS:ffff8888ec1d8000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000028 CR3: 0000000391402000 CR4: 0000000000350ef0 Rastreo de llamadas: replace_free_hugepage_folios+0xb6/0x100 alloc_contig_range_noprof+0x18a/0x590 ? srso_return_thunk+0x5/0x5f ? down_read+0x12/0xa0 ? srso_return_thunk+0x5/0x5f cma_range_alloc.constprop.0+0x131/0x290 __cma_alloc+0xcf/0x2c0 cma_alloc_write+0x43/0xb0 simple_attr_write_xsigned.constprop.0.isra.0+0xb2/0x110 debugfs_attr_write+0x46/0x70 full_proxy_write+0x62/0xa0 vfs_write+0xf8/0x420 ? srso_return_thunk+0x5/0x5f ? filp_flush+0x86/0xa0 ? srso_return_thunk+0x5/0x5f ? filp_close+0x1f/0x30 ? srso_return_thunk+0x5/0x5f ? do_dup2+0xaf/0x160 ? srso_return_thunk+0x5/0x5f ksys_write+0x65/0xe0 do_syscall_64+0x64/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e There is a potential race between __update_and_free_hugetlb_folio() and replace_free_hugepage_folios(): CPU1 CPU2 __update_and_free_hugetlb_folio replace_free_hugepage_folios folio_test_hugetlb(folio) -- It's still hugetlb folio. __folio_clear_hugetlb(folio) hugetlb_free_folio(folio) h = folio_hstate(folio) -- Aqu\u00ed, h es un puntero NULL Cuando ocurre la condici\u00f3n de ejecuci\u00f3n anterior, folio_hstate(folio) devuelve NULL y el acceso posterior a este puntero NULL provocar\u00e1 que el sistema se bloquee. Para resolver este problema, ejecute folio_hstate(folio) bajo la protecci\u00f3n del bloqueo hugetlb_lock, asegur\u00e1ndose de que folio_hstate(folio) no devuelva NULL." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json index bd2fc77bf61..5417e8954db 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38051.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Se corrige el use-after-free en cifs_fill_dirent Hay una condici\u00f3n de ejecuci\u00f3n en el proceso de concurrencia readdir, que puede acceder al b\u00fafer rsp despu\u00e9s de que se haya liberado, lo que activa la siguiente advertencia KASAN. ======================================================================== ERROR: KASAN: slab-use-after-free en cifs_fill_dirent+0xb03/0xb60 [cifs] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff8880099b819c por la tarea a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm: a.out No contaminado 6.15.0-rc6+ #240 PREEMPT(full) Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x53/0x70 print_report+0xce/0x640 kasan_report+0xb8/0xf0 cifs_fill_dirent+0xb03/0xb60 [cifs] cifs_readdir+0x12cb/0x3190 [cifs] iterate_dir+0x1a1/0x520 __x64_sys_getdents+0x134/0x220 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f996f64b9f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8 RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88 R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000 Allocated by task 408: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x6e/0x70 kmem_cache_alloc_noprof+0x117/0x3d0 mempool_alloc_noprof+0xf2/0x2c0 cifs_buf_get+0x36/0x80 [cifs] allocate_buffers+0x1d2/0x330 [cifs] cifs_demultiplex_thread+0x22b/0x2690 [cifs] kthread+0x394/0x720 ret_from_fork+0x34/0x70 ret_from_fork_asm+0x1a/0x30 Freed by task 342979: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kmem_cache_free+0x2b8/0x500 cifs_buf_release+0x3c/0x70 [cifs] cifs_readdir+0x1c97/0x3190 [cifs] iterate_dir+0x1a1/0x520 __x64_sys_getdents64+0x134/0x220 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e La direcci\u00f3n con errores pertenece al objeto en ffff8880099b8000 que pertenece a la cach\u00e9 cifs_request de tama\u00f1o 16588 La direcci\u00f3n con errores se encuentra a 412 bytes dentro de la regi\u00f3n liberada de 16588 bytes [ffff8880099b8000, ffff8880099bc0cc) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x80000000000040(head|node=0|zone=1) page_type: f5(slab) raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001 raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001 head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== La prueba de concepto (POC) est\u00e1 disponible en el enlace [1]. El proceso que desencadena el problema es el siguiente: Proceso 1 Proceso 2 ----------------------------------- ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json index 922f1d42197..d2ca33777a3 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38052.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = &ctx->cryptd_tfm->base;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work)\n\nFix this by holding net reference count before encrypt." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/tipc: correcci\u00f3n de lectura slab-use-after-free en tipc_aead_encrypt_done Syzbot inform\u00f3 de una lectura slab-use-after-free con el siguiente seguimiento de llamada: ======================================================================= ERROR: KASAN: slab-use-after-free en tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88807a733000 por la tarea kworker/1:0/25 Seguimiento de llamada: kasan_report+0xd9/0x110 mm/kasan/report.c:601 tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 crypto_request_complete include/crypto/algapi.h:266 aead_request_complete include/crypto/internal/aead.h:85 cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772 crypto_request_complete include/crypto/algapi.h:266 cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 Asignado por la tarea 8355: kzalloc_noprof include/linux/slab.h:778 tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466 tipc_init_net+0x2dd/0x430 net/tipc/core.c:72 ops_init+0xb9/0x650 net/core/net_namespace.c:139 setup_net+0x435/0xb40 net/core/net_namespace.c:343 copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508 create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228 ksys_unshare+0x419/0x970 kernel/fork.c:3323 __do_sys_unshare kernel/fork.c:3394 Liberado por la tarea 63: kfree+0x12a/0x3b0 mm/slub.c:4557 tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539 tipc_exit_net+0x8c/0x110 net/tipc/core.c:119 ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 Despu\u00e9s de liberar la transacci\u00f3n tipc_crypto al eliminar el espacio de nombres, tipc_aead_encrypt_done a\u00fan puede visitarla en cryptd_queue_worker workqueue. Reproduzco este problema mediante: ip netns add ns1 ip link add veth1 type veth peer name veth2 ip link set veth1 netns ns1 ip netns exec ns1 tipc bearer enable media eth dev veth1 ip netns exec ns1 tipc node set key this_is_a_master_key master ip netns exec ns1 tipc bearer disabled media eth dev veth1 ip netns del ns1 La clave de reproducci\u00f3n es que simd_aead_encrypt se interrumpe, lo que lleva a que crypto_simd_usable() devuelva falso. Por lo tanto, se activa cryptd_queue_worker y se visita la transacci\u00f3n tipc_crypto. tipc_disc_timeout tipc_bearer_xmit_skb tipc_crypto_xmit tipc_aead_encrypt crypto_aead_encrypt // cifrar() simd_aead_encrypt // crypto_simd_usable() es falso child = &ctx->cryptd_tfm->base; simd_aead_encrypt crypto_aead_encrypt // cifrar() cryptd_aead_encrypt_enqueue cryptd_aead_enqueue cryptd_enqueue_request // desencadenador cryptd_queue_worker queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work) Solucione esto manteniendo el recuento de referencias de red antes de cifrar." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json index ec229b2a800..3364e7322b0 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38053.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix null-ptr-deref in idpf_features_check\n\nidpf_features_check is used to validate the TX packet. skb header\nlength is compared with the hardware supported value received from\nthe device control plane. The value is stored in the adapter structure\nand to access it, vport pointer is used. During reset all the vports\nare released and the vport pointer that the netdev private structure\npoints to is NULL.\n\nTo avoid null-ptr-deref, store the max header length value in netdev\nprivate structure. This also helps to cache the value and avoid\naccessing adapter pointer in hot path.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000068\n...\nRIP: 0010:idpf_features_check+0x6d/0xe0 [idpf]\nCall Trace:\n \n ? __die+0x23/0x70\n ? page_fault_oops+0x154/0x520\n ? exc_page_fault+0x76/0x190\n ? asm_exc_page_fault+0x26/0x30\n ? idpf_features_check+0x6d/0xe0 [idpf]\n netif_skb_features+0x88/0x310\n validate_xmit_skb+0x2a/0x2b0\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x19d/0x3a0\n __dev_queue_xmit+0xb74/0xe70\n ..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: idpf: correcci\u00f3n de null-ptr-deref en idpf_features_check idpf_features_check se utiliza para validar el paquete TX. La longitud del encabezado skb se compara con el valor admitido por el hardware recibido del plano de control del dispositivo. El valor se almacena en la estructura del adaptador y para acceder a \u00e9l, se utiliza el puntero vport. Durante el reinicio, se liberan todos los vports y el puntero vport al que apunta la estructura privada netdev es NULL. Para evitar null-ptr-deref, almacene el valor de longitud m\u00e1xima del encabezado en la estructura privada netdev. Esto tambi\u00e9n ayuda a almacenar en cach\u00e9 el valor y evitar el acceso al puntero del adaptador en la ruta activa. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000068 ... RIP: 0010:idpf_features_check+0x6d/0xe0 [idpf] Rastreo de llamadas: ? __die+0x23/0x70 ? page_fault_oops+0x154/0x520 ? exc_page_fault+0x76/0x190 ? asm_exc_page_fault+0x26/0x30 ? idpf_features_check+0x6d/0xe0 [idpf] netif_skb_features+0x88/0x310 validate_xmit_skb+0x2a/0x2b0 validate_xmit_skb_list+0x4c/0x70 sch_direct_xmit+0x19d/0x3a0 __dev_queue_xmit+0xb74/0xe70 ... " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json index 17d3a3957cd..fd6c4f3c7e6 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38054.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Limit signal/freq counts in summary output functions\n\nThe debugfs summary output could access uninitialized elements in\nthe freq_in[] and signal_out[] arrays, causing NULL pointer\ndereferences and triggering a kernel Oops (page_fault_oops).\nThis patch adds u8 fields (nr_freq_in, nr_signal_out) to track the\nnumber of initialized elements, with a maximum of 4 per array.\nThe summary output functions are updated to respect these limits,\npreventing out-of-bounds access and ensuring safe array handling.\n\nWiden the label variables because the change confuses GCC about\nmax length of the strings." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ptp: ocp: Limitar el conteo de se\u00f1ales/frecuencias en las funciones de salida de resumen. La salida de resumen de debugfs podr\u00eda acceder a elementos no inicializados en las matrices freq_in[] y signal_out[], lo que causa desreferencias de punteros nulos y desencadena un error de kernel (page_fault_oops). Este parche agrega campos u8 (nr_freq_in, nr_signal_out) para rastrear el n\u00famero de elementos inicializados, con un m\u00e1ximo de 4 por matriz. Las funciones de salida de resumen se actualizan para respetar estos l\u00edmites, lo que evita el acceso fuera de los l\u00edmites y garantiza el manejo seguro de la matriz. Ampl\u00ede las variables de etiqueta porque el cambio confunde a GCC sobre la longitud m\u00e1xima de las cadenas." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json index 9a10bf40c52..c07c794e3ca 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38055.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq\n\nCurrently, using PEBS-via-PT with a sample frequency instead of a sample\nperiod, causes a segfault. For example:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000195\n \n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0xca/0x290\n ? exc_page_fault+0x7e/0x1b0\n ? asm_exc_page_fault+0x26/0x30\n ? intel_pmu_pebs_event_update_no_drain+0x40/0x60\n ? intel_pmu_pebs_event_update_no_drain+0x32/0x60\n intel_pmu_drain_pebs_icl+0x333/0x350\n handle_pmi_common+0x272/0x3c0\n intel_pmu_handle_irq+0x10a/0x2e0\n perf_event_nmi_handler+0x2a/0x50\n\nThat happens because intel_pmu_pebs_event_update_no_drain() assumes all the\npebs_enabled bits represent counter indexes, which is not always the case.\nIn this particular case, bits 60 and 61 are set for PEBS-via-PT purposes.\n\nThe behaviour of PEBS-via-PT with sample frequency is questionable because\nalthough a PMI is generated (PEBS_PMI_AFTER_EACH_RECORD), the period is not\nadjusted anyway.\n\nPutting that aside, fix intel_pmu_pebs_event_update_no_drain() by passing\nthe mask of counter bits instead of 'size'. Note, prior to the Fixes\ncommit, 'size' would be limited to the maximum counter index, so the issue\nwas not hit." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/x86/intel: Correcci\u00f3n de una falla de segmentaci\u00f3n con PEBS-via-PT con sample_freq. Actualmente, usar PEBS-via-PT con una frecuencia de muestreo en lugar de un periodo de muestreo provoca una falla de segmentaci\u00f3n. Por ejemplo: Error: Desreferencia de puntero nulo del kernel, direcci\u00f3n: 0000000000000195 ? __die_body.cold+0x19/0x27 ? page_fault_oops+0xca/0x290 ? exc_page_fault+0x7e/0x1b0 ? asm_exc_page_fault+0x26/0x30 ? intel_pmu_pebs_event_update_no_drain+0x40/0x60 ? intel_pmu_pebs_event_update_no_drain+0x32/0x60 intel_pmu_drain_pebs_icl+0x333/0x350 handle_pmi_common+0x272/0x3c0 intel_pmu_handle_irq+0x10a/0x2e0 perf_event_nmi_handler+0x2a/0x50 Esto sucede porque intel_pmu_pebs_event_update_no_drain() asume que todos los bits pebs_enabled representan \u00edndices de contador, lo que no siempre es el caso. En este caso particular, los bits 60 y 61 se establecen para fines de PEBS a trav\u00e9s de PT. El comportamiento de PEBS a trav\u00e9s de PT con frecuencia de muestreo es cuestionable porque, aunque se genera un PMI (PEBS_PMI_AFTER_EACH_RECORD), el per\u00edodo no se ajusta de todos modos. Dejando eso de lado, corrija intel_pmu_pebs_event_update_no_drain() pasando la m\u00e1scara de bits del contador en lugar de 'size'. Tenga en cuenta que, antes de el commit de las correcciones, 'size' estaba limitado al \u00edndice m\u00e1ximo del contador, por lo que el problema no se solucion\u00f3." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json index 717c76c1557..d7ad13b585e 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38056.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Fix UAF when reloading module\n\nhda_generic_machine_select() appends -idisp to the tplg filename by\nallocating a new string with devm_kasprintf(), then stores the string\nright back into the global variable snd_soc_acpi_intel_hda_machines.\nWhen the module is unloaded, this memory is freed, resulting in a global\nvariable pointing to freed memory. Reloading the module then triggers\na use-after-free:\n\nBUG: KFENCE: use-after-free read in string+0x48/0xe0\n\nUse-after-free read at 0x00000000967e0109 (in kfence-#99):\n string+0x48/0xe0\n vsnprintf+0x329/0x6e0\n devm_kvasprintf+0x54/0xb0\n devm_kasprintf+0x58/0x80\n hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic]\n sof_probe_work+0x7f/0x600 [snd_sof]\n process_one_work+0x17b/0x330\n worker_thread+0x2ce/0x3f0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nkfence-#99: 0x00000000198a940f-0x00000000ace47d9d, size=64, cache=kmalloc-64\n\nallocated by task 333 on cpu 8 at 17.798069s (130.453553s ago):\n devm_kmalloc+0x52/0x120\n devm_kvasprintf+0x66/0xb0\n devm_kasprintf+0x58/0x80\n hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic]\n sof_probe_work+0x7f/0x600 [snd_sof]\n process_one_work+0x17b/0x330\n worker_thread+0x2ce/0x3f0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nfreed by task 1543 on cpu 4 at 141.586686s (6.665010s ago):\n release_nodes+0x43/0xb0\n devres_release_all+0x90/0xf0\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1c1/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x42/0xb0\n __do_sys_delete_module+0x1d1/0x310\n do_syscall_64+0x82/0x190\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it by copying the match array with devm_kmemdup_array() before we\nmodify it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda: Se corrige el UAF al recargar el m\u00f3dulo. hda_generic_machine_select() a\u00f1ade -idisp al nombre de archivo tplg asignando una nueva cadena con devm_kasprintf() y luego la almacena directamente en la variable global snd_soc_acpi_intel_hda_machines. Al descargar el m\u00f3dulo, se libera esta memoria, lo que genera una variable global que apunta a la memoria liberada. Recargar el m\u00f3dulo luego activa un use-after-free: ERROR: KFENCE: use-after-free read in string+0x48/0xe0 Use-after-free read at 0x00000000967e0109 (in kfence-#99): string+0x48/0xe0 vsnprintf+0x329/0x6e0 devm_kvasprintf+0x54/0xb0 devm_kasprintf+0x58/0x80 hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic] sof_probe_work+0x7f/0x600 [snd_sof] process_one_work+0x17b/0x330 worker_thread+0x2ce/0x3f0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 kfence-#99: 0x00000000198a940f-0x00000000ace47d9d, size=64, cache=kmalloc-64 allocated by task 333 on cpu 8 at 17.798069s (130.453553s ago): devm_kmalloc+0x52/0x120 devm_kvasprintf+0x66/0xb0 devm_kasprintf+0x58/0x80 hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic] sof_probe_work+0x7f/0x600 [snd_sof] process_one_work+0x17b/0x330 worker_thread+0x2ce/0x3f0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 freed by task 1543 on cpu 4 at 141.586686s (6.665010s ago): release_nodes+0x43/0xb0 devres_release_all+0x90/0xf0 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1c1/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x42/0xb0 __do_sys_delete_module+0x1d1/0x310 do_syscall_64+0x82/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e Corr\u00edjalo copiando la matriz de coincidencia con devm_kmemdup_array() antes de modificarla." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json index 0d76e4a5d4c..a9eefe1f98d 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38057.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: fix skb leaks\n\nA few error paths are missing a kfree_skb." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: espintcp: corrige fugas de skb. En algunas rutas de error falta un kfree_skb." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json index 55ea79d4670..c44da472dc5 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38058.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see\nthat it's safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it'll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it's nowhere near common enough to bother\nwith." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: __legitimize_mnt(): la comprobaci\u00f3n de MNT_SYNC_UMOUNT debe estar bajo mount_lock... o corremos el riesgo de robar la mntput final de sync umount, lo que genera mnt_count despu\u00e9s de que umount(2) haya verificado que la v\u00edctima no est\u00e1 ocupada, pero antes de que haya establecido MNT_SYNC_UMOUNT. En ese caso, __legitimize_mnt() no considera que sea seguro deshacer silenciosamente el incremento de mnt_count y contin\u00faa eliminando la referencia al llamador, donde se ejecutar\u00e1 una mntput() completa. Es necesaria la comprobaci\u00f3n bajo mount_lock; dejar la actual activada antes de tomarla no tiene sentido; no es lo suficientemente com\u00fan como para molestarse en hacerlo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json index 7456ce77cfe..f3661a61e98 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38059.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid csum tree\n\n[BUG]\nWhen trying read-only scrub on a btrfs with rescue=idatacsums mount\noption, it will crash with the following call trace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:btrfs_lookup_csums_bitmap+0x49/0x480 [btrfs]\n Call Trace:\n \n scrub_find_fill_first_stripe+0x35b/0x3d0 [btrfs]\n scrub_simple_mirror+0x175/0x290 [btrfs]\n scrub_stripe+0x5f7/0x6f0 [btrfs]\n scrub_chunk+0x9a/0x150 [btrfs]\n scrub_enumerate_chunks+0x333/0x660 [btrfs]\n btrfs_scrub_dev+0x23e/0x600 [btrfs]\n btrfs_ioctl+0x1dcf/0x2f80 [btrfs]\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[CAUSE]\nMount option \"rescue=idatacsums\" will completely skip loading the csum\ntree, so that any data read will not find any data csum thus we will\nignore data checksum verification.\n\nNormally call sites utilizing csum tree will check the fs state flag\nNO_DATA_CSUMS bit, but unfortunately scrub does not check that bit at all.\n\nThis results in scrub to call btrfs_search_slot() on a NULL pointer\nand triggered above crash.\n\n[FIX]\nCheck both extent and csum tree root before doing any tree search." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: evitar la desreferencia de puntero NULL si no hay un \u00e1rbol csum v\u00e1lido [ERROR] Al intentar una limpieza de solo lectura en un btrfs con la opci\u00f3n de montaje rescue=idatacsums, se bloquear\u00e1 con el siguiente seguimiento de llamada: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000208 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: GO 6.15.0-rc3-custom+ #236 PREEMPT(full) Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS desconocido 02/02/2022 RIP: 0010:btrfs_lookup_csums_bitmap+0x49/0x480 [btrfs] Seguimiento de llamadas: scrub_find_fill_first_stripe+0x35b/0x3d0 [btrfs] scrub_simple_mirror+0x175/0x290 [btrfs] scrub_stripe+0x5f7/0x6f0 [btrfs] scrub_chunk+0x9a/0x150 [btrfs] scrub_enumerate_chunks+0x333/0x660 [btrfs] btrfs_scrub_dev+0x23e/0x600 [btrfs] btrfs_ioctl+0x1dcf/0x2f80 [btrfs] __x64_sys_ioctl+0x97/0xc0 do_syscall_64+0x4f/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e [CAUSE] La opci\u00f3n de montaje \"rescue=idatacsums\" omitir\u00e1 por completo la carga del \u00e1rbol de sumas de comprobaci\u00f3n (CSUM), por lo que los datos le\u00eddos no encontrar\u00e1n ninguna CSU, por lo que se ignorar\u00e1 la verificaci\u00f3n de la suma de comprobaci\u00f3n de datos. Normalmente, los sitios de llamada que utilizan el \u00e1rbol de CSU comprueban el bit NO_DATA_CSUMS del indicador de estado del sistema de archivos, pero lamentablemente, scrub no lo comprueba en absoluto. Esto provoca que scrub llame a btrfs_search_slot() en un puntero nulo, lo que provoc\u00f3 el bloqueo mencionado anteriormente. [CORRECCI\u00d3N] Compruebe la extensi\u00f3n y la ra\u00edz del \u00e1rbol de CSU antes de realizar cualquier b\u00fasqueda en el \u00e1rbol." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json index 2e213c0ee4f..9275aa7cd97 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38060.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: copy_verifier_state() should copy 'loop_entry' field\n\nThe bpf_verifier_state.loop_entry state should be copied by\ncopy_verifier_state(). Otherwise, .loop_entry values from unrelated\nstates would poison env->cur_state.\n\nAdditionally, env->stack should not contain any states with\n.loop_entry != NULL. The states in env->stack are yet to be verified,\nwhile .loop_entry is set for states that reached an equivalent state.\nThis means that env->cur_state->loop_entry should always be NULL after\npop_stack().\n\nSee the selftest in the next commit for an example of the program that\nis not safe yet is accepted by verifier w/o this fix.\n\nThis change has some verification performance impact for selftests:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- -------------\narena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%)\narena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%)\narena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%)\niters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%)\niters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%)\niters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%)\nkmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%)\nverifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%)\nverifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)\n\nAnd significant negative impact for sched_ext:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------\nbpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%)\nbpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%)\nbpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%)\nbpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%)\nbpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%)\nbpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%)\nbpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%)\nbpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%)\nscx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%)\nscx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%)\nscx_qmap.bpf.o qmap_dispatch \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: copy_verifier_state() deber\u00eda copiar el campo 'loop_entry'. El estado bpf_verifier_state.loop_entry deber\u00eda ser copiado por copy_verifier_state(). De lo contrario, los valores .loop_entry de estados no relacionados envenenar\u00edan env->cur_state. Adem\u00e1s, env->stack no deber\u00eda contener ning\u00fan estado con .loop_entry != NULL. Los estados en env->stack a\u00fan est\u00e1n por verificar, mientras que .loop_entry est\u00e1 configurado para estados que alcanzaron un estado equivalente. Esto significa que env->cur_state->loop_entry siempre deber\u00eda ser NULL despu\u00e9s de pop_stack(). Vea la autoprueba en la siguiente confirmaci\u00f3n para un ejemplo del programa que no es seguro pero es aceptado por el verificador sin esta correcci\u00f3n. Este cambio tiene alg\u00fan impacto en el rendimiento de la verificaci\u00f3n para las autopruebas: Archivo Programa Insns (A) Insns (B) Insns (DIFF) Estados (A) Estados (B) Estados (DIFF) ---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- ------------- arena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%) arena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%) arena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%) iters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%) iters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%) iters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%) kmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%) verifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%) verifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)Y un impacto negativo significativo para sched_ext: Archivo Programa Insns (A) Insns (B) Insns (DIFF) Estados (A) Estados (B) Estados (DIFF) ----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------ bpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%) bpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%) bpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%) bpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%) bpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%) bpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%) bpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%) bpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%) scx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%) scx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%) scx_qmap.bpf.o qmap_dispatch ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json index 16bb9a73e9b..7008d448b58 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38061.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: pktgen: corrige el acceso fuera del b\u00fafer dado por el usuario en pktgen_thread_write() Respeta el tama\u00f1o del b\u00fafer dado por el usuario para las llamadas strn_len() (de lo contrario, strn_len() acceder\u00e1 a la memoria fuera del b\u00fafer dado por el usuario)." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json index d815b898e09..b1c48451c02 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38062.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: genirq/msi: Almacenar el IOVA de IOMMU directamente en msi_desc en lugar de en iommu_cookie La traducci\u00f3n de IOMMU para direcciones de mensajes MSI ha sido un proceso de 2 pasos, separados en el tiempo: 1) iommu_dma_prepare_msi(): Un puntero de cookie que contiene la direcci\u00f3n IOVA se almacena en el descriptor MSI cuando se asigna una interrupci\u00f3n MSI. 2) iommu_dma_compose_msi_msg(): este puntero de cookie se utiliza para calcular una direcci\u00f3n de mensaje traducida. Esto tiene un problema de vida \u00fatil inherente para el puntero almacenado en la cookie que debe seguir siendo v\u00e1lido entre los dos pasos. Sin embargo, no hay bloqueo en la capa irq que ayude a proteger la vida \u00fatil. Hoy en d\u00eda, esto funciona bajo el supuesto de que el dominio iommu no cambia mientras se programan las interrupciones MSI. Esto aplica a los usuarios normales de la API de DMA dentro del kernel, ya que el dominio iommu se conecta antes de sondear el controlador y no se puede cambiar mientras est\u00e9 conectado. El tipo 1 de VFIO cl\u00e1sico tambi\u00e9n imped\u00eda cambiar el dominio iommu mientras VFIO se ejecutaba, ya que no admite cambiar el \"contenedor\" despu\u00e9s del inicio. Sin embargo, iommufd ha mejorado esto para que el dominio iommu se pueda cambiar durante la operaci\u00f3n de VFIO. Esto potencialmente permite que el espacio de usuario compita directamente con VFIO_DEVICE_ATTACH_IOMMUFD_PT (que llama a iommu_attach_group()) y VFIO_DEVICE_SET_IRQS (que llama a iommu_dma_compose_msi_msg()). Esto potencialmente provoca que tanto el puntero de cookie como la llamada desbloqueada a iommu_get_domain_for_dev() en la ruta de traducci\u00f3n MSI se conviertan en UAF. Corrija el UAF de la cookie MSI eliminando el puntero de cookie. La direcci\u00f3n IOVA traducida ya se conoce durante iommu_dma_prepare_msi() y no puede modificarse. Por lo tanto, puede almacenarse simplemente como un entero en el descriptor MSI. El resto de UAF relacionado con iommu_get_domain_for_dev() se abordar\u00e1 en el parche \"iommu: Convertir iommu_dma_prepare_msi() en una operaci\u00f3n gen\u00e9rica\" mediante el mutex del grupo IOMMU." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json index 7e2cf6680e3..773ae25c4f4 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38063.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash> bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don't allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm: se corrige la limitaci\u00f3n de E/S incondicional causada por REQ_PREFLUSH Cuando se env\u00eda una biograf\u00eda con REQ_PREFLUSH a dm, __send_empty_flush() genera una flush_bio con REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, lo que hace que wbt_wait() limite la flush_bio. Un ejemplo de v5.4, tambi\u00e9n existe un problema similar en upstream: crash> bt 2091206 PID: 2091206 TAREA: ffff2050df92a300 CPU: 109 COMANDO: \"kworker/u260:0\" #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8 #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4 #2 [ffff800084a2f880] schedule at ffff800040bfa4b4 #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4 #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0 #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254 #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38 #8 [ffff800084a2fa60] generic_make_request at ffff800040570138 #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4 #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs] #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs] #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs] #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs] #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs] #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs] #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08 #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc #18 [ffff800084a2fe70] kthread at ffff800040118de4. Tras el commit 2def2845cc33 (\"xfs: no permitir la limitaci\u00f3n de la E/S del registro\"), los metadatos enviados por xlog_write_iclog() no deber\u00edan limitarse. Sin embargo, debido a la existencia de la capa dm, limitar la ejecuci\u00f3n de flush_bio provoca indirectamente la limitaci\u00f3n de los metadatos bio. Solucione esto agregando condicionalmente REQ_IDLE a flush_bio.bi_opf, lo que hace que wbt_should_throttle() devuelva falso para evitar wbt_wait()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json index 1067df702fe..d0f62da03db 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38064.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio: interrumpir y reiniciar dispositivos virtio en device_shutdown() Hongyu inform\u00f3 de un bloqueo en kexec en una m\u00e1quina virtual. QEMU inform\u00f3 de accesos a memoria no v\u00e1lidos durante el bloqueo. Lectura no v\u00e1lida en la direcci\u00f3n 0x102877002, tama\u00f1o 2, regi\u00f3n '(null)', motivo: rechazada Escritura no v\u00e1lida en la direcci\u00f3n 0x102877A44, tama\u00f1o 2, regi\u00f3n '(null)', motivo: rechazada ... Se rastre\u00f3 hasta virtio-console. Kexec funciona bien si virtio-console no est\u00e1 en uso. El problema es que virtio-console contin\u00faa escribiendo en el MMIO incluso despu\u00e9s de reiniciar el dispositivo virtio-pci subyacente. Adem\u00e1s, Eric not\u00f3 que las IOMMU se reinician antes que los dispositivos; si los dispositivos no se reinician al apagar, contin\u00faan presionando la memoria invitada y obtienen errores de la IOMMU. Algunos dispositivos se bloquean entonces. El problema se puede resolver rompiendo todos los dispositivos virtio al apagar el bus virtio y luego reinici\u00e1ndolos." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json index 5adeb6b6558..2f9e55107c8 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38065.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Do not truncate file size\n\n'len' is used to store the result of i_size_read(), so making 'len'\na size_t results in truncation to 4GiB on 32-bit systems." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: orangefs: No truncar el tama\u00f1o del archivo. 'len' se utiliza para almacenar el resultado de i_size_read(), por lo que hacer que 'len' sea un size_t da como resultado un truncamiento a 4 GiB en sistemas de 32 bits." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json index 90f40b01553..c8a6ec67c86 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38066.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: prevent BUG_ON by blocking retries on failed device resumes\n\nA cache device failing to resume due to mapping errors should not be\nretried, as the failure leaves a partially initialized policy object.\nRepeating the resume operation risks triggering BUG_ON when reloading\ncache mappings into the incomplete policy object.\n\nReproduce steps:\n\n1. create a cache metadata consisting of 512 or more cache blocks,\n with some mappings stored in the first array block of the mapping\n array. Here we use cache_restore v1.0 to build the metadata.\n\ncat <> cmeta.xml\n\n \n \n \n\nEOF\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ncache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2\ndmsetup remove cmeta\n\n2. wipe the second array block of the mapping array to simulate\n data degradations.\n\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n\n3. try bringing up the cache device. The resume is expected to fail\n due to the broken array block.\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndmsetup create cache --notable\ndmsetup load cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup resume cache\n\n4. try resuming the cache again. An unexpected BUG_ON is triggered\n while loading cache mappings.\n\ndmsetup resume cache\n\nKernel logs:\n\n(snip)\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-cache-policy-smq.c:752!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 332 Comm: dmsetup Not tainted 6.13.4 #3\nRIP: 0010:smq_load_mapping+0x3e5/0x570\n\nFix by disallowing resume operations for devices that failed the\ninitial attempt." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: impide BUG_ON bloqueando los reintentos en reinicios de dispositivos fallidos. Un dispositivo de cach\u00e9 que no se reanuda debido a errores de mapeo no debe reintentarse, ya que el fallo deja un objeto de pol\u00edtica parcialmente inicializado. Repetir la operaci\u00f3n de reanudaci\u00f3n corre el riesgo de activar BUG_ON al recargar los mapeos de cach\u00e9 en el objeto de pol\u00edtica incompleto. Reproducir los pasos: 1. Crear metadatos de cach\u00e9 que consten de 512 o m\u00e1s bloques de cach\u00e9, con algunos mapeos almacenados en el primer bloque de la matriz de mapeo. Aqu\u00ed usamos cache_restore v1.0 para generar los metadatos. cat <<> cmeta.xml EOF dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" cache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2 dmsetup remove cmeta 2. wipe the second array block of the mapping array to simulate data degradations. mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\ 2>/dev/null | hexdump -e '1/8 \"%u\\n\"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\ 2>/dev/null | hexdump -e '1/8 \"%u\\n\"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try bringing up the cache device. The resume is expected to fail due to the broken array block. dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" dmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\" dmsetup create corig --table \"0 524288 linear /dev/sdc 262144\" dmsetup create cache --notable dmsetup load cache --table \"0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" dmsetup resume cache 4. Intente reanudar la cach\u00e9 de nuevo. Se activa un BUG_ON inesperado al cargar las asignaciones de cach\u00e9. dmsetup resume cache Registros del kernel: (snip) ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en drivers/md/dm-cache-policy-smq.c:752! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 332 Comm: dmsetup No contaminado 6.13.4 #3 RIP: 0010:smq_load_mapping+0x3e5/0x570 Se soluciona no permitiendo operaciones de reanudaci\u00f3n para dispositivos que fallaron en el intento inicial." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json index 51cc87bac38..3fb0f4a916d 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38067.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrseq: Fix segfault on registration when rseq_cs is non-zero\n\nThe rseq_cs field is documented as being set to 0 by user-space prior to\nregistration, however this is not currently enforced by the kernel. This\ncan result in a segfault on return to user-space if the value stored in\nthe rseq_cs field doesn't point to a valid struct rseq_cs.\n\nThe correct solution to this would be to fail the rseq registration when\nthe rseq_cs field is non-zero. However, some older versions of glibc\nwill reuse the rseq area of previous threads without clearing the\nrseq_cs field and will also terminate the process if the rseq\nregistration fails in a secondary thread. This wasn't caught in testing\nbecause in this case the leftover rseq_cs does point to a valid struct\nrseq_cs.\n\nWhat we can do is clear the rseq_cs field on registration when it's\nnon-zero which will prevent segfaults on registration and won't break\nthe glibc versions that reuse rseq areas on thread creation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rseq: Arreglar violaci\u00f3n de segmentaci\u00f3n en el registro cuando rseq_cs no es cero El campo rseq_cs est\u00e1 documentado como establecido a 0 por el espacio de usuario antes del registro, sin embargo esto no es aplicado actualmente por el kernel. Esto puede resultar en una violaci\u00f3n de segmentaci\u00f3n al regresar al espacio de usuario si el valor almacenado en el campo rseq_cs no apunta a una estructura rseq_cs v\u00e1lida. La soluci\u00f3n correcta para esto ser\u00eda fallar el registro de rseq cuando el campo rseq_cs no es cero. Sin embargo, algunas versiones anteriores de glibc reutilizar\u00e1n el \u00e1rea rseq de subprocesos anteriores sin borrar el campo rseq_cs y tambi\u00e9n terminar\u00e1n el proceso si el registro de rseq falla en un subproceso secundario. Esto no fue detectado en las pruebas porque en este caso el rseq_cs restante apunta a una estructura rseq_cs v\u00e1lida. Lo que podemos hacer es borrar el campo rseq_cs durante el registro cuando no sea cero, lo que evitar\u00e1 errores de segmentaci\u00f3n en el registro y no da\u00f1ar\u00e1 las versiones de glibc que reutilizan \u00e1reas rseq en la creaci\u00f3n de subprocesos." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json index d90e87f8b28..186be81c8e0 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38068.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lzo - Fix compression buffer overrun\n\nUnlike the decompression code, the compression code in LZO never\nchecked for output overruns. It instead assumes that the caller\nalways provides enough buffer space, disregarding the buffer length\nprovided by the caller.\n\nAdd a safe compression interface that checks for the end of buffer\nbefore each write. Use the safe interface in crypto/lzo." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: lzo - Correcci\u00f3n de saturaci\u00f3n del b\u00fafer de compresi\u00f3n. A diferencia del c\u00f3digo de descompresi\u00f3n, el c\u00f3digo de compresi\u00f3n de LZO nunca verifica si hay saturaciones de salida. En su lugar, asume que quien llama siempre proporciona suficiente espacio en el b\u00fafer, sin tener en cuenta la longitud del b\u00fafer proporcionada por \u00e9l. Se ha a\u00f1adido una interfaz de compresi\u00f3n segura que verifica el final del b\u00fafer antes de cada escritura. Se ha utilizado la interfaz segura en crypto/lzo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json index 96be978c7e5..975cc283805 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38069.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops\n\nFix a kernel oops found while testing the stm32_pcie Endpoint driver\nwith handling of PERST# deassertion:\n\nDuring EP initialization, pci_epf_test_alloc_space() allocates all BARs,\nwhich are further freed if epc_set_bar() fails (for instance, due to no\nfree inbound window).\n\nHowever, when pci_epc_set_bar() fails, the error path:\n\n pci_epc_set_bar() ->\n pci_epf_free_space()\n\ndoes not clear the previous assignment to epf_test->reg[bar].\n\nThen, if the host reboots, the PERST# deassertion restarts the BAR\nallocation sequence with the same allocation failure (no free inbound\nwindow), creating a double free situation since epf_test->reg[bar] was\ndeallocated and is still non-NULL.\n\nThus, make sure that pci_epf_alloc_space() and pci_epf_free_space()\ninvocations are symmetric, and as such, set epf_test->reg[bar] to NULL\nwhen memory is freed.\n\n[kwilczynski: commit log]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: endpoint: pci-epf-test: Se corrige la doble liberaci\u00f3n que provoca un error en el kernel. Se corrige un error en el kernel detectado al probar el controlador de endpoint stm32_pcie con el manejo de la deaserci\u00f3n PERST#: Durante la inicializaci\u00f3n de EP, pci_epf_test_alloc_space() asigna todos los BAR, que se liberan a\u00fan m\u00e1s si epc_set_bar() falla (por ejemplo, debido a que no hay una ventana de entrada libre). Sin embargo, cuando pci_epc_set_bar() falla, la ruta de error: pci_epc_set_bar() -> pci_epf_free_space() no borra la asignaci\u00f3n previa a epf_test->reg[bar]. Luego, si el host se reinicia, la desasignaci\u00f3n PERST# reinicia la secuencia de asignaci\u00f3n de BAR con el mismo fallo de asignaci\u00f3n (sin ventana de entrada libre), lo que crea una situaci\u00f3n de doble liberaci\u00f3n, ya que epf_test->reg[bar] se desasign\u00f3 y sigue siendo distinto de NULL. Por lo tanto, aseg\u00farese de que las invocaciones de pci_epf_alloc_space() y pci_epf_free_space() sean sim\u00e9tricas y, por lo tanto, establezca epf_test->reg[bar] en NULL cuando se libere memoria. [kwilczynski: registro de confirmaciones]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json index bd89b8d5f10..96c702e5cbf 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38070.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: Add NULL check in sma1307_setting_loaded()\n\nAll varibale allocated by kzalloc and devm_kzalloc could be NULL.\nMultiple pointer checks and their cleanup are added.\n\nThis issue is found by our static analysis tool" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: sma1307: Se ha a\u00f1adido una comprobaci\u00f3n de valores nulos en sma1307_setting_loaded(). Todas las variables asignadas por kzalloc y devm_kzalloc podr\u00edan ser nulas. Se han a\u00f1adido varias comprobaciones de punteros y su limpieza. Nuestra herramienta de an\u00e1lisis est\u00e1tico ha detectado este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json index 65e7f13a427..17502e8f330 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38071.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Check return value from memblock_phys_alloc_range()\n\nAt least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of\ncontiguous free memory available at this point, the kernel will crash\nand burn because memblock_phys_alloc_range() returns 0 on failure,\nwhich leads memblock_phys_free() to throw the first 4 MiB of physical\nmemory to the wolves.\n\nAt a minimum it should fail gracefully with a meaningful diagnostic,\nbut in fact everything seems to work fine without the weird reserve\nallocation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/mm: Verificar el valor de retorno de memblock_phys_alloc_range(). Al menos con CONFIG_PHYSICAL_START=0x100000, si hay < 4 MiB de memoria libre contigua disponible en este punto, el kernel se bloquear\u00e1 porque memblock_phys_alloc_range() devuelve 0 en caso de fallo, lo que provoca que memblock_phys_free() descarte los primeros 4 MiB de memoria f\u00edsica. Como m\u00ednimo, deber\u00eda fallar correctamente con un diagn\u00f3stico significativo, pero de hecho todo parece funcionar correctamente sin la extra\u00f1a asignaci\u00f3n de reserva." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json index fa69678c97e..aa11b9f474c 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38072.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\n\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\n\nCode and flow:\n\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\n\ndrivers/cxl/pmem.c: .config_size = mds->lsa_size,\n\n3) max_xfer is set to zero (nvdimm driver):\n\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);\n\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\n\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c- config_size);\n\nFix this by checking the config size parameter by extending an\nexisting check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libnvdimm/labels: Corregir error de divisi\u00f3n en nd_label_data_init() Si un dispositivo de memoria CXL defectuoso devuelve un tama\u00f1o LSA cero roto en su informaci\u00f3n de dispositivo de memoria (Identificar dispositivo de memoria (Opcode 4000h), especificaci\u00f3n CXL 3.1, 8.2.9.9.1.1), se produce un error de divisi\u00f3n en el controlador libnvdimm: Oops: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] C\u00f3digo y flujo: 1) El comando CXL 4000h devuelve tama\u00f1o LSA = 0 2) config_size se asigna a tama\u00f1o LSA cero (controlador pmem CXL): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer se establece en cero (controlador nvdimm): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) Un DIV_ROUND_UP() posterior provoca una divisi\u00f3n por cero: drivers/nvdimm/label.c: /* Hacer que nuestro tama\u00f1o de lectura inicial sea un m\u00faltiplo del tama\u00f1o max_xfer */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Solucione esto comprobando el par\u00e1metro de tama\u00f1o de configuraci\u00f3n extendiendo una comprobaci\u00f3n existente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json index fc240ec1f74..bdde73a1668 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38073.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix race between set_blocksize and read paths\n\nWith the new large sector size support, it's now the case that\nset_blocksize can change i_blksize and the folio order in a manner that\nconflicts with a concurrent reader and causes a kernel crash.\n\nSpecifically, let's say that udev-worker calls libblkid to detect the\nlabels on a block device. The read call can create an order-0 folio to\nread the first 4096 bytes from the disk. But then udev is preempted.\n\nNext, someone tries to mount an 8k-sectorsize filesystem from the same\nblock device. The filesystem calls set_blksize, which sets i_blksize to\n8192 and the minimum folio order to 1.\n\nNow udev resumes, still holding the order-0 folio it allocated. It then\ntries to schedule a read bio and do_mpage_readahead tries to create\nbufferheads for the folio. Unfortunately, blocks_per_folio == 0 because\nthe page size is 4096 but the blocksize is 8192 so no bufferheads are\nattached and the bh walk never sets bdev. We then submit the bio with a\nNULL block device and crash.\n\nTherefore, truncate the page cache after flushing but before updating\ni_blksize. However, that's not enough -- we also need to lock out file\nIO and page faults during the update. Take both the i_rwsem and the\ninvalidate_lock in exclusive mode for invalidations, and in shared mode\nfor read/write operations.\n\nI don't know if this is the correct fix, but xfs/259 found it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corregir ejecuci\u00f3n entre set_blocksize y las rutas de lectura Con el nuevo soporte para tama\u00f1os de sector grandes, ahora es posible que set_blocksize cambie i_blksize y el orden de los folios de forma que entre en conflicto con un lector concurrente y provoque un fallo del kernel. Espec\u00edficamente, supongamos que udev-worker llama a libblkid para detectar las etiquetas en un dispositivo de bloque. La llamada de lectura puede crear un folio de orden 0 para leer los primeros 4096 bytes del disco. Pero entonces udev es interrumpido. A continuaci\u00f3n, alguien intenta montar un sistema de archivos de tama\u00f1o de sector de 8k desde el mismo dispositivo de bloque. El sistema de archivos llama a set_blksize, que establece i_blksize en 8192 y el orden m\u00ednimo de folio en 1. Ahora udev se reanuda, a\u00fan manteniendo el folio de orden 0 que asign\u00f3. Entonces intenta programar una biograf\u00eda de lectura y do_mpage_readahead intenta crear bufferheads para el folio. Desafortunadamente, bloques_por_folio == 0 porque el tama\u00f1o de p\u00e1gina es 4096, pero el tama\u00f1o de bloque es 8192, por lo que no se conectan bufferheads y el bh walk nunca establece bdev. Luego, enviamos la biograf\u00eda con un dispositivo de bloque nulo y se produce un fallo. Por lo tanto, truncamos la cach\u00e9 de p\u00e1ginas despu\u00e9s del vaciado, pero antes de actualizar i_blksize. Sin embargo, esto no es suficiente; tambi\u00e9n necesitamos bloquear la E/S de archivos y los fallos de p\u00e1gina durante la actualizaci\u00f3n. Use tanto i_rwsem como invalidate_lock en modo exclusivo para invalidaciones y en modo compartido para operaciones de lectura/escritura. No s\u00e9 si esta sea la soluci\u00f3n correcta, pero xfs/259 la encontr\u00f3." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json index 127811c8f84..1078d7a9886 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38074.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq->log_used with vq->mutex\n\nThe vhost-scsi completion path may access vq->log_base when vq->log_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-> vhost_add_used()\n -> vhost_add_used_n()\n if (unlikely(vq->log_used))\n QEMU disables vq->log_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(&vq->mutex);\n vq->log_used = false now!\n mutex_unlock(&vq->mutex);\n\n\t\t\t\t QEMU gfree(vq->log_base)\n log_used()\n -> log_write(vq->log_base)\n\nAssuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vhost-scsi: proteger vq->log_used con vq->mutex La ruta de finalizaci\u00f3n de vhost-scsi puede acceder a vq->log_base cuando vq->log_used ya est\u00e1 configurado como falso. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU deshabilita vq->log_used mediante VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Suponiendo que el VMM es QEMU. La ruta vq->log_base proviene del espacio de usuario de QEMU y se puede recuperar mediante gfree(). Como resultado, esto provoca escrituras de memoria no v\u00e1lidas en el espacio de usuario de QEMU. La ruta de la cola de control presenta el mismo problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json index fd36fd9fb8f..7adf881672b 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38075.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix timeout on deleted connection\n\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\n\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\n\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\n iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\n call_timer_fn+0x58/0x1f0\n run_timer_softirq+0x740/0x860\n __do_softirq+0x16c/0x420\n irq_exit+0x188/0x1c0\n timer_interrupt+0x184/0x410\n\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\n\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: iscsi: Se corrige el tiempo de espera en la conexi\u00f3n eliminada. El temporizador de respuesta NOPIN puede expirar en una conexi\u00f3n eliminada y bloquearse con dichos registros: No se recibi\u00f3 respuesta a NOPIN en CID: 0, falla de conexi\u00f3n para I_T Nexus (nulo),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d ERROR: Desreferencia de puntero NULL del kernel en lectura en 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Rastreo de llamadas: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 Esto se debe a que el temporizador de respuesta de nopin puede reiniciarse al expirar. Det\u00e9ngalo antes de detener el temporizador de respuesta de nopin para asegurarse de que ninguno de ellos se reinicie." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json index 2472e02fbab..c172ced9578 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38076.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nalloc_tag: allocate percpu counters for module tags dynamically\n\nWhen a module gets unloaded it checks whether any of its tags are still in\nuse and if so, we keep the memory containing module's allocation tags\nalive until all tags are unused. However percpu counters referenced by\nthe tags are freed by free_module(). This will lead to UAF if the memory\nallocated by a module is accessed after module was unloaded.\n\nTo fix this we allocate percpu counters for module allocation tags\ndynamically and we keep it alive for tags which are still in use after\nmodule unloading. This also removes the requirement of a larger\nPERCPU_MODULE_RESERVE when memory allocation profiling is enabled because\npercpu memory for counters does not need to be reserved anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: alloc_tag: asignar contadores por CPU para etiquetas de m\u00f3dulo din\u00e1micamente Cuando se descarga un m\u00f3dulo, este verifica si alguna de sus etiquetas a\u00fan est\u00e1 en uso y, de ser as\u00ed, mantenemos activa la memoria que contiene las etiquetas de asignaci\u00f3n del m\u00f3dulo hasta que todas las etiquetas est\u00e9n sin usar. Sin embargo, los contadores por CPU referenciados por las etiquetas son liberados por free_module(). Esto conducir\u00e1 a UAF si se accede a la memoria asignada por un m\u00f3dulo despu\u00e9s de que el m\u00f3dulo se haya descargado. Para corregir esto, asignamos contadores por CPU para etiquetas de asignaci\u00f3n de m\u00f3dulo din\u00e1micamente y los mantenemos activos para las etiquetas que a\u00fan est\u00e1n en uso despu\u00e9s de la descarga del m\u00f3dulo. Esto tambi\u00e9n elimina el requisito de un PERCPU_MODULE_RESERVE m\u00e1s grande cuando el perfil de asignaci\u00f3n de memoria est\u00e1 habilitado porque la memoria por CPU para los contadores ya no necesita reservarse." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json index be7352d56b1..af9b17081dd 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38077.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()\n\nIf the 'buf' array received from the user contains an empty string, the\n'length' variable will be zero. Accessing the 'buf' array element with\nindex 'length - 1' will result in a buffer overflow.\n\nAdd a check for an empty string.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86: dell-wmi-sysman: Evitar el desbordamiento de b\u00fafer en current_password_store(). Si la matriz 'buf' recibida del usuario contiene una cadena vac\u00eda, la variable 'length' ser\u00e1 cero. Acceder al elemento de la matriz 'buf' con el \u00edndice 'length - 1' provocar\u00e1 un desbordamiento de b\u00fafer. Se ha a\u00f1adido una comprobaci\u00f3n para cadenas vac\u00edas. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json index e1ff6898de5..34e1ed6a03c 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38078.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime->dma_area. But this may\nlead to a UAF because the accessed runtime->dma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: Correcci\u00f3n de la ejecuci\u00f3n de acceso al b\u00fafer en la capa PCM OSS. La capa PCM OSS intenta borrar el b\u00fafer con los datos de silencio durante la inicializaci\u00f3n (o reconfiguraci\u00f3n) de un flujo mediante la llamada expl\u00edcita a snd_pcm_format_set_silence() con runtime->dma_area. Sin embargo, esto puede generar una UAF, ya que el acceso a runtime->dma_area podr\u00eda liberarse simult\u00e1neamente, ya que se realiza fuera de las operaciones PCM. Para evitarlo, mueva el c\u00f3digo al n\u00facleo PCM y ejec\u00fatelo dentro del bloqueo de acceso al b\u00fafer, de modo que no se modifique durante la operaci\u00f3n. " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json index 72e06221a73..7a30ce72de8 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38079.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: algif_hash - correcci\u00f3n de doble liberaci\u00f3n en hash_accept. Si se ejecuta accept(2) en el socket tipo algif_hash con el indicador MSG_MORE activado y crypto_ahash_import falla, se libera sk2. Sin embargo, tambi\u00e9n se libera en af_alg_release, lo que genera un error de uso de slab despu\u00e9s de la liberaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json index adc9083f9a9..0a1fd6125e0 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38080.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase block_sequence array size\n\n[Why]\nIt's possible to generate more than 50 steps in hwss_build_fast_sequence,\nfor example with a 6-pipe asic where all pipes are in one MPC chain. This\noverflows the block_sequence buffer and corrupts block_sequence_steps,\ncausing a crash.\n\n[How]\nExpand block_sequence to 100 items. A naive upper bound on the possible\nnumber of steps for a 6-pipe asic, ignoring the potential for steps to be\nmutually exclusive, is 91 with current code, therefore 100 is sufficient." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Aumentar el tama\u00f1o de la matriz block_sequence [Por qu\u00e9] Es posible generar m\u00e1s de 50 pasos en hwss_build_fast_sequence, por ejemplo, con un ASIC de 6 tuber\u00edas donde todas las tuber\u00edas est\u00e1n en una cadena MPC. Esto desborda el b\u00fafer block_sequence y corrompe block_sequence_steps, lo que provoca un fallo. [C\u00f3mo] Ampliar block_sequence a 100 elementos. Un l\u00edmite superior simple para el n\u00famero posible de pasos para un ASIC de 6 tuber\u00edas, ignorando la posibilidad de que los pasos sean mutuamente excluyentes, es 91 con el c\u00f3digo actual; por lo tanto, 100 es suficiente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json index aec97991d99..9029c725818 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38081.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi-rockchip: Fix register out of bounds access\n\nDo not write native chip select stuff for GPIO chip selects.\nGPIOs can be numbered much higher than native CS.\nAlso, it makes no sense." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi-rockchip: Se corrige el acceso fuera de los l\u00edmites al registro. No se debe escribir informaci\u00f3n de selecci\u00f3n de chip nativa para las selecciones de chip GPIO. Las GPIO pueden tener una numeraci\u00f3n mucho mayor que la de las CS nativas. Adem\u00e1s, no tiene sentido." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json index 979544b2218..7f691277fda 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38082.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix potential out-of-bound write\n\nIf the caller wrote more characters, count is truncated to the max\navailable space in \"simple_write_to_buffer\". Check that the input\nsize does not exceed the buffer size. Write a zero termination\nafterwards." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: virtuser: correcci\u00f3n de una posible escritura fuera de l\u00edmite. Si el llamador escribi\u00f3 m\u00e1s caracteres, el recuento se trunca al espacio m\u00e1ximo disponible en \"simple_write_to_buffer\". Compruebe que el tama\u00f1o de entrada no supere el tama\u00f1o del b\u00fafer. Escriba una terminaci\u00f3n de cero despu\u00e9s." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38094.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38094.json index 47b2fd1f5bb..56d3f876bf3 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38094.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38094.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: cadence: macb: Se corrige un posible interbloqueo en macb_halt_tx. Existe una situaci\u00f3n en la que, tras establecerse un valor alto en THALT, TGO tambi\u00e9n permanece alto. Dado que los jiffies nunca se actualizan, al estar en un contexto con las interrupciones deshabilitadas, nunca salimos de ese bucle y se produce un interbloqueo. Este interbloqueo se detect\u00f3 en un dispositivo sama5d4 que permaneci\u00f3 bloqueado durante d\u00edas. Se recomienda usar reintentos en lugar de jiffies para que el tiempo de espera funcione correctamente y se elimine el interbloqueo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38095.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38095.json index f6cffefcc7f..b787b43011f 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38095.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38095.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf: inserta una barrera de memoria antes de actualizar num_fences. smp_store_mb() inserta una barrera de memoria despu\u00e9s de la operaci\u00f3n de almacenamiento. Esto difiere del objetivo original del comentario, por lo que puede producirse una desreferencia de puntero nulo si se reordena la actualizaci\u00f3n de memoria." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38096.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38096.json index 5ead28701fb..a56ae052699 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38096.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38096.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: don't warn when if there is a FW error\n\niwl_trans_reclaim is warning if it is called when the FW is not alive.\nBut if it is called when there is a pending restart, i.e. after a FW\nerror, there is no need to warn, instead - return silently." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: no avisa si hay un error de firmware. iwl_trans_reclaim avisa si se ejecuta cuando el firmware no est\u00e1 activo. Sin embargo, si se ejecuta cuando hay un reinicio pendiente, es decir, despu\u00e9s de un error de firmware, no es necesario avisar; en su lugar, regresa silenciosamente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38097.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38097.json index 7bf6b538104..c160a73d659 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38097.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38097.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -> enacp_sk -> netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn't been used \"recently\", but it's a lot\nmore complex than just not caching the socket." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: espintcp: eliminar el almacenamiento en cach\u00e9 del socket encap para evitar fugas de referencia El esquema actual para almacenar en cach\u00e9 el socket encap puede provocar fugas de referencia cuando intentamos eliminar los netns. La cadena de referencia es: xfrm_state -> enacp_sk -> netns Dado que el socket encap es un socket de espacio de usuario, contiene una referencia en los netns. Si eliminamos el estado de espintcp (a trav\u00e9s de vaciado o eliminaci\u00f3n individual) antes de eliminar los netns, la referencia en el socket se elimina y los netns se eliminan correctamente. De lo contrario, los netns pueden no ser accesibles m\u00e1s (si todos los procesos dentro de los ns han terminado), por lo que no podemos eliminar el estado xfrm para eliminar su referencia en el socket. Este parche da como resultado una peque\u00f1a regresi\u00f3n del rendimiento (~2% en mis pruebas). Se podr\u00eda agregar un mecanismo de tipo GC para el cach\u00e9 del socket, para borrar referencias si el estado no se ha usado \"recientemente\", pero es mucho m\u00e1s complejo que simplemente no almacenar en cach\u00e9 el socket." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38098.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38098.json index ca87f996b04..acae597bd24 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38098.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38098.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink\n\nDon't try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector->base will \"work\" it's wrong and\nmight lead to unknown bad things. Just... don't." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: No trate el conector wb como f\u00edsico en create_validate_stream_for_sink. No intente operar en un drm_wb_connector como un amdgpu_dm_connector. Aunque desreferenciar aconnector->base funciona, es incorrecto y podr\u00eda provocar problemas desconocidos. Simplemente... no lo haga." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38099.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38099.json index 3b133b96b50..02a2522fcc0 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38099.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38099.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: deshabilitar la compatibilidad con SCO si READ_VOICE_SETTING no es compatible o est\u00e1 roto. Una conexi\u00f3n SCO sin el voice_setting adecuado puede provocar que el controlador se bloquee." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38100.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38100.json index 38137ac1033..6702273ede8 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38100.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38100.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That's a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/iopl: Solucionar inconsistencias de TIF_IO_BITMAP. io_bitmap_exit() se invoca desde exit_thread() cuando existe una tarea o cuando falla una bifurcaci\u00f3n. En este \u00faltimo caso, exit_thread() limpia los recursos asignados durante fork(). io_bitmap_exit() invoca task_update_io_bitmap(), que a su vez termina en tss_update_io_bitmap(). tss_update_io_bitmap() opera en la tarea actual. Si la tarea actual tiene TIF_IO_BITMAP configurado, pero no hay ning\u00fan mapa de bits instalado, tss_update_io_bitmap() se bloquea con una desreferencia de puntero NULL. Hay dos problemas que conducen a este problema: 1) io_bitmap_exit() no deber\u00eda invocar task_update_io_bitmap() cuando la tarea, que se limpia, no es la tarea actual. Esto es un indicador claro de una limpieza despu\u00e9s de un fork() fallido. 2) Una tarea no debe tener TIF_IO_BITMAP establecido ni un mapa de bits instalado ni el nivel de emulaci\u00f3n IOPL 3 activado. Esto sucede cuando se crea un hilo del kernel en el contexto de un hilo del espacio de usuario, que tiene TIF_IO_BITMAP establecido a medida que se copian los indicadores del hilo y se borra el puntero del mapa de bits de E/S. Aparte del caso del fork() fallido, esto no tiene impacto porque los hilos del kernel, incluidos los trabajadores de E/S, nunca vuelven al espacio de usuario y, por lo tanto, nunca invocan tss_update_io_bitmap(). Solucione esto a\u00f1adiendo las limpiezas y comprobaciones que faltan: 1) Evite que io_bitmap_exit() invoque task_update_io_bitmap() si la tarea que se va a limpiar no es la tarea actual. 2) Borre TIF_IO_BITMAP en copy_thread() incondicionalmente. Para las bifurcaciones del espacio de usuario, se establece m\u00e1s tarde, cuando el mapa de bits de E/S se hereda en io_bitmap_share(). Por el bien de la paranoia, agregue una advertencia en tss_update_io_bitmap() para detectar el caso en el que ese c\u00f3digo se invoca con un estado inconsistente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38101.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38101.json index a77d4f9d3ef..430a12e9497 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38101.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38101.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()\n\nEnlarge the critical section in ring_buffer_subbuf_order_set() to\nensure that error handling takes place with per-buffer mutex held,\nthus preventing list corruption and other concurrency-related issues." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ring-buffer: Se corrige el bloqueo del b\u00fafer en ring_buffer_subbuf_order_set() Se ampl\u00eda la secci\u00f3n cr\u00edtica en ring_buffer_subbuf_order_set() para garantizar que el manejo de errores se realice con el mutex por b\u00fafer retenido, evitando as\u00ed la corrupci\u00f3n de listas y otros problemas relacionados con la concurrencia." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38102.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38102.json index 3a586a465dd..750a1f23df1 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38102.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38102.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context->notify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update &context->notify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context->notify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: VMCI: corregir la ejecuci\u00f3n entre vmci_host_setup_notify y vmci_ctx_unset_notify Durante nuestra prueba, se encontr\u00f3 que se puede activar una advertencia en try_grab_folio de la siguiente manera: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 1678 en mm/gup.c:147 try_grab_folio+0x106/0x130 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 No contaminado 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Rastreo de llamadas: follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ fin del seguimiento 000000000000000 ]--- Al analizar el c\u00f3digo fuente, es posible que context->notify_page se inicialice mediante get_user_pages_fast, lo que se puede observar en vmci_ctx_unset_notify, que intentar\u00e1 ejecutar put_page. Sin embargo, get_user_pages_fast no ha finalizado y genera la siguiente advertencia try_grab_folio. La condici\u00f3n de ejecuci\u00f3n se muestra de la siguiente manera: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // actualizar &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // la p\u00e1gina est\u00e1 liberada __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // advertir aqu\u00ed Para solucionar esto, use la variable local page para hacer que notify_page se pueda ver despu\u00e9s de finalizar get_user_pages_fast." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38103.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38103.json index 4a83239e001..46a0bfb13eb 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38103.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38103.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: Elimina el error recurrente fuera de los l\u00edmites en usbhid_parse() Actualiza la estructura hid_descriptor para reflejar mejor las partes obligatorias y opcionales del descriptor HID seg\u00fan la especificaci\u00f3n USB HID 1.11. Nota: el kernel actualmente no analiza ning\u00fan descriptor de clase HID opcional, solo el descriptor de informe obligatorio. Actualiza todas las referencias al elemento miembro desc[0] a rpt_desc. Agrega una prueba para verificar que los valores de bLength y bNumDescriptors sean v\u00e1lidos. Reemplaza el bucle for con acceso directo al miembro descriptor de clase HID obligatorio para el descriptor de informe. Esto elimina la posibilidad de obtener un fallo fuera de los l\u00edmites. Agrega un mensaje de advertencia si el descriptor HID contiene alg\u00fan descriptor de clase HID opcional no compatible." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38105.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38105.json index 07dad3b9b60..e15ceb2941a 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38105.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38105.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we're at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: Kill timer properly at removal El c\u00f3digo MIDI USB-audio inicializa el temporizador, pero en un caso raro, el controlador podr\u00eda liberarse sin la llamada de desconexi\u00f3n. Esto deja al temporizador en un estado activo mientras el objeto asignado se libera a trav\u00e9s de snd_usbmidi_free(), lo que termina con una advertencia del kernel cuando se habilita la configuraci\u00f3n de depuraci\u00f3n, como lo detect\u00f3 un fuzzer. Para evitar el problema, coloque timer_shutdown_sync() en snd_usbmidi_free(), para que el temporizador pueda ser eliminado correctamente. Mientras estamos en ello, reemplace tambi\u00e9n el timer_delete_sync() existente en la devoluci\u00f3n de llamada de desconexi\u00f3n con timer_shutdown_sync()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38106.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38106.json index 656b0598d5b..b2516aa186c 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38106.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38106.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq->thread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx->uring_lock does not prevent ehre\nrelase or exit of sq->thread.\n\nFix this by assigning and looking up ->thread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: correcci\u00f3n del use-after-free de sq->thread en __io_uring_show_fdinfo() syzbot informa: ERROR: KASAN: slab-use-after-free en getrusage+0x1109/0x1a60 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88810de2d2c8 por la tarea a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out No contaminado 6.16.0-rc1 #1 PREEMPT(voluntario) Nombre del hardware: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x53/0x70 print_report+0xd0/0x670 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? getrusage+0x1109/0x1a60 kasan_report+0xce/0x100 ? getrusage+0x1109/0x1a60 getrusage+0x1109/0x1a60 ? __pfx_getrusage+0x10/0x10 __io_uring_show_fdinfo+0x9fe/0x1790 ? ksys_read+0xf7/0x1c0 ? do_syscall_64+0xa4/0x260 ? vsnprintf+0x591/0x1100 ? __pfx___io_uring_show_fdinfo+0x10/0x10 ? __pfx_vsnprintf+0x10/0x10 ? mutex_trylock+0xcf/0x130 ? __pfx_mutex_trylock+0x10/0x10 ? __pfx_show_fd_locks+0x10/0x10 ? io_uring_show_fdinfo+0x57/0x80 io_uring_show_fdinfo+0x57/0x80 seq_show+0x38c/0x690 seq_read_iter+0x3f7/0x1180 ? inode_set_ctime_current+0x160/0x4b0 seq_read+0x271/0x3e0 ? __pfx_seq_read+0x10/0x10 ? __pfx__raw_spin_lock+0x10/0x10 ? __mark_inode_dirty+0x402/0x810 ? selinux_file_permission+0x368/0x500 ? file_update_time+0x10f/0x160 vfs_read+0x177/0xa40 ? __pfx___handle_mm_fault+0x10/0x10 ? __pfx_vfs_read+0x10/0x10 ? mutex_lock+0x81/0xe0 ? __pfx_mutex_lock+0x10/0x10 ? fdget_pos+0x24d/0x4b0 ksys_read+0xf7/0x1c0 ? __pfx_ksys_read+0x10/0x10 ? do_user_addr_fault+0x43b/0x9c0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0f74170fc9 Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 8 RSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9 RDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004 RBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90 R10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 298: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x6e/0x70 kmem_cache_alloc_node_noprof+0xe8/0x330 copy_process+0x376/0x5e00 create_io_thread+0xab/0xf0 io_sq_offload_create+0x9ed/0xf20 io_uring_setup+0x12b0/0x1cc0 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 22: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kmem_cache_free+0xc4/0x360 rcu_core+0x5ff/0x19f0 handle_softirqs+0x18c/0x530 run_ksoftirqd+0x20/0x30 smpboot_thread_fn+0x287/0x6c0 kthread+0x30d/0x630 ret_from_fork+0xef/0x1a0 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x33/0x60 kasan_record_aux_stack+0x8c/0xa0 __call_rcu_common.constprop.0+0x68/0x940 __schedule+0xff2/0x2930 __cond_resched+0x4c/0x80 mutex_lock+0x5c/0xe0 io_uring_del_tctx_node+0xe1/0x2b0 io_uring_clean_tctx+0xb7/0x160 io_uring_cancel_generic+0x34e/0x760 do_exit+0x240/0x2350 do_group_exit+0xab/0x220 __x64_sys_exit_group+0x39/0x40 x64_sys_call+0x1243/0x1840 do_syscall_64+0xa4/0x260 entry_SYSCALL_64_after_hwframe+0x77/0x7f La direcci\u00f3n con errores pertenece al objeto en ffff88810de2cb00 que pertenece a la cach\u00e9 task_struct de tama\u00f1o 3712 La direcci\u00f3n con errores se encuentra 1992 bytes dentro de la regi\u00f3n liberada de 3712 bytes [ffff88810de2cb00, ffff88810de2d980) que es causada por task_struct Al que apunta sq->thread, se libera mientras se usa en la funci\u00f3n __io_uring_show_fdinfo(). Mantener ctx->uring_lock no impide la liberaci\u00f3n ni la salida de sq->thread. Solucione esto asignando y buscando ->thread en RCU, y obteniendo una referencia a task_struct. Esto se trunca." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38107.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38107.json index 9589ab2f2c6..d7505855f12 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38107.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38107.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: ets: corrige una ejecuci\u00f3n en ets_qdisc_change() Gerrard Tai inform\u00f3 de una condici\u00f3n de ejecuci\u00f3n en ETS, siempre que el temporizador de perturbaci\u00f3n SFQ se dispara en el momento equivocado. La ejecuci\u00f3n es la siguiente: CPU 0 CPU 1 [1]: ra\u00edz de bloqueo [2]: qdisc_tree_flush_backlog() [3]: ra\u00edz de desbloqueo | | [5]: ra\u00edz de bloqueo | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() Esto se puede abusar para desbordar el qlen de un padre. Llamar a qdisc_purge_queue() en lugar de qdisc_tree_flush_backlog() deber\u00eda corregir la ejecuci\u00f3n, porque todos los paquetes se purgar\u00e1n del qdisc antes de liberar el bloqueo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38108.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38108.json index 0a448db6d8b..2a8329beed0 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38108.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38108.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: red: corrige una ejecuci\u00f3n en __red_change() Gerrard Tai inform\u00f3 una condici\u00f3n de ejecuci\u00f3n en RED, siempre que el temporizador de perturbaci\u00f3n SFQ se dispara en el momento equivocado. La carrera es la siguiente: CPU 0 CPU 1 [1]: ra\u00edz de bloqueo [2]: qdisc_tree_flush_backlog() [3]: ra\u00edz de desbloqueo | | [5]: ra\u00edz de bloqueo | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() Esto se puede abusar para desbordar el qlen de un padre. Llamar a qdisc_purge_queue() en lugar de qdisc_tree_flush_backlog() deber\u00eda corregir la ejecuci\u00f3n, porque todos los paquetes se purgar\u00e1n del qdisc antes de liberar el bloqueo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38109.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38109.json index ec72b76fe7a..e5bf492d736 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38109.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38109.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Se corrige la descarga de puertos virtuales de ECVF durante el flujo de apagado. Se corrige el UAF del flujo de apagado cuando se crea una funci\u00f3n virtual en el chip integrado (ECVF) de un dispositivo BlueField. En tal caso, la tabla de entrada ACL del puerto virtual no se destruye correctamente. La funcionalidad de ECVF es independiente de la capacidad ecpf_vport_exists y, por lo tanto, las funciones mlx5_eswitch_(enable|disable)_pf_vf_vports() no deber\u00edan probarla al habilitar o deshabilitar los puertos virtuales de ECVF. Registro del kernel: [] refcount_t: desbordamiento; use-after-free. [] ADVERTENCIA: CPU: 3 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0x124/0x220 ---------------- [] Call trace: [] refcount_warn_saturate+0x124/0x220 [] tree_put_node+0x164/0x1e0 [mlx5_core] [] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core] [] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core] [] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core] [] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core] [] esw_vport_cleanup+0x64/0x90 [mlx5_core] [] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core] [] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core] [] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core] [] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core] [] mlx5_sriov_detach+0x40/0x50 [mlx5_core] [] mlx5_unload+0x40/0xc4 [mlx5_core] [] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core] [] mlx5_unload_one+0x3c/0x60 [mlx5_core] [] shutdown+0x7c/0xa4 [mlx5_core] [] pci_device_shutdown+0x3c/0xa0 [] device_shutdown+0x170/0x340 [] __do_sys_reboot+0x1f4/0x2a0 [] __arm64_sys_reboot+0x2c/0x40 [] invoke_syscall+0x78/0x100 [] el0_svc_common.constprop.0+0x54/0x184 [] do_el0_svc+0x30/0xac [] el0_svc+0x48/0x160 [] el0t_64_sync_handler+0xa4/0x12c [] el0t_64_sync+0x1a4/0x1a8 [] --[ fin de seguimiento 9c4601d68c70030e ]---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38110.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38110.json index 1d63bc9c649..bd76fbabea3 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38110.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38110.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like 'mdio-tools' to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mdiobus: Arregla el potencial acceso de lectura/escritura fuera de los l\u00edmites de la cl\u00e1usula 45 Cuando se usan herramientas disponibles p\u00fablicamente como 'mdio-tools' para leer/escribir datos desde/hacia la interfaz de red y su PHY a trav\u00e9s de C45 (cl\u00e1usula 45) mdiobus, no hay verificaci\u00f3n de los par\u00e1metros pasados a ioctl y acepta cualquier direcci\u00f3n mdio. Actualmente hay soporte para 32 direcciones en el kernel a trav\u00e9s de la definici\u00f3n PHY_MAX_ADDR, pero es posible pasar un valor m\u00e1s alto que ese a trav\u00e9s de ioctl. Si bien la operaci\u00f3n de lectura/escritura generalmente deber\u00eda fallar en este caso, mdiobus proporciona una matriz de estad\u00edsticas, donde la direcci\u00f3n incorrecta puede permitir lectura/escritura fuera de los l\u00edmites. Arregla eso agregando la verificaci\u00f3n de direcci\u00f3n antes de la operaci\u00f3n de lectura/escritura C45. Si bien esto excluye este acceso de cualquier estad\u00edstica, mejora la seguridad de la operaci\u00f3n de lectura/escritura." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38111.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38111.json index 9d63198332c..3a713b0b683 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38111.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38111.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like 'mdio-tools' to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mdiobus: corrige el posible acceso de lectura/escritura fuera de los l\u00edmites Cuando se utilizan herramientas disponibles p\u00fablicamente como 'mdio-tools' para leer/escribir datos desde/hacia la interfaz de red y su PHY a trav\u00e9s de mdiobus, no hay verificaci\u00f3n de los par\u00e1metros pasados a ioctl y acepta cualquier direcci\u00f3n mdio. Actualmente hay soporte para 32 direcciones en el kernel a trav\u00e9s de la definici\u00f3n PHY_MAX_ADDR, pero es posible pasar un valor m\u00e1s alto que ese a trav\u00e9s de ioctl. Si bien la operaci\u00f3n de lectura/escritura generalmente deber\u00eda fallar en este caso, mdiobus proporciona una matriz de estad\u00edsticas, donde la direcci\u00f3n incorrecta puede permitir la lectura/escritura fuera de los l\u00edmites. Corrija eso agregando la verificaci\u00f3n de direcci\u00f3n antes de la operaci\u00f3n de lectura/escritura. Si bien esto excluye este acceso de cualquier estad\u00edstica, mejora la seguridad de la operaci\u00f3n de lectura/escritura." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38112.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38112.json index 5049450f5d0..bd02dfd49f3 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38112.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38112.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk->sk_prot->sock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk->sk_prot gets restored and\nsk->sk_prot->sock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: Se solucion\u00f3 el problema de TOCTOU en sk_is_readable(). sk->sk_prot->sock_is_readable es un puntero a funci\u00f3n v\u00e1lido cuando sk reside en un mapa de sockets. Tras el \u00faltimo sk_psock_put() (que suele ocurrir al eliminar un socket de un mapa de sockets), sk->sk_prot se restaura y sk->sk_prot->sock_is_readable se convierte en NULL. Esto hace que sk_is_readable() sea arriesgado si el valor de sk->sk_prot se recarga despu\u00e9s de la comprobaci\u00f3n inicial. Esto, a su vez, puede provocar una desreferencia de puntero nulo. Aseg\u00farese de que el puntero a funci\u00f3n no se convierta en NULL despu\u00e9s de la comprobaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38113.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38113.json index ed70842d462..2921129cdf3 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38113.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38113.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: CPPC: Se corrige la desreferencia de punteros nulos al usar nosmp. Con nosmp en la l\u00ednea de comandos, no se inician otras CPU, dejando su cpc_desc_ptr en NULL. La iteraci\u00f3n de la CPU0 mediante for_each_possible_cpu() desreferencia estos punteros nulos, lo que provoca p\u00e1nico. Seguimiento de p\u00e1nico: [0.401123] No se puede gestionar la desreferencia de punteros nulos del kernel en la direcci\u00f3n virtual 0000000000000b8 ... [0.403255] [] cppc_allow_fast_switch+0x6a/0xd4 ... P\u00e1nico del kernel: no se sincroniza: \u00a1Se intent\u00f3 detener la inicializaci\u00f3n! [rjw: Nuevo asunto]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38114.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38114.json index b2e1e231c15..9738995dd82 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38114.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38114.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: e1000: mover cancel_work_sync para evitar el interbloqueo Anteriormente, e1000_down llamaba a cancel_work_sync para la tarea de reinicio de e1000 (a trav\u00e9s de e1000_down_and_stop), que toma RTNL. Seg\u00fan lo informado por los usuarios y syzbot, es posible que se produzca un interbloqueo en el siguiente escenario: CPU 0: - Se mantiene RTNL - e1000_close - e1000_down - cancel_work_sync (cancelar/esperar a e1000_reset_task()) CPU 1: - process_one_work - e1000_reset_task - tomar RTNL Para remediar esto, evite llamar a cancel_work_sync desde e1000_down (e1000_reset_task no hace nada si el dispositivo est\u00e1 inactivo de todos modos). En su lugar, llame a cancel_work_sync para e1000_reset_task cuando se est\u00e9 quitando el dispositivo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38115.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38115.json index d921f6a0923..102941d6506 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38115.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38115.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch->q.len can be inflated by packets\nin sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q->tail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: sch_sfq: se corrige un posible fallo en la gesti\u00f3n de gso_skb. SFQ asume que siempre puede poner en cola al menos un paquete. Sin embargo, tras la confirmaci\u00f3n responsable, sch->q.len puede inflarse con paquetes en sch->gso_skb, y una operaci\u00f3n enqueue() en una qdisc SFQ vac\u00eda puede ir seguida de un descarte inmediato. Corrija sfq_drop() para que borre correctamente q->tail en esta situaci\u00f3n. ip netns add lb ip link add dev to-lb type veth peer name in-lb netns lb ethtool -K to-lb tso off # force qdisc to requeue gso_skb ip netns exec lb ethtool -K in-lb gro on # enable NAPI ip link set dev to-lb up ip -netns lb link set dev in-lb up ip addr add dev to-lb 192.168.20.1/24 ip -netns lb addr add dev in-lb 192.168.20.2/24 tc qdisc replace dev to-lb root sfq limit 100 ip netns exec lb netserver netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & netperf -H 192.168.20.2 -l 100 & " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38116.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38116.json index a02d546f7c1..e6c121f4b78 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38116.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38116.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix uaf in ath12k_core_init()\n\nWhen the execution of ath12k_core_hw_group_assign() or\nath12k_core_hw_group_create() fails, the registered notifier chain is not\nunregistered properly. Its memory is freed after rmmod, which may trigger\nto a use-after-free (UAF) issue if there is a subsequent access to this\nnotifier chain.\n\nFixes the issue by calling ath12k_core_panic_notifier_unregister() in\nfailure cases.\n\nCall trace:\n notifier_chain_register+0x4c/0x1f0 (P)\n atomic_notifier_chain_register+0x38/0x68\n ath12k_core_init+0x50/0x4e8 [ath12k]\n ath12k_pci_probe+0x5f8/0xc28 [ath12k]\n pci_device_probe+0xbc/0x1a8\n really_probe+0xc8/0x3a0\n __driver_probe_device+0x84/0x1b0\n driver_probe_device+0x44/0x130\n __driver_attach+0xcc/0x208\n bus_for_each_dev+0x84/0x100\n driver_attach+0x2c/0x40\n bus_add_driver+0x130/0x260\n driver_register+0x70/0x138\n __pci_register_driver+0x68/0x80\n ath12k_pci_init+0x30/0x68 [ath12k]\n ath12k_init+0x28/0x78 [ath12k]\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: correcci\u00f3n de uaf en ath12k_core_init(). Cuando falla la ejecuci\u00f3n de ath12k_core_hw_group_assign() o ath12k_core_hw_group_create(), la cadena de notificadores registrada no se desregistra correctamente. Su memoria se libera despu\u00e9s de rmmod, lo que puede generar un problema de use-after-free (UAF) si se accede posteriormente a esta cadena de notificadores. Se soluciona el problema llamando a ath12k_core_panic_notifier_unregister() en caso de fallo. Rastreo de llamadas: notifier_chain_register+0x4c/0x1f0 (P) atomic_notifier_chain_register+0x38/0x68 ath12k_core_init+0x50/0x4e8 [ath12k] ath12k_pci_probe+0x5f8/0xc28 [ath12k] pci_device_probe+0xbc/0x1a8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x1b0 driver_probe_device+0x44/0x130 __driver_attach+0xcc/0x208 bus_for_each_dev+0x84/0x100 driver_attach+0x2c/0x40 bus_add_driver+0x130/0x260 driver_register+0x70/0x138 __pci_register_driver+0x68/0x80 ath12k_pci_init+0x30/0x68 [ath12k] ath12k_init+0x28/0x78 [ath12k] Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38117.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38117.json index 8e1f34e1524..064a8c4d21b 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38117.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38117.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: MGMT: Proteger la lista mgmt_pending con su propio bloqueo Esto usa un mutex para proteger del acceso concurrente a la lista mgmt_pending que puede causar fallos como: ====================================================================== ERROR: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 Read of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318 CPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x254 mm/kasan/report.c:408 print_report+0x68/0x84 mm/kasan/report.c:521 kasan_report+0xb0/0x110 mm/kasan/report.c:634 __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379 hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223 pending_find net/bluetooth/mgmt.c:947 [inline] remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445 hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] sock_write_iter+0x25c/0x378 net/socket.c:1131 new_sync_write fs/read_write.c:591 [inline] vfs_write+0x62c/0x97c fs/read_write.c:684 ksys_write+0x120/0x210 fs/read_write.c:736 __do_sys_write fs/read_write.c:747 [inline] __se_sys_write fs/read_write.c:744 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:744 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 7037: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4327 [inline] __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339 kmalloc_noprof include/linux/slab.h:909 [inline] sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198 sk_alloc+0x44/0x3ac net/core/sock.c:2254 bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148 hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202 bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132 __sock_create+0x43c/0x91c net/socket.c:1541 sock_create net/socket.c:1599 [inline] __sys_socket_create net/socket.c:1636 [inline] __sys_socket+0xd4/0x1c0 net/socket.c:1683 __do_sys_socket net/socket.c:1697 [inline] __se_sys_socket net/socket.c:1695 [inline] __arm64_sys_socket+0x7c/0x94 net/socket.c:1695 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Freed by task 6607: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [en l\u00ednea ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38118.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38118.json index 75fa3aa9a02..1443b89d4a3 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38118.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38118.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: MGMT: Reparar UAF en mgmt_remove_adv_monitor_complete Esto reelabora MGMT_OP_REMOVE_ADV_MONITOR para que no use mgmt_pending_add para evitar fallos como los siguientes: ===================================================================== ERROR: KASAN: slab-use-after-free en mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88801c53f318 por la tarea kworker/u5:5/5341 CPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 No contaminado 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 Cola de trabajo: hci0 hci_cmd_sync_work Rastreo de llamadas: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xd2/0x2b0 mm/kasan/report.c:521 kasan_report+0x118/0x150 mm/kasan/report.c:634 mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406 hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Allocated by task 5987: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252 mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279 remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454 hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719 hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 sock_write_iter+0x258/0x330 net/socket.c:1131 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x548/0xa90 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5989: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2380 [inline] slab_free mm/slub.c:4642 [inline] kfree+0x18e/0x440 mm/slub.c:4841 mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242 mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366 hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314 __sys_bind_socket net/socket.c:1810 [inline] __sys_bind+0x2c3/0x3e0 net/socket.c:1841 __do_sys_bind net/socket.c:1846 [inline] __se_sys_bind net/socket.c:1844 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1844 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38119.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38119.json index ee180cc79af..ccba089b0d9 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38119.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38119.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: ufs: Fix a hang in the error handler\n\nufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter\nfunction can only succeed if UFSHCD_EH_IN_PROGRESS is not set because\nresuming involves submitting a SCSI command and ufshcd_queuecommand()\nreturns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this\nhang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has\nbeen called instead of before.\n\nBacktrace:\n__switch_to+0x174/0x338\n__schedule+0x600/0x9e4\nschedule+0x7c/0xe8\nschedule_timeout+0xa4/0x1c8\nio_schedule_timeout+0x48/0x70\nwait_for_common_io+0xa8/0x160 //waiting on START_STOP\nwait_for_completion_io_timeout+0x10/0x20\nblk_execute_rq+0xe4/0x1e4\nscsi_execute_cmd+0x108/0x244\nufshcd_set_dev_pwr_mode+0xe8/0x250\n__ufshcd_wl_resume+0x94/0x354\nufshcd_wl_runtime_resume+0x3c/0x174\nscsi_runtime_resume+0x64/0xa4\nrpm_resume+0x15c/0xa1c\n__pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing\nufshcd_err_handler+0x1a0/0xd08\nprocess_one_work+0x174/0x808\nworker_thread+0x15c/0x490\nkthread+0xf4/0x1ec\nret_from_fork+0x10/0x20\n\n[ bvanassche: rewrote patch description ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: ufs: Se corrige un bloqueo en el gestor de errores cuando ufshcd_err_handling_prepare() invoca ufshcd_rpm_get_sync(). Esta \u00faltima funci\u00f3n solo funciona correctamente si UFSHCD_EH_IN_PROGRESS no est\u00e1 configurado, ya que la reanudaci\u00f3n implica el env\u00edo de un comando SCSI y ufshcd_queuecommand() devuelve SCSI_MLQUEUE_HOST_BUSY si UFSHCD_EH_IN_PROGRESS est\u00e1 configurado. Para solucionar este bloqueo, configure UFSHCD_EH_IN_PROGRESS despu\u00e9s de invocar ufshcd_rpm_get_sync() en lugar de antes. Rastreo inverso: __switch_to+0x174/0x338 __schedule+0x600/0x9e4 schedule+0x7c/0xe8 schedule_timeout+0xa4/0x1c8 io_schedule_timeout+0x48/0x70 wait_for_common_io+0xa8/0x160 //waiting on START_STOP wait_for_completion_io_timeout+0x10/0x20 blk_execute_rq+0xe4/0x1e4 scsi_execute_cmd+0x108/0x244 ufshcd_set_dev_pwr_mode+0xe8/0x250 __ufshcd_wl_resume+0x94/0x354 ufshcd_wl_runtime_resume+0x3c/0x174 scsi_runtime_resume+0x64/0xa4 rpm_resume+0x15c/0xa1c __pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing ufshcd_err_handler+0x1a0/0xd08 process_one_work+0x174/0x808 worker_thread+0x15c/0x490 kthread+0xf4/0x1ec ret_from_fork+0x10/0x20 [ bvanassche: se reescribi\u00f3 la descripci\u00f3n del parche ]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38120.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38120.json index 08f9a543657..26a75572a21 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38120.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38120.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn't cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_set_pipapo_avx2: correcci\u00f3n del relleno inicial del mapa. Si el primer campo no cubre todo el mapa inicial, debemos poner a cero el resto; de lo contrario, filtraremos esos bits al mapa de la siguiente ronda de coincidencia. La correcci\u00f3n inicial estaba incompleta y solo corrigi\u00f3 la implementaci\u00f3n gen\u00e9rica de C. Un parche posterior a\u00f1ade un caso de prueba a nft_concat_range.sh." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38121.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38121.json index f654c385ede..7a077d2b3d5 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38121.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38121.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mld: avoid panic on init failure\n\nIn case of an error during init, in_hw_restart will be set, but it will\nnever get cleared.\nInstead, we will retry to init again, and then we will act like we are in a\nrestart when we are actually not.\n\nThis causes (among others) to a NULL pointer dereference when canceling\nrx_omi::finished_work, that was not even initialized, because we thought\nthat we are in hw_restart.\n\nSet in_hw_restart to true only if the fw is running, then we know that\nFW was loaded successfully and we are not going to the retry loop." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mld: evitar p\u00e1nico en caso de fallo de inicializaci\u00f3n. En caso de un error durante la inicializaci\u00f3n, se establecer\u00e1 in_hw_restart, pero nunca se borrar\u00e1. En su lugar, volveremos a intentar la inicializaci\u00f3n y luego actuaremos como si estuvi\u00e9ramos en un reinicio cuando en realidad no lo estamos. Esto provoca (entre otras cosas) una desreferencia de puntero NULL al cancelar rx_omi::finished_work, que ni siquiera se inicializ\u00f3, porque cre\u00edamos que est\u00e1bamos en hw_restart. Establezca in_hw_restart en verdadero solo si el firmware se est\u00e1 ejecutando; entonces, sabremos que el firmware se carg\u00f3 correctamente y no entraremos en el bucle de reintentos." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38122.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38122.json index 4617d12f999..013b7d21515 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38122.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38122.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gve: se ha a\u00f1adido la comprobaci\u00f3n de valores nulos (NULL) faltante para gve_alloc_pending_packet() en TX DQO. gve_alloc_pending_packet() puede devolver valores nulos (NULL), pero gve_tx_add_skb_dqo() no los comprobaba antes de desreferenciar el puntero devuelto. Se ha a\u00f1adido una comprobaci\u00f3n de valores nulos (NULL) faltante para evitar una posible desreferencia de punteros nulos cuando falla la asignaci\u00f3n. Esto mejora la robustez en escenarios con poca memoria." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38123.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38123.json index 2358b0490b7..d0dc8f96b18 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38123.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38123.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: t7xx: Soluci\u00f3n del problema de sondeo de napi rx. Cuando el controlador gestiona las solicitudes de sondeo de napi rx, es posible que la l\u00f3gica dellink activada por la operaci\u00f3n de desconexi\u00f3n en el plano de usuario haya liberado netdev. Sin embargo, en la l\u00f3gica de procesamiento de skb en el sondeo, se sigue utilizando un netdev no v\u00e1lido, lo que provoca un p\u00e1nico. ERROR: desreferencia de puntero nulo del kernel, direcci\u00f3n: 0000000000000f1 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:dev_gro_receive+0x3a/0x620 [...] Call Trace: ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x4f/0xa0 ? asm_exc_page_fault+0x22/0x30 ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)] ? dev_gro_receive+0x3a/0x620 napi_gro_receive+0xad/0x170 t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)] t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)] net_rx_action+0x103/0x470 irq_exit_rcu+0x13a/0x310 sysvec_apic_timer_interrupt+0x56/0x90 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38124.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38124.json index c515fb2a61f..e70976fdf3c 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38124.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38124.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don't\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug&]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps&]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump&]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump&]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump&]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump&]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump&]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump&]sp : ffffffc008013770" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fix udp gso skb_segment after pull from frag_list. El commit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after pull from frag_list\") detect\u00f3 una geometr\u00eda no v\u00e1lida en los skbs de frag_list y los redirige de skb_segment_list a un skb_segment m\u00e1s robusto. Sin embargo, algunos paquetes con geometr\u00eda modificada tambi\u00e9n pueden presentar errores en ese c\u00f3digo. Desconocemos cu\u00e1ntos casos de este tipo existen. Abordar cada uno por separado tambi\u00e9n requiere modificar el complejo c\u00f3digo de skb_segment, lo que podr\u00eda introducir errores en otros tipos de skbs. En su lugar, se linealizan todos los paquetes que no cumplen con las invariantes b\u00e1sicas en los skbs de fraglist gso. Esto es m\u00e1s robusto. Si solo se extrae una parte de el payload de fraglist en head_skb, siempre se generar\u00e1 una excepci\u00f3n al dividir los skbs por skb_segment. Para obtener informaci\u00f3n detallada de la pila de llamadas, consulte a continuaci\u00f3n. SKB_GSO_FRAGLIST skbs v\u00e1lidos: constan de dos o m\u00e1s segmentos: head_skb contiene los encabezados de protocolo m\u00e1s el primer gso_size: uno o m\u00e1s frag_list skbs contienen exactamente un segmento; todos, excepto el \u00faltimo, deben ser gso_size Los ganchos de ruta de datos opcionales, como NAT y BPF (bpf_skb_pull_data), pueden modificar fraglist skbs, rompiendo estos invariantes. En casos extremos, extraen una parte de los datos en skb lineal. Para UDP, esto hace que se extraigan tres payloads con longitudes de (11,11,10) bytes para convertirse en (12,10,10) bytes. El skbs ya no cumple con las condiciones SKB_GSO_FRAGLIST anteriores porque el payload se extrajo en head_skb; debe linealizarse antes de pasarse a skb_segment regular. skb_segment+0xcd0/0xd14 __udp_gso_segment+0x334/0x5f4 udp4_ufo_fragment+0x118/0x15c inet_gso_segment+0x164/0x338 skb_mac_gso_segment+0xc4/0x13c __skb_gso_segment+0xc4/0x124 validate_xmit_skb+0x9c/0x2c0 validate_xmit_skb_list+0x4c/0x80 sch_direct_xmit+0x70/0x404 __dev_queue_xmit+0x64c/0xe5c neigh_resolve_output+0x178/0x1c4 ip_finish_output2+0x37c/0x47c __ip_finish_output+0x194/0x240 ip_finish_output+0x20/0xf4 ip_output+0x100/0x1a0 NF_HOOK+0xc4/0x16c ip_forward+0x314/0x32c ip_rcv+0x90/0x118 __netif_receive_skb+0x74/0x124 process_backlog+0xe8/0x1a4 __napi_poll+0x5c/0x1f8 net_rx_action+0x154/0x314 handle_softirqs+0x154/0x4b8 [118.376811] [C201134] rxq0_pus: [name:bug&]kernel BUG at net/core/skbuff.c:4278! [118.376829] [C201134] rxq0_pus: [name:traps&]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [118.470774] [C201134] rxq0_pus: [name:mrdump&]Kernel Offset: 0x178cc00000 from 0xffffffc008000000 [118.470810] [C201134] rxq0_pus: [name:mrdump&]PHYS_OFFSET: 0x40000000 [118.470827] [C201134] rxq0_pus: [name:mrdump&]pstate: 60400005 (nZCv daif +PAN -UAO) [118.470848] [C201134] rxq0_pus: [name:mrdump&]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14 [118.470900] [C201134] rxq0_pus: [name:mrdump&]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14 [118.470928] [C201134] rxq0_pus: [name:mrdump&]sp : ffffffc008013770 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38125.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38125.json index 73f1ec37667..51c7ab4472e 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38125.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38125.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring EST\n\nIf the ptp_rate recorded earlier in the driver happens to be 0, this\nbogus value will propagate up to EST configuration, where it will\ntrigger a division by 0.\n\nPrevent this division by 0 by adding the corresponding check and error\ncode." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: aseg\u00farese de que ptp_rate no sea 0 antes de configurar EST Si el ptp_rate registrado anteriormente en el controlador resulta ser 0, este valor falso se propagar\u00e1 hasta la configuraci\u00f3n de EST, donde activar\u00e1 una divisi\u00f3n por 0. Evite esta divisi\u00f3n por 0 agregando el c\u00f3digo de verificaci\u00f3n y error correspondiente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38126.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38126.json index 8b3c81dbe42..4b4a99b4bfd 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38126.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38126.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: aseg\u00farese de que ptp_rate no sea 0 antes de configurar el sellado de tiempo. Los controladores de la plataforma stmmac que no incluyen en c\u00f3digo abierto el valor clk_ptp_rate tras obtener el predeterminado del \u00e1rbol de dispositivos pueden terminar con 0 en clk_ptp_rate (ya que clk_get_rate puede devolver 0). Esto se propagar\u00e1 hasta la inicializaci\u00f3n de PTP al iniciar la interfaz, lo que provocar\u00e1 una divisi\u00f3n por 0: Divisi\u00f3n por cero en el kernel. CPU: 1 UID: 0 PID: 1 Comm: swapper/0 No contaminado 6.12.30-00001-g48313bd5768a #22 Nombre del hardware: STM32 (Compatibilidad con \u00e1rbol de dispositivos) Rastreo de llamadas: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x6c/0x8c dump_stack_lvl from Ldiv0_64+0x8/0x18 Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4 stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c stmmac_hw_setup from __stmmac_open+0x18c/0x434 __stmmac_open from stmmac_open+0x3c/0xbc stmmac_open from __dev_open+0xf4/0x1ac __dev_open from __dev_change_flags+0x1cc/0x224 __dev_change_flags from dev_change_flags+0x24/0x60 dev_change_flags from ip_auto_config+0x2e8/0x11a0 ip_auto_config from do_one_initcall+0x84/0x33c do_one_initcall from kernel_init_freeable+0x1b8/0x214 kernel_init_freeable from kernel_init+0x24/0x140 kernel_init from ret_from_fork+0x14/0x28 Exception stack(0xe0815fb0 to 0xe0815ff8) Evite esta divisi\u00f3n por 0 sumando Una comprobaci\u00f3n expl\u00edcita y un registro de errores sobre el problema. Mientras tanto, elimine la misma comprobaci\u00f3n de stmmac_ptp_register, que se convierte en un duplicado." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38127.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38127.json index 4cfff18669c..e7b7a7133dd 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38127.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38127.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \n[ +0.002098] \n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: correcci\u00f3n del manejo de errores del programador de Tx en la devoluci\u00f3n de llamada XDP. Al cargar el programa XDP, la devoluci\u00f3n de llamada XDP a\u00f1ade nuevas colas de Tx. Esto significa que la devoluci\u00f3n de llamada debe actualizar el programador de Tx con el nuevo n\u00famero de cola. En caso de fallo del programador de Tx, la devoluci\u00f3n de llamada XDP tambi\u00e9n deber\u00eda fallar y revertir cualquier cambio realizado previamente para la preparaci\u00f3n de XDP. La implementaci\u00f3n anterior presentaba un error que imped\u00eda revertir todos los cambios realizados por la devoluci\u00f3n de llamada XDP. Esto provoc\u00f3 el bloqueo con el siguiente seguimiento de llamada: [ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5 [ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI [ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary) [ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022 [ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice] [...] [ +0.002715] Call Trace: [ +0.002452] [ +0.002021] ? __die_body.cold+0x19/0x29 [ +0.003922] ? die_addr+0x3c/0x60 [ +0.003319] ? exc_general_protection+0x17c/0x400 [ +0.004707] ? asm_exc_general_protection+0x26/0x30 [ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice] [ +0.004835] ice_napi_poll+0x665/0x680 [ice] [ +0.004320] __napi_poll+0x28/0x190 [ +0.003500] net_rx_action+0x198/0x360 [ +0.003752] ? update_rq_clock+0x39/0x220 [ +0.004013] handle_softirqs+0xf1/0x340 [ +0.003840] ? sched_clock_cpu+0xf/0x1f0 [ +0.003925] __irq_exit_rcu+0xc2/0xe0 [ +0.003665] common_interrupt+0x85/0xa0 [ +0.003839] [ +0.002098] [ +0.002106] asm_common_interrupt+0x26/0x40 [ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690. Para solucionar este problema, realice la desasignaci\u00f3n de colas XDP de q_vectors y restablezca el puntero de anillos XDP a NULL despu\u00e9s de liberar todas esas colas. Adem\u00e1s, a\u00f1ada una salida inmediata de la devoluci\u00f3n de llamada XDP en caso de un fallo en la preparaci\u00f3n del anillo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38128.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38128.json index 5648ba6c9fd..b098b50a095 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38128.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38128.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: reject malformed HCI_CMD_SYNC commands\n\nIn 'mgmt_hci_cmd_sync()', check whether the size of parameters passed\nin 'struct mgmt_cp_hci_cmd_sync' matches the total size of the data\n(i.e. 'sizeof(struct mgmt_cp_hci_cmd_sync)' plus trailing bytes).\nOtherwise, large invalid 'params_len' will cause 'hci_cmd_sync_alloc()'\nto do 'skb_put_data()' from an area beyond the one actually passed to\n'mgmt_hci_cmd_sync()'." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: MGMT: rechazar comandos HCI_CMD_SYNC malformados En 'mgmt_hci_cmd_sync()', verifique si el tama\u00f1o de los par\u00e1metros pasados en 'struct mgmt_cp_hci_cmd_sync' coincide con el tama\u00f1o total de los datos (es decir, 'sizeof(struct mgmt_cp_hci_cmd_sync)' m\u00e1s los bytes finales). De lo contrario, un 'params_len' grande y no v\u00e1lido har\u00e1 que 'hci_cmd_sync_alloc()' haga 'skb_put_data()' desde un \u00e1rea m\u00e1s all\u00e1 de la que realmente se pas\u00f3 a 'mgmt_hci_cmd_sync()'." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38129.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38129.json index 2b3fa7ef699..85349db69b0 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38129.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38129.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(&r->producer_lock);\n WRITE_ONCE(r->queue[r->producer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool->recycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(&r->producer_lock); //pool->ring uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: page_pool: Fix use-after-free en page_pool_recycle_in_ring syzbot inform\u00f3 un uaf en page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free en lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880286045a0 por la tarea syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 No contaminado 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Rastreo de llamadas: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool puede estar libre mientras el grupo de p\u00e1ginas recicle la \u00faltima p\u00e1gina del anillo. Se ha a\u00f1adido una barrera de bloqueo del productor a page_pool_release para evitar que el grupo de p\u00e1ginas est\u00e9 libre antes de que se hayan reciclado todas las p\u00e1ginas. recycle_stat_inc() est\u00e1 vac\u00edo cuando CONFIG_PAGE_POOL_STATS no est\u00e1 habilitado, lo que activar\u00e1 la advertencia de compilaci\u00f3n Wempty-body. Se ha a\u00f1adido una definici\u00f3n para la macro de estad\u00edsticas del grupo para corregir la advertencia." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38130.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38130.json index 627c620f6b2..fa1f17b7f47 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38130.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38130.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/connector: only call HDMI audio helper plugged cb if non-null\n\nOn driver remove, sound/soc/codecs/hdmi-codec.c calls the plugged_cb\nwith NULL as the callback function and codec_dev, as seen in its\nhdmi_remove function.\n\nThe HDMI audio helper then happily tries calling said null function\npointer, and produces an Oops as a result.\n\nFix this by only executing the callback if fn is non-null. This means\nthe .plugged_cb and .plugged_cb_dev members still get appropriately\ncleared." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/connector: solo se llama al auxiliar de audio HDMI plugged cb si no es nulo. Al eliminar el controlador, sound/soc/codecs/hdmi-codec.c llama a plugged_cb con NULL como funci\u00f3n de devoluci\u00f3n de llamada y codec_dev, como se observa en su funci\u00f3n hdmi_remove. El auxiliar de audio HDMI intenta entonces llamar a dicho puntero de funci\u00f3n nulo, pero produce un error. Para solucionar esto, ejecute la devoluci\u00f3n de llamada solo si fn no es nulo. Esto significa que los miembros .plugged_cb y .plugged_cb_dev se borran correctamente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38131.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38131.json index 80eb9668e66..557d233143c 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38131.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38131.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs' sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev->cscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev->cscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc's active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: impide la desactivaci\u00f3n de la configuraci\u00f3n activa al habilitarla. Al habilitar la configuraci\u00f3n activa mediante cscfg_csdev_enable_active_config(), esta podr\u00eda desactivarse mediante la interfaz sysfs de configfs. Esto podr\u00eda generar un problema de UAF en el siguiente escenario: CPU0 CPU1 (habilitaci\u00f3n sysfs) carga el m\u00f3dulo cscfg_load_config_sets() activa la configuraci\u00f3n. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) // aqu\u00ed carga la configuraci\u00f3n activada por CPU1 unlock(csdev->cscfg_csdev_lock) desactiva la configuraci\u00f3n // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() descarga el m\u00f3dulo // acceso a config_desc que se liber\u00f3 // mientras se descargaba el m\u00f3dulo. cscfg_csdev_enable_config Para solucionar esto, utilice active_cnt de cscfg_config_desc como un recuento de referencia que se mantendr\u00e1 cuando: - active la configuraci\u00f3n. - habilite la configuraci\u00f3n activada y coloque la referencia del m\u00f3dulo cuando config_active_cnt == 0." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38132.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38132.json index 4f546ae44dd..f658923ffbb 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38132.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38132.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere'll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev->cscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev->cscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list's\nentry delete.\n\nTo resolve this race , hold csdev->cscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: coresight: mantener cscfg_csdev_lock mientras se elimina cscfg de csdev Habr\u00e1 un posible escenario de ejecuci\u00f3n para la configuraci\u00f3n de coresight: CPU0 CPU1 (habilitaci\u00f3n de rendimiento) cargar m\u00f3dulo cscfg_load_config_sets() activar configuraci\u00f3n. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) desactiva la configuraci\u00f3n // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets() cscfg_remove_owned_csdev_configs() // aqu\u00ed se carga la configuraci\u00f3n activada por CPU1 unlock(csdev->cscfg_csdev_lock) iterando config_csdev_list podr\u00eda estar en competencia con la eliminaci\u00f3n de la entrada de config_csdev_list. Para resolver esta competencia, mantenga presionada la tecla csdev->cscfg_csdev_lock() mientras cscfg_remove_owned_csdev_configs()" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38133.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38133.json index e52a67588bc..81882f535c7 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38133.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38133.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad4851: fix ad4858 chan pointer handling\n\nThe pointer returned from ad4851_parse_channels_common() is incremented\ninternally as each channel is populated. In ad4858_parse_channels(),\nthe same pointer was further incremented while setting ext_scan_type\nfields for each channel. This resulted in indio_dev->channels being set\nto a pointer past the end of the allocated array, potentially causing\nmemory corruption or undefined behavior.\n\nFix this by iterating over the channels using an explicit index instead\nof incrementing the pointer. This preserves the original base pointer\nand ensures all channel metadata is set correctly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: ad4851: correcci\u00f3n del manejo del puntero de canal ad4858. El puntero devuelto por ad4851_parse_channels_common() se incrementa internamente a medida que se rellena cada canal. En ad4858_parse_channels(), el mismo puntero se increment\u00f3 a\u00fan m\u00e1s al configurar los campos ext_scan_type para cada canal. Esto provoc\u00f3 que indio_dev->channels se configurara en un puntero m\u00e1s all\u00e1 del final de la matriz asignada, lo que podr\u00eda causar corrupci\u00f3n de memoria o un comportamiento indefinido. Corrija esto iterando sobre los canales utilizando un \u00edndice expl\u00edcito en lugar de incrementar el puntero. Esto preserva el puntero base original y garantiza que todos los metadatos del canal se configuren correctamente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38134.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38134.json index 8f60241887a..034b73a6bd5 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38134.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38134.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()\n\nAs demonstrated by the fix for update_port_device_state,\ncommit 12783c0b9e2c (\"usb: core: Prevent null pointer dereference in update_port_device_state\"),\nusb_hub_to_struct_hub() can return NULL in certain scenarios,\nsuch as during hub driver unbind or teardown race conditions,\neven if the underlying usb_device structure exists.\n\nPlus, all other places that call usb_hub_to_struct_hub() in the same file\ndo check for NULL return values.\n\nIf usb_hub_to_struct_hub() returns NULL, the subsequent access to\nhub->ports[udev->portnum - 1] will cause a null pointer dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: acpi: Evitar la desreferencia de puntero nulo en usb_acpi_add_usb4_devlink(). Como se demuestra en la correcci\u00f3n para update_port_device_state, commit 12783c0b9e2c (\"usb: core: Evitar la desreferencia de puntero nulo en update_port_device_state\"), usb_hub_to_struct_hub() puede devolver NULL en ciertos escenarios, como durante la desvinculaci\u00f3n del controlador del concentrador o en condiciones de ejecuciones de desmontaje, incluso si la estructura usb_device subyacente existe. Adem\u00e1s, todos los dem\u00e1s lugares que llaman a usb_hub_to_struct_hub() en el mismo archivo comprueban si hay valores de retorno NULL. Si usb_hub_to_struct_hub() devuelve NULL, el acceso posterior a hub->ports[udev->portnum - 1] provocar\u00e1 una desreferencia de puntero nulo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38135.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38135.json index 6936abf73d5..610a466063f 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38135.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38135.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: Se corrige la posible desreferencia de puntero nulo en mlb_usio_probe(). devm_ioremap() puede devolver NULL en caso de error. Actualmente, mlb_usio_probe() no verifica este caso, lo que podr\u00eda provocar una desreferencia de puntero NULL. Agregue una comprobaci\u00f3n de NULL despu\u00e9s de devm_ioremap() para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38136.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38136.json index 46cb3520ddd..7789f99d3d3 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38136.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38136.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() <-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: renesas_usbhs: Reordenar el manejo del reloj y la administraci\u00f3n de energ\u00eda en la sonda Reordenar la secuencia de inicializaci\u00f3n en `usbhs_probe()` para habilitar PM en tiempo de ejecuci\u00f3n antes de acceder a los registros, lo que evita posibles fallos debido a relojes no inicializados. Actualmente, en la ruta de la sonda, se accede a los registros antes de habilitar los relojes, lo que lleva a un aborto externo s\u00edncrono en el SoC RZ/V2H. El flujo de llamada problem\u00e1tico es el siguiente: usbhs_probe() usbhs_sys_clock_ctrl() usbhs_bset() usbhs_write() iowrite16() <-- Acceso a registros antes de habilitar los relojes Dado que `iowrite16()` se realiza sin garantizar que los relojes requeridos est\u00e9n habilitados, esto puede llevar a errores de acceso. Para solucionar esto, habilite el tiempo de ejecuci\u00f3n de PM temprano en la funci\u00f3n de sonda y aseg\u00farese de que los relojes se adquieran antes del acceso al registro, lo que evita fallos como el siguiente en RZ/V2H: [13.272640] Error interno: aborto externo s\u00edncrono: 0000000096000010 [#1] PREEMPT SMP [13.280814] M\u00f3dulos vinculados: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6 [13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98 [13.296640] Nombre del hardware: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT) [13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs] [13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs] [13.321138] sp : ffff8000827e3850 [13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0 [13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025 [13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010 [13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff [13.352895] x17: 000000000000000 x16: 000000000000000 x15: ffff8000827e36ce [13.360009] x14: 00000000000003d7 x13: 000000000000003d7 x12: 0000000000000000 [13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9: ffff8000827e3750 [13.374235] x8: ffff0000c1850b00 x7: 0000000003826060 x6: 000000000000001c [13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000 [13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080 [13.395574] Rastreo de llamadas: [13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P) [13.403076] platform_probe+0x68/0xdc [13.406738] really_probe+0xbc/0x2c0 [13.410306] __driver_probe_device+0x78/0x120 [13.414653] driver_probe_device+0x3c/0x154 [13.418825] __driver_attach+0x90/0x1a0 [13.422647] bus_for_each_dev+0x7c/0xe0 [13.426470] driver_attach+0x24/0x30 [13.430032] bus_add_driver+0xe4/0x208 [13.433766] driver_register+0x68/0x130 [13.437587] __platform_driver_register+0x24/0x30 [13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs] [13.448450] do_one_initcall+0x60/0x1d4 [13.452276] do_init_module+0x54/0x1f8 [13.456014] load_module+0x1754/0x1c98 [13.459750] init_module_from_file+0x88/0xcc [13.464004] __arm64_sys_finit_module+0x1c4/0x328 [13.468689] invoke_syscall+0x48/0x104 [13.472426] el0_svc_common.constprop.0+0xc0/0xe0 [13.477113] do_el0_svc+0x1c/0x28 [13.480415] el0_svc+0x30/0xcc [13.483460] el0t_64_sync_handler+0x10c/0x138 [13.487800] el0t_64_sync+0x198/0x19c [13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084) [13.497522] ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38137.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38137.json index 410ea8e3d6e..90e94861371 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38137.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38137.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/pwrctrl: Cancel outstanding rescan work when unregistering\n\nIt's possible to trigger use-after-free here by:\n\n (a) forcing rescan_work_func() to take a long time and\n (b) utilizing a pwrctrl driver that may be unloaded for some reason\n\nCancel outstanding work to ensure it is finished before we allow our data\nstructures to be cleaned up.\n\n[bhelgaas: tidy commit log]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/pwrctrl: Cancelar el trabajo de reescaneo pendiente al anular el registro Es posible activar el use-after-free aqu\u00ed: (a) forzando a rescan_work_func() a tomar mucho tiempo y (b) utilizando un controlador pwrctrl que puede estar descargado por alguna raz\u00f3n Cancelar el trabajo pendiente para asegurar que est\u00e9 terminado antes de que permitamos que se limpien nuestras estructuras de datos. [bhelgaas: tidy commit log]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38138.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38138.json index d98ee40027a..6c88954aeb7 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38138.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38138.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: A\u00f1adir comprobaci\u00f3n de valores NULL en udma_probe(). Devm_kasprintf() devuelve NULL cuando falla la asignaci\u00f3n de memoria. Actualmente, udma_probe() no comprueba este caso, lo que provoca una desreferencia de puntero NULL. A\u00f1adir comprobaci\u00f3n de valores NULL despu\u00e9s de devm_kasprintf() para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38139.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38139.json index ff1bfdf657c..183e4b15225 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38139.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38139.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix oops in write-retry from mis-resetting the subreq iterator\n\nFix the resetting of the subrequest iterator in netfs_retry_write_stream()\nto use the iterator-reset function as the iterator may have been shortened\nby a previous retry. In such a case, the amount of data to be written by\nthe subrequest is not \"subreq->len\" but \"subreq->len -\nsubreq->transferred\".\n\nWithout this, KASAN may see an error in iov_iter_revert():\n\n BUG: KASAN: slab-out-of-bounds in iov_iter_revert lib/iov_iter.c:633 [inline]\n BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0 lib/iov_iter.c:611\n Read of size 4 at addr ffff88802912a0b8 by task kworker/u32:7/1147\n\n CPU: 1 UID: 0 PID: 1147 Comm: kworker/u32:7 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound netfs_write_collection_worker\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n iov_iter_revert lib/iov_iter.c:633 [inline]\n iov_iter_revert+0x443/0x5a0 lib/iov_iter.c:611\n netfs_retry_write_stream fs/netfs/write_retry.c:44 [inline]\n netfs_retry_writes+0x166d/0x1a50 fs/netfs/write_retry.c:231\n netfs_collect_write_results fs/netfs/write_collect.c:352 [inline]\n netfs_write_collection_worker+0x23fd/0x3830 fs/netfs/write_collect.c:374\n process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: Se corrige un error en el reintento de escritura debido al restablecimiento incorrecto del iterador de la subsolicitud. Se corrige el restablecimiento del iterador de la subsolicitud en netfs_retry_write_stream() para usar la funci\u00f3n iterator-reset, ya que el iterador podr\u00eda haberse acortado debido a un reintento anterior. En tal caso, la cantidad de datos que debe escribir la subsolicitud no es \"subreq->len\", sino \"subreq->len - subreq->transferred\". Sin esto, KASAN puede ver un error en iov_iter_revert(): ERROR: KASAN: slab-out-of-bounds en iov_iter_revert lib/iov_iter.c:633 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en iov_iter_revert+0x443/0x5a0 lib/iov_iter.c:611 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88802912a0b8 por la tarea kworker/u32:7/1147 CPU: 1 UID: 0 PID: 1147 Comm: kworker/u32:7 No contaminado 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 Cola de trabajo: events_unbound netfs_write_collection_worker Rastreo de llamadas __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 iov_iter_revert lib/iov_iter.c:633 [inline] iov_iter_revert+0x443/0x5a0 lib/iov_iter.c:611 netfs_retry_write_stream fs/netfs/write_retry.c:44 [inline] netfs_retry_writes+0x166d/0x1a50 fs/netfs/write_retry.c:231 netfs_collect_write_results fs/netfs/write_collect.c:352 [inline] netfs_write_collection_worker+0x23fd/0x3830 fs/netfs/write_collect.c:374 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38140.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38140.json index e46f347f3fd..ff82308c98b 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38140.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38140.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk->conv_zones_bitmap was the wrong size.\n\nIf the device doesn't have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk->nr_zones value. In this case, DM must restore the previous\nvalue of disk->nr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm: limitar el intercambio de tablas para dispositivos con conectores de escritura de zona. dm_revalidate_zones() solo permit\u00eda que los dispositivos nuevos o previamente no zonificados llamaran a blk_revalidate_disk_zones(). Si el dispositivo ya estaba zonificado, disk->nr_zones siempre ser\u00eda igual a md->nr_zones, por lo que dm_revalidate_zones() regresaba sin realizar ning\u00fan trabajo. Esto har\u00eda que la configuraci\u00f3n zonificada para el dispositivo no coincidiera con la nueva tabla. Si el dispositivo ten\u00eda recursos de conector de escritura de zona, podr\u00eda encontrarse con errores como bdev_zone_is_seq() leyendo memoria no v\u00e1lida porque disk->conv_zones_bitmap ten\u00eda un tama\u00f1o incorrecto. Si el dispositivo no tiene ning\u00fan recurso de conector de escritura de zona, llamar a blk_revalidate_disk_zones() siempre actualizar\u00e1 correctamente el dispositivo. Si blk_revalidate_disk_zones() falla, a\u00fan puede sobrescribir o borrar el valor actual de disk->nr_zones. En este caso, DM debe restaurar el valor anterior de disk->nr_zones para que la configuraci\u00f3n de zonas siga siendo la misma que la anterior. Si el dispositivo ya cuenta con recursos de complemento de escritura de zona, blk_revalidate_disk_zones() no los actualizar\u00e1 correctamente si se le solicita para realizar cambios arbitrarios en el dispositivo de zona. Dado que esta funci\u00f3n no es muy necesaria, la soluci\u00f3n m\u00e1s sencilla es impedir cualquier recarga de tabla que modifique la configuraci\u00f3n de zonas en los dispositivos que ya cuentan con recursos de complemento de zona. En concreto, si un dispositivo ya tiene asignados recursos de complemento de zona, solo puede cambiar a otra tabla de zonas que tambi\u00e9n emule la anexi\u00f3n de zona. Adem\u00e1s, no puede cambiar el tama\u00f1o del dispositivo ni el de la zona. Un dispositivo puede cambiar a un destino de error." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38141.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38141.json index ec980b04185..4f767774d51 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38141.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38141.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix dm_blk_report_zones\n\nIf dm_get_live_table() returned NULL, dm_put_live_table() was never\ncalled. Also, it is possible that md->zone_revalidate_map will change\nwhile calling this function. Only read it once, so that we are always\nusing the same value. Otherwise we might miss a call to\ndm_put_live_table().\n\nFinally, while md->zone_revalidate_map is set and a process is calling\nblk_revalidate_disk_zones() to set up the zone append emulation\nresources, it is possible that another process, perhaps triggered by\nblkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If\nblk_revalidate_disk_zones() fails, these resources can be freed while\nthe other process is still using them, causing a use-after-free error.\n\nblk_revalidate_disk_zones() will only ever be called when initially\nsetting up the zone append emulation resources, such as when setting up\na zoned dm-crypt table for the first time. Further table swaps will not\nset md->zone_revalidate_map or call blk_revalidate_disk_zones().\nHowever it must be called using the new table (referenced by\nmd->zone_revalidate_map) and the new queue limits while the DM device is\nsuspended. dm_blk_report_zones() needs some way to distinguish between a\ncall from blk_revalidate_disk_zones(), which must be allowed to use\nmd->zone_revalidate_map to access this not yet activated table, and all\nother calls to dm_blk_report_zones(), which should not be allowed while\nthe device is suspended and cannot use md->zone_revalidate_map, since\nthe zone resources might be freed by the process currently calling\nblk_revalidate_disk_zones().\n\nSolve this by tracking the process that sets md->zone_revalidate_map in\ndm_revalidate_zones() and only allowing that process to make use of it\nin dm_blk_report_zones()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm: fix dm_blk_report_zones Si dm_get_live_table() devolv\u00eda NULL, dm_put_live_table() nunca se llamaba. Adem\u00e1s, es posible que md->zone_revalidate_map cambie al llamar a esta funci\u00f3n. Solo l\u00e9alo una vez, para que siempre usemos el mismo valor. De lo contrario, podr\u00edamos perder una llamada a dm_put_live_table(). Finalmente, mientras md->zone_revalidate_map est\u00e1 configurado y un proceso est\u00e1 llamando a blk_revalidate_disk_zones() para configurar los recursos de emulaci\u00f3n de anexi\u00f3n de zona, es posible que otro proceso, quiz\u00e1s activado por blkdev_report_zones_ioctl(), llame a dm_blk_report_zones(). Si blk_revalidate_disk_zones() falla, estos recursos pueden liberarse mientras el otro proceso a\u00fan los est\u00e1 usando, causando un error de uso despu\u00e9s de liberaci\u00f3n. blk_revalidate_disk_zones() solo se llamar\u00e1 al configurar inicialmente los recursos de emulaci\u00f3n de anexi\u00f3n de zona, como al configurar una tabla dm-crypt zonificada por primera vez. Los intercambios de tabla posteriores no establecer\u00e1n md->zone_revalidate_map ni llamar\u00e1n a blk_revalidate_disk_zones(). Sin embargo, debe llamarse utilizando la nueva tabla (referenciada por md->zone_revalidate_map) y los nuevos l\u00edmites de cola mientras el dispositivo DM est\u00e9 suspendido. dm_blk_report_zones() necesita distinguir entre una llamada a blk_revalidate_disk_zones(), que debe permitir el uso de md->zone_revalidate_map para acceder a esta tabla a\u00fan no activada, y todas las dem\u00e1s llamadas a dm_blk_report_zones(), que no deben permitirse mientras el dispositivo est\u00e9 suspendido y no puedan usar md->zone_revalidate_map, ya que los recursos de la zona podr\u00edan ser liberados por el proceso que llama a blk_revalidate_disk_zones(). Para solucionar esto, se debe rastrear el proceso que establece md->zone_revalidate_map en dm_revalidate_zones() y permitir que solo ese proceso lo use en dm_blk_report_zones()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38142.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38142.json index b13c2a75ebf..fec827760d5 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38142.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38142.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (asus-ec-sensors) comprobar el \u00edndice del sensor en read_string(). Evita un posible acceso no v\u00e1lido a memoria cuando no se encuentra el sensor solicitado. find_ec_sensor_index() puede devolver un valor negativo (p. ej., -ENOENT), pero su resultado se utiliz\u00f3 sin comprobarlo, lo que podr\u00eda provocar un comportamiento indefinido al pasarlo a get_sensor_info(). Se ha a\u00f1adido una comprobaci\u00f3n adecuada para devolver -EINVAL si sensor_index es negativo. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE. [groeck: C\u00f3digo de error devuelto por find_ec_sensor_index]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-381xx/CVE-2025-38165.json b/CVE-2025/CVE-2025-381xx/CVE-2025-38165.json index fb2ab8e0c49..a65f8328bb4 100644 --- a/CVE-2025/CVE-2025-381xx/CVE-2025-38165.json +++ b/CVE-2025/CVE-2025-381xx/CVE-2025-38165.json @@ -12,7 +12,7 @@ }, { "lang": "es", - "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Se corrige el p\u00e1nico al llamar a skb_linearize El p\u00e1nico se puede reproducir ejecutando el comando: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Luego se captur\u00f3 un p\u00e1nico del kernel: ''' [ 657.460555] kernel BUG at net/core/skbuff.c:2178! [ 657.462680] Tainted: [W]=WARN [ 657.463287] Workqueue: events sk_psock_backlog ... [ 657.469610] [ 657.469738] ? die+0x36/0x90 [ 657.469916] ? do_trap+0x1d0/0x270 [ 657.470118] ? pskb_expand_head+0x612/0xf40 [ 657.470376] ? pskb_expand_head+0x612/0xf40 [ 657.470620] ? do_error_trap+0xa3/0x170 [ 657.470846] ? pskb_expand_head+0x612/0xf40 [ 657.471092] ? handle_invalid_op+0x2c/0x40 [ 657.471335] ? pskb_expand_head+0x612/0xf40 [ 657.471579] ? exc_invalid_op+0x2d/0x40 [ 657.471805] ? asm_exc_invalid_op+0x1a/0x20 [ 657.472052] ? pskb_expand_head+0xd1/0xf40 [ 657.472292] ? pskb_expand_head+0x612/0xf40 [ 657.472540] ? lock_acquire+0x18f/0x4e0 [ 657.472766] ? find_held_lock+0x2d/0x110 [ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10 [ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470 [ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10 [ 657.473826] __pskb_pull_tail+0xfd/0x1d20 [ 657.474062] ? __kasan_slab_alloc+0x4e/0x90 [ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510 [ 657.475392] ? __kasan_kmalloc+0xaa/0xb0 [ 657.476010] sk_psock_backlog+0x5cf/0xd70 [ 657.476637] process_one_work+0x858/0x1a20 ''' El p\u00e1nico se origina en la aserci\u00f3n BUG_ON(skb_shared(skb)) en skb_linearize(). Una confirmaci\u00f3n anterior (v\u00e9ase la etiqueta \"Correcciones\") introdujo skb_get() para evitar condiciones de ejecuci\u00f3n entre las operaciones de skb en el backlog y la versi\u00f3n de skb en la ruta recvmsg. Sin embargo, esto provocaba que el p\u00e1nico siempre se produjera al ejecutar skb_linearize. El par\u00e1metro \"--rx-strp 100000\" obliga a la ruta RX a usar el m\u00f3dulo strparser, que agrega datos hasta alcanzar los 100 KB antes de llamar a la l\u00f3gica de sockmap. El payload de 100 KB supera MAX_MSG_FRAGS, lo que activa skb_linearize. Para solucionar este problema, simplemente mueva skb_get a sk_psock_skb_ingress_enqueue. ''' sk_psock_backlog: sk_psock_handle_skb skb_get(skb) <== lo movemos a 'sk_psock_skb_ingress_enqueue' sk_psock_skb_ingress____________ ? | | ? sk_psock_skb_ingress_self | sk_psock_skb_ingress_enqueue sk_psock_verdict_apply_________________? skb_linearize ''' Tenga en cuenta que para la ruta verdict_apply, la operaci\u00f3n skb_get es innecesaria, por lo que a\u00f1adimos el par\u00e1metro 'take_ref' para controlar su comportamiento. " + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Se corrige el p\u00e1nico al llamar a skb_linearize El p\u00e1nico se puede reproducir ejecutando el comando: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Luego se captur\u00f3 un p\u00e1nico del kernel: ''' [ 657.460555] kernel BUG at net/core/skbuff.c:2178! [ 657.462680] Tainted: [W]=WARN [ 657.463287] Workqueue: events sk_psock_backlog ... [ 657.469610] [ 657.469738] ? die+0x36/0x90 [ 657.469916] ? do_trap+0x1d0/0x270 [ 657.470118] ? pskb_expand_head+0x612/0xf40 [ 657.470376] ? pskb_expand_head+0x612/0xf40 [ 657.470620] ? do_error_trap+0xa3/0x170 [ 657.470846] ? pskb_expand_head+0x612/0xf40 [ 657.471092] ? handle_invalid_op+0x2c/0x40 [ 657.471335] ? pskb_expand_head+0x612/0xf40 [ 657.471579] ? exc_invalid_op+0x2d/0x40 [ 657.471805] ? asm_exc_invalid_op+0x1a/0x20 [ 657.472052] ? pskb_expand_head+0xd1/0xf40 [ 657.472292] ? pskb_expand_head+0x612/0xf40 [ 657.472540] ? lock_acquire+0x18f/0x4e0 [ 657.472766] ? find_held_lock+0x2d/0x110 [ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10 [ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470 [ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10 [ 657.473826] __pskb_pull_tail+0xfd/0x1d20 [ 657.474062] ? __kasan_slab_alloc+0x4e/0x90 [ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510 [ 657.475392] ? __kasan_kmalloc+0xaa/0xb0 [ 657.476010] sk_psock_backlog+0x5cf/0xd70 [ 657.476637] process_one_work+0x858/0x1a20 ''' El p\u00e1nico se origina en la aserci\u00f3n BUG_ON(skb_shared(skb)) en skb_linearize(). Una confirmaci\u00f3n anterior (v\u00e9ase la etiqueta \"Correcciones\") introdujo skb_get() para evitar condiciones de ejecuci\u00f3n entre las operaciones de skb en el backlog y la versi\u00f3n de skb en la ruta recvmsg. Sin embargo, esto provocaba que el p\u00e1nico siempre se produjera al ejecutar skb_linearize. El par\u00e1metro \"--rx-strp 100000\" obliga a la ruta RX a usar el m\u00f3dulo strparser, que agrega datos hasta alcanzar los 100 KB antes de llamar a la l\u00f3gica de sockmap. El payload de 100 KB supera MAX_MSG_FRAGS, lo que activa skb_linearize. Para solucionar este problema, simplemente mueva skb_get a sk_psock_skb_ingress_enqueue. ''' sk_psock_backlog: sk_psock_handle_skb skb_get(skb) <== lo movemos a 'sk_psock_skb_ingress_enqueue' sk_psock_skb_ingress____________ ? | | ? sk_psock_skb_ingress_self | sk_psock_skb_ingress_enqueue sk_psock_verdict_apply_________________? skb_linearize ''' Tenga en cuenta que para la ruta verdict_apply, la operaci\u00f3n skb_get es innecesaria, por lo que a\u00f1adimos el par\u00e1metro 'take_ref' para controlar su comportamiento." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3813.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3813.json index 3c9bebf97a2..edbd39385dd 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3813.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3813.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-05-31T08:15:20.970", "lastModified": "2025-06-02T17:32:17.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3880.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3880.json index fe85c71ee51..d0122acb02d 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3880.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3880.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected." + }, + { + "lang": "es", + "value": "El complemento Poll, Survey & Quiz Maker Plugin by Opinion Stage para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una comprobaci\u00f3n de capacidad mal configurada en varias funciones en todas las versiones hasta la 19.9.0 incluida. Esto permite que atacantes autenticados, con acceso de Colaborador o superior, cambien la direcci\u00f3n de correo electr\u00f3nico de la cuenta y desconecten el complemento. El contenido creado previamente se seguir\u00e1 mostrando y funcionando si la cuenta se desconecta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-393xx/CVE-2025-39361.json b/CVE-2025/CVE-2025-393xx/CVE-2025-39361.json index 63752f526e4..fd2cc0d6523 100644 --- a/CVE-2025/CVE-2025-393xx/CVE-2025-39361.json +++ b/CVE-2025/CVE-2025-393xx/CVE-2025-39361.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-07T09:15:19.017", "lastModified": "2025-05-07T14:13:20.483", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39479.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39479.json index caab025347a..705972c2a09 100644 --- a/CVE-2025/CVE-2025-394xx/CVE-2025-39479.json +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39479.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en smartiolabs Smart Notification permite la inyecci\u00f3n SQL ciega. Este problema afecta a Smart Notification desde n/d hasta la versi\u00f3n 10.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39486.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39486.json index e1424404d66..434bca0ad69 100644 --- a/CVE-2025/CVE-2025-394xx/CVE-2025-39486.json +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39486.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en ValvePress Rankie permite la inyecci\u00f3n SQL. Este problema afecta a Rankie: de n/d a n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39508.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39508.json index 48457656e71..d96aaf4273b 100644 --- a/CVE-2025/CVE-2025-395xx/CVE-2025-39508.json +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39508.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue affects Nasa Core: from n/a through 6.3.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NasaTheme Nasa Core permite XSS reflejado. Este problema afecta a Nasa Core desde n/d hasta la versi\u00f3n 6.3.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40710.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40710.json index 4c19a947d91..78c6581a8a7 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40710.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40710.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel.\u00a0Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n de encabezado de host (HHI) en el cliente VPN de Hotspot Shield, que puede inducir un comportamiento inesperado al acceder a aplicaciones web de terceros a trav\u00e9s del t\u00fanel VPN. Si bien estas aplicaciones no presentan esta vulnerabilidad en s\u00ed, el uso del t\u00fanel, junto con un encabezado de host falsificado, puede provocar que el cliente VPN redirija o reenv\u00ede solicitudes HTTP a servidores distintos a los previstos originalmente, lo que puede tener consecuencias como redirecciones abiertas o la entrega de tr\u00e1fico a la infraestructura controlada por un atacante. Esto no implica una falla en las aplicaciones objetivo, sino en la forma en que el cliente VPN gestiona internamente los encabezados y solicitudes salientes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40722.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40722.json index 57942cbd492..dfadbfd1c87 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40722.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40722.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the\u00a0replace parameter in /config.php/tags." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a Flatboard 3.2.2 de Flatboard Pro, consistente en un XSS almacenado debido a la falta de una validaci\u00f3n adecuada de la entrada del usuario, a trav\u00e9s del par\u00e1metro replace en /config.php/tags." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40723.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40723.json index 2a84dcb9f0f..3eb791a9605 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40723.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40723.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the\u00a0footer_text and announcement parameters in config.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a Flatboard 3.2.2 de Flatboard Pro, consistente en un XSS almacenado debido a la falta de una validaci\u00f3n adecuada de la entrada del usuario, a trav\u00e9s de los par\u00e1metros footer_text y announcement en config.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json index 80ad3f90182..8afdb6c52c1 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40731.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-06-30T09:15:24.450", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json index f05a0ed1d74..19c76cb8dbc 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40732.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-06-30T09:15:25.567", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json index 331c92907db..2a95537ea71 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40733.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-06-30T09:15:25.760", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json b/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json index 90c2062fbf7..c75ea2c35ff 100644 --- a/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json +++ b/CVE-2025/CVE-2025-407xx/CVE-2025-40734.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-06-30T09:15:25.947", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-413xx/CVE-2025-41388.json b/CVE-2025/CVE-2025-413xx/CVE-2025-41388.json index 168ca196f4c..704d807d89a 100644 --- a/CVE-2025/CVE-2025-413xx/CVE-2025-41388.json +++ b/CVE-2025/CVE-2025-413xx/CVE-2025-41388.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Fuji Electric Smart Editor es vulnerable a un desbordamiento de b\u00fafer basado en pila, lo que puede permitir que un atacante ejecute c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-414xx/CVE-2025-41413.json b/CVE-2025/CVE-2025-414xx/CVE-2025-41413.json index 432b4022b6d..92ae4b6df5e 100644 --- a/CVE-2025/CVE-2025-414xx/CVE-2025-41413.json +++ b/CVE-2025/CVE-2025-414xx/CVE-2025-41413.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Fuji Electric Smart Editor\u00a0is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Fuji Electric Smart Editor es vulnerable a una escritura fuera de los l\u00edmites, lo que puede permitir que un atacante ejecute c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json index 35287c758b9..a6bac0d1b79 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-20T12:15:22.140", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4128.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4128.json index 361b74e9552..d7fd7a65d6c 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4128.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4128.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-11T11:15:23.143", "lastModified": "2025-06-12T16:06:20.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-436xx/CVE-2025-43699.json b/CVE-2025/CVE-2025-436xx/CVE-2025-43699.json index 366a1edf367..2d68d7963f7 100644 --- a/CVE-2025/CVE-2025-436xx/CVE-2025-43699.json +++ b/CVE-2025/CVE-2025-436xx/CVE-2025-43699.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@salesforce.com", "published": "2025-06-10T12:15:24.357", "lastModified": "2025-06-18T14:15:44.040", - "vulnStatus": "Undergoing Analysis", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-437xx/CVE-2025-43713.json b/CVE-2025/CVE-2025-437xx/CVE-2025-43713.json index 3062d98c6ba..c473f1e87ab 100644 --- a/CVE-2025/CVE-2025-437xx/CVE-2025-43713.json +++ b/CVE-2025/CVE-2025-437xx/CVE-2025-43713.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0." + }, + { + "lang": "es", + "value": "ASNA Assist y ASNA Registrar, anteriores al 31/03/2025, permiten ataques de deserializaci\u00f3n contra la comunicaci\u00f3n remota .NET. Estos servicios del sistema de Windows admiten la administraci\u00f3n de claves de licencia y la autenticaci\u00f3n de red de Windows obsoleta. Estos servicios se implementan con comunicaci\u00f3n remota .NET y pueden explotarse mediante t\u00e9cnicas de deserializaci\u00f3n conocidas inherentes a la tecnolog\u00eda. Dado que los servicios se ejecutan con permisos de nivel de sistema, se pueden manipular exploits para lograr la escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario. Esto afecta a DataGate para SQL Server 17.0.36.0 y 16.0.89.0, DataGate Component Suite 17.0.36.0 y 16.0.89.0, DataGate Monitor 17.0.26.0 y 16.0.65.0, DataGate WebPak 17.0.37.0 y 16.0.90.0, Monarch para .NET 11.4.50.0 y 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 y 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 y 16.0.89.0, WingsRPG 11.0.38.0 y 10.0.95.0, Mobile RPG 11.0.35.0 y 10.0.94.0, Monarch Framework para .NET FW 11.0.36.0 y 10.0.89.0, Browser Terminal 17.0.37.0 y 16.0.90.0, Visual RPG Classic 5.2.7.0 y 5.1.17.0, Visual RPG Deployment 5.2.7.0 y 5.1.17.0, y DataGate Studio 17.0.38.0 y 16.0.104.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-439xx/CVE-2025-43951.json b/CVE-2025/CVE-2025-439xx/CVE-2025-43951.json index fb681b7f1d1..69c35919901 100644 --- a/CVE-2025/CVE-2025-439xx/CVE-2025-43951.json +++ b/CVE-2025/CVE-2025-439xx/CVE-2025-43951.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:16:01.650", "lastModified": "2025-04-23T14:15:30.093", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4365.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4365.json index fef668d23e8..19030b9531a 100644 --- a/CVE-2025/CVE-2025-43xx/CVE-2025-4365.json +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4365.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Arbitrary file read in\u00a0NetScaler Console and NetScaler SDX (SVM)" + }, + { + "lang": "es", + "value": "Lectura de archivos arbitrarios en NetScaler Console y NetScaler SDX (SVM)" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json b/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json index e39341972fc..46f0a4a29bf 100644 --- a/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json +++ b/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json @@ -2,24 +2,102 @@ "id": "CVE-2025-44203", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T16:15:28.700", - "lastModified": "2025-06-20T16:15:28.700", - "vulnStatus": "Received", + "lastModified": "2025-06-26T14:35:57.863", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials." + }, + { + "lang": "es", + "value": "En HotelDruid 3.0.7, un atacante no autenticado puede explotar mensajes de error SQL detallados en creadb.php antes de pulsar el bot\u00f3n \"Crear base de datos\". Al enviar solicitudes POST mal formadas a este endpoint, el atacante puede obtener el nombre de usuario, el hash de la contrase\u00f1a y la sal del administrador. En algunos casos, el ataque resulta en una denegaci\u00f3n de servicio (DoS), impidiendo que el administrador inicie sesi\u00f3n incluso con las credenciales correctas. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + }, + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C9D8DF00-0D75-45B1-8819-FCB87A07FB27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.7:*:*:*:*:*:*:*", + "matchCriteriaId": "0EFAA1B2-5E34-4FB2-81B4-D1DB0EEE96C7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/IvanT7D3/CVE-2025-44203/tree/main", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.hoteldruid.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] + }, + { + "url": "https://github.com/IvanT7D3/CVE-2025-44203/tree/main", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json index 4ba8f520e94..b095e375bd4 100644 --- a/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T16:15:27.413", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json index 570cadee2d1..bdb6a36eee5 100644 --- a/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T16:15:27.520", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44998.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44998.json index df4cadcadc0..415ec464e1a 100644 --- a/CVE-2025/CVE-2025-449xx/CVE-2025-44998.json +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44998.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-05-23T19:15:22.237", "lastModified": "2025-05-28T14:58:52.920", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4404.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4404.json index 468256eb726..7320e950eb5 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4404.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4404.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad de escalada de privilegios del host al dominio en el proyecto FreeIPA. El paquete FreeIPA no valida la unicidad de `krbCanonicalName` para la cuenta de administrador por defecto, lo que permite a los usuarios crear servicios con el mismo nombre can\u00f3nico que el administrador de REALM. Cuando se produce un ataque exitoso, el usuario puede recuperar un ticket de Kerberos en nombre de este servicio, que contiene la credencial admin@REALM. Esta falla permite a un atacante realizar tareas administrativas a trav\u00e9s de REALM, lo que permite el acceso a datos confidenciales y su exfiltraci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4407.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4407.json index a6a6ed9a6d1..bad19d64dfc 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4407.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4407.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente en ABB Lite Panel Pro. Este problema afecta a Lite Panel Pro: hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json index d6e9aa637ed..e621fde8527 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4413.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento Pixabay Images para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n pixabay_upload en todas las versiones hasta la 3.4 incluida. Esto permite que atacantes autenticados, con acceso de autor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4415.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4415.json index a1ed471248b..95912a543f9 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4415.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4415.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4415", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-05-21T17:15:58.970", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:23:59.237", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matomo:piwik_pro:*:*:*:*:*:drupal:*:*", + "versionEndExcluding": "1.3.2", + "matchCriteriaId": "BBA99A1A-094B-453C-9FA0-66CD1820C719" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.drupal.org/sa-contrib-2025-058", - "source": "mlhess@drupal.org" + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4416.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4416.json index 75af8986f52..d595cfca597 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4416.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4416.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4416", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-05-21T17:15:59.150", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T14:35:56.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:events_log_track_project:events_log_track:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.1.11", + "matchCriteriaId": "8FA1CBC7-0EB9-41D5-81A2-B286FA392281" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:events_log_track_project:events_log_track:*:*:*:*:*:wordpress:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.0.2", + "matchCriteriaId": "7B040132-6894-4BB6-B6FE-723E797FF52D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.drupal.org/sa-contrib-2025-059", - "source": "mlhess@drupal.org" + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json index 393ac8f02e3..795588b33db 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-19T04:15:49.147", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4493.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4493.json index 4cbd760554b..770035006a2 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4493.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4493.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4493", "sourceIdentifier": "security@devolutions.net", "published": "2025-05-28T13:15:19.817", - "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T15:48:22.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2024.3.15.0", + "matchCriteriaId": "B14C7E62-E99B-4734-A83E-CBE9C79C96D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2025.1.3.0", + "versionEndIncluding": "2025.1.7.0", + "matchCriteriaId": "1933FBC7-209A-4565-B3D6-E09F2D2EAC50" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2025-0008/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-451xx/CVE-2025-45143.json b/CVE-2025/CVE-2025-451xx/CVE-2025-45143.json index 098a245bbc5..95421982ac2 100644 --- a/CVE-2025/CVE-2025-451xx/CVE-2025-45143.json +++ b/CVE-2025/CVE-2025-451xx/CVE-2025-45143.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que string-math v1.2.2 contiene una denegaci\u00f3n de servicio de expresiones regulares (ReDoS) que se explota a trav\u00e9s de una entrada manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45754.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45754.json index 41eaef33a93..1b248929454 100644 --- a/CVE-2025/CVE-2025-457xx/CVE-2025-45754.json +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45754.json @@ -2,8 +2,8 @@ "id": "CVE-2025-45754", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-21T17:15:58.057", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T13:50:09.177", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seeddms:seeddms:6.0.32:*:*:*:*:*:*:*", + "matchCriteriaId": "0049EACB-E512-4E50-9D5C-C0DDB3978500" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.simonjuguna.com/cve-2025-45754-stored-cross-site-scripting-xss-vulnerability-in-seeddms-v6-0-32/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.simonjuguna.com/cve-2025-45754-stored-cross-site-scripting-xss-vulnerability-in-seeddms-v6-0-32/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json index a0b7dbac2be..7e5124415ca 100644 --- a/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T15:15:27.230", "lastModified": "2025-06-23T20:16:59.783", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45809.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45809.json index 244be56e146..647f588854a 100644 --- a/CVE-2025/CVE-2025-458xx/CVE-2025-45809.json +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45809.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que BerriAI litellm v1.65.4 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del endpoint /key/block." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json index 4d5a9167b2a..f1d65d85545 100644 --- a/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json @@ -2,20 +2,89 @@ "id": "CVE-2025-45890", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T16:15:29.240", - "lastModified": "2025-06-20T16:15:29.240", - "vulnStatus": "Received", + "lastModified": "2025-06-26T14:25:56.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Directory Traversal en novel plus anterior a v.5.1.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro filePath" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.1.0", + "matchCriteriaId": "079AB2BA-21BF-4475-9859-1C5760CCA3CF" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/SecureCore1/CVE/blob/main/novel-plus/readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] + }, + { + "url": "https://github.com/SecureCore1/CVE/blob/main/novel-plus/readme.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45931.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45931.json index f23cb7691b4..63ad35e19b2 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45931.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45931.json @@ -3,12 +3,16 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-30T17:15:32.467", "lastModified": "2025-06-30T19:15:24.117", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file" + }, + { + "lang": "es", + "value": "Un problema D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n system() en el archivo bin/goahead" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45938.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45938.json index 0edd51a56d0..b03194819b7 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45938.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45938.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter." + }, + { + "lang": "es", + "value": "Akeles Out of Office Assistant para Jira 4.0.1 es vulnerable a cross-site scripting (XSS) a trav\u00e9s del par\u00e1metro fullName de Jira." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45984.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45984.json index a50e6efbcf0..8566ce1b054 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45984.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45984.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T12:15:33.217", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45985.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45985.json index ee02979479a..711741b22cb 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45985.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45985.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T12:15:34.053", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45986.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45986.json index ba7088f988c..fc1bdf38262 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45986.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45986.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T12:15:34.167", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45987.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45987.json index 876b756b483..89168c3975d 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45987.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45987.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T12:15:34.280", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45988.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45988.json index 70a9f5e5764..b6cd1c70b05 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45988.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45988.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-13T12:15:34.403", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json index 73e4b41b1b1..9fdf3b81326 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad en el controlador de admisi\u00f3n NodeRestriction que permite a los nodos eludir las comprobaciones de autorizaci\u00f3n de asignaci\u00f3n din\u00e1mica de recursos. Cuando la funci\u00f3n DynamicResourceAllocation est\u00e1 habilitada, el controlador valida correctamente los estados de las solicitudes de recursos durante las actualizaciones de estado de los pods, pero no realiza una validaci\u00f3n equivalente durante su creaci\u00f3n. Esto permite que un nodo comprometido cree pods espejo que acceden a recursos din\u00e1micos no autorizados, lo que podr\u00eda provocar una escalada de privilegios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4573.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4573.json index 12c0ebadbf3..21999aa432e 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4573.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4573.json @@ -3,7 +3,7 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-11T11:15:23.313", "lastModified": "2025-06-12T16:06:20.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4594.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4594.json index b7309a90c97..69cd4115156 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4594.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4594.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-05-23T04:15:33.487", "lastModified": "2025-05-23T15:54:42.643", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4598.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4598.json index 4cbb8956000..56560f8a25c 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4598.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4598.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en systemd-coredump. Este fallo permite a un atacante forzar un proceso SUID para que deje de funcionar y reemplazarlo con un no-SUID binario para acceder al proceso original y con privilegios coredump; lo que permite al atacante leer informaci\u00f3n sensible, como el contenido de /etc/shadow, cargado por el proceso original. Un binario SUID o proceso tiene un tipo especial de permiso que faculta al proceso a ejecutarse con los permisos del propietario del fichero, independientemente de qui\u00e9n sea el usuario que ejecuta el binario. Esto permite al proceso acceder a datos m\u00e1s restringidos que a un usuario sin privilegios o a un proceso. Un atacante puede aprovechar este fallo forzando la ca\u00edda de un proceso SUID y haciendo que el kernel de Linux recicle el PID del proceso antes de que systemd-coredump pueda analizar el fichero /proc/pid/auxv. Si el atacante gana la condici\u00f3n de carrera, obtiene acceso al fichero coredump del proceso SUID original y puede leer contenido sensible cargado en la memoria por el binario original, lo que afecta a la confidencialidad de la informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-460xx/CVE-2025-46041.json b/CVE-2025/CVE-2025-460xx/CVE-2025-46041.json index dfcf3aa4696..ca783955bc2 100644 --- a/CVE-2025/CVE-2025-460xx/CVE-2025-46041.json +++ b/CVE-2025/CVE-2025-460xx/CVE-2025-46041.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46041", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-09T17:15:29.690", - "lastModified": "2025-06-12T16:06:47.857", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T19:39:06.127", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:anchorcms:anchor_cms:0.12.7:*:*:*:*:*:*:*", + "matchCriteriaId": "5436E346-1B14-4626-8E46-FC260CFE9885" + } + ] + } + ] + } + ], "references": [ { "url": "http://anchor.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/binneko/CVE-2025-46041", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/binneko/CVE-2025-46041", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json index 2f68e8bfff4..57a5e0590da 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) versi\u00f3n anterior a la 5.4.3, permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro ks en el archivo json_scorm.php. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json index 6bcef892190..bfec204564b 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json @@ -2,24 +2,95 @@ "id": "CVE-2025-46179", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T15:15:20.860", - "lastModified": "2025-06-20T15:15:20.860", - "vulnStatus": "Received", + "lastModified": "2025-06-26T14:48:11.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo askquery.php de CloudClassroom-PHP Project v1.0. El par\u00e1metro squeryx acepta entradas no depuradas, que se pasan directamente a las consultas SQL del backend." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vishalmathur:cloudclassroom-php_project:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4C9EE693-395C-473A-95BD-57C656C61AB3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://pastebin.com/DGraeWm8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://portswigger.net/web-security/sql-injection", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] + }, + { + "url": "https://pastebin.com/DGraeWm8", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46397.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46397.json index da214826487..2ecc4ad02af 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46397.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46397.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46398.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46398.json index dd8409c3a14..58e4ac09807 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46398.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46398.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-464xx/CVE-2025-46400.json b/CVE-2025/CVE-2025-464xx/CVE-2025-46400.json index fc9eb0f7c04..7f10281ac92 100644 --- a/CVE-2025/CVE-2025-464xx/CVE-2025-46400.json +++ b/CVE-2025/CVE-2025-464xx/CVE-2025-46400.json @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", @@ -42,7 +42,7 @@ "weaknesses": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46610.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46610.json index 2e3b052f5b3..53c0f9ea44c 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46610.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46610.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-05-12T15:16:01.080", "lastModified": "2025-05-12T22:15:26.660", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46701.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46701.json index 8d5960d0c51..8aa157d01d0 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46701.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46701.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46701", "sourceIdentifier": "security@apache.org", "published": "2025-05-29T19:15:27.983", - "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T15:40:55.053", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.0.105", + "matchCriteriaId": "7F40F219-F606-447E-ACCD-D7A96093ED91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.0", + "versionEndExcluding": "10.1.41", + "matchCriteriaId": "4BA93AAE-946D-4DF3-AF9F-36C83FB7F1CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.0.7", + "matchCriteriaId": "6475FBD6-E85B-4926-813F-CAE6A742871A" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/05/29/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46702.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46702.json index 8f06f395cff..d2efa668ed7 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46702.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46702.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-30T17:15:32.600", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2 y 10.6.x <= 10.6.5 no aplican correctamente los permisos de administraci\u00f3n de miembros del canal al agregar participantes a las ejecuciones de playbook. Esto permite que los usuarios autenticados con permisos de miembro eludan las restricciones de administrador del sistema y agreguen o eliminen usuarios de canales privados mediante la funci\u00f3n de participantes de la ejecuci\u00f3n de playbook, incluso cuando se haya eliminado expl\u00edcitamente el permiso \"Administrar miembros\". Esto puede provocar acceso no autorizado a contenido confidencial del canal y permitir que los usuarios invitados obtengan privilegios de administraci\u00f3n del canal." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-46xx/CVE-2025-4683.json b/CVE-2025/CVE-2025-46xx/CVE-2025-4683.json index 68162972b2a..2df583db199 100644 --- a/CVE-2025/CVE-2025-46xx/CVE-2025-4683.json +++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4683.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-05-27T03:15:24.040", "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-46xx/CVE-2025-4691.json b/CVE-2025/CVE-2025-46xx/CVE-2025-4691.json index 7ad1f86d5d3..21e8fa574dc 100644 --- a/CVE-2025/CVE-2025-46xx/CVE-2025-4691.json +++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4691.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-05-31T12:15:20.133", "lastModified": "2025-06-02T17:32:17.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47160.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47160.json index 5dd5c547db7..58baad18669 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47160.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47160.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:24.643", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47162.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47162.json index 035da153a50..c62257f66b7 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47162.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47162.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:26.630", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47163.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47163.json index 0979dcc3053..2275473f47e 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47163.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47163.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:28.840", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47164.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47164.json index 5e8a1668ba3..5c252ee01e3 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47164.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47164.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:31.333", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47165.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47165.json index b192bf86c21..1ac68b2e1de 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47165.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47165.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:36.527", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47166.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47166.json index 10923f141f0..ed69190e87c 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47166.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47166.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:38.753", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47167.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47167.json index ad5b9e6bc76..c5eee9439b9 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47167.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47167.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:41.107", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47168.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47168.json index 52e178cc739..491f3285951 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47168.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47168.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:43.307", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47169.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47169.json index e7639c0dba0..87a642cd685 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47169.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47169.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:45.317", "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47170.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47170.json index 2b3e4388387..04da98ebc1c 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47170.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47170.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:47.287", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47171.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47171.json index 2ab2a52b23d..c28cd64f4c2 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47171.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47171.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:49.350", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47172.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47172.json index d8310c3f8ee..e476b1a25eb 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47172.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47172.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:51.607", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47173.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47173.json index 1d09ae1419e..f31c3adff2f 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47173.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47173.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:53.543", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47174.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47174.json index 215a01b2af3..dcd2ac0cb01 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47174.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47174.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:55.607", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47175.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47175.json index 59d27296c6a..450be787562 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47175.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47175.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:23:57.607", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47289.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47289.json index a2e6f165fa7..34392f61e01 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47289.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47289.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-02T11:15:22.710", "lastModified": "2025-06-02T17:32:17.397", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-474xx/CVE-2025-47452.json b/CVE-2025/CVE-2025-474xx/CVE-2025-47452.json index 6617434249f..71c2de651f0 100644 --- a/CVE-2025/CVE-2025-474xx/CVE-2025-47452.json +++ b/CVE-2025/CVE-2025-474xx/CVE-2025-47452.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en RexTheme WP VR permite subir un shell web a un servidor web. Este problema afecta a WP VR desde n/d hasta la versi\u00f3n 8.5.26." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47511.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47511.json index 11311ce97db..5d9e9a95c65 100644 --- a/CVE-2025/CVE-2025-475xx/CVE-2025-47511.json +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47511.json @@ -2,8 +2,8 @@ "id": "CVE-2025-47511", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-09T16:15:41.393", - "lastModified": "2025-06-12T16:06:47.857", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T19:42:49.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 4.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 } ] }, @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.11.14", + "matchCriteriaId": "7DEA6474-1CBC-42C0-9D69-87ADB16B578D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/usc-e-shop/vulnerability/wordpress-welcart-e-commerce-2-11-13-arbitrary-file-deletion-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47559.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47559.json index 42b2a1104a4..80e3edaf45f 100644 --- a/CVE-2025/CVE-2025-475xx/CVE-2025-47559.json +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47559.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en RomanCode MapSVG permite cargar un shell web a un servidor web. Este problema afecta a MapSVG desde n/d hasta la versi\u00f3n 8.5.32." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47568.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47568.json index 94a0aac308c..af080522e91 100644 --- a/CVE-2025/CVE-2025-475xx/CVE-2025-47568.json +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47568.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-23T13:15:39.973", "lastModified": "2025-05-23T15:54:42.643", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47572.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47572.json index b7891e03977..a1f891e682b 100644 --- a/CVE-2025/CVE-2025-475xx/CVE-2025-47572.json +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47572.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n remota de archivos PHP') en Mojoomla School Management permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a School Management desde n/d hasta la versi\u00f3n 93.0.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-475xx/CVE-2025-47573.json b/CVE-2025/CVE-2025-475xx/CVE-2025-47573.json index 0d08067a642..362654e794e 100644 --- a/CVE-2025/CVE-2025-475xx/CVE-2025-47573.json +++ b/CVE-2025/CVE-2025-475xx/CVE-2025-47573.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Mojoomla School Management permite la inyecci\u00f3n SQL ciega. Este problema afecta a School Management desde n/d hasta la versi\u00f3n 92.0.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-476xx/CVE-2025-47682.json b/CVE-2025/CVE-2025-476xx/CVE-2025-47682.json index b0c0d1cd5dc..0b0e3ab8be9 100644 --- a/CVE-2025/CVE-2025-476xx/CVE-2025-47682.json +++ b/CVE-2025/CVE-2025-476xx/CVE-2025-47682.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-12T19:15:51.420", "lastModified": "2025-05-13T19:35:25.503", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-477xx/CVE-2025-47701.json b/CVE-2025/CVE-2025-477xx/CVE-2025-47701.json index 9f6fbb9245a..61a01895469 100644 --- a/CVE-2025/CVE-2025-477xx/CVE-2025-47701.json +++ b/CVE-2025/CVE-2025-477xx/CVE-2025-47701.json @@ -2,8 +2,8 @@ "id": "CVE-2025-47701", "sourceIdentifier": "mlhess@drupal.org", "published": "2025-05-14T17:15:49.270", - "lastModified": "2025-05-20T17:15:49.160", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-25T15:05:18.663", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:restrict_route_by_ip_project:restrict_route_by_ip:*:*:*:*:*:drupal:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "53C7BB78-19B7-4B8A-B312-7C3AA698393E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.drupal.org/sa-contrib-2025-047", - "source": "mlhess@drupal.org" + "source": "mlhess@drupal.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47865.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47865.json index cff52725c6e..f7969b8df17 100644 --- a/CVE-2025/CVE-2025-478xx/CVE-2025-47865.json +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47865.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en un widget de Trend Micro Apex Central anterior a la versi\u00f3n 8.0.6955 podr\u00eda permitir que un atacante obtenga ejecuci\u00f3n remota de c\u00f3digo en las instalaciones afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47866.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47866.json index 3f081a5a5ff..98fe8e01abf 100644 --- a/CVE-2025/CVE-2025-478xx/CVE-2025-47866.json +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47866.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos sin restricciones en un widget de Trend Micro Apex Central anterior a la versi\u00f3n 8.0.6955 podr\u00eda permitir que un atacante cargue archivos arbitrarios en las instalaciones afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47867.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47867.json index 79bbeb316ef..7e4a9278e8f 100644 --- a/CVE-2025/CVE-2025-478xx/CVE-2025-47867.json +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47867.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en un widget de Trend Micro Apex Central en versiones anteriores a 8.0.6955 podr\u00eda permitir que un atacante incluya archivos arbitrarios para ejecutarlos como c\u00f3digo PHP y provocar la ejecuci\u00f3n remota de c\u00f3digo en las instalaciones afectadas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-478xx/CVE-2025-47871.json b/CVE-2025/CVE-2025-478xx/CVE-2025-47871.json index 0bc1fc73182..a0496677634 100644 --- a/CVE-2025/CVE-2025-478xx/CVE-2025-47871.json +++ b/CVE-2025/CVE-2025-478xx/CVE-2025-47871.json @@ -3,12 +3,16 @@ "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-30T17:15:32.777", "lastModified": "2025-06-30T18:38:23.493", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 no pueden validar correctamente la membres\u00eda del canal al recuperar metadatos de ejecuci\u00f3n del libro de estrategias, lo que permite que los usuarios autenticados que son miembros del libro de estrategias pero no miembros del canal accedan a informaci\u00f3n confidencial sobre canales privados vinculados, incluido el nombre del canal, el nombre para mostrar y el n\u00famero de participantes a trav\u00e9s del endpoint de la API de metadatos de ejecuci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47953.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47953.json index d9416bc4b60..2a683813c46 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47953.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47953.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:01.917", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47955.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47955.json index 39640ca5a13..48522251bcf 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47955.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47955.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:03.870", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47956.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47956.json index efa749668b7..2a8bf859345 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47956.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47956.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:06.050", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47957.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47957.json index d7bbf41346f..d946cd70f9d 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47957.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47957.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:08.037", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47962.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47962.json index e17f39c9ae1..5eab8631c62 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47962.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47962.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:10.140", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47968.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47968.json index 6e8239b6029..d0e355c7687 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47968.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47968.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:13.030", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47969.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47969.json index 475e71ff879..c6177782a05 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47969.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47969.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:15.183", "lastModified": "2025-06-12T16:06:29.520", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47977.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47977.json index 1fb2583d141..ed5d0d77a3c 100644 --- a/CVE-2025/CVE-2025-479xx/CVE-2025-47977.json +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47977.json @@ -3,7 +3,7 @@ "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-10T17:24:17.200", "lastModified": "2025-06-12T23:15:21.750", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-47xx/CVE-2025-4734.json b/CVE-2025/CVE-2025-47xx/CVE-2025-4734.json index b699ed37cdc..e02efea7895 100644 --- a/CVE-2025/CVE-2025-47xx/CVE-2025-4734.json +++ b/CVE-2025/CVE-2025-47xx/CVE-2025-4734.json @@ -2,13 +2,13 @@ "id": "CVE-2025-4734", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-16T01:15:52.313", - "lastModified": "2025-05-27T19:51:13.353", - "vulnStatus": "Analyzed", + "lastModified": "2025-06-21T15:15:20.100", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument id/name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "es", @@ -22,7 +22,7 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", @@ -36,7 +36,7 @@ "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", - "exploitMaturity": "NOT_DEFINED", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", @@ -177,8 +177,8 @@ "source": "cna@vuldb.com", "tags": [ "Exploit", - "Third Party Advisory", - "Issue Tracking" + "Issue Tracking", + "Third Party Advisory" ] }, { @@ -218,8 +218,8 @@ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": [ "Exploit", - "Third Party Advisory", - "Issue Tracking" + "Issue Tracking", + "Third Party Advisory" ] } ] diff --git a/CVE-2025/CVE-2025-47xx/CVE-2025-4798.json b/CVE-2025/CVE-2025-47xx/CVE-2025-4798.json index 7c4548b14d5..97d20b4dd10 100644 --- a/CVE-2025/CVE-2025-47xx/CVE-2025-4798.json +++ b/CVE-2025/CVE-2025-47xx/CVE-2025-4798.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-11T04:15:58.497", "lastModified": "2025-06-12T16:06:20.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-47xx/CVE-2025-4799.json b/CVE-2025/CVE-2025-47xx/CVE-2025-4799.json index ce50864d61e..fca28605db4 100644 --- a/CVE-2025/CVE-2025-47xx/CVE-2025-4799.json +++ b/CVE-2025/CVE-2025-47xx/CVE-2025-4799.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security@wordfence.com", "published": "2025-06-11T04:15:59.223", "lastModified": "2025-06-12T16:06:20.180", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-481xx/CVE-2025-48111.json b/CVE-2025/CVE-2025-481xx/CVE-2025-48111.json index 3b24184c44a..9fbaf6e79bd 100644 --- a/CVE-2025/CVE-2025-481xx/CVE-2025-48111.json +++ b/CVE-2025/CVE-2025-481xx/CVE-2025-48111.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en YITHEMES YITH PayPal Express Checkout for WooCommerce permite Cross-Site Request Forgery. Este problema afecta a YITH PayPal Express Checkout para WooCommerce desde n/d hasta la versi\u00f3n 1.49.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-481xx/CVE-2025-48118.json b/CVE-2025/CVE-2025-481xx/CVE-2025-48118.json index ffcdea8dca3..ff6a587dd98 100644 --- a/CVE-2025/CVE-2025-481xx/CVE-2025-48118.json +++ b/CVE-2025/CVE-2025-481xx/CVE-2025-48118.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en WpExperts Hub Woocommerce Partial Shipment permite la inyecci\u00f3n SQL. Este problema afecta a Woocommerce Partial Shipment desde n/d hasta la versi\u00f3n 3.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-481xx/CVE-2025-48145.json b/CVE-2025/CVE-2025-481xx/CVE-2025-48145.json index 08b1db9172d..132b7647979 100644 --- a/CVE-2025/CVE-2025-481xx/CVE-2025-48145.json +++ b/CVE-2025/CVE-2025-481xx/CVE-2025-48145.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao allows Reflected XSS. This issue affects Track, Analyze & Optimize by WP Tao: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Michal Jaworski Track, Analyze & Optimize by WP Tao permite XSS reflejado. Este problema afecta a Track, Analyze & Optimize de WP Tao desde n/d hasta la versi\u00f3n 1.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-482xx/CVE-2025-48206.json b/CVE-2025/CVE-2025-482xx/CVE-2025-48206.json index 9c5b04c47cd..ae14a58ddbe 100644 --- a/CVE-2025/CVE-2025-482xx/CVE-2025-48206.json +++ b/CVE-2025/CVE-2025-482xx/CVE-2025-48206.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48206", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-21T16:15:33.113", - "lastModified": "2025-05-21T20:24:58.133", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T14:23:07.090", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nitsan:ns-backup:*:*:*:*:*:typo3:*:*", + "versionEndExcluding": "13.0.1", + "matchCriteriaId": "E6367095-3474-4E23-830A-3141BEDB1B8A" + } + ] + } + ] + } + ], "references": [ { "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-007", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-482xx/CVE-2025-48263.json b/CVE-2025/CVE-2025-482xx/CVE-2025-48263.json index bc7ebac0d2e..f5824610d0f 100644 --- a/CVE-2025/CVE-2025-482xx/CVE-2025-48263.json +++ b/CVE-2025/CVE-2025-482xx/CVE-2025-48263.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-19T15:15:29.830", "lastModified": "2025-05-21T20:25:33.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-482xx/CVE-2025-48270.json b/CVE-2025/CVE-2025-482xx/CVE-2025-48270.json index 44a2ed40e3c..196ae8eae35 100644 --- a/CVE-2025/CVE-2025-482xx/CVE-2025-48270.json +++ b/CVE-2025/CVE-2025-482xx/CVE-2025-48270.json @@ -3,7 +3,7 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-19T15:15:30.763", "lastModified": "2025-05-21T20:25:33.823", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-482xx/CVE-2025-48274.json b/CVE-2025/CVE-2025-482xx/CVE-2025-48274.json index 6d37abaec6d..472dcc3f96a 100644 --- a/CVE-2025/CVE-2025-482xx/CVE-2025-48274.json +++ b/CVE-2025/CVE-2025-482xx/CVE-2025-48274.json @@ -3,12 +3,16 @@ "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-17T15:15:44.700", "lastModified": "2025-06-17T20:50:23.507", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en wpjobportal WP Job Portal permite la inyecci\u00f3n SQL ciega. Este problema afecta a WP Job Portal desde n/d hasta la versi\u00f3n 2.3.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-483xx/CVE-2025-48333.json b/CVE-2025/CVE-2025-483xx/CVE-2025-48333.json index a538455089f..b8f6a48c129 100644 --- a/CVE-2025/CVE-2025-483xx/CVE-2025-48333.json +++ b/CVE-2025/CVE-2025-483xx/CVE-2025-48333.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n/a through n/a." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPQuark eForm - WordPress Form Builder permite XSS reflejado. Este problema afecta a eForm - El generador de formularios de WordPress: desde n/d hasta n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-483xx/CVE-2025-48388.json b/CVE-2025/CVE-2025-483xx/CVE-2025-48388.json index a3c58a1bc65..2b39a14939b 100644 --- a/CVE-2025/CVE-2025-483xx/CVE-2025-48388.json +++ b/CVE-2025/CVE-2025-483xx/CVE-2025-48388.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-29T10:15:20.060", "lastModified": "2025-05-29T14:29:50.247", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-483xx/CVE-2025-48389.json b/CVE-2025/CVE-2025-483xx/CVE-2025-48389.json index 6b58c76a123..716e4780c7e 100644 --- a/CVE-2025/CVE-2025-483xx/CVE-2025-48389.json +++ b/CVE-2025/CVE-2025-483xx/CVE-2025-48389.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-29T16:15:40.330", "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-483xx/CVE-2025-48390.json b/CVE-2025/CVE-2025-483xx/CVE-2025-48390.json index 925f6d35b61..5a18278cd14 100644 --- a/CVE-2025/CVE-2025-483xx/CVE-2025-48390.json +++ b/CVE-2025/CVE-2025-483xx/CVE-2025-48390.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-29T16:15:40.490", "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48413.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48413.json index ca8435a2348..2604c6952c7 100644 --- a/CVE-2025/CVE-2025-484xx/CVE-2025-48413.json +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48413.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system \"root\" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell)." + }, + { + "lang": "es", + "value": "Los archivos `/etc/passwd` y `/etc/shadow` revelan hashes de contrase\u00f1as incrustadas para el usuario \u00abroot\u00bb del sistema operativo. Las credenciales se env\u00edan con los archivos de actualizaci\u00f3n. No hay opci\u00f3n para borrar o cambiar sus contrase\u00f1as para un usuario final. Un atacante puede utilizar las credenciales para iniciar sesi\u00f3n en el dispositivo. La autenticaci\u00f3n se puede realizar a trav\u00e9s de SSH backdoor o probablemente a trav\u00e9s de acceso f\u00edsico (UART shell)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48416.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48416.json index 7005b798b7a..6b30e3ed1ea 100644 --- a/CVE-2025/CVE-2025-484xx/CVE-2025-48416.json +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48416.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the \"/etc/shadow\" file in the firmware image for the \"root\" user. However, in the default SSH configuration the \"PermitRootLogin\" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though." + }, + { + "lang": "es", + "value": "Un demonio OpenSSH escucha en el puerto TCP 22. Hay una entrada incluida en el archivo \u00ab/etc/shadow\u00bb en la imagen del firmware para el usuario \u00abroot\u00bb. Sin embargo, en la configuraci\u00f3n SSH por defecto el \u00abPermitRootLogin\u00bb est\u00e1 desactivado, impidiendo que el usuario root inicie sesi\u00f3n a trav\u00e9s de SSH. No obstante, esta configuraci\u00f3n puede ser evitada/cambiada por un atacante de m\u00faltiples formas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48443.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48443.json index 5250de0748c..26465337173 100644 --- a/CVE-2025/CVE-2025-484xx/CVE-2025-48443.json +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48443.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager." + }, + { + "lang": "es", + "value": "Trend Micro Password Manager (Consumer) versi\u00f3n 5.0.0.1266 y anteriores es afectado por una vulnerabilidad de escalada de privilegios locales siguiendo un enlace que podr\u00eda permitir que un atacante local aproveche esta vulnerabilidad para eliminar archivos en el contexto de un administrador cuando el administrador instala Trend Micro Password Manager." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48473.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48473.json index e62e1b9796e..89b43bd2ff3 100644 --- a/CVE-2025/CVE-2025-484xx/CVE-2025-48473.json +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48473.json @@ -3,7 +3,7 @@ "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-29T16:15:41.077", "lastModified": "2025-05-30T16:31:03.107", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json index b4f955cb22d..a48378b2778 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 8.8.15, 9.0, 10.0 y 10.1. Una vulnerabilidad de cross-site scripting (XSS) en la interfaz cl\u00e1sica de Zimbra permite a los atacantes ejecutar c\u00f3digo JavaScript arbitrario dentro de la sesi\u00f3n del usuario, lo que podr\u00eda provocar acceso no autorizado a informaci\u00f3n confidencial. Este problema se debe a una limpieza insuficiente del contenido HTML, en particular a estructuras de etiquetas y valores de atributos manipulados que incluyen la directiva @import y otros vectores de inyecci\u00f3n de scripts. La vulnerabilidad se activa cuando un usuario visualiza un mensaje de correo electr\u00f3nico manipulado en la interfaz cl\u00e1sica, sin necesidad de interacci\u00f3n adicional." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json index cc6a3d4c5cd..6a42b109381 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:29.633", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json index c4b72d8f18e..b8daa0a9a01 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json @@ -3,7 +3,7 @@ "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:29.750", "lastModified": "2025-06-23T20:16:40.143", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48757.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48757.json index 54d1d57a5e6..e94cff82eeb 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48757.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48757.json @@ -2,7 +2,7 @@ "id": "CVE-2025-48757", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-30T03:15:20.893", - "lastModified": "2025-06-11T20:15:27.940", + "lastModified": "2025-06-25T15:15:24.637", "vulnStatus": "Undergoing Analysis", "cveTags": [ { @@ -78,6 +78,10 @@ { "url": "https://x.com/danialasaria/status/1911862269996118272", "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/lhchavez/625ee42a6c408a850d35e50f8e649de9", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json index 0503ceeb5b2..7a3d6a084ab 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48798.json @@ -2,7 +2,7 @@ "id": "CVE-2025-48798", "sourceIdentifier": "secalert@redhat.com", "published": "2025-05-27T14:15:24.307", - "lastModified": "2025-06-17T10:15:23.967", + "lastModified": "2025-06-25T01:15:23.220", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -60,6 +60,38 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9165", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9308", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9309", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9310", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9314", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9315", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9316", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9501", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9569", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-48798", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-488xx/CVE-2025-48827.json b/CVE-2025/CVE-2025-488xx/CVE-2025-48827.json index f6d568816b2..6e7540648fb 100644 --- a/CVE-2025/CVE-2025-488xx/CVE-2025-48827.json +++ b/CVE-2025/CVE-2025-488xx/CVE-2025-48827.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48827", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-27T04:15:41.230", - "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:46:46.703", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -51,18 +71,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndIncluding": "5.7.5", + "matchCriteriaId": "115A7058-0E2E-4289-B7EC-CB803BB18886" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.3", + "matchCriteriaId": "26F33424-A1A0-4093-A576-8EAC1C0018AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://kevintel.com/CVE-2025-48827", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-488xx/CVE-2025-48828.json b/CVE-2025/CVE-2025-488xx/CVE-2025-48828.json index 45931f94c95..18163690429 100644 --- a/CVE-2025/CVE-2025-488xx/CVE-2025-48828.json +++ b/CVE-2025/CVE-2025-488xx/CVE-2025-48828.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48828", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-27T04:15:45.033", - "lastModified": "2025-05-28T15:01:30.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-25T16:32:38.947", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 } ] }, @@ -51,18 +71,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vbulletin:vbulletin:6.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B93016F8-817F-4694-ADE4-FACBD83D1C76" + } + ] + } + ] + } + ], "references": [ { "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://kevintel.com/CVE-2025-48828", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48916.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48916.json index a675e12a328..ad397c8d516 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48916.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48916.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mlhess@drupal.org", "published": "2025-06-13T16:15:26.790", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48917.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48917.json index f91adf348ce..b0700c808c2 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48917.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48917.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mlhess@drupal.org", "published": "2025-06-13T16:15:26.930", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48918.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48918.json index d8bbbfdd9fe..3320b098929 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48918.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48918.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mlhess@drupal.org", "published": "2025-06-13T16:15:27.053", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48919.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48919.json index db05df1e5e9..cd6f6f7385d 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48919.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48919.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mlhess@drupal.org", "published": "2025-06-13T16:15:27.177", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48920.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48920.json index df44c1e7aa2..20fa0555e78 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48920.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48920.json @@ -3,7 +3,7 @@ "sourceIdentifier": "mlhess@drupal.org", "published": "2025-06-13T16:15:27.293", "lastModified": "2025-06-16T12:32:18.840", - "vulnStatus": "Awaiting Analysis", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48921.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48921.json index 99d163e4a7b..23045726efd 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48921.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48921.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Drupal Open Social permite Cross-Site Request Forgery. Este problema afecta a Open Social: desde la versi\u00f3n 0.0.0 hasta la 12.3.14, desde la versi\u00f3n 12.4.0 hasta la 12.4.13." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48922.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48922.json index d346ce6cf8f..c255c3f3bd2 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48922.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48922.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal GLightbox permite Cross-Site Scripting (XSS). Este problema afecta a GLightbox: desde la versi\u00f3n 0.0.0 hasta la 1.0.16." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48923.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48923.json index 14260eda805..3ea2ff20060 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48923.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48923.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Toc.Js permite Cross-Site Scripting (XSS). Este problema afecta a Toc.Js: desde la versi\u00f3n 0.0.0 hasta la 3.2.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48939.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48939.json index 53fb2dff328..2fd6e865c4e 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48939.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48939.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual