From 1cdd301d8025ed7561e436f8af04a9fae448af94 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 2 May 2025 18:03:55 +0000 Subject: [PATCH] Auto-Update: 2025-05-02T18:00:19.871104+00:00 --- CVE-2004/CVE-2004-02xx/CVE-2004-0230.json | 555 +++++++++++++++++--- CVE-2020/CVE-2020-214xx/CVE-2020-21428.json | 32 +- CVE-2022/CVE-2022-374xx/CVE-2022-37434.json | 6 +- CVE-2022/CVE-2022-376xx/CVE-2022-37620.json | 31 +- CVE-2022/CVE-2022-432xx/CVE-2022-43227.json | 32 +- CVE-2022/CVE-2022-499xx/CVE-2022-49932.json | 29 + CVE-2022/CVE-2022-499xx/CVE-2022-49933.json | 29 + CVE-2023/CVE-2023-356xx/CVE-2023-35670.json | 32 +- CVE-2023/CVE-2023-40xx/CVE-2023-4036.json | 22 +- CVE-2023/CVE-2023-42xx/CVE-2023-4270.json | 22 +- CVE-2023/CVE-2023-434xx/CVE-2023-43496.json | 32 +- CVE-2023/CVE-2023-441xx/CVE-2023-44184.json | 19 +- CVE-2023/CVE-2023-442xx/CVE-2023-44204.json | 19 +- CVE-2023/CVE-2023-45xx/CVE-2023-4502.json | 22 +- CVE-2023/CVE-2023-530xx/CVE-2023-53035.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53036.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53037.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53038.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53039.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53040.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53041.json | 41 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53042.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53043.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53044.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53045.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53046.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53047.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53048.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53049.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53050.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53051.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53052.json | 25 + CVE-2023/CVE-2023-530xx/CVE-2023-53053.json | 45 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53054.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53055.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53056.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53057.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53058.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53059.json | 41 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53060.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53061.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53062.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53063.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53064.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53065.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53066.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53067.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53068.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53069.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53070.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53071.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53072.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53073.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53074.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53075.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53076.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53077.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53078.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53079.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53080.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53081.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53082.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53083.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53084.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53085.json | 25 + CVE-2023/CVE-2023-530xx/CVE-2023-53086.json | 25 + CVE-2023/CVE-2023-530xx/CVE-2023-53087.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53088.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53089.json | 49 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53090.json | 45 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53091.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53092.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53093.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53094.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53095.json | 29 + CVE-2023/CVE-2023-530xx/CVE-2023-53096.json | 41 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53097.json | 33 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53098.json | 37 ++ CVE-2023/CVE-2023-530xx/CVE-2023-53099.json | 37 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53100.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53101.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53102.json | 37 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53103.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53104.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53105.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53106.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53107.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53108.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53109.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53110.json | 37 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53111.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53112.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53113.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53114.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53115.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53116.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53117.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53118.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53119.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53120.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53121.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53122.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53123.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53124.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53125.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53126.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53127.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53128.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53129.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53130.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53131.json | 37 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53132.json | 29 + CVE-2023/CVE-2023-531xx/CVE-2023-53133.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53134.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53135.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53136.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53137.json | 41 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53138.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53139.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53140.json | 45 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53141.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53142.json | 33 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53143.json | 49 ++ CVE-2023/CVE-2023-531xx/CVE-2023-53144.json | 29 + CVE-2024/CVE-2024-131xx/CVE-2024-13102.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13103.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13104.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13105.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13106.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13107.json | 95 +++- CVE-2024/CVE-2024-131xx/CVE-2024-13108.json | 95 +++- CVE-2024/CVE-2024-457xx/CVE-2024-45757.json | 39 +- CVE-2025/CVE-2025-257xx/CVE-2025-25740.json | 39 +- CVE-2025/CVE-2025-257xx/CVE-2025-25741.json | 39 +- CVE-2025/CVE-2025-257xx/CVE-2025-25745.json | 39 +- CVE-2025/CVE-2025-35xx/CVE-2025-3503.json | 27 +- CVE-2025/CVE-2025-35xx/CVE-2025-3513.json | 27 +- CVE-2025/CVE-2025-38xx/CVE-2025-3879.json | 56 ++ CVE-2025/CVE-2025-39xx/CVE-2025-3927.json | 6 +- CVE-2025/CVE-2025-40xx/CVE-2025-4082.json | 39 +- CVE-2025/CVE-2025-40xx/CVE-2025-4084.json | 39 +- CVE-2025/CVE-2025-40xx/CVE-2025-4085.json | 39 +- CVE-2025/CVE-2025-42xx/CVE-2025-4210.json | 145 +++++ CVE-2025/CVE-2025-441xx/CVE-2025-44192.json | 43 +- CVE-2025/CVE-2025-448xx/CVE-2025-44839.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44840.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44841.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44842.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44843.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44844.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44845.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44860.json | 39 +- CVE-2025/CVE-2025-448xx/CVE-2025-44863.json | 39 +- CVE-2025/CVE-2025-458xx/CVE-2025-45800.json | 21 + CVE-2025/CVE-2025-463xx/CVE-2025-46332.json | 64 +++ CVE-2025/CVE-2025-466xx/CVE-2025-46626.json | 39 +- CVE-2025/CVE-2025-466xx/CVE-2025-46627.json | 39 +- CVE-2025/CVE-2025-466xx/CVE-2025-46628.json | 39 +- CVE-2025/CVE-2025-466xx/CVE-2025-46629.json | 39 +- README.md | 94 ++-- _state.csv | 322 ++++++++---- 161 files changed, 6905 insertions(+), 357 deletions(-) create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49932.json create mode 100644 CVE-2022/CVE-2022-499xx/CVE-2022-49933.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53035.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53036.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53037.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53038.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53039.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53040.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53041.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53042.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53043.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53044.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53045.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53046.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53047.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53048.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53049.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53050.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53051.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53052.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53053.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53054.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53055.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53056.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53057.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53058.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53059.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53060.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53061.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53062.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53063.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53064.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53065.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53066.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53067.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53068.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53069.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53070.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53071.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53072.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53073.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53074.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53075.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53076.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53077.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53078.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53079.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53080.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53081.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53082.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53083.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53084.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53085.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53086.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53087.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53088.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53089.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53090.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53091.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53092.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53093.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53094.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53095.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53096.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53097.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53098.json create mode 100644 CVE-2023/CVE-2023-530xx/CVE-2023-53099.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53100.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53101.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53102.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53103.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53104.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53105.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53106.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53107.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53108.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53109.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53110.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53111.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53112.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53113.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53114.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53115.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53116.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53117.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53118.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53119.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53120.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53121.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53122.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53123.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53124.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53125.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53126.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53127.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53128.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53129.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53130.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53131.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53132.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53133.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53134.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53135.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53136.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53137.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53138.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53139.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53140.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53141.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53142.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53143.json create mode 100644 CVE-2023/CVE-2023-531xx/CVE-2023-53144.json create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3879.json create mode 100644 CVE-2025/CVE-2025-42xx/CVE-2025-4210.json create mode 100644 CVE-2025/CVE-2025-458xx/CVE-2025-45800.json create mode 100644 CVE-2025/CVE-2025-463xx/CVE-2025-46332.json diff --git a/CVE-2004/CVE-2004-02xx/CVE-2004-0230.json b/CVE-2004/CVE-2004-02xx/CVE-2004-0230.json index 3b4545f3aef..3c5f3e4169c 100644 --- a/CVE-2004/CVE-2004-02xx/CVE-2004-0230.json +++ b/CVE-2004/CVE-2004-02xx/CVE-2004-0230.json @@ -2,8 +2,8 @@ "id": "CVE-2004-0230", "sourceIdentifier": "cve@mitre.org", "published": "2004-08-18T04:00:00.000", - "lastModified": "2025-04-03T01:03:51.193", - "vulnStatus": "Deferred", + "lastModified": "2025-05-02T16:40:41.530", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,6 +55,362 @@ } ], "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.4", + "matchCriteriaId": "4B07F91B-3981-423E-9ECF-752CC64D4E03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:-:*:*:*:*:*:*", + "matchCriteriaId": "5C947EA2-329F-4AC7-A1F4-64164C20CC4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "926EDB84-E8C5-4030-8B69-CDA9BF1A9D94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r10:*:*:*:*:*:*", + "matchCriteriaId": "8CAECB8C-6B4D-440C-B031-2CF3061393DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r2:*:*:*:*:*:*", + "matchCriteriaId": "BAD7336D-EAAC-4817-9D3A-5664B0AAE6AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r3:*:*:*:*:*:*", + "matchCriteriaId": "BC336F14-5D8D-4B28-8F47-2A5EFFC7800C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r4:*:*:*:*:*:*", + "matchCriteriaId": "C47F92DD-59C4-4C86-9360-86E840243123" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r5:*:*:*:*:*:*", + "matchCriteriaId": "DE6B95FB-F936-430A-B715-7430327E1872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r6:*:*:*:*:*:*", + "matchCriteriaId": "D4A8F07B-110F-4FE4-BA09-F23A4D1DCA5B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r7:*:*:*:*:*:*", + "matchCriteriaId": "78A3616E-9666-4D09-9ED7-EFD796E6E08E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r8:*:*:*:*:*:*", + "matchCriteriaId": "2ACF87F1-B5DD-469A-87D6-94AD8D0758F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4:r9:*:*:*:*:*:*", + "matchCriteriaId": "9D4F8B25-B632-4C4B-9E90-3DF9FC98207B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4r13:s2:*:*:*:*:*:*", + "matchCriteriaId": "0A6BC136-FFA2-40AB-8E27-0B6CC153471F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*", + "matchCriteriaId": "80EFC6D6-43F9-4277-ACAC-D5929AF6FF7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1:-:*:*:*:*:*:*", + "matchCriteriaId": "BCE524EE-245F-4750-9963-9D0FB7A6A965" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*", + "matchCriteriaId": "ECE31A7E-657C-49FC-B3F8-5654B0C6087E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*", + "matchCriteriaId": "86141A33-344E-4152-8B76-2DB383954F02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*", + "matchCriteriaId": "AC405A12-112D-4C9D-90DA-6ED484109793" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*", + "matchCriteriaId": "3FC42F2D-7593-4DBE-AE89-A6B78E7F9089" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*", + "matchCriteriaId": "731A6469-3DE0-491A-BCC5-7642FB347ACE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*", + "matchCriteriaId": "D12A8119-3E59-4062-9A04-1F6EA48B78E9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*", + "matchCriteriaId": "E8B33B80-3189-4412-BFE0-359E755AB07A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*", + "matchCriteriaId": "C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x45:-:*:*:*:*:*:*", + "matchCriteriaId": "A4D7E551-A150-415E-80D5-374DAB29B6D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x45:d10:*:*:*:*:*:*", + "matchCriteriaId": "A5306185-574A-43B4-8B3B-1B047CA36D66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x45:d15:*:*:*:*:*:*", + "matchCriteriaId": "79F1F205-A4A9-4161-B6CF-55CEEFD7D8D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x45:d20:*:*:*:*:*:*", + "matchCriteriaId": "33FD6DB0-F995-4A22-A97F-6276AFE9EFB4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*", + "matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", + "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", + "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*", + "matchCriteriaId": "ABBEDB3F-5FD1-4290-A80A-7EAD9B9C38C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:-:*:*:*:*:*:*", + "matchCriteriaId": "AF8575EF-C83B-4241-B033-A2C020E29286" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "43B661F8-1F43-4073-9275-AE1FFCB17BF8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "EF88921E-18E4-49B2-AAF4-ED8C393D4750" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "144DA08B-A129-4DC6-81D2-782BD7C3074B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r4:*:*:*:*:*:*", + "matchCriteriaId": "F1936A41-302E-4546-9F7A-CAE3A3C68718" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r5:*:*:*:*:*:*", + "matchCriteriaId": "6EB55673-5857-452F-9D22-B422CC9CC3F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r6:*:*:*:*:*:*", + "matchCriteriaId": "03D4519D-1289-47E9-BFB7-E3831BFD50F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.2:r7:*:*:*:*:*:*", + "matchCriteriaId": "77CDB10F-3BCE-41AF-B633-DFAC9B8A5D9F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*", + "matchCriteriaId": "223C12D0-61A0-4C12-8AFC-A0CB64759A31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*", + "matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*", + "matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*", + "matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:*", + "matchCriteriaId": "67B3BF03-9919-4C12-97A3-B20161725F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "FCD4D8EB-8625-47CD-8F0E-D2FC8CAA5462" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "A0150A4C-2C5A-49FC-8FB3-B93CB45B8284" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "BFEB7A59-7536-4A92-A9C8-79FDE657B8AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*", + "matchCriteriaId": "931D77A8-FA39-479E-91DB-CDDC9113252B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "D3A0A607-7D3C-4F2A-B5F5-576A70649CB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "32E9620A-7C0A-474C-919E-13609FFE580D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*", + "matchCriteriaId": "672D3A38-92B4-4F33-82A6-B2D3F3403AF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*", + "matchCriteriaId": "FE2FBBA2-6185-463F-96D3-9AB2C778B4F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "3FF9FF91-9184-4D18-8288-9110E35F4AE5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*", + "matchCriteriaId": "530FC172-94E1-481A-9810-26061D22B6AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", + "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2354216-8103-49F9-A95C-7DE4F738BBEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:*", + "matchCriteriaId": "5AA32D8C-430E-4CA2-B2DF-FFF63714F480" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:-:*", + "matchCriteriaId": "7BC4A4A0-4EEE-4C51-BFF4-4B65C815AB4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*", + "matchCriteriaId": "72CC2D03-538A-4603-B4FF-C6930F9D7E20" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:x64:*:*:*:*:*", + "matchCriteriaId": "5894A4E3-D063-4BE2-8579-B9BBF581EE98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", + "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:itanium:*", + "matchCriteriaId": "54879DE7-47AE-4E94-986C-4D956B64411C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3" + } + ] + } + ] + }, { "nodes": [ { @@ -191,21 +547,6 @@ } ] }, - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", - "matchCriteriaId": "57562A7F-7AB2-4A35-88EB-586EF9546D50" - } - ] - } - ] - }, { "nodes": [ { @@ -232,35 +573,40 @@ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", "source": "cve@mitre.org", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { @@ -272,11 +618,17 @@ }, { "url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "http://secunia.com/advisories/11440", @@ -284,7 +636,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -293,7 +646,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -302,7 +656,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -337,11 +692,17 @@ }, { "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/10183", @@ -371,82 +732,113 @@ "url": "http://www.vupen.com/english/advisories/2006/3983", "source": "cve@mitre.org", "tags": [ - "Permissions Required" + "Permissions Required", + "Broken Link" ] }, { "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", "source": "cve@mitre.org", "tags": [ "Patch", - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { @@ -458,11 +850,17 @@ }, { "url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "http://secunia.com/advisories/11440", @@ -470,7 +868,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -479,7 +878,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -488,7 +888,8 @@ "tags": [ "Permissions Required", "Third Party Advisory", - "VDB Entry" + "VDB Entry", + "Broken Link" ] }, { @@ -523,11 +924,17 @@ }, { "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/10183", @@ -557,48 +964,74 @@ "url": "http://www.vupen.com/english/advisories/2006/3983", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Permissions Required" + "Permissions Required", + "Broken Link" ] }, { "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", - "Third Party Advisory" + "Third Party Advisory", + "Broken Link" ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ], "evaluatorComment": "CWE-331: Insufficient Entropy", diff --git a/CVE-2020/CVE-2020-214xx/CVE-2020-21428.json b/CVE-2020/CVE-2020-214xx/CVE-2020-21428.json index decb1912fa5..4f2886f3186 100644 --- a/CVE-2020/CVE-2020-214xx/CVE-2020-21428.json +++ b/CVE-2020/CVE-2020-214xx/CVE-2020-21428.json @@ -2,7 +2,7 @@ "id": "CVE-2020-21428", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:12.293", - "lastModified": "2024-11-21T05:12:34.680", + "lastModified": "2025-05-02T16:15:21.390", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-120" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-374xx/CVE-2022-37434.json b/CVE-2022/CVE-2022-374xx/CVE-2022-37434.json index e4724765c01..0e711da2013 100644 --- a/CVE-2022/CVE-2022-374xx/CVE-2022-37434.json +++ b/CVE-2022/CVE-2022-374xx/CVE-2022-37434.json @@ -2,7 +2,7 @@ "id": "CVE-2022-37434", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-05T07:15:07.240", - "lastModified": "2024-11-21T07:14:59.070", + "lastModified": "2025-05-02T17:15:46.653", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -429,6 +429,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d", + "source": "cve@mitre.org" + }, { "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json b/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json index 2c3a65d0aa7..4abe1f1003f 100644 --- a/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json +++ b/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json @@ -2,8 +2,8 @@ "id": "CVE-2022-37620", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-31T12:15:10.137", - "lastModified": "2024-11-21T07:15:03.663", - "vulnStatus": "Modified", + "lastModified": "2025-05-02T17:34:45.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -60,8 +60,25 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:html-minifier_project:html-minifier:4.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "6CB8D90A-F60B-41DC-9A35-ED4FA773C595" + "criteria": "cpe:2.3:a:terser:html-minifier-terser:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "7.2.0", + "matchCriteriaId": "2F449F07-AE08-4B3E-9E57-3765B6A3A931" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kangax:html-minifier:*:*:*:*:*:node.js:*:*", + "versionEndIncluding": "4.0.0", + "matchCriteriaId": "80C98248-95AB-4049-92D9-19B9CBF77D59" } ] } @@ -88,7 +105,8 @@ "source": "cve@mitre.org", "tags": [ "Issue Tracking", - "Third Party Advisory" + "Third Party Advisory", + "Mitigation" ] }, { @@ -110,7 +128,8 @@ "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", - "Third Party Advisory" + "Third Party Advisory", + "Mitigation" ] } ] diff --git a/CVE-2022/CVE-2022-432xx/CVE-2022-43227.json b/CVE-2022/CVE-2022-432xx/CVE-2022-43227.json index 91b3008f39e..16e7f5f6b38 100644 --- a/CVE-2022/CVE-2022-432xx/CVE-2022-43227.json +++ b/CVE-2022/CVE-2022-432xx/CVE-2022-43227.json @@ -2,7 +2,7 @@ "id": "CVE-2022-43227", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-02T17:15:19.307", - "lastModified": "2024-11-21T07:26:04.617", + "lastModified": "2025-05-02T16:15:21.887", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-89" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json new file mode 100644 index 00000000000..5c72be73ded --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49932.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49932", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.070", + "lastModified": "2025-05-02T16:15:22.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace\n\nCall kvm_init() only after _all_ setup is complete, as kvm_init() exposes\n/dev/kvm to userspace and thus allows userspace to create VMs (and call\nother ioctls). E.g. KVM will encounter a NULL pointer when attempting to\nadd a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to\ncreate a VM before vmx_init() configures said list.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]\n \n vmx_vcpu_load+0x16/0x60 [kvm_intel]\n kvm_arch_vcpu_load+0x32/0x1f0 [kvm]\n vcpu_load+0x2f/0x40 [kvm]\n kvm_arch_vcpu_create+0x231/0x310 [kvm]\n kvm_vm_ioctl+0x79f/0xe10 [kvm]\n ? handle_mm_fault+0xb1/0x220\n __x64_sys_ioctl+0x80/0xb0\n do_syscall_64+0x2b/0x50\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7f5a6b05743b\n \n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e28533c08023c4b319b7f2cd77f3f7c9204eb517", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e32b120071ea114efc0b4ddd439547750b85f618", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json new file mode 100644 index 00000000000..5b7f67dee2e --- /dev/null +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49933.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2022-49933", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.163", + "lastModified": "2025-05-02T16:15:22.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling\n\nReset the eVMCS controls in the per-CPU VP assist page during hardware\ndisabling instead of waiting until kvm-intel's module exit. The controls\nare activated if and only if KVM creates a VM, i.e. don't need to be\nreset if hardware is never enabled.\n\nDoing the reset during hardware disabling will naturally fix a potential\nNULL pointer deref bug once KVM disables CPU hotplug while enabling and\ndisabling hardware (which is necessary to fix a variety of bugs). If the\nkernel is running as the root partition, the VP assist page is unmapped\nduring CPU hot unplug, and so KVM's clearing of the eVMCS controls needs\nto occur with CPU hot(un)plug disabled, otherwise KVM could attempt to\nwrite to a CPU's VP assist page after it's unmapped." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01aa8e5704bac9fcd7401eb1a74a375fba594203", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2916b70fc342719f570640de07251b7f91feebdb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/afb26bfc01db6ef4728e96314f08431934ffe833", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35670.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35670.json index b2a72c2814b..27b2c584663 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35670.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35670.json @@ -2,7 +2,7 @@ "id": "CVE-2023-35670", "sourceIdentifier": "security@android.com", "published": "2023-09-11T21:15:42.020", - "lastModified": "2024-11-21T08:08:28.667", + "lastModified": "2025-05-02T17:15:47.687", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4036.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4036.json index 19e27839d7d..9610206aa98 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4036.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4036.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4036", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-30T15:15:09.813", - "lastModified": "2024-11-21T08:34:16.370", + "lastModified": "2025-05-02T16:15:22.460", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4270.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4270.json index 621092a1ca4..619bf0d6699 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4270.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4270.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4270", "sourceIdentifier": "contact@wpscan.com", "published": "2023-09-11T20:15:11.593", - "lastModified": "2024-11-21T08:34:45.630", + "lastModified": "2025-05-02T17:15:48.010", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json index 4db2bdae598..d6b0ee23fe8 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43496", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-20T17:15:11.820", - "lastModified": "2024-11-21T08:24:09.497", + "lastModified": "2025-05-02T16:15:22.290", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-276" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44184.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44184.json index f0f36de9e8d..2e8aa7394be 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44184.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44184.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44184", "sourceIdentifier": "sirt@juniper.net", "published": "2023-10-13T00:15:12.067", - "lastModified": "2024-11-21T08:25:23.523", - "vulnStatus": "Modified", + "lastModified": "2025-05-02T16:12:56.360", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -414,21 +414,6 @@ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", - "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", - "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", - "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44204.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44204.json index 6e53de13aa4..350f159aa22 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44204.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44204.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44204", "sourceIdentifier": "sirt@juniper.net", "published": "2023-10-13T00:15:13.070", - "lastModified": "2024-11-21T08:25:26.153", - "vulnStatus": "Modified", + "lastModified": "2025-05-02T16:13:00.257", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -143,11 +143,6 @@ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", - "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", @@ -277,16 +272,6 @@ "vulnerable": true, "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", - "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*", - "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909" } ] } diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4502.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4502.json index 50b959724b0..98e2e43c0e6 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4502.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4502.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4502", "sourceIdentifier": "contact@wpscan.com", "published": "2023-09-25T16:15:15.217", - "lastModified": "2024-11-21T08:35:18.183", + "lastModified": "2025-05-02T17:15:48.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.7, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json new file mode 100644 index 00000000000..93815c948ba --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53035.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53035", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.627", + "lastModified": "2025-05-02T16:15:22.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n copy_to_user include/linux/uaccess.h:169 [inline]\n nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/003587000276f81d0114b5ce773d80c119d8cb30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5bb105cc72beb9d51bf12f5c657336d2d35bdc5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f33b042f74fc9662eba17f4cd19b07d84bbc6c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a6550b365c0ce2e65905de57dcbfe1f7d629726", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f5cbf6a8c0e19b062b829c5b7aca01468bb57f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c5034e9a0e03db8d5e9eabb176340259b5b97e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a94932381e8dae4117e9129b3c1282e18aa97b05", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d18db946cc6a394291539e030df32324285648f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json new file mode 100644 index 00000000000..00220dff9f1 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53036.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53036", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.733", + "lastModified": "2025-05-02T16:15:22.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/93bb18d2a873d2fa9625c8ea927723660a868b95", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a02dae3bbfe2df8e1c81e61a08695709e9588f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f06b902511ea05526f405ee64da54a8313d91831", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json new file mode 100644 index 00000000000..03c47111fa8 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53037.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53037", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.827", + "lastModified": "2025-05-02T16:15:22.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json new file mode 100644 index 00000000000..d6537b0b2c7 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53038.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53038", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:22.920", + "lastModified": "2025-05-02T16:15:22.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()\n\nIf kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on\nlpfc_read_object()'s routine to NULL check pdata.\n\nCurrently, an early return error is thrown from lpfc_read_object() to\nprotect us from NULL ptr dereference, but the errno code is -ENODEV.\n\nChange the errno code to a more appropriate -ENOMEM." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/312320b0e0ec21249a17645683fe5304d796aec1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4829a1e1171536978b240a1438789c2e4d5c9715", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67b8343998b84418bc5b5206aa01fe9b461a80ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/908dd9a0853a88155a5a36018c7e2b32ccf20379", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json new file mode 100644 index 00000000000..6b761608558 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53039.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53039", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.017", + "lastModified": "2025-05-02T16:15:23.017", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a594cb490ca6232671fc09e2dc1a0fc7ccbb0b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ae2f2b0a28416ed2f6d8478ac8b9f7862f36785", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3ce3afd9f791dd1b7daedfcf8c396b60af5dec0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json new file mode 100644 index 00000000000..cd5e4b7c358 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53040.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53040", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.113", + "lastModified": "2025-05-02T16:15:23.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nca8210: fix mac_len negative array access\n\nThis patch fixes a buffer overflow access of skb->data if\nieee802154_hdr_peek_addrs() fails." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5da4469a7aa011de614c3e2ae383c35a353a382e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6c993779ea1d0cccdb3a5d7d45446dd229e610a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7df72bedbdd1d02bb216e1f6eca0a16900238c4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/918944526a386f186dd818ea6b0bcbed75d8c16b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d143e327c97241599c958d1ba9fbaa88c37db721", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd176a18db96d574d8c4763708abcec4444a08b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json new file mode 100644 index 00000000000..e6fcfad7b3e --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53041.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53041", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.220", + "lastModified": "2025-05-02T16:15:23.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Perform lockless command completion in abort path\n\nWhile adding and removing the controller, the following call trace was\nobserved:\n\nWARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50\nCPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1\nRIP: 0010:dma_free_attrs+0x33/0x50\n\nCall Trace:\n qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]\n qla2x00_abort_srb+0x8e/0x250 [qla2xxx]\n ? ql_dbg+0x70/0x100 [qla2xxx]\n __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]\n qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]\n qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]\n qla2x00_remove_one+0x364/0x400 [qla2xxx]\n pci_device_remove+0x36/0xa0\n __device_release_driver+0x17a/0x230\n device_release_driver+0x24/0x30\n pci_stop_bus_device+0x68/0x90\n pci_stop_and_remove_bus_device_locked+0x16/0x30\n remove_store+0x75/0x90\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n ? do_user_addr_fault+0x1d8/0x680\n ? do_syscall_64+0x69/0x80\n ? exc_page_fault+0x62/0x140\n ? asm_exc_page_fault+0x8/0x30\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe command was completed in the abort path during driver unload with a\nlock held, causing the warning in abort path. Hence complete the command\nwithout any lock held." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0367076b0817d5c75dfb83001ce7ce5c64d803a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/231cfa78ec5badd84a1a2b09465bfad1a926aba1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/415d614344a4f1bbddf55d724fc7eb9ef4b39aad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd0a1804ac5bab2545ac700c8d0fe9ae9284c567", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6f7377528d2abf338e504126e44439541be8f7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json new file mode 100644 index 00000000000..1ca6e81efaa --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53042.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53042", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.320", + "lastModified": "2025-05-02T16:15:23.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c20a098b507020936e02a98f4fbb924deeef44b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/56574f89dbd84004c3fd6485bcaafb5aa9b8be14", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json new file mode 100644 index 00000000000..089622ec373 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53043.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53043", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.400", + "lastModified": "2025-05-02T16:15:23.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent\n\nIf the controller is not marked as cache coherent, then kernel will\ntry to ensure coherency during dma-ops and that may cause data corruption.\nSo, mark the PCIe node as dma-coherent as the devices on PCIe bus are\ncache coherent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/267b899375bf38944d915c9654d6eb434edad0ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8a63441e83724fee1ef3fd37b237d40d90780766", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e43bba938e2c9104bb4f8bc417ac4d7bb29755e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json new file mode 100644 index 00000000000..3f624299008 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53044.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53044", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.490", + "lastModified": "2025-05-02T16:15:23.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()'s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn't being actively used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d96bd507ed7e7d565b6d53ebd3874686f123b2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2287d7b721471a3d58bcd829250336e3cdf1635e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/443c9d522397511a4328dc2ec3c9c63c73049756", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a32a9a818a895671bd43e0c40351e60e4e9140b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5b66e36a3efd24041b7374432bfa4dec2ff01e95", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a42180dd361584816bfe15c137b665699b994d90", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c68f08cc745675a17894e1b4a5b5b9700ace6da4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3aa3e060c4a80827eb801fc448debc9daa7c46b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json new file mode 100644 index 00000000000..2577b861cb9 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53045.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53045", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.590", + "lastModified": "2025-05-02T16:15:23.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: don't let userspace block driver unbind\n\nIn the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()\nvia g_audio_cleanup() will disconnect the card and then wait for all\nresources to be released, which happens when the refcount falls to zero.\nSince userspace can keep the refcount incremented by not closing the\nrelevant file descriptor, the call to unbind may block indefinitely.\nThis can cause a deadlock during reboot, as evidenced by the following\nblocked task observed on my machine:\n\n task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c\n Call trace:\n __switch_to+0xc8/0x140\n __schedule+0x2f0/0x7c0\n schedule+0x60/0xd0\n schedule_timeout+0x180/0x1d4\n wait_for_completion+0x78/0x180\n snd_card_free+0x90/0xa0\n g_audio_cleanup+0x2c/0x64\n afunc_unbind+0x28/0x60\n ...\n kernel_restart+0x4c/0xac\n __do_sys_reboot+0xcc/0x1ec\n __arm64_sys_reboot+0x28/0x30\n invoke_syscall+0x4c/0x110\n ...\n\nThe issue can also be observed by opening the card with arecord and\nthen stopping the process through the shell before unbinding:\n\n # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo\n ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind\n (observe that the unbind command never finishes)\n\nFix the problem by using snd_card_free_when_closed() instead, which will\nstill disconnect the card as desired, but defer the task of freeing the\nresources to the core once userspace closes its file descriptor." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0eda2004f38d95ef5715d62be884cd344260535b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3256e152b645fc1e788ba44c2d8ced690113e3e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/33f341c1fc60e172a3515c51bdabee11e83d1ee9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3bc7324e4911351e39c54a62e6ca46321cb10faf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3e016ef2e72da93a2ea7afbb45de1b481b44d761", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43ca70753dfffd517d2af126da28690f8f615605", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6c67ed9ad9b83e453e808f9b31a931a20a25629b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b131989797f7287d7fdadb2bababc05a15d44750", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json new file mode 100644 index 00000000000..ddea5bcf53c --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53046.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53046", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.697", + "lastModified": "2025-05-02T16:15:23.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hci_cmd_sync_clear\n\nThere is a potential race condition in hci_cmd_sync_work and\nhci_cmd_sync_clear, and could lead to use-after-free. For instance,\nhci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync\nThe entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and\ncausing kernel panic when it is used in 'hci_cmd_sync_work'.\n\nHere's the call trace:\n\ndump_stack_lvl+0x49/0x63\nprint_report.cold+0x5e/0x5d3\n? hci_cmd_sync_work+0x282/0x320\nkasan_report+0xaa/0x120\n? hci_cmd_sync_work+0x282/0x320\n__asan_report_load8_noabort+0x14/0x20\nhci_cmd_sync_work+0x282/0x320\nprocess_one_work+0x77b/0x11c0\n? _raw_spin_lock_irq+0x8e/0xf0\nworker_thread+0x544/0x1180\n? poll_idle+0x1e0/0x1e0\nkthread+0x285/0x320\n? process_one_work+0x11c0/0x11c0\n? kthread_complete_and_exit+0x30/0x30\nret_from_fork+0x22/0x30\n\n\nAllocated by task 266:\nkasan_save_stack+0x26/0x50\n__kasan_kmalloc+0xae/0xe0\nkmem_cache_alloc_trace+0x191/0x350\nhci_cmd_sync_queue+0x97/0x2b0\nhci_update_passive_scan+0x176/0x1d0\nle_conn_complete_evt+0x1b5/0x1a00\nhci_le_conn_complete_evt+0x234/0x340\nhci_le_meta_evt+0x231/0x4e0\nhci_event_packet+0x4c5/0xf00\nhci_rx_work+0x37d/0x880\nprocess_one_work+0x77b/0x11c0\nworker_thread+0x544/0x1180\nkthread+0x285/0x320\nret_from_fork+0x22/0x30\n\nFreed by task 269:\nkasan_save_stack+0x26/0x50\nkasan_set_track+0x25/0x40\nkasan_set_free_info+0x24/0x40\n____kasan_slab_free+0x176/0x1c0\n__kasan_slab_free+0x12/0x20\nslab_free_freelist_hook+0x95/0x1a0\nkfree+0xba/0x2f0\nhci_cmd_sync_clear+0x14c/0x210\nhci_unregister_dev+0xff/0x440\nvhci_release+0x7b/0xf0\n__fput+0x1f3/0x970\n____fput+0xe/0x20\ntask_work_run+0xd4/0x160\ndo_exit+0x8b0/0x22a0\ndo_group_exit+0xba/0x2a0\nget_signal+0x1e4a/0x25b0\narch_do_signal_or_restart+0x93/0x1f80\nexit_to_user_mode_prepare+0xf5/0x1a0\nsyscall_exit_to_user_mode+0x26/0x50\nret_from_fork+0x15/0x30" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1c66bee492a5fe00ae3fe890bb693bfc99f994c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/608901a77c945ac15dea23f6098c9882ef19d9f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be586211a3ab40a4f4ca60450e0d31606afc55ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json new file mode 100644 index 00000000000..74cbf4a9a90 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53047.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53047", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.790", + "lastModified": "2025-05-02T16:15:23.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix race condition in amdtee_open_session\n\nThere is a potential race condition in amdtee_open_session that may\nlead to use-after-free. For instance, in amdtee_open_session() after\nsess->sess_mask is set, and before setting:\n\n sess->session_info[i] = session_info;\n\nif amdtee_close_session() closes this same session, then 'sess' data\nstructure will be released, causing kernel panic when 'sess' is\naccessed within amdtee_open_session().\n\nThe solution is to set the bit sess->sess_mask as the last step in\namdtee_open_session()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/02b296978a2137d7128151c542e84dc96400bc00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a63cce9393e4e7dbc5af82dc87e68cb321cb1a78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f632a90f8e39db39b322107b9a8d438b826a7f4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8502fba45bd30e1a6a354d9d898bc99d1a11e6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json new file mode 100644 index 00000000000..f0077024041 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53048.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53048", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.897", + "lastModified": "2025-05-02T16:15:23.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix warning when handle discover_identity message\n\nSince both source and sink device can send discover_identity message in\nPD3, kernel may dump below warning:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 169 at drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0\nModules linked in:\nCPU: 0 PID: 169 Comm: 1-0050 Not tainted 6.1.1-00038-g6a3c36cf1da2-dirty #567\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tcpm_queue_vdm+0xe0/0xf0\nlr : tcpm_queue_vdm+0x2c/0xf0\nsp : ffff80000c19bcd0\nx29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8\nx26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081\nx23: 0000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc\nx20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580\nx14: 0000000000000001 x13: ffff0000d716f507 x12: 0000000000000001\nx11: 0000000000000000 x10: 0000000000000020 x9 : 00000000000ee098\nx8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004\nCall trace:\ntcpm_queue_vdm+0xe0/0xf0\ntcpm_pd_rx_handler+0x340/0x1ab0\nkthread_worker_fn+0xcc/0x18c\nkthread+0x10c/0x110\nret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n\nBelow sequences may trigger this warning:\n\ntcpm_send_discover_work(work)\n tcpm_send_vdm(port, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0);\n tcpm_queue_vdm(port, header, data, count);\n port->vdm_state = VDM_STATE_READY;\n\nvdm_state_machine_work(work);\n\t\t\t<-- received discover_identity from partner\n vdm_run_state_machine(port);\n port->vdm_state = VDM_STATE_SEND_MESSAGE;\n mod_vdm_delayed_work(port, x);\n\ntcpm_pd_rx_handler(work);\n tcpm_pd_data_request(port, msg);\n tcpm_handle_vdm_request(port, msg->payload, cnt);\n tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);\n--> WARN_ON(port->vdm_state > VDM_STATE_DONE);\n\nFor this case, the state machine could still send out discover\nidentity message later if we skip current discover_identity message.\nSo we should handle the received message firstly and override the pending\ndiscover_identity message without warning in this case. Then, a delayed\nsend_discover work will send discover_identity message again." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/abfc4fa28f0160df61c7149567da4f6494dfb488", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb579b3f75c60bf488a7c36e092e8be583407d53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d55ca2d2ea1a7ec553213986993fba8c0257381c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e37d2c489d71e94ed4a39529bc9520a7fd983d42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json new file mode 100644 index 00000000000..d64187be035 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53049.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53049", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:23.990", + "lastModified": "2025-05-02T16:15:23.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi: Fix NULL pointer deref in ucsi_connector_change()\n\nWhen ucsi_init() fails, ucsi->connector is NULL, yet in case of\nucsi_acpi we may still get events which cause the ucs_acpi code to call\nucsi_connector_change(), which then derefs the NULL ucsi->connector\npointer.\n\nFix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init()\nhas succeeded, so that ucsi_connector_change() ignores the events\nbecause UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1c5abcb13491da8c049f20462189c12c753ba978", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7dd27aed9c456670b3882877ef17a48195f21693", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ef0423e43f877a328454059d46763043ce3da44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f87fb985452ab2083967103ac00bfd68fb182764", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json new file mode 100644 index 00000000000..4d606e55dca --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53050.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53050", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.093", + "lastModified": "2025-05-02T16:15:24.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4->margining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json new file mode 100644 index 00000000000..0f8fbcabcca --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53051.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53051", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.180", + "lastModified": "2025-05-02T16:15:24.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm crypt: add cond_resched() to dmcrypt_write()\n\nThe loop in dmcrypt_write may be running for unbounded amount of time,\nthus we need cond_resched() in it.\n\nThis commit fixes the following warning:\n\n[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]\n...\n[ 3391.387210][ C12] Call trace:\n[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158\n[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0\n[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550\n[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380\n[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt]\n[ 3391.416005][ C12] kthread+0x130/0x138\n[ 3391.419911][ C12] ret_from_fork+0x10/0x18" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2c743db1193bf0e76c73d71ede08bd9b96e6c31d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66ff37993dd7e9954b6446237fe2453b380ce40d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b9f8efb5fc888dd938d2964e705b8e00f1dc0f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/885c28ceae7dab2b18c2cc0eb95f1f82b1f629d1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e87cd83f70504f1cd2e428966f353c007d6d2d7f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb485b7404a281d974bd445ddc5b0b8d5958f371", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0eb61b493dbbc32529fbd0d2e945b71b0e47306", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fb294b1c0ba982144ca467a75e7d01ff26304e2b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json new file mode 100644 index 00000000000..f32d51412a2 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53052.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-53052", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.283", + "lastModified": "2025-05-02T16:15:24.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] \n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/396935de145589c8bfe552fa03a5e38604071829", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json new file mode 100644 index 00000000000..205e777f0f1 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53053.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2023-53053", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.373", + "lastModified": "2025-05-02T16:15:24.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: do not use skb_mac_header() in ndo_start_xmit()\n\nDrivers should not assume skb_mac_header(skb) == skb->data in their\nndo_start_xmit().\n\nUse skb_network_offset() and skb_transport_offset() which\nbetter describe what is needed in erspan_fb_xmit() and\nip6erspan_tunnel_xmit()\n\nsyzbot reported:\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline]\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nModules linked in:\nCPU: 0 PID: 5083 Comm: syz-executor406 Not tainted 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [inline]\nRIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nCode: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00\nRSP: 0018:ffffc90003b2f830 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000\nRDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003\nRBP: ffffc90003b2f9d8 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00\nR13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000\nFS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n__netdev_start_xmit include/linux/netdevice.h:4900 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4914 [inline]\n__dev_direct_xmit+0x504/0x730 net/core/dev.c:4300\ndev_direct_xmit include/linux/netdevice.h:3088 [inline]\npacket_xmit+0x20a/0x390 net/packet/af_packet.c:285\npacket_snd net/packet/af_packet.c:3075 [inline]\npacket_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107\nsock_sendmsg_nosec net/socket.c:724 [inline]\nsock_sendmsg+0xde/0x190 net/socket.c:747\n__sys_sendto+0x23a/0x340 net/socket.c:2142\n__do_sys_sendto net/socket.c:2154 [inline]\n__se_sys_sendto net/socket.c:2150 [inline]\n__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f123aaa1039\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f123aaa1039\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0\nR13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5d4172732f0ee1639a361a6cc5c3114bbb397386", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e50ed774554f93d55426039b27b1e38d7fa64d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c7d6803689c99d55bbb862260d0ba486ff23c0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b41f37dbd9cdb60000e3b0dfad6df787591c2265", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b72f453e886af532bde1fd049a2d2421999630d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da149daf821a3c05cd04f7c60776c86c5ee9685c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8cec30541f5c5cc218e9a32138d45d227727f2f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json new file mode 100644 index 00000000000..3dfb32560f4 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53054.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53054", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.483", + "lastModified": "2025-05-02T16:15:24.483", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg->ll_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json new file mode 100644 index 00000000000..b10bcd7a452 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53055.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53055", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.590", + "lastModified": "2025-05-02T16:15:24.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don't get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/497ab5d9c7852dfedab2c9de75e41b60e54b7c5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/992a3f3e8a0c92151dfdf65fc85567c865fd558a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccb820dc7d2236b1af0d54ae038a27b5b6d5ae5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d77531fac6a1fd9f1db0195438ba5419d72b96c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json new file mode 100644 index 00000000000..cf1824a1b14 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53056.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53056", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.680", + "lastModified": "2025-05-02T16:15:24.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Synchronize the IOCB count to be in order\n\nA system hang was observed with the following call trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1\nHardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022\nRIP: 0010:__wake_up_common+0x55/0x190\nCode: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d\n 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\\n 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31\n ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d\nRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018\nRBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8\nR10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)\n\tknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0\nCall Trace:\n \n __wake_up_common_lock+0x83/0xd0\n qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]\n __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]\n nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]\n nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]\n ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]\n nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]\n nvme_sysfs_delete+0x5f/0x70 [nvme_core]\n kernfs_fop_write_iter+0x12b/0x1c0\n vfs_write+0x2a3/0x3b0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exit_to_user_mode_loop+0xd0/0x130\n ? exit_to_user_mode_prepare+0xec/0x100\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n RIP: 0033:0x7f815cd3eb97\n\nThe IOCB counts are out of order and that would block any commands from\ngoing out and subsequently hang the system. Synchronize the IOCB count to\nbe in correct order." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6295b3ec64a3623fa96869ffb7cf17d0b3c92035", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6d57b77d7369ed73836c82b25f785b34923eef84", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3affdeb400f3adc925bd996f3839481f5291839", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffd7831841d3c56c655531fc8c5acafaaf20e1bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json new file mode 100644 index 00000000000..c59e3ce5f9a --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53057.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53057", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.773", + "lastModified": "2025-05-02T16:15:24.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix global-out-of-bounds\n\nTo loop a variable-length array, hci_init_stage_sync(stage) considers\nthat stage[i] is valid as long as stage[i-1].func is valid.\nThus, the last element of stage[].func should be intentionally invalid\nas hci_init0[], le_init2[], and others did.\nHowever, amp_init1[] and amp_init2[] have no invalid element, letting\nhci_init_stage_sync() keep accessing amp_init1[] over its valid range.\nThis patch fixes this by adding {} in the last of amp_init1[] and\namp_init2[].\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in hci_dev_open_sync (\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nRead of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032\nCPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04\nWorkqueue: hci1 hci_power_on\nCall Trace:\n \ndump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))\nprint_report (/v6.2-bzimage/mm/kasan/report.c:307\n /v6.2-bzimage/mm/kasan/report.c:417)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nkasan_report (/v6.2-bzimage/mm/kasan/report.c:184\n /v6.2-bzimage/mm/kasan/report.c:519)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nhci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\n? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)\n? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190\n /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443\n /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781\n /v6.2-bzimage/kernel/locking/mutex.c:171\n /v6.2-bzimage/kernel/locking/mutex.c:285)\n? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)\nhci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485\n /v6.2-bzimage/net/bluetooth/hci_core.c:984)\n? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)\n? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)\n? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62\n /v6.2-bzimage/lib/string.c:161)\nprocess_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)\nworker_thread (/v6.2-bzimage/./include/linux/list.h:292\n /v6.2-bzimage/kernel/workqueue.c:2437)\n? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)\nkthread (/v6.2-bzimage/kernel/kthread.c:376)\n? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)\nret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)\n \nThe buggy address belongs to the variable:\namp_init1+0x30/0x60\nThe buggy address belongs to the physical page:\npage:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00\n ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n>ffffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9\n \n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8497222b22b591c6b2d106e0e3c1672ffe4e10e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3168abd24245aa0775c5a387dcf94d36ca7e738", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bce56405201111807cc8e4f47c6de3e10b17c1ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json new file mode 100644 index 00000000000..66bdb9b78a6 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53058.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53058", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.867", + "lastModified": "2025-05-02T16:15:24.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\". There is nothing we can do if\nit is an error pointer except returning the error code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1a9853a7437a22fd849347008fb3c85087906b56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/388188fb58bef9e7f3ca4f8970f03d493b66909f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5eadc80328298ef7beaaf0cd96791667d3b485ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/640fcdbcf27fc62de9223f958ceb4e897a00e791", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c4c977935b2fc60084b3735737d17a06e7ba1bd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json new file mode 100644 index 00000000000..20a264ce969 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53059.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53059", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:24.963", + "lastModified": "2025-05-02T16:15:24.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json new file mode 100644 index 00000000000..9182378770b --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53060.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53060", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.060", + "lastModified": "2025-05-02T16:15:25.060", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching) | (USE from netdev core)\nigb_remove | igb_ndo_get_vf_config\n igb_disable_sriov | vf >= adapter->vfs_allocated_count?\n kfree(adapter->vf_data) |\n adapter->vfs_allocated_count = 0 |\n | memcpy(... adapter->vf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[ 141.420169] \n[ 141.420672] __schedule+0x2dd/0x840\n[ 141.421427] schedule+0x50/0xc0\n[ 141.422041] schedule_preempt_disabled+0x11/0x20\n[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0\n[ 141.423324] unregister_netdev+0xe/0x20\n[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]\n[ 141.423791] pci_device_remove+0x36/0xb0\n[ 141.423990] device_release_driver_internal+0xc1/0x160\n[ 141.424270] pci_stop_bus_device+0x6d/0x90\n[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20\n[ 141.424789] pci_iov_remove_virtfn+0xba/0x120\n[ 141.425452] sriov_disable+0x2f/0xf0\n[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]\n[ 141.426353] igb_remove+0xa0/0x130 [igb]\n[ 141.426599] pci_device_remove+0x36/0xb0\n[ 141.426796] device_release_driver_internal+0xc1/0x160\n[ 141.427060] driver_detach+0x44/0x90\n[ 141.427253] bus_remove_driver+0x55/0xe0\n[ 141.427477] pci_unregister_driver+0x2a/0xa0\n[ 141.428296] __x64_sys_delete_module+0x141/0x2b0\n[ 141.429126] ? mntput_no_expire+0x4a/0x240\n[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0\n[ 141.429653] do_syscall_64+0x5b/0x80\n[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0\n[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.430849] ? do_syscall_64+0x67/0x80\n[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.432482] ? do_syscall_64+0x67/0x80\n[ 141.432714] ? exc_page_fault+0x64/0x140\n[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0dabb72b923e17cb3b4ac99ea1adc9ef35116930", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4d2626e10709ff8474ffd1a9db3cf4647569e89c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62a64645749926f9d75af82a96440941f22b046f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/65f69851e44d71248b952a687e44759a7abb5016", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/66e5577cabc3d463eea540332727929d0ace41c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d845e9a485f287181ff81567c3900a8e7ad1e28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd1e320ac0958298c2774605ad050483f33a21f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de91528d8ba274c614a2265077d695c61e31fd43", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json new file mode 100644 index 00000000000..12c2da78f2b --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53061.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53061", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.163", + "lastModified": "2025-05-02T16:15:25.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix possible refcount leak in smb2_open()\n\nReference count of acls will leak when memory allocation fails. Fix this\nby adding the missing posix_acl_release()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2624b445544ffc1472ccabfb6ec867c199d4c95c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/303f8e58cc3ace744801dcdcabfc06ffc72ed62d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a22c49a05e5e7aa2c414fbc42c49c4c01a5c9a78", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c33344b7972225b232966f95d31f6312dcc6273d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json new file mode 100644 index 00000000000..6be1b606038 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53062.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53062", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.257", + "lastModified": "2025-05-02T16:15:25.257", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/33d1603a38e05886c538129ddfe00bd52d347e7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70eb25c6a6cde149affe8a587371a3a8ad295ba0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/733580e268a53db1cd01f2251419da91866378f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba6c40227108f8ee428e42eb0337b48ed3001e65", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3c145a4d24b752c9a1314d5a595014d51471418", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e041bef1adee02999cf24f9a2e15ed452bc363fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2111c791d885211714db85f9a06188571c57dd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff821092cf02a70c2bccd2d19269f01e29aa52cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json new file mode 100644 index 00000000000..4d8a5f2ba75 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53063.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53063", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.377", + "lastModified": "2025-05-02T16:15:25.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\n\nIn btsdio_probe, &data->work was bound with btsdio_work.In\nbtsdio_send_frame, it was started by schedule_work.\n\nIf we call btsdio_remove with an unfinished job, there may\nbe a race condition and cause UAF bug on hdev." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e9ac114c4428fdb7ff4635b45d4f46017e8916f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8efae2112d910d8e5166dd0a836791b08721eef1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95eacef5692545f199fae4e52abfbfa273acb351", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a18fb433ceb56e0787546a9d77056dd0f215e762", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af4d48754d5517d33bac5e504ff1f1de0808e29e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c59c65a14e8f7d738429648833f3bb3f9df0513f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cbf8deacb7053ce3e3fed64b277c6c6989e65bba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json new file mode 100644 index 00000000000..fbee9dc0b1a --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53064.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53064", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.480", + "lastModified": "2025-05-02T16:15:25.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix hang on reboot with ice\n\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\n\n Pid 1 is hung in iavf_remove(), part of a network driver:\n PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: \"systemd-shutdow\"\n #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\n RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7\n RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead\n RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90\n R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005\n R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000\n ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b\n\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat's not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\n\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4e264be98b88a6d6f476c11087fe865696e8bef5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/502b898235f06130750c91512c86dd0e9efe28e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7a29799fc141ba9e6cf921fc8e958e3398ad1a4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f752ace58867de3c063512b21e0f1694fc27f043", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json new file mode 100644 index 00000000000..e22ae892228 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53065.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53065", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.580", + "lastModified": "2025-05-02T16:15:25.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac5f88642cb211152041f84a985309e9af4baf59", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ddcf8320003638a06eb1e46412e045d0c5701575", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb81a2ed4f52be831c9fb879752d89645a312c13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json new file mode 100644 index 00000000000..3716971fd36 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53066.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53066", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.673", + "lastModified": "2025-05-02T16:15:25.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json new file mode 100644 index 00000000000..98ed764eadd --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53067.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53067", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.777", + "lastModified": "2025-05-02T16:15:25.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Only call get_timer_irq() once in constant_clockevent_init()\n\nUnder CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see\nthe following messages on LoongArch, this is because using might_sleep()\nin preemption disable context.\n\n[ 0.001127] smp: Bringing up secondary CPUs ...\n[ 0.001222] Booting CPU#1...\n[ 0.001244] 64-bit Loongson Processor probed (LA464 Core)\n[ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit)\n[ 0.001250] FPU1 revision is: 00000000\n[ 0.001252] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n[ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.001257] preempt_count: 1, expected: 0\n[ 0.001258] RCU nest depth: 0, expected: 0\n[ 0.001259] Preemption disabled at:\n[ 0.001261] [<9000000000223800>] arch_dup_task_struct+0x20/0x110\n[ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc7+ #43\n[ 0.001275] Hardware name: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202\n[ 0.001277] Stack : 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000\n[ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 0000000000000000\n[ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50\n[ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500\n[ 0.001303] 0000000000000001 0000000000000001 00000000ffffe0a2 0000000000000020\n[ 0.001309] 000000000000002f 9000000001354116 00000000056b0000 ffffffffffffffff\n[ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000\n[ 0.001320] 900000000022b69c 0000000000000001 0000000000000000 9000000001736a90\n[ 0.001325] 9000000100038000 0000000000000000 9000000000222f34 0000000000000000\n[ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.001337] ...\n[ 0.001339] Call Trace:\n[ 0.001342] [<9000000000222f34>] show_stack+0x5c/0x180\n[ 0.001346] [<90000000010bdd80>] dump_stack_lvl+0x60/0x88\n[ 0.001352] [<9000000000266418>] __might_resched+0x180/0x1cc\n[ 0.001356] [<90000000010c742c>] mutex_lock+0x20/0x64\n[ 0.001359] [<90000000002a8ccc>] irq_find_matching_fwspec+0x48/0x124\n[ 0.001364] [<90000000002259c4>] constant_clockevent_init+0x68/0x204\n[ 0.001368] [<900000000022acf4>] start_secondary+0x40/0xa8\n[ 0.001371] [<90000000010c0124>] smpboot_entry+0x60/0x64\n\nHere are the complete call chains:\n\nsmpboot_entry()\n start_secondary()\n constant_clockevent_init()\n get_timer_irq()\n irq_find_matching_fwnode()\n irq_find_matching_fwspec()\n mutex_lock()\n might_sleep()\n __might_sleep()\n __might_resched()\n\nIn order to avoid the above issue, we should break the call chains,\nusing timer_irq_installed variable as check condition to only call\nget_timer_irq() once in constant_clockevent_init() is a simple and\nproper way." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/acadbd058fa12b510fbecca11eae22bd6f654250", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb7a78e343468873bf00b2b181fcfd3c02d8cb56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json new file mode 100644 index 00000000000..32c2904ce44 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53068.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53068", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.870", + "lastModified": "2025-05-02T16:15:25.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/44b9ed73369fc5ec85dd2ee487e986301792a82d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83de34967473ed31d276381373713cc2869a42e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json new file mode 100644 index 00000000000..7a9b4340c08 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53069.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53069", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:25.960", + "lastModified": "2025-05-02T16:15:25.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-vf: Add missing free for alloc_percpu\n\nAdd the free_percpu for the allocated \"vf->hw.lmt_info\" in order to avoid\nmemory leak, same as the \"pf->hw.lmt_info\" in\n`drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/813b590840771890c738ce6dbfd0c5938a1bafb9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/840631bcf21f58c0a3f01378a54d79e9ce86b226", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90874b76e5f82eaa3309714d72ff2cd8bb8d1b02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f038f3917baf04835ba2b7bcf2a04ac93fbf8a9c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json new file mode 100644 index 00000000000..17d4ff35686 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53070.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53070", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.050", + "lastModified": "2025-05-02T16:15:26.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nenabled to map PPTT once on the first invocation of acpi_get_pptt() and\nnever unmapped the same allowing it to be used at runtime with out the\nhassle of mapping and unmapping the table. This was needed to fetch LLC\ninformation from the PPTT in the cpuhotplug path which is executed in\nthe atomic context as the acpi_get_table() might sleep waiting for a\nmutex.\n\nHowever it missed to handle the case when there is no PPTT on the system\nwhich results in acpi_get_pptt() being called from all the secondary\nCPUs attempting to fetch the LLC information in the atomic context\nwithout knowing the absence of PPTT resulting in the splat like below:\n\n | BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:164\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | no locks held by swapper/1/0.\n | irq event stamp: 0\n | hardirqs last enabled at (0): 0x0\n | hardirqs last disabled at (0): copy_process+0x61c/0x1b40\n | softirqs last enabled at (0): copy_process+0x61c/0x1b40\n | softirqs last disabled at (0): 0x0\n | CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc1 #1\n | Call trace:\n | dump_backtrace+0xac/0x138\n | show_stack+0x30/0x48\n | dump_stack_lvl+0x60/0xb0\n | dump_stack+0x18/0x28\n | __might_resched+0x160/0x270\n | __might_sleep+0x58/0xb0\n | down_timeout+0x34/0x98\n | acpi_os_wait_semaphore+0x7c/0xc0\n | acpi_ut_acquire_mutex+0x58/0x108\n | acpi_get_table+0x40/0xe8\n | acpi_get_pptt+0x48/0xa0\n | acpi_get_cache_info+0x38/0x140\n | init_cache_level+0xf4/0x118\n | detect_cache_attributes+0x2e4/0x640\n | update_siblings_masks+0x3c/0x330\n | store_cpu_topology+0x88/0xf0\n | secondary_start_kernel+0xd0/0x168\n | __secondary_switched+0xb8/0xc0\n\nUpdate acpi_get_pptt() to consider the fact that PPTT is once checked and\nis not available on the system and return NULL avoiding any attempts to\nfetch PPTT and thereby avoiding any possible sleep waiting for a mutex\nin the atomic context." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1318a07706bb2f8c65f88f39a16c2b5260bcdcd4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91d7b60a65d9f71230ea09b86d2058a884a3c2af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0c1106d51b9abc8eae03c5522b20649b6a55f6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json new file mode 100644 index 00000000000..6da39366939 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53071.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53071", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.140", + "lastModified": "2025-05-02T16:15:26.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn't been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2d34f27714c97a9786a30b3bb54944d6d8ed612f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/41130c32f3a18fcc930316da17f3a5f3bc326aa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dffe86df26aee01a5fc56a175b7a7f157961e370", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json new file mode 100644 index 00000000000..f3391d462f7 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53072.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53072", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.237", + "lastModified": "2025-05-02T16:15:26.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use the workqueue to destroy unaccepted sockets\n\nChristoph reported a UaF at token lookup time after having\nrefactored the passive socket initialization part:\n\n BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260\n Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198\n\n CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n __token_bucket_busy+0x253/0x260\n mptcp_token_new_connect+0x13d/0x490\n mptcp_connect+0x4ed/0x860\n __inet_stream_connect+0x80e/0xd90\n tcp_sendmsg_fastopen+0x3ce/0x710\n mptcp_sendmsg+0xff1/0x1a20\n inet_sendmsg+0x11d/0x140\n __sys_sendto+0x405/0x490\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nWe need to properly clean-up all the paired MPTCP-level\nresources and be sure to release the msk last, even when\nthe unaccepted subflow is destroyed by the TCP internals\nvia inet_child_forget().\n\nWe can re-use the existing MPTCP_WORK_CLOSE_SUBFLOW infra,\nexplicitly checking that for the critical scenario: the\nclosed subflow is the MPC one, the msk is not accepted and\neventually going through full cleanup.\n\nWith such change, __mptcp_destroy_sock() is always called\non msk sockets, even on accepted ones. We don't need anymore\nto transiently drop one sk reference at msk clone time.\n\nPlease note this commit depends on the parent one:\n\n mptcp: refactor passive socket initialization" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2827f099b3fb9a59263c997400e9182f5d423e84", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/804cf487fb0031f3c74755b78d8663333f0ba636", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6985b9b82954caa53f862d6059d06c0526254f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json new file mode 100644 index 00000000000..ba34f2695c5 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53073.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53073", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.330", + "lastModified": "2025-05-02T16:15:26.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/core: Always clear status for idx\n\nThe variable 'status' (which contains the unhandled overflow bits) is\nnot being properly masked in some cases, displaying the following\nwarning:\n\n WARNING: CPU: 156 PID: 475601 at arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270\n\nThis seems to be happening because the loop is being continued before\nthe status bit being unset, in case x86_perf_event_set_period()\nreturns 0. This is also causing an inconsistency because the \"handled\"\ncounter is incremented, but the status bit is not cleaned.\n\nMove the bit cleaning together above, together when the \"handled\"\ncounter is incremented." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/263f5ecaf7080513efc248ec739b6d9e00f4129f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d4c7b1f12e101d6d6253092588b127416ddfb6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab33a8f7649b0324639a336e1081aaea51a4523e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json new file mode 100644 index 00000000000..b628261bec8 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53074.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53074", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.420", + "lastModified": "2025-05-02T16:15:26.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini\n\nThe call trace occurs when the amdgpu is removed after\nthe mode1 reset. During mode1 reset, from suspend to resume,\nthere is no need to reinitialize the ta firmware buffer\nwhich caused the bo pin_count increase redundantly.\n\n[ 489.885525] Call Trace:\n[ 489.885525] \n[ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm]\n[ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu]\n[ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu]\n[ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu]\n[ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu]\n[ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0\n[ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu]\n[ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu]\n[ 489.886132] ? __pm_runtime_resume+0x60/0x90\n[ 489.886134] pci_device_remove+0x3e/0xb0\n[ 489.886135] __device_release_driver+0x1ab/0x2a0\n[ 489.886137] driver_detach+0xf3/0x140\n[ 489.886138] bus_remove_driver+0x6c/0xf0\n[ 489.886140] driver_unregister+0x31/0x60\n[ 489.886141] pci_unregister_driver+0x40/0x90\n[ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/23f4a2d29ba57bf88095f817de5809d427fcbe7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55a7c647ebf6e376c45d8322568dd6eb71937139", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7be9a2f8c5179520a7d5570e648e0c97d09e4fae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json new file mode 100644 index 00000000000..24cf761f643 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53075.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53075", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.510", + "lastModified": "2025-05-02T16:15:26.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53076.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53076.json new file mode 100644 index 00000000000..3da77e99561 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53076.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53076", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.610", + "lastModified": "2025-05-02T16:15:26.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Adjust insufficient default bpf_jit_limit\n\nWe've seen recent AWS EKS (Kubernetes) user reports like the following:\n\n After upgrading EKS nodes from v20230203 to v20230217 on our 1.24 EKS\n clusters after a few days a number of the nodes have containers stuck\n in ContainerCreating state or liveness/readiness probes reporting the\n following error:\n\n Readiness probe errored: rpc error: code = Unknown desc = failed to\n exec in container: failed to start exec \"4a11039f730203ffc003b7[...]\":\n OCI runtime exec failed: exec failed: unable to start container process:\n unable to init seccomp: error loading seccomp filter into kernel:\n error loading seccomp filter: errno 524: unknown\n\n However, we had not been seeing this issue on previous AMIs and it only\n started to occur on v20230217 (following the upgrade from kernel 5.4 to\n 5.10) with no other changes to the underlying cluster or workloads.\n\n We tried the suggestions from that issue (sysctl net.core.bpf_jit_limit=452534528)\n which helped to immediately allow containers to be created and probes to\n execute but after approximately a day the issue returned and the value\n returned by cat /proc/vmallocinfo | grep bpf_jit | awk '{s+=$2} END {print s}'\n was steadily increasing.\n\nI tested bpf tree to observe bpf_jit_charge_modmem, bpf_jit_uncharge_modmem\ntheir sizes passed in as well as bpf_jit_current under tcpdump BPF filter,\nseccomp BPF and native (e)BPF programs, and the behavior all looks sane\nand expected, that is nothing \"leaking\" from an upstream perspective.\n\nThe bpf_jit_limit knob was originally added in order to avoid a situation\nwhere unprivileged applications loading BPF programs (e.g. seccomp BPF\npolicies) consuming all the module memory space via BPF JIT such that loading\nof kernel modules would be prevented. The default limit was defined back in\n2018 and while good enough back then, we are generally seeing far more BPF\nconsumers today.\n\nAdjust the limit for the BPF JIT pool from originally 1/4 to now 1/2 of the\nmodule memory space to better reflect today's needs and avoid more users\nrunning into potentially hard to debug issues." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/10ec8ca8ec1a2f04c4ed90897225231c58c124a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/374ed036309fce73f9db04c3054018a71912d46b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/42049e65d338870e93732b0b80c6c41faf6aa781", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/54869daa6a437887614274f65298ba44a3fac63a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68ed00a37d2d1c932ff7be40be4b90c4bec48c56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9cda812c76067c8a771eae43bb6943481cc7effc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a4bbab27c4bf69486f5846d44134eb31c37e9b22", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d69c2ded95b17d51cc6632c7848cbd476381ecd6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json new file mode 100644 index 00000000000..641c69ca2f9 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53077.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53077", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.720", + "lastModified": "2025-05-02T16:15:26.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes\n\n[WHY]\nWhen PTEBufferSizeInRequests is zero, UBSAN reports the following\nwarning because dml_log2 returns an unexpected negative value:\n\n shift exponent 4294966273 is too large for 32-bit type 'int'\n\n[HOW]\n\nIn the case PTEBufferSizeInRequests is zero, skip the dml_log2() and\nassign the result directly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/031f196d1b1b6d5dfcb0533b431e3ab1750e6189", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a16394b5d661afec9a264fecac3abd87aea439ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bec1bea2fa974e63f6059c33edde669c7894d0bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e12b95680821b9880cd9992c0f3555389363604f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json new file mode 100644 index 00000000000..a653db37f26 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53078.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53078", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.820", + "lastModified": "2025-05-02T16:15:26.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json new file mode 100644 index 00000000000..5f5dd9086c5 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53079.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53079", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:26.923", + "lastModified": "2025-05-02T16:15:26.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix steering rules cleanup\n\nvport's mc, uc and multicast rules are not deleted in teardown path when\nEEH happens. Since the vport's promisc settings(uc, mc and all) in\nfirmware are reset after EEH, mlx5 driver will try to delete the above\nrules in the initialization path. This cause kernel crash because these\nsoftware rules are no longer valid.\n\nFix by nullifying these rules right after delete to avoid accessing any dangling\npointers.\n\nCall Trace:\n__list_del_entry_valid+0xcc/0x100 (unreliable)\ntree_put_node+0xf4/0x1b0 [mlx5_core]\ntree_remove_node+0x30/0x70 [mlx5_core]\nmlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]\nesw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]\nesw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]\nesw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]\nesw_enable_vport+0x130/0x260 [mlx5_core]\nmlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]\nmlx5_device_enable_sriov+0x74/0x440 [mlx5_core]\nmlx5_load_one+0x114c/0x1550 [mlx5_core]\nmlx5_pci_resume+0x68/0xf0 [mlx5_core]\neeh_report_resume+0x1a4/0x230\neeh_pe_dev_traverse+0x98/0x170\neeh_handle_normal_event+0x3e4/0x640\neeh_handle_event+0x4c/0x370\neeh_event_handler+0x14c/0x210\nkthread+0x168/0x1b0\nret_from_kernel_thread+0x5c/0x84" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18cead61e437f4c7898acca0a5f3df12f801d97f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4df1f2d36bdc9a368650bf14b9097c555e95f71d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/63546395a0e6ac264f78f65218086ce6014b4494", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f5780536181d1d0d09a11a1bc92f22e143447e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/922f56e9a795d6f3dd72d3428ebdd7ee040fa855", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json new file mode 100644 index 00000000000..060abd79d0b --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53080.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53080", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.020", + "lastModified": "2025-05-02T16:15:27.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Add missing overflow check in xdp_umem_reg\n\nThe number of chunks can overflow u32. Make sure to return -EINVAL on\noverflow. Also remove a redundant u32 cast assigning umem->npgs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3cfc3564411acf96bf2fb791f706a1aa4f872c1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/580634b03a55f04a3c1968bcbd97736c079c6601", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a069909acc4435eeb41d05ccc03baa447cc01b7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb2e3bfb2a79db0c2057c6f701b782954394c67f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7df4813b149362248d6ef7be41a311e27bf75fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json new file mode 100644 index 00000000000..039d0ed4798 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53081.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53081", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.117", + "lastModified": "2025-05-02T16:15:27.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after failed write\n\nWhen buffered write fails to copy data into underlying page cache page,\nocfs2_write_end_nolock() just zeroes out and dirties the page. This can\nleave dirty page beyond EOF and if page writeback tries to write this page\nbefore write succeeds and expands i_size, page gets into inconsistent\nstate where page dirty bit is clear but buffer dirty bits stay set\nresulting in page data never getting written and so data copied to the\npage is lost. Fix the problem by invalidating page beyond EOF after\nfailed write." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json new file mode 100644 index 00000000000..73a499a2788 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53082.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53082", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.220", + "lastModified": "2025-05-02T16:15:27.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix the crash in hot unplug with vp_vdpa\n\nWhile unplugging the vp_vdpa device, it triggers a kernel panic\nThe root cause is: vdpa_mgmtdev_unregister() will accesses modern\ndevices which will cause a use after free.\nSo need to change the sequence in vp_vdpa_remove\n\n[ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014\n[ 195.004012] #PF: supervisor read access in kernel mode\n[ 195.004486] #PF: error_code(0x0000) - not-present page\n[ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0\n[ 195.005578] Oops: 0000 1 PREEMPT SMP PTI\n[ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: loaded Not tainted 5.14.0-252.el9.x86_64 #1\n[ 195.006792] Hardware name: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown\n[ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn\n[ 195.008059] RIP: 0010:ioread8+0x31/0x80\n[ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc <8a> 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7\n[ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292\n[ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0\n[ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014\n[ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68\n[ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120\n[ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805\n[ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000\n[ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0\n[ 195.015741] PKRU: 55555554\n[ 195.016001] Call Trace:\n[ 195.016233] \n[ 195.016434] vp_modern_get_status+0x12/0x20\n[ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa]\n[ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa]\n[ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net]\n[ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 195.018618] virtio_dev_remove+0x3d/0x90\n[ 195.018986] device_release_driver_internal+0x1aa/0x230\n[ 195.019466] bus_remove_device+0xd8/0x150\n[ 195.019841] device_del+0x18b/0x3f0\n[ 195.020167] ? kernfs_find_ns+0x35/0xd0\n[ 195.020526] device_unregister+0x13/0x60\n[ 195.020894] unregister_virtio_device+0x11/0x20\n[ 195.021311] device_release_driver_internal+0x1aa/0x230\n[ 195.021790] bus_remove_device+0xd8/0x150\n[ 195.022162] device_del+0x18b/0x3f0\n[ 195.022487] device_unregister+0x13/0x60\n[ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa]\n[ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa]\n[ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa]\n[ 195.024115] bus_for_each_dev+0x78/0xc0\n[ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa]\n[ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa]\n[ 195.025353] pci_device_remove+0x36/0xa0\n[ 195.025719] device_release_driver_internal+0x1aa/0x230\n[ 195.026201] pci_stop_bus_device+0x6c/0x90\n[ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20\n[ 195.027039] disable_slot+0x49/0x90\n[ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90\n[ 195.027832] hotplug_event+0xea/0x210\n[ 195.028171] ? hotplug_event+0x210/0x210\n[ 195.028535] acpiphp_hotplug_notify+0x22/0x80\n[ 195.028942] ? hotplug_event+0x210/0x210\n[ 195.029303] acpi_device_hotplug+0x8a/0x1d0\n[ 195.029690] acpi_hotplug_work_fn+0x1a/0x30\n[ 195.030077] process_one_work+0x1e8/0x3c0\n[ 195.030451] worker_thread+0x50/0x3b0\n[ 195.030791] ? rescuer_thread+0x3a0/0x3a0\n[ 195.031165] kthread+0xd9/0x100\n[ 195.031459] ? kthread_complete_and_exit+0x20/0x20\n[ 195.031899] ret_from_fork+0x22/0x30\n[ 195.032233] " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/aed8efddd39b3434c96718d39009285c52b1cafc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/baafa2960731211837d8fc04ff3873ecb7440464", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa1f327f93c9a7310cce9d2fcda28b7af91f7437", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json new file mode 100644 index 00000000000..5946f5d4769 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53083.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53083", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.310", + "lastModified": "2025-05-02T16:15:27.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't replace page in rq_pages if it's a continuation of last page\n\nThe splice read calls nfsd_splice_actor to put the pages containing file\ndata into the svc_rqst->rq_pages array. It's possible however to get a\nsplice result that only has a partial page at the end, if (e.g.) the\nfilesystem hands back a short read that doesn't cover the whole page.\n\nnfsd_splice_actor will plop the partial page into its rq_pages array and\nreturn. Then later, when nfsd_splice_actor is called again, the\nremainder of the page may end up being filled out. At this point,\nnfsd_splice_actor will put the page into the array _again_ corrupting\nthe reply. If this is done enough times, rq_next_page will overrun the\narray and corrupt the trailing fields -- the rq_respages and\nrq_next_page pointers themselves.\n\nIf we've already added the page to the array in the last pass, don't add\nit to the array a second time when dealing with a splice continuation.\nThis was originally handled properly in nfsd_splice_actor, but commit\n91e23b1c3982 (\"NFSD: Clean up nfsd_splice_actor()\") removed the check\nfor it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0101067f376eb7b9afd00279270f25d5111a091d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/12eca509234acb6b666802edf77408bb70d7bfca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/27c934dd8832dd40fd34776f916dc201e18b319b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51ddb84baff6f09ad62b5999ece3ec172e4e3568", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8235cd619db6e67f1d7d26c55f1f3e4e575c947d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json new file mode 100644 index 00000000000..48476615148 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53084.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53084", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.403", + "lastModified": "2025-05-02T16:15:27.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove another errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own reference in error code path, resulting\nin the dma-buf shmem GEM object getting prematurely freed leading to a\nlater use-after-free." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5cfb617967b05f8f27e862c97db1fabd8485f4db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/684c7372bbd6447c2e86a2a84e97a1478604d21f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/77d26c824aa5a7e0681ef1d5b75fe538d746addc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dede8c14a37a7ac458f9add56154a074ed78e7cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee9adb7a45516cfa536ca92253d7ae59d56db9e4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json new file mode 100644 index 00000000000..82db9727117 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53085.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-53085", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.493", + "lastModified": "2025-05-02T16:15:27.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/edid: fix info leak when failing to get panel id\n\nMake sure to clear the transfer buffer before fetching the EDID to\navoid leaking slab data to the logs on errors that leave the buffer\nunchanged." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4d8457fe0eb9c80ff7795cf8a30962128b71d853", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/598c42c78919117dc0d235ae22d17ad642377483", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json new file mode 100644 index 00000000000..7c97364bd9d --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53086.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-53086", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.580", + "lastModified": "2025-05-02T16:15:27.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: do not check WED status for non-mmio devices\n\nWED is supported just for mmio devices, so do not check it for usb or\nsdio devices. This patch fixes the crash reported below:\n\n[ 21.946627] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.525298] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.548274] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.557694] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.565885] wlp0s3u1i3: authenticated\n[ 22.569502] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.578966] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3)\n[ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rejected association temporarily; comeback duration 1000 TU (1024 ms)\n[ 23.649518] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 2/3)\n[ 23.752528] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3)\n[ 23.797450] wlp0s3u1i3: associated\n[ 24.959527] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)\n[ 24.959640] BUG: unable to handle page fault for address: ffff88800c223200\n[ 24.959706] #PF: supervisor instruction fetch in kernel mode\n[ 24.959788] #PF: error_code(0x0011) - permissions violation\n[ 24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163\n[ 24.959957] Oops: 0011 [#1] PREEMPT SMP\n[ 24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant Not tainted 6.2.0-kvm #18\n[ 24.960089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n[ 24.960191] RIP: 0010:0xffff88800c223200\n[ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282\n[ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058\n[ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010\n[ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c\n[ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001\n[ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644\n[ 24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\n[ 24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0\n[ 24.961190] Call Trace:\n[ 24.961219] \n[ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310\n[ 24.961313] ? mt7921_set_key+0x150/0x200\n[ 24.961365] ? drv_set_key+0xa9/0x1b0\n[ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240\n[ 24.961485] ? ieee80211_key_replace+0x3f3/0x730\n[ 24.961541] ? crypto_shash_setkey+0x89/0xd0\n[ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0\n[ 24.961664] ? crypto_aead_setauthsize+0x31/0x50\n[ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0\n[ 24.961785] ? ieee80211_add_key+0x1fc/0x250\n[ 24.961842] ? rdev_add_key+0x41/0x140\n[ 24.961882] ? nl80211_parse_key+0x6c/0x2f0\n[ 24.961940] ? nl80211_new_key+0x24a/0x290\n[ 24.961984] ? genl_rcv_msg+0x36c/0x3a0\n[ 24.962036] ? rdev_mod_link_station+0xe0/0xe0\n[ 24.962102] ? nl80211_set_key+0x410/0x410\n[ 24.962143] ? nl80211_pre_doit+0x200/0x200\n[ 24.962187] ? genl_bind+0xc0/0xc0\n[ 24.962217] ? netlink_rcv_skb+0xaa/0xd0\n[ 24.962259] ? genl_rcv+0x24/0x40\n[ 24.962300] ? netlink_unicast+0x224/0x2f0\n[ 24.962345] ? netlink_sendmsg+0x30b/0x3d0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962440] ? __import_iovec+0x2e/0x110\n[ 24.962482] ? ___sys_sendmsg+0xbe/0xe0\n[ 24.962525] ? mod_objcg_state+0x25c/0x330\n[ 24.962576] ? __dentry_kill+0x19e/0x1d0\n[ 24.962618] ? call_rcu+0x18f/0x270\n[ 24.962660] ? __dentry_kill+0x19e/0x1d0\n[ 24.962702] ? __x64_sys_sendmsg+0x70/0x90\n[ 24.962744] ? do_syscall_64+0x3d/0x80\n[ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70\n[ 24.962852] ? entry_SYSCA\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/53edfda851dd1ce41ac049ce2f195dc41dd27cc1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5683e1488aa9b0805a9403d215e48fed29d6d923", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json new file mode 100644 index 00000000000..a440382457a --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53087.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53087", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.667", + "lastModified": "2025-05-02T16:15:27.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/active: Fix misuse of non-idle barriers as fence trackers\n\nUsers reported oopses on list corruptions when using i915 perf with a\nnumber of concurrently running graphics applications. Root cause analysis\npointed at an issue in barrier processing code -- a race among perf open /\nclose replacing active barriers with perf requests on kernel context and\nconcurrent barrier preallocate / acquire operations performed during user\ncontext first pin / last unpin.\n\nWhen adding a request to a composite tracker, we try to reuse an existing\nfence tracker, already allocated and registered with that composite. The\ntracker we obtain may already track another fence, may be an idle barrier,\nor an active barrier.\n\nIf the tracker we get occurs a non-idle barrier then we try to delete that\nbarrier from a list of barrier tasks it belongs to. However, while doing\nthat we don't respect return value from a function that performs the\nbarrier deletion. Should the deletion ever fail, we would end up reusing\nthe tracker still registered as a barrier task. Since the same structure\nfield is reused with both fence callback lists and barrier tasks list,\nlist corruptions would likely occur.\n\nBarriers are now deleted from a barrier tasks list by temporarily removing\nthe list content, traversing that content with skip over the node to be\ndeleted, then populating the list back with the modified content. Should\nthat intentionally racy concurrent deletion attempts be not serialized,\none or more of those may fail because of the list being temporary empty.\n\nRelated code that ignores the results of barrier deletion was initially\nintroduced in v5.4 by commit d8af05ff38ae (\"drm/i915: Allow sharing the\nidle-barrier from other kernel requests\"). However, all users of the\nbarrier deletion routine were apparently serialized at that time, then the\nissue didn't exhibit itself. Results of git bisect with help of a newly\ndeveloped igt@gem_barrier_race@remote-request IGT test indicate that list\ncorruptions might start to appear after commit 311770173fac (\"drm/i915/gt:\nSchedule request retirement when timeline idles\"), introduced in v5.5.\n\nRespect results of barrier deletion attempts -- mark the barrier as idle\nonly if successfully deleted from the list. Then, before proceeding with\nsetting our fence as the one currently tracked, make sure that the tracker\nwe've got is not a non-idle barrier. If that check fails then don't use\nthat tracker but go back and try to acquire a new, usable one.\n\nv3: use unlikely() to document what outcome we expect (Andi),\n - fix bad grammar in commit description.\nv2: no code changes,\n - blame commit 311770173fac (\"drm/i915/gt: Schedule request retirement\n when timeline idles\"), v5.5, not commit d8af05ff38ae (\"drm/i915: Allow\n sharing the idle-barrier from other kernel requests\"), v5.4,\n - reword commit description.\n\n(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5c7591b8574c52c56b3994c2fbef1a3a311b5715", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e784a7d07af42057c0576fb647b482f4cb0dc2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ab7d33617559cced63d467928f478ea5c459021", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9159db27fb19bbf1c91b5c9d5285e66cc96cc5ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0e6b416b25ee14716f3549e0cbec1011b193809", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json new file mode 100644 index 00000000000..82e6dfab1d7 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53088.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53088", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.760", + "lastModified": "2025-05-02T16:15:27.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix UaF in listener shutdown\n\nAs reported by Christoph after having refactored the passive\nsocket initialization, the mptcp listener shutdown path is prone\nto an UaF issue.\n\n BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0\n Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266\n\n CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n kasan_check_range+0x14a/0x1a0\n _raw_spin_lock_bh+0x73/0xe0\n subflow_error_report+0x6d/0x110\n sk_error_report+0x3b/0x190\n tcp_disconnect+0x138c/0x1aa0\n inet_child_forget+0x6f/0x2e0\n inet_csk_listen_stop+0x209/0x1060\n __mptcp_close_ssk+0x52d/0x610\n mptcp_destroy_common+0x165/0x640\n mptcp_destroy+0x13/0x80\n __mptcp_destroy_sock+0xe7/0x270\n __mptcp_close+0x70e/0x9b0\n mptcp_close+0x2b/0x150\n inet_release+0xe9/0x1f0\n __sock_release+0xd2/0x280\n sock_close+0x15/0x20\n __fput+0x252/0xa20\n task_work_run+0x169/0x250\n exit_to_user_mode_prepare+0x113/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe msk grace period can legitly expire in between the last\nreference count dropped in mptcp_subflow_queue_clean() and\nthe later eventual access in inet_csk_listen_stop()\n\nAfter the previous patch we don't need anymore special-casing\nmsk listener socket cleanup: the mptcp worker will process each\nof the unaccepted msk sockets.\n\nJust drop the now unnecessary code.\n\nPlease note this commit depends on the two parent ones:\n\n mptcp: refactor passive socket initialization\n mptcp: use the workqueue to destroy unaccepted sockets" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a3f4f1f9c27215e4ddcd312558342e57b93e518", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0f4f4cf5d32f10543deb946a37111e714579511e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5564be74a22a61855f8b8c100d8c4abb003bb792", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json new file mode 100644 index 00000000000..294a807b7aa --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53089.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53089", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.853", + "lastModified": "2025-05-02T16:15:27.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix task hung in ext4_xattr_delete_inode\n\nSyzbot reported a hung task problem:\n==================================================================\nINFO: task syz-executor232:5073 blocked for more than 143 seconds.\n Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004\nCall Trace:\n \n context_switch kernel/sched/core.c:5244 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6555\n schedule+0xcb/0x190 kernel/sched/core.c:6631\n __wait_on_freeing_inode fs/inode.c:2196 [inline]\n find_inode_fast+0x35a/0x4c0 fs/inode.c:950\n iget_locked+0xb1/0x830 fs/inode.c:1273\n __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861\n ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389\n ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148\n ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880\n ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296\n evict+0x2a4/0x620 fs/inode.c:664\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fa5406fd5ea\nRSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea\nRDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970\nRBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432\nR10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004\nR13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000\n \n==================================================================\n\nThe problem is that the inode contains an xattr entry with ea_inum of 15\nwhen cleaning up an orphan inode <15>. When evict inode <15>, the reference\ncounting of the corresponding EA inode is decreased. When EA inode <15> is\nfound by find_inode_fast() in __ext4_iget(), it is found that the EA inode\nholds the I_FREEING flag and waits for the EA inode to complete deletion.\nAs a result, when inode <15> is being deleted, we wait for inode <15> to\ncomplete the deletion, resulting in an infinite loop and triggering Hung\nTask. To solve this problem, we only need to check whether the ino of EA\ninode and parent is the same before getting EA inode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f7bfd6f8164be32dbbdf36aa1e5d00485c53cd7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1aec41c98cce61d19ce89650895e51b9f3cdef13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c96c52aeaa6fd9163cfacdd98778b4a0398ef18", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/64b72f5e7574020dea62ab733d88a54d903c42a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73f7987fe1b82596f1a380e85cd0097ebaae7e01", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94fd091576b12540924f6316ebc0678e84cb2800", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a98160d8f3e6242ca9b7f443f26e7ef3a61ba684", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/efddc7e106fdf8d1f62d45e79de78f63b7c04fba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json new file mode 100644 index 00000000000..d45c657a30f --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53090.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2023-53090", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:27.957", + "lastModified": "2025-05-02T16:15:27.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix an illegal memory access\n\nIn the kfd_wait_on_events() function, the kfd_event_waiter structure is\nallocated by alloc_event_waiters(), but the event field of the waiter\nstructure is not initialized; When copy_from_user() fails in the\nkfd_wait_on_events() function, it will enter exception handling to\nrelease the previously allocated memory of the waiter structure;\nDue to the event field of the waiters structure being accessed\nin the free_waiters() function, this results in illegal memory access\nand system crash, here is the crash log:\n\nlocalhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0\nlocalhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082\nlocalhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000\nlocalhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0\nlocalhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64\nlocalhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002\nlocalhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698\nlocalhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000\nlocalhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nlocalhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0\nlocalhost kernel: Call Trace:\nlocalhost kernel: _raw_spin_lock_irqsave+0x30/0x40\nlocalhost kernel: remove_wait_queue+0x12/0x50\nlocalhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu]\nlocalhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu]\nlocalhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: __x64_sys_ioctl+0x8e/0xd0\nlocalhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0\nlocalhost kernel: do_syscall_64+0x33/0x80\nlocalhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9\nlocalhost kernel: RIP: 0033:0x152a4dff68d7\n\nAllocate the structure with kcalloc, and remove redundant 0-initialization\nand a redundant loop condition check." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2fece63b55c5d74cd6f5de51159e2cde37e10555", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4fc8fff378b2f2039f2a666d9f8c570f4e58352c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a3fb3b745af0ce46ec2e0c8e507bae45b937334", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/61f306f8df0d5559659c5578cf6d95236bcdcb25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6936525142a015e854d0a23e9ad9ea0a28b3843d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bbf5eada4334a96e3a204b2307ff5b14dc380b0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9923e7214a870b312bf61f6a89c7554d0966985", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json new file mode 100644 index 00000000000..1ba79151295 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53091.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53091", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.073", + "lastModified": "2025-05-02T16:15:28.073", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update s_journal_inum if it changes after journal replay\n\nWhen mounting a crafted ext4 image, s_journal_inum may change after journal\nreplay, which is obviously unreasonable because we have successfully loaded\nand replayed the journal through the old s_journal_inum. And the new\ns_journal_inum bypasses some of the checks in ext4_get_journal(), which\nmay trigger a null pointer dereference problem. So if s_journal_inum\nchanges after the journal replay, we ignore the change, and rewrite the\ncurrent journal_inum to the superblock." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3039d8b8692408438a618fac2776b629852663c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/499fef2030fb754c68b1c7cb3a799a3bc1d0d925", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70e66bdeae4d0f7c8e87762f425b68aedd5e8955", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee0c5277d4fab920bd31345c49e193ecede9ecef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json new file mode 100644 index 00000000000..69b852bdae8 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53092.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53092", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.180", + "lastModified": "2025-05-02T16:15:28.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3aab264875bf3c915ea2517fae1eec213e0b4987", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b71dd43bd49bd68186c1d19dbeedee219e003149", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c479e4ac4a3d1485a48599e66ce46547c1367828", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd4738ae1a0c216d25360a98e835967b06d6a253", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json new file mode 100644 index 00000000000..9c9bcb051cc --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53093.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53093", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.270", + "lastModified": "2025-05-02T16:15:28.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events\n # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2fc0ee435c9264cdb7c5e872f76cd9bb97640227", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/39cd75f2f3a43c0e2f95749eb6dd6420c553f87d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0213434fe3e4a0d118923dc98d31e7ff1cd9e45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json new file mode 100644 index 00000000000..faa85e0aaf1 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53094.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53094", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.363", + "lastModified": "2025-05-02T16:15:28.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: fix race on RX DMA shutdown\n\nFrom time to time DMA completion can come in the middle of DMA shutdown:\n\n:\t\t\t\t:\nlpuart32_shutdown()\n lpuart_dma_shutdown()\n del_timer_sync()\n\t\t\t\t\tlpuart_dma_rx_complete()\n\t\t\t\t\t lpuart_copy_rx_to_tty()\n\t\t\t\t\t mod_timer()\n lpuart_dma_rx_free()\n\nWhen the timer fires a bit later, sport->dma_rx_desc is NULL:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\npc : lpuart_copy_rx_to_tty+0xcc/0x5bc\nlr : lpuart_timer_func+0x1c/0x2c\nCall trace:\n lpuart_copy_rx_to_tty\n lpuart_timer_func\n call_timer_fn\n __run_timers.part.0\n run_timer_softirq\n __do_softirq\n __irq_exit_rcu\n irq_exit\n handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n ...\n\nTo fix this fold del_timer_sync() into lpuart_dma_rx_free() after\ndmaengine_terminate_sync() to make sure timer will not be re-started in\nlpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19a98d56dfedafb25652bdb9cd48a4e73ceba702", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1be6f2b15f902c02e055ae0b419ca789200473c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2a36b444cace9580380467fd1183bb5e85bcc80a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90530e7214c8a04dcdde57502d93fa96af288c38", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/954fc9931f0aabf272b5674cf468affdd88d3a36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json new file mode 100644 index 00000000000..9b130377bb3 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53095.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53095", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.453", + "lastModified": "2025-05-02T16:15:28.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix a NULL pointer dereference\n\nThe LRU mechanism may look up a resource in the process of being removed\nfrom an object. The locking rules here are a bit unclear but it looks\ncurrently like res->bo assignment is protected by the LRU lock, whereas\nbo->resource is protected by the object lock, while *clearing* of\nbo->resource is also protected by the LRU lock. This means that if\nwe check that bo->resource points to the LRU resource under the LRU\nlock we should be safe.\nSo perform that check before deciding to swap out a bo. That avoids\ndereferencing a NULL bo->resource in ttm_bo_swapout()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9a9a8fe26751334b7739193a94eba741073b8a55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9d9b1f9f7a72d83ebf173534e76b246349f32374", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json new file mode 100644 index 00000000000..cc6d099599c --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53096.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53096", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.543", + "lastModified": "2025-05-02T16:15:28.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: fix mem leak when freeing nodes\n\nThe node link array is allocated when adding links to a node but is not\ndeallocated when nodes are destroyed." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2e0b13a1827229a02abef97b50ffaf89ba25370a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3167306455d0fbbbcf08cb25651acc527a86a95e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5904f415e1af72fa8fe6665aa4f554dc2099a95", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c1722e4113281fb34e5b4fb5c5387b17cd39a537", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/efae80ca13faa94457208852825731da44a788ad", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1e3a20c60196c37a402c584d0c9de306ba988ce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json new file mode 100644 index 00000000000..94ea470a8fd --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53097.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53097", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.643", + "lastModified": "2025-05-02T16:15:28.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/24c1bd1cd0d1ff821fd7d2f01a1e648c7882dfc2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4050498c0ae3946c223fc63e9dd7b878b76611e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b505063910c134778202dfad9332dfcecb76bab3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e3a62a35f903fd8be5b44542fe3901ec45f16757", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json new file mode 100644 index 00000000000..437a0799712 --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53098.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53098", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.733", + "lastModified": "2025-05-02T16:15:28.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/00e81f191bc00cb6faabf468960e96ebf0404a6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ece4d2f7eac1cb51dc0e9859e09bfdb00faa28e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/30040818b338b8ebc956ce0ebd198f8d593586a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/513572bb89e8075f5d2a2bb4c89f1152e44da9d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a5c140d88a69eb43de2a030f1d7ff7b16bff3b1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json b/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json new file mode 100644 index 00000000000..159558db87d --- /dev/null +++ b/CVE-2023/CVE-2023-530xx/CVE-2023-53099.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53099", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.830", + "lastModified": "2025-05-02T16:15:28.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don't make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 6.702431] 2 locks held by swapper/0/1:\n[ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[ 6.723156] irq event stamp: 304030\n[ 6.726596] hardirqs last enabled at (304029): [] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[ 6.736142] hardirqs last disabled at (304030): [] clk_enable_lock+0xfc/0x140\n[ 6.744742] softirqs last enabled at (303958): [] _stext+0x4f0/0x894\n[ 6.752655] softirqs last disabled at (303951): [] irq_exit+0x238/0x280\n[ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2\n[ 6.768048] Hardware name: xlnx,zynqmp (DT)\n[ 6.772179] Call trace:\n[ 6.774584] dump_backtrace+0x0/0x300\n[ 6.778197] show_stack+0x18/0x30\n[ 6.781465] dump_stack_lvl+0xb8/0xec\n[ 6.785077] dump_stack+0x1c/0x38\n[ 6.788345] ___might_sleep+0x1a8/0x2a0\n[ 6.792129] __might_sleep+0x6c/0xd0\n[ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0\n[ 6.800127] do_feature_check_call+0x100/0x220\n[ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0\n[ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0\n[ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120\n[ 6.817327] zynqmp_pll_enable+0x38/0xc0\n[ 6.821197] clk_core_enable+0x144/0x400\n[ 6.825067] clk_core_enable+0xd4/0x400\n[ 6.828851] clk_core_enable+0xd4/0x400\n[ 6.832635] clk_core_enable+0xd4/0x400\n[ 6.836419] clk_core_enable+0xd4/0x400\n[ 6.840203] clk_core_enable+0xd4/0x400\n[ 6.843987] clk_core_enable+0xd4/0x400\n[ 6.847771] clk_core_enable+0xd4/0x400\n[ 6.851555] clk_core_enable_lock+0x24/0x50\n[ 6.855683] clk_enable+0x24/0x40\n[ 6.858952] fclk_probe+0x84/0xf0\n[ 6.862220] platform_probe+0x8c/0x110\n[ 6.865918] really_probe+0x110/0x5f0\n[ 6.869530] __driver_probe_device+0xcc/0x210\n[ 6.873830] driver_probe_device+0x64/0x140\n[ 6.877958] __driver_attach+0x114/0x1f0\n[ 6.881828] bus_for_each_dev+0xe8/0x160\n[ 6.885698] driver_attach+0x34/0x50\n[ 6.889224] bus_add_driver+0x228/0x300\n[ 6.893008] driver_register+0xc0/0x1e0\n[ 6.896792] __platform_driver_register+0x44/0x60\n[ 6.901436] fclk_driver_init+0x1c/0x28\n[ 6.905220] do_one_initcall+0x104/0x590\n[ 6.909091] kernel_init_freeable+0x254/0x2bc\n[ 6.913390] kernel_init+0x24/0x130\n[ 6.916831] ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/162049c31eb64308afa22e341a257a723526eb5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38ed310c22e7a0fc978b1f8292136a4a4a8b3051", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86afb633beaa02ee95b5126a14c9f22cfade4fd9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9bbab2843f2d1337a268499a1c02b435d2985a17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b37d3ccbd549494890672136a0e623eb010d46a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json new file mode 100644 index 00000000000..839c9c4ac4b --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53100.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53100", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:28.923", + "lastModified": "2025-05-02T16:15:28.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in ext4_update_inline_data\n\nSyzbot found the following issue:\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\nfscrypt: AES-256-CTS-CBC using implementation \"cts-cbc-aes-aesni\"\nfscrypt: AES-256-XTS using implementation \"xts-aes-aesni\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nModules linked in:\nCPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nRSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246\nRAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000\nRDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248\nRBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220\nR10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40\nR13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c\nFS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __alloc_pages_node include/linux/gfp.h:237 [inline]\n alloc_pages_node include/linux/gfp.h:260 [inline]\n __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113\n __do_kmalloc_node mm/slab_common.c:956 [inline]\n __kmalloc+0xfe/0x190 mm/slab_common.c:981\n kmalloc include/linux/slab.h:584 [inline]\n kzalloc include/linux/slab.h:720 [inline]\n ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346\n ext4_update_inline_dir fs/ext4/inline.c:1115 [inline]\n ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307\n ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385\n ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772\n ext4_create+0x36c/0x560 fs/ext4/namei.c:2817\n lookup_open fs/namei.c:3413 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x12ac/0x2dd0 fs/namei.c:3711\n do_filp_open+0x264/0x4f0 fs/namei.c:3741\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_openat fs/open.c:1342 [inline]\n __se_sys_openat fs/open.c:1337 [inline]\n __x64_sys_openat+0x243/0x290 fs/open.c:1337\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue happens as follows:\next4_iget\n ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60\next4_try_add_inline_entry\n __ext4_mark_inode_dirty\n ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44\n ext4_xattr_shift_entries\n\t ->after shift i_inline_off is incorrect, actually is change to 176\next4_try_add_inline_entry\n ext4_update_inline_dir\n get_max_inline_xattr_value_size\n if (EXT4_I(inode)->i_inline_off)\n\tentry = (struct ext4_xattr_entry *)((void *)raw_inode +\n\t\t\tEXT4_I(inode)->i_inline_off);\n free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size));\n\t->As entry is incorrect, then 'free' may be negative\n ext4_update_inline_data\n value = kzalloc(len, GFP_NOFS);\n -> len is unsigned int, maybe very large, then trigger warning when\n 'kzalloc()'\n\nTo resolve the above issue we need to update 'i_inline_off' after\n'ext4_xattr_shift_entries()'. We do not need to set\nEXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty()\nalready sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA\nwhen it is needed may trigger a BUG_ON in ext4_writepages()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b96b4a5d9443ca4cad58b0040be455803c05a42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/35161cec76772f74526f5886ad4082ec48511d5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/39c5df2ca544368b44b59d0f6d80131e90763371", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/74d775083e9f3d9dadf9e3b5f3e0028d1ad0bd5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92eee6a82a9a6f9f83559e17a2b6b935e1a5cd25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9bd94f67b27739bbe8583c52256502bd4cc7e83", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5aa102b433b1890e1ccaa40c06826c77dda1665", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca500cf2eceb5a8e93bf71ab97b5f7a18ecabce2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json new file mode 100644 index 00000000000..a5f3051eccd --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53101.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53101", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.023", + "lastModified": "2025-05-02T16:15:29.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: zero i_disksize when initializing the bootloader inode\n\nIf the boot loader inode has never been used before, the\nEXT4_IOC_SWAP_BOOT inode will initialize it, including setting the\ni_size to 0. However, if the \"never before used\" boot loader has a\nnon-zero i_size, then i_disksize will be non-zero, and the\ninconsistency between i_size and i_disksize can trigger a kernel\nwarning:\n\n WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319\n CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa\n RIP: 0010:ext4_file_write_iter+0xbc7/0xd10\n Call Trace:\n vfs_write+0x3b1/0x5c0\n ksys_write+0x77/0x160\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x39/0x80\n\nReproducer:\n 1. create corrupted image and mount it:\n mke2fs -t ext4 /tmp/foo.img 200\n debugfs -wR \"sif <5> size 25700\" /tmp/foo.img\n mount -t ext4 /tmp/foo.img /mnt\n cd /mnt\n echo 123 > file\n 2. Run the reproducer program:\n posix_memalign(&buf, 1024, 1024)\n fd = open(\"file\", O_RDWR | O_DIRECT);\n ioctl(fd, EXT4_IOC_SWAP_BOOT);\n write(fd, buf, 1024);\n\nFix this by setting i_disksize as well as i_size to zero when\ninitiaizing the boot loader inode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01a821aacc64d4b05dafd239dbc9b7856686002f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0d8a6c9a6415999fee1259ccf1796480c026b7d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f00c476da8fe7c4c34ea16abb55d74127120413", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59eee0cdf8c036f554add97a4da7c06d7a9ff34a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9cb27b1e76f0cc886ac09055bc41c0ab3f205167", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e9a4cc5486356158554f6ad73027d8635a48b34", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6c1447e483c05dbcfb3ff77ac04237a82070b8c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5361da1e60d54ec81346aee8e3d8baf1be0b762", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json new file mode 100644 index 00000000000..315f5c0e348 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53102.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53102", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.127", + "lastModified": "2025-05-02T16:15:29.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: disable txq irq before flushing hw\n\nice_qp_dis() intends to stop a given queue pair that is a target of xsk\npool attach/detach. One of the steps is to disable interrupts on these\nqueues. It currently is broken in a way that txq irq is turned off\n*after* HW flush which in turn takes no effect.\n\nice_qp_dis():\n-> ice_qvec_dis_irq()\n--> disable rxq irq\n--> flush hw\n-> ice_vsi_stop_tx_ring()\n-->disable txq irq\n\nBelow splat can be triggered by following steps:\n- start xdpsock WITHOUT loading xdp prog\n- run xdp_rxq_info with XDP_TX action on this interface\n- start traffic\n- terminate xdpsock\n\n[ 256.312485] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[ 256.319560] #PF: supervisor read access in kernel mode\n[ 256.324775] #PF: error_code(0x0000) - not-present page\n[ 256.329994] PGD 0 P4D 0\n[ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G OE 6.2.0-rc5+ #51\n[ 256.345218] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice]\n[ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 <49> 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44\n[ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206\n[ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f\n[ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80\n[ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000\n[ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000\n[ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600\n[ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000\n[ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0\n[ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 256.457770] PKRU: 55555554\n[ 256.460529] Call Trace:\n[ 256.463015] \n[ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice]\n[ 256.469437] ice_napi_poll+0x46d/0x680 [ice]\n[ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40\n[ 256.478863] __napi_poll+0x29/0x160\n[ 256.482409] net_rx_action+0x136/0x260\n[ 256.486222] __do_softirq+0xe8/0x2e5\n[ 256.489853] ? smpboot_thread_fn+0x2c/0x270\n[ 256.494108] run_ksoftirqd+0x2a/0x50\n[ 256.497747] smpboot_thread_fn+0x1c1/0x270\n[ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 256.506594] kthread+0xea/0x120\n[ 256.509785] ? __pfx_kthread+0x10/0x10\n[ 256.513597] ret_from_fork+0x29/0x50\n[ 256.517238] \n\nIn fact, irqs were not disabled and napi managed to be scheduled and run\nwhile xsk_pool pointer was still valid, but SW ring of xdp_buff pointers\nwas already freed.\n\nTo fix this, call ice_qvec_dis_irq() after ice_vsi_stop_tx_ring(). Also\nwhile at it, remove redundant ice_clean_rx_ring() call - this is handled\nin ice_qp_clean_rings()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/243cde8de10894d7812c8a6b62653bf04d8f9700", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ecc6e44959382f95c9d427cd8da85121a9cecda", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b830c9642386867863ac64295185f896ff2928ac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b89a453c6918e0f346fb0562e8c7812b94d28c73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cccba1ff0798a27f7b8d0c06762ef977400a2afb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json new file mode 100644 index 00000000000..04e6faebc24 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53103.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53103", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.223", + "lastModified": "2025-05-02T16:15:29.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails\n\nsyzbot reported a warning[1] where the bond device itself is a slave and\nwe try to enslave a non-ethernet device as the first slave which fails\nbut then in the error path when ether_setup() restores the bond device\nit also clears all flags. In my previous fix[2] I restored the\nIFF_MASTER flag, but I didn't consider the case that the bond device\nitself might also be a slave with IFF_SLAVE set, so we need to restore\nthat flag as well. Use the bond_ether_setup helper which does the right\nthing and restores the bond's flags properly.\n\nSteps to reproduce using a nlmon dev:\n $ ip l add nlmon0 type nlmon\n $ ip l add bond1 type bond\n $ ip l add bond2 type bond\n $ ip l set bond1 master bond2\n $ ip l set dev nlmon0 master bond1\n $ ip -d l sh dev bond1\n 22: bond1: mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000\n (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we\n try to delete it)\n\n[1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef\n[2] commit 7d5cd2ce5292 (\"bonding: correctly handle bonding type change on enslave failure\")\n[3] example warning:\n [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address\n [ 27.008692] bond1: (slave nlmon0): Error -95 calling set_mac_address\n [ 32.464639] bond1 (unregistering): Released all slaves\n [ 32.464685] ------------[ cut here ]------------\n [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780\n [ 32.464694] Modules linked in: br_netfilter bridge bonding virtio_net\n [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47\n [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780\n [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59\n [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206\n [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000\n [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520\n [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728\n [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140\n [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140\n [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000\n [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0\n [ 32.464730] Call Trace:\n [ 32.464763] \n [ 32.464767] rtnl_dellink+0x13e/0x380\n [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100\n [ 32.464780] ? __rtnl_unlock+0x33/0x60\n [ 32.464783] ? bpf_lsm_capset+0x10/0x10\n [ 32.464786] ? security_capable+0x36/0x50\n [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0\n [ 32.464792] ? _copy_to_iter+0xb1/0x790\n [ 32.464796] ? post_alloc_hook+0xa0/0x160\n [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110\n [ 32.464802] netlink_rcv_skb+0x50/0xf0\n [ 32.464806] netlink_unicast+0x216/0x340\n [ 32.464809] netlink_sendmsg+0x23f/0x480\n [ 32.464812] sock_sendmsg+0x5e/0x60\n [ 32.464815] ____sys_sendmsg+0x22c/0x270\n [ 32.464818] ? import_iovec+0x17/0x20\n [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90\n [ 32.464823] ? do_set_pte+0xa0/0xe0\n [ 32.464828] ___sys_sendmsg+0x81/0xc0\n [ 32.464832] ? mod_objcg_state+0xc6/0x300\n [ 32.464835] ? refill_obj_stock+0xa9/0x160\n [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0\n [ 32.464842] __sys_sendm\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0276813b8ab08d9bf5ca4159f301d0829ecf13fc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/93c8cbeb1b2b8ff670b3dfd01b3abd843995c80f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e667d469098671261d558be0cd93dca4d285ce1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ecb1b5135bd3f232d5335b3935e2c2ac11bfa02f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json new file mode 100644 index 00000000000..2cc79a38c3f --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53104.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53104", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.317", + "lastModified": "2025-05-02T16:15:29.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull\n\nPacket length check needs to be located after size and align_count\ncalculation to prevent kernel panic in skb_pull() in case\nrx_cmd_a & RX_CMD_A_RED evaluates to true." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/181e9db5caec4daae57a58675a1ceaa47348958f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2cc46ed406bb325f10a251b03d9a83ae67b3d3d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43ffe6caccc7a1bb9d7442fbab521efbf6c1378c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4caee8e7d91e4f06f21881726da9c1bb2cd6e4fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5c96eeba93980c5cef5176a4bac0ddb722fd57dc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7bf0eac3fdd2d25f5c6ceab63e3e4902e274f7ee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/89441504d66d116eb5ce58c132f58cdcca5b498a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0d07a3203c36d073af2177edfc6b070220a60cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json new file mode 100644 index 00000000000..a1f39fd2f96 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53105.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53105", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.430", + "lastModified": "2025-05-02T16:15:29.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] \n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01fdaea410787fe372daeaeda93a29ed0606d334", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b7350f8dbe0c2a1d4d3ad7c35b610abd3cb91750", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9668f0b1d28570327dbba189f2c61f6f9e43ae7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json new file mode 100644 index 00000000000..e32b234ca31 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53106.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53106", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.520", + "lastModified": "2025-05-02T16:15:29.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc->ndev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc->ndev" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2156490c4b7cacda9a18ec99929940b8376dc0e3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3405eb641dafcc8b28d174784b203c1622c121bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43aa468df246175207a7d5d7d6d31b231f15b49c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e331022b448fbc5e76f24349cd0246844dcad25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84dd9cc34014e3a3dcce0eb6d54b8a067e97676b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0c202a8dc63008205a5d546559736507a9aae66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f589e5b56c562d99ea74e05b1c3f0eab78aa17a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json new file mode 100644 index 00000000000..6ddb44a27ed --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53107.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53107", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.620", + "lastModified": "2025-05-02T16:15:29.620", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Fix use after free in XDP_REDIRECT\n\nCommit 718a18a0c8a6 (\"veth: Rework veth_xdp_rcv_skb in order\nto accept non-linear skb\") introduced a bug where it tried to\nuse pskb_expand_head() if the headroom was less than\nXDP_PACKET_HEADROOM. This however uses kmalloc to expand the head,\nwhich will later allow consume_skb() to free the skb while is it still\nin use by AF_XDP.\n\nPreviously if the headroom was less than XDP_PACKET_HEADROOM we\ncontinued on to allocate a new skb from pages so this restores that\nbehavior.\n\nBUG: KASAN: use-after-free in __xsk_rcv+0x18d/0x2c0\nRead of size 78 at addr ffff888976250154 by task napi/iconduit-g/148640\n\nCPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: loaded Tainted: G O 6.1.4-cloudflare-kasan-2023.1.2 #1\nHardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018\nCall Trace:\n \n dump_stack_lvl+0x34/0x48\n print_report+0x170/0x473\n ? __xsk_rcv+0x18d/0x2c0\n kasan_report+0xad/0x130\n ? __xsk_rcv+0x18d/0x2c0\n kasan_check_range+0x149/0x1a0\n memcpy+0x20/0x60\n __xsk_rcv+0x18d/0x2c0\n __xsk_map_redirect+0x1f3/0x490\n ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n xdp_do_redirect+0x5ca/0xd60\n veth_xdp_rcv_skb+0x935/0x1ba0 [veth]\n ? __netif_receive_skb_list_core+0x671/0x920\n ? veth_xdp+0x670/0x670 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n ? do_xdp_generic+0x150/0x150\n ? veth_xdp_rcv_one+0xde0/0xde0 [veth]\n ? _raw_spin_lock_bh+0xe0/0xe0\n ? newidle_balance+0x887/0xe30\n ? __perf_event_task_sched_in+0xdb/0x800\n veth_poll+0x139/0x571 [veth]\n ? veth_xdp_rcv+0xa20/0xa20 [veth]\n ? _raw_spin_unlock+0x39/0x70\n ? finish_task_switch.isra.0+0x17e/0x7d0\n ? __switch_to+0x5cf/0x1070\n ? __schedule+0x95b/0x2640\n ? io_schedule_timeout+0x160/0x160\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n ? __napi_poll+0x440/0x440\n ? __kthread_parkme+0xc6/0x1f0\n ? __napi_poll+0x440/0x440\n kthread+0x2a2/0x340\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \n\nFreed by task 148640:\n kasan_save_stack+0x23/0x50\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x169/0x1d0\n slab_free_freelist_hook+0xd2/0x190\n __kmem_cache_free+0x1a1/0x2f0\n skb_release_data+0x449/0x600\n consume_skb+0x9f/0x1c0\n veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n veth_poll+0x139/0x571 [veth]\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n kthread+0x2a2/0x340\n ret_from_fork+0x22/0x30\n\nThe buggy address belongs to the object at ffff888976250000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 340 bytes inside of\n 2048-byte region [ffff888976250000, ffff888976250800)\n\nThe buggy address belongs to the physical page:\npage:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250\nhead:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff)\nraw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00\nraw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6e755b56896df48b0fae0db275e148f8d8aa7d6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/717d20710596b5b26595ede454d1105fa176f4a4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7c10131803e45269ddc6c817f19ed649110f3cae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json new file mode 100644 index 00000000000..10ce8446eac --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53108.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53108", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.713", + "lastModified": "2025-05-02T16:15:29.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Fix size of interrupt data\n\niucv_irq_data needs to be 4 bytes larger.\nThese bytes are not used by the iucv module, but written by\nthe z/VM hypervisor in case a CPU is deconfigured.\n\nReported as:\nBUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten\n-----------------------------------------------------------------------------\n0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc\nAllocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1\n__kmem_cache_alloc_node+0x166/0x450\nkmalloc_node_trace+0x3a/0x70\niucv_cpu_prepare+0x44/0xd0\ncpuhp_invoke_callback+0x156/0x2f0\ncpuhp_issue_call+0xf0/0x298\n__cpuhp_setup_state_cpuslocked+0x136/0x338\n__cpuhp_setup_state+0xf4/0x288\niucv_init+0xf4/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nFreed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1\n__kmem_cache_free+0x308/0x358\niucv_init+0x92/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nSlab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|\nObject 0x0000000000400540 @offset=1344 fp=0x0000000000000000\nRedzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nObject 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................\nObject 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................\nObject 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................\nObject 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400580: cc cc cc cc cc cc cc cc ........\nPadding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\nCPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n[<000000032aa034ec>] dump_stack_lvl+0xac/0x100\n[<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140\n[<0000000329f5aa78>] check_object+0x370/0x3c0\n[<0000000329f5ede6>] free_debug_processing+0x15e/0x348\n[<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0\n[<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8\n[<0000000329f61768>] __kmem_cache_free+0x308/0x358\n[<000000032a91465c>] iucv_cpu_dead+0x6c/0x88\n[<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0\n[<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0\n[<0000000329c3243e>] cpu_device_down+0x4e/0x78\n[<000000032a61dee0>] device_offline+0xc8/0x118\n[<000000032a61e048>] online_store+0x60/0xe0\n[<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8\n[<0000000329fab65c>] vfs_write+0x174/0x360\n[<0000000329fab9fc>] ksys_write+0x74/0x100\n[<000000032aa03a5a>] __do_syscall+0x1da/0x208\n[<000000032aa177b2>] system_call+0x82/0xb0\nINFO: lockdep is turned off.\nFIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc\nFIX dma-kmalloc-64: Object at 0x0000000000400540 not freed" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3cfdefdaaa4b2a77e84d0db5e0a47a7aa3bb615a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3d87debb8ed2649608ff432699e7c961c0c6f03b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/71da5991b6438ad6da13ceb25465ee2760a1c52f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/93a970494881004c348d8feb38463ee72496e99a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a908eae0f71811afee86be7088692f1aa5855c3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0d2bb5e31a693ebc8888eb407f8a257a3680efa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bd2e78462ae18484e55ae4d285df2c86b86bdd12", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c78f1345db4e4b3b78f9b768f4074ebd60abe966", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json new file mode 100644 index 00000000000..0916aeb5277 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53109.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53109", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.823", + "lastModified": "2025-05-02T16:15:29.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev->needed_headroom\n\nIP tunnels can apparently update dev->needed_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/i\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b397c06cb987935b1b097336532aa6b4210e091", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/51f3bd3765bc5ca4583af07a00833da00d2ace1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5aaab217c8f5387b9c5fff9e940d80f135e04366", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e206f66d824b3b28a7f9ee1366dfc79a937bb46", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b86a8702b042ee4e15d2d46375be873a6a8834f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a69b72b57b7d269e833e520ba7500d556e8189b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be59b87ee4aed81db7c10e44f603866a0ac3ca5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0a557fc1daf5c1086e47150a4571aebadbb62be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json new file mode 100644 index 00000000000..9346776a6db --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53110.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53110", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:29.930", + "lastModified": "2025-05-02T16:15:29.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn->sndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn->sndbuf_desc->len);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn->sndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json new file mode 100644 index 00000000000..e8ec9fca31f --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53111.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53111", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.027", + "lastModified": "2025-05-02T16:15:30.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Fix use-after-free issues\n\ndo_req_filebacked() calls blk_mq_complete_request() synchronously or\nasynchronously when using asynchronous I/O unless memory allocation fails.\nHence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor\n'rq' after do_req_filebacked() finished unless we are sure that the request\nhas not yet been completed. This patch fixes the following kernel crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000054\nCall trace:\n css_put.42938+0x1c/0x1ac\n loop_process_work+0xc8c/0xfd4\n loop_rootcg_workfn+0x24/0x34\n process_one_work+0x244/0x558\n worker_thread+0x400/0x8fc\n kthread+0x16c/0x1e0\n ret_from_fork+0x10/0x20" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/407badf73ec9fb0d5744bf2ca1745c1818aa222f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6917395c4667cfb607ed8bf1826205a59414657c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b0cb770f5d7b1ff40bea7ca385438ee94570eec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e3fda704903f6d1fc351412f1bc6620333959ada", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json new file mode 100644 index 00000000000..b2801cab438 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53112.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53112", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.140", + "lastModified": "2025-05-02T16:15:30.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n index 6 is out of range for type 'u16 [6]'\n CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n Call Trace:\n \n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x3a\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\n gen11_compute_sseu_info+0x121/0x130 [i915]\n intel_sseu_info_init+0x15d/0x2b0 [i915]\n intel_gt_init_mmio+0x23/0x40 [i915]\n i915_driver_mmio_probe+0x129/0x400 [i915]\n ? intel_gt_probe_all+0x91/0x2e0 [i915]\n i915_driver_probe+0xe1/0x3f0 [i915]\n ? drm_privacy_screen_get+0x16d/0x190 [drm]\n ? acpi_dev_found+0x64/0x80\n i915_pci_probe+0xac/0x1b0 [i915]\n ...\n\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/193c41926d152761764894f46e23b53c00186a82", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1a1682abf7399318ac074b1f2ac6a8c992b5b3da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/36b076ab6247cf0d2135b2ad6bb337617c3b5a1b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json new file mode 100644 index 00000000000..fb5e0b472d8 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53113.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53113", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.407", + "lastModified": "2025-05-02T16:15:30.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NULL-ptr deref in offchan check\n\nIf, e.g. in AP mode, the link was already created by userspace\nbut not activated yet, it has a chandef but the chandef isn't\nvalid and has no channel. Check for this and ignore this link." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json new file mode 100644 index 00000000000..42f28f1782f --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53114.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53114", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.493", + "lastModified": "2025-05-02T16:15:30.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during reboot when adapter is in recovery mode\n\nIf the driver detects during probe that firmware is in recovery\nmode then i40e_init_recovery_mode() is called and the rest of\nprobe function is skipped including pci_set_drvdata(). Subsequent\ni40e_shutdown() called during shutdown/reboot dereferences NULL\npointer as pci_get_drvdata() returns NULL.\n\nTo fix call pci_set_drvdata() also during entering to recovery mode.\n\nReproducer:\n1) Lets have i40e NIC with firmware in recovery mode\n2) Run reboot\n\nResult:\n[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver\n[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.\n[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.\n[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0\n[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.\n[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0\n...\n[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2\n[ 156.318330] #PF: supervisor write access in kernel mode\n[ 156.323546] #PF: error_code(0x0002) - not-present page\n[ 156.328679] PGD 0 P4D 0\n[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1\n[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022\n[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]\n[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00\n[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282\n[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001\n[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000\n[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40\n[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000\n[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000\n[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000\n[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0\n[ 156.438944] PKRU: 55555554\n[ 156.441647] Call Trace:\n[ 156.444096] \n[ 156.446199] pci_device_shutdown+0x38/0x60\n[ 156.450297] device_shutdown+0x163/0x210\n[ 156.454215] kernel_restart+0x12/0x70\n[ 156.457872] __do_sys_reboot+0x1ab/0x230\n[ 156.461789] ? vfs_writev+0xa6/0x1a0\n[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10\n[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0\n[ 156.475034] do_syscall_64+0x3e/0x90\n[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 156.483658] RIP: 0033:0x7fe7bff37ab7" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3cbecb1c9085a00155639404f7addbcbfc987ba3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ff82695266576a0b4f1077a7100b2451e476df4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e18f66b704bd725196508c1db93bf7338cdc8de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e4f8a0c495413a50413e8c9f1032ce1bc633bae", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b3826fb3ea14646b3d4e6309bfc384b349f36eb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c703362a66ea971905b9dc153fc54d1b6ac05423", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json new file mode 100644 index 00000000000..1af72a4932e --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53115.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53115", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.590", + "lastModified": "2025-05-02T16:15:30.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon't allocate memory again when IOC is being reinitialized." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5aab9342f12f980b64617a034d121efbbf09100a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7277b4eec2f25a0653646ba95b1f25fa16be1d6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c798304470cab88723d895726d17fcb96472e0e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json new file mode 100644 index 00000000000..87274c0377b --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53116.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53116", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.680", + "lastModified": "2025-05-02T16:15:30.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target ->queue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04c394208831d5e0d5cfee46722eb0f033cd4083", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6173a77b7e9d3e202bdb9897b23f2a8afe7bf286", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ed9813871038b25a934b21ab76b5b7dbf44fc3a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a6317235da8aa7cb97529ebc8121cc2a4c4c437a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcd535f07c58342302a2cd2bdd8894fe0872c8a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5d99b29012bbf0e86929403209723b2806500c1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f1d5888a5efe345b63c430b256e95acb0a475642", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fafcb4b26393870c45462f9af6a48e581dbbcf7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json new file mode 100644 index 00000000000..94f3928a3e8 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53117.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53117", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.783", + "lastModified": "2025-05-02T16:15:30.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d5d9501b634fd268eb56428cda92cd317752d69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/609d54441493c99f21c1823dfd66fa7f4c512ff4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6631c8da02cfad96c53b217cf647b511c7f34faf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a759905de9cd6ec9ca08ceadf0920272772ed830", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cec08b7d1ebcd3138d4658b3868ce26aeb1e8e06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eea8e4e056a5ffbeb539a13854c017d5d62c756a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8cd8754a03a3748384ee438c572423643c9c315", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json new file mode 100644 index 00000000000..e4034e343d1 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53118.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53118", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.880", + "lastModified": "2025-05-02T16:15:30.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a764d55e938743efa7c2cba7305633bcf227f09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68c665bb185037e7eb66fb792c61da9d7151e99c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e0ae8667fcdd99d1756922e1140cac75f5fa279", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be03df3d4bfe7e8866d4aa43d62e648ffe884f5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json new file mode 100644 index 00000000000..48f6dff3c6c --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53119.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53119", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:30.980", + "lastModified": "2025-05-02T16:15:30.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized 'phy' field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n \n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f9c1f26d434c32520dfe33326b28c5954bc4299", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2703da78849c47b6b5b4471edb35fc7b7f91dead", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2bd1ed6d607d7013ed4959e86990a04f028543ef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2bee84369b76f6c9ef71938069c65a6ebd1a12f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2cbd4213baf7be5d87d183e2032c54003de0790f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/484b7059796e3bc1cb527caa61dfc60da649b4f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c20a07ed26a71a8ccc9c6d935fc181573f5462e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a97ef110c491b72c138111a595a3a3af56cbc94c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json new file mode 100644 index 00000000000..9cb9242bd88 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53120.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53120", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.083", + "lastModified": "2025-05-02T16:15:31.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix config page DMA memory leak\n\nA fix for:\n\nDMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5fc4d698ed4b6507be2eb36d040a678adcb89da4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7d2b02172b6a2ae6aecd7ef6480b9c4bf3dc59f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dca06ccf13de14e144d34f158f73ae0032f80e63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json new file mode 100644 index 00000000000..1943e268776 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53121.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53121", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.173", + "lastModified": "2025-05-02T16:15:31.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: tcp_make_synack() can be called from process context\n\ntcp_rtx_synack() now could be called in process context as explained in\n0a375c822497 (\"tcp: tcp_rtx_synack() can be called from process\ncontext\").\n\ntcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU\nvariables with preemption enabled. This causes the following BUG:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464\n caller is tcp_make_synack+0x841/0xac0\n Call Trace:\n \n dump_stack_lvl+0x10d/0x1a0\n check_preemption_disabled+0x104/0x110\n tcp_make_synack+0x841/0xac0\n tcp_v6_send_synack+0x5c/0x450\n tcp_rtx_synack+0xeb/0x1f0\n inet_rtx_syn_ack+0x34/0x60\n tcp_check_req+0x3af/0x9e0\n tcp_rcv_state_process+0x59b/0x2030\n tcp_v6_do_rcv+0x5f5/0x700\n release_sock+0x3a/0xf0\n tcp_sendmsg+0x33/0x40\n ____sys_sendmsg+0x2f2/0x490\n __sys_sendmsg+0x184/0x230\n do_syscall_64+0x3d/0x90\n\nAvoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use\nTCP_INC_STATS() which is safe to be called from context switch." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/442aa78ed70188b21ccd8669738448702c0a3281", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7613cde8c0c1f02a7ec2e1d536c01b65b135fc1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/77ad58bca0119e8cc3e0e9d91a3f22caa66e4dfa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9180aa4622a720b433e842b4d3aa34d73eec577a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad07290d63ff6689f50565b02f5b6f34ec15a5ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d493d4fe88195a144d6a277a90062a7534ed2192", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e23ca307745be3df7fe9762f3e2a7e311a57852e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json new file mode 100644 index 00000000000..12be65bc515 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53122.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53122", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.270", + "lastModified": "2025-05-02T16:15:31.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: fix taking the text_mutex twice during sifive errata patching\n\nChris pointed out that some bonehead, *cough* me *cough*, added two\nmutex_locks() to the SiFive errata patching. The second was meant to\nhave been a mutex_unlock().\n\nThis results in errors such as\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000030\nOops [#1]\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted\n6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229\nHardware name: BeagleV Starlight Beta (DT)\nepc : __schedule+0x42/0x500\n ra : schedule+0x46/0xce\nepc : ffffffff8065957c ra : ffffffff80659a80 sp : ffffffff81203c80\n gp : ffffffff812d50a0 tp : ffffffff8120db40 t0 : ffffffff81203d68\n t1 : 0000000000000001 t2 : 4c45203a76637369 s0 : ffffffff81203cf0\n s1 : ffffffff8120db40 a0 : 0000000000000000 a1 : ffffffff81213958\n a2 : ffffffff81213958 a3 : 0000000000000000 a4 : 0000000000000000\n a5 : ffffffff80a1bd00 a6 : 0000000000000000 a7 : 0000000052464e43\n s2 : ffffffff8120db41 s3 : ffffffff80a1ad00 s4 : 0000000000000000\n s5 : 0000000000000002 s6 : ffffffff81213938 s7 : 0000000000000000\n s8 : 0000000000000000 s9 : 0000000000000001 s10: ffffffff812d7204\n s11: ffffffff80d3c920 t3 : 0000000000000001 t4 : ffffffff812e6dd7\n t5 : ffffffff812e6dd8 t6 : ffffffff81203bb8\nstatus: 0000000200000100 badaddr: 0000000000000030 cause: 000000000000000d\n[] schedule+0x46/0xce\n[] schedule_preempt_disabled+0x16/0x28\n[] __mutex_lock.constprop.0+0x3fe/0x652\n[] __mutex_lock_slowpath+0xe/0x16\n[] mutex_lock+0x42/0x4c\n[] sifive_errata_patch_func+0xf6/0x18c\n[] _apply_alternatives+0x74/0x76\n[] apply_boot_alternatives+0x3c/0xfa\n[] setup_arch+0x60c/0x640\n[] start_kernel+0x8e/0x99c\n---[ end trace 0000000000000000 ]---\n\n[Palmer: pick up Geert's bug report from the thread]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2feac714c6818f7767cfc21a3c10fa926b7398a3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96a1600461957731b6d8ff3563c9f94b315bdaa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf89b7ee52af5a5944fa3539e86089f72475055b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json new file mode 100644 index 00000000000..bb7697eb0d8 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53123.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53123", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.360", + "lastModified": "2025-05-02T16:15:31.360", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: s390: Fix use-after-free of PCI resources with per-function hotplug\n\nOn s390 PCI functions may be hotplugged individually even when they\nbelong to a multi-function device. In particular on an SR-IOV device VFs\nmay be removed and later re-added.\n\nIn commit a50297cf8235 (\"s390/pci: separate zbus creation from\nscanning\") it was missed however that struct pci_bus and struct\nzpci_bus's resource list retained a reference to the PCI functions MMIO\nresources even though those resources are released and freed on\nhot-unplug. These stale resources may subsequently be claimed when the\nPCI function re-appears resulting in use-after-free.\n\nOne idea of fixing this use-after-free in s390 specific code that was\ninvestigated was to simply keep resources around from the moment a PCI\nfunction first appeared until the whole virtual PCI bus created for\na multi-function device disappears. The problem with this however is\nthat due to the requirement of artificial MMIO addreesses (address\ncookies) extra logic is then needed to keep the address cookies\ncompatible on re-plug. At the same time the MMIO resources semantically\nbelong to the PCI function so tying their lifecycle to the function\nseems more logical.\n\nInstead a simpler approach is to remove the resources of an individually\nhot-unplugged PCI function from the PCI bus's resource list while\nkeeping the resources of other PCI functions on the PCI bus untouched.\n\nThis is done by introducing pci_bus_remove_resource() to remove an\nindividual resource. Similarly the resource also needs to be removed\nfrom the struct zpci_bus's resource list. It turns out however, that\nthere is really no need to add the MMIO resources to the struct\nzpci_bus's resource list at all and instead we can simply use the\nzpci_bar_struct's resource pointer directly." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/437bb839e36cc9f35adc6d2a2bf113b7a0fc9985", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2410d0c3d2d714ed968a135dfcbed6aa3ff7027", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab909509850b27fd39b8ba99e44cda39dbc3858c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b99ebf4b62774e690e73a551cf5fbf6f219bdd96", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json new file mode 100644 index 00000000000..a998d82f1fe --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53124.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53124", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.453", + "lastModified": "2025-05-02T16:15:31.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()\n\nPort is allocated by sas_port_alloc_num() and rphy is allocated by either\nsas_end_device_alloc() or sas_expander_alloc(), all of which may return\nNULL. So we need to check the rphy to avoid possible NULL pointer access.\n\nIf sas_rphy_add() returned with failure, rphy is set to NULL. We would\naccess the rphy in the following lines which would also result NULL pointer\naccess." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json new file mode 100644 index 00000000000..96c39937140 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53125.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53125", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.547", + "lastModified": "2025-05-02T16:15:31.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Limit packet length to skb->len\n\nPacket length retrieved from skb data may be larger than\nthe actual socket buffer length (up to 9026 bytes). In such\ncase the cloned skb passed up the network stack will leak\nkernel memory contents." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/105db6574281e1e03fcbf87983f4fee111682306", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a4de0a68b18485c68ab4f0cfa665b1633c6d277", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/53966d572d056d6b234cfe76a5f9d60049d3c178", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ee5df9c039e37b9d8eb5e3de08bfb7f53d31cb6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9fabdd79051a9fe51388df099aff6e4b660fedd2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7bdc137ca163b90917c1eeba4f1937684bd4f8b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8b228318935044dafe3a5bc07ee71a1f1424b8d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e294f0aa47e4844f3d3c8766c02accd5a76a7d4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json new file mode 100644 index 00000000000..0658074db11 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53126.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53126", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.643", + "lastModified": "2025-05-02T16:15:31.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()\n\nFree mrioc->sas_hba.phy at .remove." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/480aae2f30637b5140e9c7a9b10298e538df2b5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c60a7c7508645a9f36e4a18a5f548fb79378acd1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d4caa1a4255cc44be56bcab3db2c97c632e6cc10", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json new file mode 100644 index 00000000000..bc7d13bb9a7 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53127.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53127", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.730", + "lastModified": "2025-05-02T16:15:31.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix expander node leak in mpi3mr_remove()\n\nAdd a missing resource clean up in .remove." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0023972a7593720f8878aed06c03ac9e541078be", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce756daa36e1ba271bb3334267295e447aa57a5c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf9777be5683c5e55680c089df02ee27d2226aa8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json new file mode 100644 index 00000000000..fc48b13d6e7 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53128.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53128", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.820", + "lastModified": "2025-05-02T16:15:31.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix throttle_groups memory leak\n\nAdd a missing kfree()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/574cc10edaa7dba833764efed8c57ee0e6bf7574", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/85349a227eb4a56520adc190c666075f80d4ae70", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f305a7b6ca21a665e8d0cf70b5936991a298c93c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json new file mode 100644 index 00000000000..498543a2d59 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53129.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53129", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.907", + "lastModified": "2025-05-02T16:15:31.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix deadlock during directory rename\n\nAs lockdep properly warns, we should not be locking i_rwsem while having\ntransactions started as the proper lock ordering used by all directory\nhandling operations is i_rwsem -> transaction start. Fix the lock\nordering by moving the locking of the directory earlier in\next4_rename()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2ef7f829214fa8f428d953b49557b89b2b02db66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/352c728653a1179ce7bb37a4c8aa8404d83914a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3c92792da8506a295afb6d032b4476e46f979725", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b06c4ae64e3557a19b3bb0b6dbf641bc41fc218", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2bc806e95bde8de3a0d675051d9ae78dcf6c691", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b113f90204479f55a17295bedf0cc966a60c7a56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json new file mode 100644 index 00000000000..6512d4f1c38 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53130.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53130", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:31.997", + "lastModified": "2025-05-02T16:15:31.997", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix wrong mode for blkdev_put() from disk_scan_partitions()\n\nIf disk_scan_partitions() is called with 'FMODE_EXCL',\nblkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow\nblkdev_put() is still called with 'FMODE_EXCL', which will cause\n'bd_holders' counter to leak.\n\nFix the problem by using the right mode for blkdev_put()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/428913bce1e67ccb4dae317fd0332545bf8c9233", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d81c6c98d45311a7f3abff4bd5e1eb8e5089972e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e5febcfbae9396fb3f064a2a14368c3d77d73ad4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json new file mode 100644 index 00000000000..35d3ece0596 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53131.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-53131", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.087", + "lastModified": "2025-05-02T16:15:32.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a server shutdown leak\n\nFix a race where kthread_stop() may prevent the threadfn from ever getting\ncalled. If that happens the svc_rqst will not be cleaned up." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7a3720361068ab520aed4608bad31ea9a6cc7fe7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ca6705d9d609441d34f8b853e1e4a6369b3b171", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad7e40ee157ba33950a4ccdc284334580da3638d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce7dd61e004002bc1c48d1ca47c887f3f3cc7370", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f74b3286859463cd63cc9d4aeaabd8b0c640182a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json new file mode 100644 index 00000000000..cf90883c91e --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53132.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53132", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.170", + "lastModified": "2025-05-02T16:15:32.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()\n\nFree mpi3mr_hba_port at .remove." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6322569273071745f2dd0c541b154b9666ae7767", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d0f3c3728da8af76dfe435f7f0cfa2b9d9e43ef0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f28bdab9e208792212c52b0c232a13bba84cf048", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json new file mode 100644 index 00000000000..5fcaa17a164 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53133.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53133", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.260", + "lastModified": "2025-05-02T16:15:32.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()\n\nWhen the buffer length of the recvmsg system call is 0, we got the\nflollowing soft lockup problem:\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149]\nCPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:remove_wait_queue+0xb/0xc0\nCode: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20\nRSP: 0018:ffff88811b5978b8 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768\nRDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040\nRBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7\nR10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800\nR13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0\nFS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n tcp_msg_wait_data+0x279/0x2f0\n tcp_bpf_recvmsg_parser+0x3c6/0x490\n inet_recvmsg+0x280/0x290\n sock_recvmsg+0xfc/0x120\n ____sys_recvmsg+0x160/0x3d0\n ___sys_recvmsg+0xf0/0x180\n __sys_recvmsg+0xea/0x1a0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe logic in tcp_bpf_recvmsg_parser is as follows:\n\nmsg_bytes_ready:\n\tcopied = sk_msg_recvmsg(sk, psock, msg, len, flags);\n\tif (!copied) {\n\t\twait data;\n\t\tgoto msg_bytes_ready;\n\t}\n\nIn this case, \"copied\" always is 0, the infinite loop occurs.\n\nAccording to the Linux system call man page, 0 should be returned in this\ncase. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly\nreturn. Also modify several other functions with the same problem." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4a476285f6d2921c3c9faa494eab83b78f78fc55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bf0579989de64d36e177c0611c685dc4a91457a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d900f3d20cc3169ce42ec72acc850e662a4d4db2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f45cf3ae3068e70e2c7f3e24a7f8e8aa99511f03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json new file mode 100644 index 00000000000..0ce30577db4 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53134.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53134", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.353", + "lastModified": "2025-05-02T16:15:32.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Avoid order-5 memory allocation for TPA data\n\nThe driver needs to keep track of all the possible concurrent TPA (GRO/LRO)\ncompletions on the aggregation ring. On P5 chips, the maximum number\nof concurrent TPA is 256 and the amount of memory we allocate is order-5\non systems using 4K pages. Memory allocation failure has been reported:\n\nNetworkManager: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1\nCPU: 15 PID: 2995 Comm: NetworkManager Kdump: loaded Not tainted 5.10.156 #1\nHardware name: Dell Inc. PowerEdge R660/0M1CC5, BIOS 0.2.25 08/12/2022\nCall Trace:\n dump_stack+0x57/0x6e\n warn_alloc.cold.120+0x7b/0xdd\n ? _cond_resched+0x15/0x30\n ? __alloc_pages_direct_compact+0x15f/0x170\n __alloc_pages_slowpath.constprop.108+0xc58/0xc70\n __alloc_pages_nodemask+0x2d0/0x300\n kmalloc_order+0x24/0xe0\n kmalloc_order_trace+0x19/0x80\n bnxt_alloc_mem+0x1150/0x15c0 [bnxt_en]\n ? bnxt_get_func_stat_ctxs+0x13/0x60 [bnxt_en]\n __bnxt_open_nic+0x12e/0x780 [bnxt_en]\n bnxt_open+0x10b/0x240 [bnxt_en]\n __dev_open+0xe9/0x180\n __dev_change_flags+0x1af/0x220\n dev_change_flags+0x21/0x60\n do_setlink+0x35c/0x1100\n\nInstead of allocating this big chunk of memory and dividing it up for the\nconcurrent TPA instances, allocate each small chunk separately for each\nTPA instance. This will reduce it to order-0 allocations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/16f3aae1aa2dd89bc8d073a67f190af580386ae9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/20fd0607acbf9770db9b99e3418dd75614f80b6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/accd7e23693aaaa9aa0d3e9eca0ae77d1be80ab3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad529d1fae1565d38f929479d4ea8aea90054bd2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d16701a385b54f44bf41ff1d7485e7a11080deb3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcae40e65802547def39b4deaa2ae38a29864d81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json new file mode 100644 index 00000000000..95694f8ed9c --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53135.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53135", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.447", + "lastModified": "2025-05-02T16:15:32.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[ 0.000000] ==================================================================\n[ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[ 0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[ 0.000000]\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] Call Trace:\n[ 0.000000] [] walk_stackframe+0x0/0x11a\n[ 0.000000] [] init_param_lock+0x26/0x2a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] dump_stack_lvl+0x22/0x36\n[ 0.000000] [] print_report+0x198/0x4a8\n[ 0.000000] [] init_param_lock+0x26/0x2a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] kasan_report+0x9a/0xc8\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] walk_stackframe+0xa2/0x11a\n[ 0.000000] [] desc_make_final+0x80/0x84\n[ 0.000000] [] stack_trace_save+0x88/0xa6\n[ 0.000000] [] filter_irq_stacks+0x72/0x76\n[ 0.000000] [] devkmsg_read+0x32a/0x32e\n[ 0.000000] [] kasan_save_stack+0x28/0x52\n[ 0.000000] [] desc_make_final+0x7c/0x84\n[ 0.000000] [] stack_trace_save+0x84/0xa6\n[ 0.000000] [] kasan_set_track+0x12/0x20\n[ 0.000000] [] __kasan_slab_alloc+0x58/0x5e\n[ 0.000000] [] __kmem_cache_create+0x21e/0x39a\n[ 0.000000] [] create_boot_cache+0x70/0x9c\n[ 0.000000] [] kmem_cache_init+0x6c/0x11e\n[ 0.000000] [] mm_init+0xd8/0xfe\n[ 0.000000] [] start_kernel+0x190/0x3ca\n[ 0.000000]\n[ 0.000000] The buggy address belongs to stack of task swapper/0\n[ 0.000000] and is located at offset 0 in frame:\n[ 0.000000] stack_trace_save+0x0/0xa6\n[ 0.000000]\n[ 0.000000] This frame has 1 object:\n[ 0.000000] [32, 56) 'c'\n[ 0.000000]\n[ 0.000000] The buggy address belongs to the physical page:\n[ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[ 0.000000] flags: 0x1000(reserved|zone=0)\n[ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[ 0.000000] page dumped because: kasan: bad access detected\n[ 0.000000]\n[ 0.000000] Memory state around the buggy address:\n[ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[ 0.000000] ^\n[ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/324912d6c0c4006711054d389faa2239c1655e1e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3de277af481ab931fab9e295ad8762692920732a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/76950340cf03b149412fe0d5f0810e52ac1df8cb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a99a61d9e1bfca2fc37d223a6a185c0eb66aba02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json new file mode 100644 index 00000000000..346db4d021b --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53136.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53136", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.540", + "lastModified": "2025-05-02T16:15:32.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: fix struct pid leaks in OOB support\n\nsyzbot reported struct pid leak [1].\n\nIssue is that queue_oob() calls maybe_add_creds() which potentially\nholds a reference on a pid.\n\nBut skb->destructor is not set (either directly or by calling\nunix_scm_to_skb())\n\nThis means that subsequent kfree_skb() or consume_skb() would leak\nthis reference.\n\nIn this fix, I chose to fully support scm even for the OOB message.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff8881053e7f80 (size 128):\ncomm \"syz-executor242\", pid 5066, jiffies 4294946079 (age 13.220s)\nhex dump (first 32 bytes):\n01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[] alloc_pid+0x6a/0x560 kernel/pid.c:180\n[] copy_process+0x169f/0x26c0 kernel/fork.c:2285\n[] kernel_clone+0xf7/0x610 kernel/fork.c:2684\n[] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825\n[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n[] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2aab4b96900272885bc157f8b236abf1cdc02e08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a59d6306263c38e5c0592ea4451ca26a0778c947", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ac1968ac399205fda9ee3b18f7de7416cb3a5d0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3969427fb06a2c3cd6efd7faab63505cfa76e76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json new file mode 100644 index 00000000000..46c504e0378 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53137.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2023-53137", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.633", + "lastModified": "2025-05-02T16:15:32.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix possible corruption when moving a directory\n\nWhen we are renaming a directory to a different directory, we need to\nupdate '..' entry in the moved directory. However nothing prevents moved\ndirectory from being modified and even converted from the inline format\nto the normal format. When such race happens the rename code gets\nconfused and we crash. Fix the problem by locking the moved directory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0813299c586b175d7edb25f56412c54b812d0379", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0c440f14558bfacd22c6935ae1fd4b2a09e96b5d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/291cd19d107e197306869cb3237c1bba62d13182", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8dac5a63cf79707b547ea3d425fead5f4482198f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0bb13612292ca90fa4c2a7e425375649bc50d3e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c50fc503ee1b97f12c98e26afc39fdaebebcf04f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json new file mode 100644 index 00000000000..8f1cbc9849a --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53138.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53138", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.720", + "lastModified": "2025-05-02T16:15:32.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: Fix use-after-free in cfusbl_device_notify()\n\nsyzbot reported use-after-free in cfusbl_device_notify() [1]. This\ncauses a stack trace like below:\n\nBUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\nRead of size 8 at addr ffff88807ac4e6f0 by task kworker/u4:6/1214\n\nCPU: 0 PID: 1214 Comm: kworker/u4:6 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0xeb/0x467 mm/kasan/report.c:313\n print_report mm/kasan/report.c:429 [inline]\n kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491\n cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:87\n call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10227 [inline]\n netdev_run_todo+0xbc0/0x10f0 net/core/dev.c:10341\n default_device_exit_batch+0x44e/0x590 net/core/dev.c:11334\n ops_exit_list+0x125/0x170 net/core/net_namespace.c:167\n cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594\n process_one_work+0x996/0x1610 kernel/workqueue.c:2289\n worker_thread+0x665/0x1080 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n \n\nWhen unregistering a net device, unregister_netdevice_many_notify()\nsets the device's reg_state to NETREG_UNREGISTERING, calls notifiers\nwith NETDEV_UNREGISTER, and adds the device to the todo list.\n\nLater on, devices in the todo list are processed by netdev_run_todo().\nnetdev_run_todo() waits devices' reference count become 1 while\nrebdoadcasting NETDEV_UNREGISTER notification.\n\nWhen cfusbl_device_notify() is called with NETDEV_UNREGISTER multiple\ntimes, the parent device might be freed. This could cause UAF.\nProcessing NETDEV_UNREGISTER multiple times also causes inbalance of\nreference count for the module.\n\nThis patch fixes the issue by accepting only first NETDEV_UNREGISTER\nnotification." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1793da97a23e31c5bf06631f3f3e5a25f368fd64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/287027d8a567168a5d8ce5cb0cba16a34791a48c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f14457e1584224f4296af613bbd99deb60b5d91", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68a45c3cf0e2242a533657f4f535d9b6a7447a79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9781e98a97110f5e76999058368b4be76a788484", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9dc16be373b382ddd4c274052a6e870a95e76c01", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3aaec463a632cf4187dc017e421bfa69d7834a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1a11bbdbb5ea9f172019c5a4a3e9d8eabd72179", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json new file mode 100644 index 00000000000..01cf7aacc5b --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53139.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53139", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.817", + "lastModified": "2025-05-02T16:15:32.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties\n\ndevm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause\nout-of-bounds write in device_property_read_u8_array later." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a3664a1058d4b2b1ea2112cc275ca47fba7fc08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/11f180a5d62a51b484e9648f9b310e1bd50b1a57", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/27824b2f98818215adc9661e563252c48dab1a13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4357bbb921fe9e81d0fd9f70d669d1f177d8380e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80be62358fa5507cefbaa067c7e6648401f2c3da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/98f49e693e02c1dafd5786be3468657840dd6f06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad11b872bc9b5d27e56183c6b01f9218c85395d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce93f1afc05941a572f5a69e2ed4012af905a693", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json new file mode 100644 index 00000000000..f48a0b2e89d --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53140.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2023-53140", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:32.920", + "lastModified": "2025-05-02T16:15:32.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Remove the /proc/scsi/${proc_name} directory earlier\n\nRemove the /proc/scsi/${proc_name} directory earlier to fix a race\ncondition between unloading and reloading kernel modules. This fixes a bug\nintroduced in 2009 by commit 77c019768f06 (\"[SCSI] fix /proc memory leak in\nthe SCSI core\").\n\nFix the following kernel warning:\n\nproc_dir_entry 'scsi/scsi_debug' already registered\nWARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0\nCall Trace:\n proc_mkdir+0xb5/0xe0\n scsi_proc_hostdir_add+0xb5/0x170\n scsi_host_alloc+0x683/0x6c0\n sdebug_driver_probe+0x6b/0x2d0 [scsi_debug]\n really_probe+0x159/0x540\n __driver_probe_device+0xdc/0x230\n driver_probe_device+0x4f/0x120\n __device_attach_driver+0xef/0x180\n bus_for_each_drv+0xe5/0x130\n __device_attach+0x127/0x290\n device_initial_probe+0x17/0x20\n bus_probe_device+0x110/0x130\n device_add+0x673/0xc80\n device_register+0x1e/0x30\n sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug]\n scsi_debug_init+0x64f/0x1000 [scsi_debug]\n do_one_initcall+0xd7/0x470\n do_init_module+0xe7/0x330\n load_module+0x122a/0x12c0\n __do_sys_finit_module+0x124/0x1a0\n __x64_sys_finit_module+0x46/0x50\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13daafe1e209b03e9bda16ff2bd2b2da145a139b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/17e98a5ede81b7696bec421f7afa2dfe467f5e6b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1ec363599f8346d5a8d08c71a0d9860d6c420ec0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b223e32d66ca9db1f252f433514783d8b22a8e1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/891a3cba425cf483d96facca55aebd6ff1da4338", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e471e928de97b00f297ad1015cc14f9459765713", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fc663711b94468f4e1427ebe289c9f05669699c9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json new file mode 100644 index 00000000000..48791d66394 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53141.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53141", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:33.023", + "lastModified": "2025-05-02T16:15:33.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()\n\nila_xlat_nl_cmd_get_mapping() generates an empty skb,\ntriggerring a recent sanity check [1].\n\nInstead, return an error code, so that user space\ncan get it.\n\n[1]\nskb_assert_len\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline]\nWARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nModules linked in:\nCPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_assert_len include/linux/skbuff.h:2527 [inline]\npc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nlr : skb_assert_len include/linux/skbuff.h:2527 [inline]\nlr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\nsp : ffff80001e0d6c40\nx29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0\nx26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00\nx23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10\nx20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0\nx17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001\nx11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600\nx8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e\nCall trace:\nskb_assert_len include/linux/skbuff.h:2527 [inline]\n__dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156\ndev_queue_xmit include/linux/netdevice.h:3033 [inline]\n__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]\n__netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325\nnetlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338\n__netlink_sendskb net/netlink/af_netlink.c:1283 [inline]\nnetlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292\nnetlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380\nnlmsg_unicast include/net/netlink.h:1099 [inline]\ngenlmsg_unicast include/net/genetlink.h:433 [inline]\ngenlmsg_reply include/net/genetlink.h:443 [inline]\nila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]\ngenl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1076\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg net/socket.c:734 [inline]\n____sys_sendmsg+0x558/0x844 net/socket.c:2479\n___sys_sendmsg net/socket.c:2533 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2562\n__do_sys_sendmsg net/socket.c:2571 [inline]\n__se_sys_sendmsg net/socket.c:2569 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nirq event stamp: 136484\nhardirqs last enabled at (136483): [] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345\nhardirqs last disabled at (136484): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405\nsoftirqs last enabled at (136418): [] softirq_ha\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/25b54f247ea060aeb85ec88a82c75060fca03521", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/42d9ed4e5dc5f87fbd67c232e2e4a9b88ceeb47f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60fe7cb483c8c5dcadaeeac867251d6e59c7badc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/693aa2c0d9b6d5b1f2745d31b6e70d09dbbaf06e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/783f218940b3c7b872e4111d0145000f26ecbdf6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91aceb3844d4aec555c7f423f9fd843eff5835e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b26bc5861505f04dea933ca3e522772b20fa086f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c631e52aea0fc8d4deea06e439f5810a8b40ad0f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json new file mode 100644 index 00000000000..0ec876939f6 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53142.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2023-53142", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:33.137", + "lastModified": "2025-05-02T16:15:33.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: copy last block omitted in ice_get_module_eeprom()\n\nice_get_module_eeprom() is broken since commit e9c9692c8a81 (\"ice:\nReimplement module reads used by ethtool\") In this refactor,\nice_get_module_eeprom() reads the eeprom in blocks of size 8.\nBut the condition that should protect the buffer overflow\nignores the last block. The last block always contains zeros.\n\nBug uncovered by ethtool upstream commit 9538f384b535\n(\"netlink: eeprom: Defer page requests to individual parsers\")\nAfter this commit, ethtool reads a block with length = 1;\nto read the SFF-8024 identifier value.\n\nunpatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 00 00 00 00 00 00\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00\n$\n\n$ ethtool -m enp65s0f0np0\nOffset Values\n------ ------\n0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00\n0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\npatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78\n$ ethtool -m enp65s0f0np0\n Identifier : 0x11 (QSFP28)\n Extended identifier : 0x00\n Extended identifier description : 1.5W max. Power consumption\n Extended identifier description : No CDR in TX, No CDR in RX\n Extended identifier description : High Power Class (> 3.5 W) not enabled\n Connector : 0x23 (No separable connector)\n Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00\n Transceiver type : 40G Ethernet: 40G Base-CR4\n Transceiver type : 25G Ethernet: 25G Base-CR CA-N\n Encoding : 0x05 (64B/66B)\n BR, Nominal : 25500Mbps\n Rate identifier : 0x00\n Length (SMF,km) : 0km\n Length (OM3 50um) : 0m\n Length (OM2 50um) : 0m\n Length (OM1 62.5um) : 0m\n Length (Copper or Active cable) : 1m\n Transmitter technology : 0xa0 (Copper cable unequalized)\n Attenuation at 2.5GHz : 4db\n Attenuation at 5.0GHz : 5db\n Attenuation at 7.0GHz : 7db\n Attenuation at 12.9GHz : 10db\n ........\n ...." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/84cba1840e68430325ac133a11be06bfb2f7acd8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8cfbdda65588e75bfbd93e5ee847efcb4796ad09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90b40ab29298db3a4879c1d3c4e685184386bce6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c813f7a3161481483ae2077651b21bc217c419e0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json new file mode 100644 index 00000000000..1c9b4ef8d30 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53143.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2023-53143", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:33.240", + "lastModified": "2025-05-02T16:15:33.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix another off-by-one fsmap error on 1k block filesystems\n\nApparently syzbot figured out that issuing this FSMAP call:\n\nstruct fsmap_head cmd = {\n\t.fmh_count\t= ...;\n\t.fmh_keys\t= {\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t},\n...\n};\nret = ioctl(fd, FS_IOC_GETFSMAP, &cmd);\n\nProduces this crash if the underlying filesystem is a 1k-block ext4\nfilesystem:\n\nkernel BUG at fs/ext4/ext4.h:3331!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4]\nRSP: 0018:ffffc90007c03998 EFLAGS: 00010246\nRAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000\nRDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11\nRBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400\nR10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001\nR13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398\nFS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0\nCall Trace:\n \n ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __x64_sys_ioctl+0x82/0xa0\n do_syscall_64+0x2b/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf20558aff\nRSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff\nRDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003\nRBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010\nR13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000\n\nFor GETFSMAP calls, the caller selects a physical block device by\nwriting its block number into fsmap_head.fmh_keys[01].fmr_device.\nTo query mappings for a subrange of the device, the starting byte of the\nrange is written to fsmap_head.fmh_keys[0].fmr_physical and the last\nbyte of the range goes in fsmap_head.fmh_keys[1].fmr_physical.\n\nIOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you'd\nset the inputs as follows:\n\n\tfmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3},\n\tfmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14},\n\nWhich would return you whatever is mapped in the 12 bytes starting at\nphysical offset 3.\n\nThe crash is due to insufficient range validation of keys[1] in\next4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of\nthe filesystem, which means that s_first_data_block is nonzero.\next4_get_group_no_and_offset subtracts this quantity from the blocknr\nargument before cracking it into a group number and a block number\nwithin a group. IOWs, block group 0 spans blocks 1-8192 (1-based)\ninstead of 0-8191 (0-based) like what happens with larger blocksizes.\n\nThe net result of this encoding is that blocknr < s_first_data_block is\nnot a valid input to this function. The end_fsb variable is set from\nthe keys that are copied from userspace, which means that in the above\nexample, its value is zero. That leads to an underflow here:\n\n\tblocknr = blocknr - le32_to_cpu(es->s_first_data_block);\n\nThe division then operates on -1:\n\n\toffset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >>\n\t\tEXT4_SB(sb)->s_cluster_bits;\n\nLeaving an impossibly large group number (2^32-1) in blocknr.\next4_getfsmap_check_keys checked that keys[0\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/15ebade3266b300da9cd1edce4004fe8fd6a2b88", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1d2366624b4c19a2ba6baf67fe57f4a1b0f67c05", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a70b49dc7eee5dbe3775a650ce598e3557ff5475", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c24f838493792b5e78a3596b4ca96375aa0af4c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c5d7c31e17224d847a330180ec1b03bf390632b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c993799baf9c5861f8df91beb80e1611b12efcbd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb3a695aa71a514f2e7f5778e05faba3733b70a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f16054ac1774915160ca4e1c73ff7a269465a1b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json b/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json new file mode 100644 index 00000000000..916c086ac81 --- /dev/null +++ b/CVE-2023/CVE-2023-531xx/CVE-2023-53144.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2023-53144", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-05-02T16:15:33.357", + "lastModified": "2025-05-02T16:15:33.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix wrong kunmap when using LZMA on HIGHMEM platforms\n\nAs the call trace shown, the root cause is kunmap incorrect pages:\n\n BUG: kernel NULL pointer dereference, address: 00000000\n CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6.2.0-rc5 #4\n Workqueue: erofs_worker z_erofs_decompressqueue_work\n EIP: z_erofs_lzma_decompress+0x34b/0x8ac\n z_erofs_decompress+0x12/0x14\n z_erofs_decompress_queue+0x7e7/0xb1c\n z_erofs_decompressqueue_work+0x32/0x60\n process_one_work+0x24b/0x4d8\n ? process_one_work+0x1a4/0x4d8\n worker_thread+0x14c/0x3fc\n kthread+0xe6/0x10c\n ? rescuer_thread+0x358/0x358\n ? kthread_complete_and_exit+0x18/0x18\n ret_from_fork+0x1c/0x28\n ---[ end trace 0000000000000000 ]---\n\nThe bug is trivial and should be fixed now. It has no impact on\n!HIGHMEM platforms." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/28aea8ae6cf212a5bf3ed962b27921e2029ad754", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f121dfb15f7b4ab345992ce96003eb63fd608f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fa4056781ac067b5946c6811459e1a36842047fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13102.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13102.json index 88e3e28e81f..5cd3cd88d85 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13102.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13102.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13102", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T10:15:06.427", - "lastModified": "2025-01-02T18:15:16.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:25.510", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/DDNS.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289918", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289918", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472074", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/DDNS.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13103.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13103.json index aecab763709..74622fec533 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13103.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13103.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13103", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T10:15:06.690", - "lastModified": "2025-01-02T18:15:16.747", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:23.807", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289919", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289919", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472075", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13104.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13104.json index 0dd85b58bbd..358c6ad54e0 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13104.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13104.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13104", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T11:15:06.500", - "lastModified": "2025-01-02T18:15:16.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:21.200", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AdvanceSetup.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289920", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289920", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472076", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AdvanceSetup.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13105.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13105.json index 76df566ad03..66faf1baf2f 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13105.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13105.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13105", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T11:15:07.547", - "lastModified": "2025-01-02T18:15:17.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:19.653", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289921", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289921", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472085", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13106.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13106.json index 9a3b60c1977..4cd535b6e3e 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13106.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13106.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13106", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T12:15:16.940", - "lastModified": "2025-01-02T18:15:17.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:18.030", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2IPQoSTcAdd.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289922", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289922", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472086", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2IPQoSTcAdd.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13107.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13107.json index 1d6d945abd2..99dd520c86e 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13107.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13107.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13107", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T12:15:17.147", - "lastModified": "2025-01-02T18:15:17.310", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:16.377", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289923", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289923", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472087", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13108.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13108.json index 32ff891ff67..669df706b12 100644 --- a/CVE-2024/CVE-2024-131xx/CVE-2024-13108.json +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13108.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13108", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-02T13:15:06.353", - "lastModified": "2025-01-02T17:15:07.933", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:56:14.720", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "cna@vuldb.com", @@ -87,6 +87,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -129,32 +149,91 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-816_firmware:1.10cnb05_r1b011d88210:*:*:*:*:*:*:*", + "matchCriteriaId": "6494A725-3860-4428-A0F3-076605CAF7F2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-816:a2:*:*:*:*:*:*:*", + "matchCriteriaId": "1A3AC507-7219-401E-AC60-12D96382E4B7" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2NetSniper.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.289924", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.289924", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.472088", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.dlink.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2NetSniper.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45757.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45757.json index eb03eac03af..bb63a81c09f 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45757.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45757.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45757", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-03T21:15:06.953", - "lastModified": "2024-12-03T21:15:06.953", + "lastModified": "2025-05-02T17:15:48.803", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " Se descubri\u00f3 un problema en Centreon centreon-bam 24.04, 23.10, 23.04 y 22.10. La inyecci\u00f3n de SQL puede ocurrir en el formulario de configuraci\u00f3n del usuario. La explotaci\u00f3n solo es accesible para usuarios autenticados con acceso con privilegios elevados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://github.com/centreon/centreon/releases", diff --git a/CVE-2025/CVE-2025-257xx/CVE-2025-25740.json b/CVE-2025/CVE-2025-257xx/CVE-2025-25740.json index 1e597f4994b..0f122f9ee5c 100644 --- a/CVE-2025/CVE-2025-257xx/CVE-2025-25740.json +++ b/CVE-2025/CVE-2025-257xx/CVE-2025-25740.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25740", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-14T15:15:13.190", - "lastModified": "2025-03-17T19:15:25.963", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:53:59.500", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-853_firmware:1.20b07:*:*:*:*:*:*:*", + "matchCriteriaId": "DD86F202-BD48-4C40-97C1-8D74422FF28E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-853:a1:*:*:*:*:*:*:*", + "matchCriteriaId": "8B2B23D3-C719-4537-9F25-7302A7159F9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-2-1812386a66448036a1cce259beb30b04", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-257xx/CVE-2025-25741.json b/CVE-2025/CVE-2025-257xx/CVE-2025-25741.json index 1841bda3c0e..3fac315dcee 100644 --- a/CVE-2025/CVE-2025-257xx/CVE-2025-25741.json +++ b/CVE-2025/CVE-2025-257xx/CVE-2025-25741.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25741", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-12T18:15:28.293", - "lastModified": "2025-03-05T19:15:38.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:54:01.000", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-853_firmware:1.20b07:*:*:*:*:*:*:*", + "matchCriteriaId": "DD86F202-BD48-4C40-97C1-8D74422FF28E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-853:a1:*:*:*:*:*:*:*", + "matchCriteriaId": "8B2B23D3-C719-4537-9F25-7302A7159F9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-7-1812386a664480b7ac54d281afa629f5", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-257xx/CVE-2025-25745.json b/CVE-2025/CVE-2025-257xx/CVE-2025-25745.json index 589d13e5fd9..086ff0acecb 100644 --- a/CVE-2025/CVE-2025-257xx/CVE-2025-25745.json +++ b/CVE-2025/CVE-2025-257xx/CVE-2025-25745.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25745", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-14T16:15:37.010", - "lastModified": "2025-02-14T16:15:37.010", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T17:53:57.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-853_firmware:1.20b07:*:*:*:*:*:*:*", + "matchCriteriaId": "DD86F202-BD48-4C40-97C1-8D74422FF28E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-853:a1:*:*:*:*:*:*:*", + "matchCriteriaId": "8B2B23D3-C719-4537-9F25-7302A7159F9A" + } + ] + } + ] + } + ], "references": [ { "url": "https://dear-sunshine-ba5.notion.site/D-Link-DIR-853-2-1812386a664480ea82a7f8321d967187", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json index d0cdcd3f72e..5b70a88981f 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3503", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-01T06:15:34.910", - "lastModified": "2025-05-02T13:53:40.163", + "lastModified": "2025-05-02T16:15:33.967", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/83ddd432-309f-4ff5-974c-fdc9c67d1051/", diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json index 06519209443..fb37906e3cc 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3513", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-02T06:15:48.887", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.100", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, "references": [ { "url": "https://wpscan.com/vulnerability/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226/", diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json new file mode 100644 index 00000000000..8cb4d6123ac --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3879.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-3879", + "sourceIdentifier": "security@hashicorp.com", + "published": "2025-05-02T17:15:51.273", + "lastModified": "2025-05-02T17:15:51.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json index 67ee64737ff..ed6333cb0d4 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3927.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3927", "sourceIdentifier": "cret@cert.org", "published": "2025-05-02T15:15:49.017", - "lastModified": "2025-05-02T15:15:49.017", + "lastModified": "2025-05-02T16:15:34.273", "vulnStatus": "Received", "cveTags": [ { @@ -23,6 +23,10 @@ { "url": "https://www.digigram.com/download/pyko-out-user-manual-en-jan-2019/", "source": "cret@cert.org" + }, + { + "url": "https://www.kb.cert.org/vuls/id/360686", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json index 72a4d7504bc..f554be5d378 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4082", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:34.913", - "lastModified": "2025-05-02T13:53:40.163", + "lastModified": "2025-05-02T16:15:36.307", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La modificaci\u00f3n de atributos espec\u00edficos de sombreadores WebGL podr\u00eda desencadenar una lectura fuera de los l\u00edmites, que, al combinarse con otras vulnerabilidades, podr\u00eda utilizarse para escalar privilegios. *Este error solo afecta a Firefox para macOS. Otras versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138 y Thunderbird ESR < 128.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json index 533ae550e3d..3b731c02fcf 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4084", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.097", - "lastModified": "2025-05-02T13:53:40.163", + "lastModified": "2025-05-02T16:15:36.460", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Debido a la insuficiente capacidad de escape de los caracteres especiales en la funci\u00f3n \"copiar como cURL\", un atacante podr\u00eda enga\u00f1ar a un usuario para que use este comando, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo local en su sistema. *Este error solo afecta a Firefox para Windows. Las dem\u00e1s versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox ESR < 128.10, Firefox ESR < 115.23 y Thunderbird ESR < 128.10." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198", diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json index 67d268c9e32..1ef7f3771d6 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json @@ -2,7 +2,7 @@ "id": "CVE-2025-4085", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.187", - "lastModified": "2025-05-02T13:53:40.163", + "lastModified": "2025-05-02T16:15:36.603", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Un atacante con control sobre un proceso de contenido podr\u00eda aprovechar el actor privilegiado UITour para filtrar informaci\u00f3n confidencial o escalar privilegios. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 138) y Thunderbird (versi\u00f3n anterior a la 138)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915280", diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json new file mode 100644 index 00000000000..9b3cc3e5090 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4210.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4210", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-05-02T16:15:36.743", + "lastModified": "2025-05-02T16:15:36.743", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.812.0 is able to address this issue. The name of the patch is 3d12ac8dc2282369296c3386815c00a06c6a92fe. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + }, + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/casdoor/casdoor/commit/3d12ac8dc2282369296c3386815c00a06c6a92fe", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/casdoor/casdoor/releases/tag/v1.812.0", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.307180", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.307180", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.556201", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json b/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json index b02eed900de..3dba286db0e 100644 --- a/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json +++ b/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44192", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T18:15:47.597", - "lastModified": "2025-05-02T13:53:40.163", + "lastModified": "2025-05-02T17:15:51.680", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,11 +15,50 @@ "value": "SourceCodester Simple Barangay Management System v1.0 tiene una vulnerabilidad de inyecci\u00f3n SQL en /barangay_management/admin/?page=view_clearance." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://github.com/red-team00/bug_report/blob/main/simple-barangay-management-system/SQLi-1.md", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/red-team00/bug_report/blob/main/simple-barangay-management-system/SQLi-1.md", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json index bcbd229d63b..7b6eba71883 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44839", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.127", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.367", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro magicid. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/CloudSrvUserdataVersionCheck_magicid/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json index 2894c319580..5f4459db2a2 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44840", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.253", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.520", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro svn. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/CloudSrvUserdataVersionCheck_svn/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json index 9c0e0b1b675..5cbecd8a0be 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44841", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.360", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.667", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro de versi\u00f3n. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/CloudSrvUserdataVersionCheck_version/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json index a20ae6e29ce..d70d8b07eae 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44842", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.467", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.813", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Port. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/msg_process_Port/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json index 65bd55ff330..a53dd89a44a 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44843", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.583", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:34.960", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/CloudSrvUserdataVersionCheck_url/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json index 041eb726517..9db774d66e8 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44844", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.690", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.107", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUpgradeFW mediante el par\u00e1metro FileName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/setUpgradeFW/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json index 8cc537541f0..888798df98b 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44845", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.807", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.263", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n NTPSyncWithHost mediante el par\u00e1metro hostTime. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/NTPSyncWithHost/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json index 473d0a01512..031b08bdf0d 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44860", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.537", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.413", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Port. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA300-POE/msg_process_Port/readme.md", diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json index 5c1a1480f7f..5ed41b2c620 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json @@ -2,7 +2,7 @@ "id": "CVE-2025-44863", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.873", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.563", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA300-POE/msg_process_Url/readme.md", diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json new file mode 100644 index 00000000000..7b0b481b144 --- /dev/null +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45800.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-45800", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-02T17:15:52.423", + "lastModified": "2025-05-02T17:15:52.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setDeviceName-deviceMac-command.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json new file mode 100644 index 00000000000..73d56880c34 --- /dev/null +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46332.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-46332", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-02T17:15:52.947", + "lastModified": "2025-05-02T17:15:52.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vercel/flags/blob/main/packages/flags/guides/upgrade-to-v4.md", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vercel/flags/security/advisories/GHSA-892p-pqrr-hxqr", + "source": "security-advisories@github.com" + }, + { + "url": "https://vercel.com/changelog/information-disclosure-in-flags-sdk-cve-2025-46332", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46626.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46626.json index 884f868f2e9..ee121aa3602 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46626.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46626.json @@ -2,7 +2,7 @@ "id": "CVE-2025-46626", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T20:15:38.190", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.710", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La reutilizaci\u00f3n de una clave AES est\u00e1tica y un vector de inicializaci\u00f3n para el tr\u00e1fico cifrado hacia el servicio de gesti\u00f3n 'ate' del Tenda RX2 Pro 16.03.30.14 permite a un atacante descifrar, reproducir y/o falsificar el tr\u00e1fico hacia el servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], "references": [ { "url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46625-command-injection-through-setlancfg-in-httpd", diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46627.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46627.json index 3b8605726e6..71c1ea3fc32 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46627.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46627.json @@ -2,7 +2,7 @@ "id": "CVE-2025-46627", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T20:15:38.350", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:35.860", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "El uso de credenciales d\u00e9biles en el Tenda RX2 Pro 16.03.30.14 permite a un atacante no autenticado autenticarse en el servicio Telnet calculando la contrase\u00f1a root a partir de informaci\u00f3n del dispositivo f\u00e1cilmente obtenible. La contrase\u00f1a se basa en los dos \u00faltimos d\u00edgitos/octetos de la direcci\u00f3n MAC." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + } + ], "references": [ { "url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46627-calculated-os-root-password", diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46628.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46628.json index 425f82a3545..ba84b6de13d 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46628.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46628.json @@ -2,7 +2,7 @@ "id": "CVE-2025-46628", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T20:15:38.510", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:36.010", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La falta de validaci\u00f3n/depuraci\u00f3n de entrada en el servicio de gesti\u00f3n \"ate\" del Tenda RX2 Pro 16.03.30.14 permite que un atacante remoto no autorizado obtenga acceso root al dispositivo mediante el env\u00edo de un paquete UDP manipulado al servicio \"ate\" cuando este est\u00e1 habilitado. No se requiere autenticaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], "references": [ { "url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46628-command-injection-through-ifconfig-command-in-ate", diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46629.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46629.json index c0c790be07d..8b3a7a9498e 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46629.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46629.json @@ -2,7 +2,7 @@ "id": "CVE-2025-46629", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T20:15:38.660", - "lastModified": "2025-05-02T13:52:51.693", + "lastModified": "2025-05-02T16:15:36.160", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "La falta de controles de acceso en el binario de administraci\u00f3n 'ate' del Tenda RX2 Pro 16.03.30.14 permite que un atacante remoto no autenticado realice cambios de configuraci\u00f3n no autorizados para cualquier enrutador donde se haya habilitado 'ate' mediante el env\u00edo de un paquete UDP manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], "references": [ { "url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46629-lack-of-authentication-in-ate", diff --git a/README.md b/README.md index 9e4264984d7..aadfce587f3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-02T16:00:20.658717+00:00 +2025-05-02T18:00:19.871104+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-02T15:54:54.490000+00:00 +2025-05-02T17:56:25.510000+00:00 ``` ### Last Data Feed Release @@ -33,53 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -292300 +292416 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `116` -- [CVE-2025-1883](CVE-2025/CVE-2025-18xx/CVE-2025-1883.json) (`2025-05-02T15:15:48.317`) -- [CVE-2025-1884](CVE-2025/CVE-2025-18xx/CVE-2025-1884.json) (`2025-05-02T15:15:48.440`) -- [CVE-2025-37797](CVE-2025/CVE-2025-377xx/CVE-2025-37797.json) (`2025-05-02T15:15:48.557`) -- [CVE-2025-37798](CVE-2025/CVE-2025-377xx/CVE-2025-37798.json) (`2025-05-02T15:15:48.657`) -- [CVE-2025-3927](CVE-2025/CVE-2025-39xx/CVE-2025-3927.json) (`2025-05-02T15:15:49.017`) -- [CVE-2025-4166](CVE-2025/CVE-2025-41xx/CVE-2025-4166.json) (`2025-05-02T15:15:50.313`) -- [CVE-2025-44868](CVE-2025/CVE-2025-448xx/CVE-2025-44868.json) (`2025-05-02T15:15:49.123`) -- [CVE-2025-44872](CVE-2025/CVE-2025-448xx/CVE-2025-44872.json) (`2025-05-02T15:15:49.227`) -- [CVE-2025-44877](CVE-2025/CVE-2025-448xx/CVE-2025-44877.json) (`2025-05-02T15:15:49.323`) +- [CVE-2023-53124](CVE-2023/CVE-2023-531xx/CVE-2023-53124.json) (`2025-05-02T16:15:31.453`) +- [CVE-2023-53125](CVE-2023/CVE-2023-531xx/CVE-2023-53125.json) (`2025-05-02T16:15:31.547`) +- [CVE-2023-53126](CVE-2023/CVE-2023-531xx/CVE-2023-53126.json) (`2025-05-02T16:15:31.643`) +- [CVE-2023-53127](CVE-2023/CVE-2023-531xx/CVE-2023-53127.json) (`2025-05-02T16:15:31.730`) +- [CVE-2023-53128](CVE-2023/CVE-2023-531xx/CVE-2023-53128.json) (`2025-05-02T16:15:31.820`) +- [CVE-2023-53129](CVE-2023/CVE-2023-531xx/CVE-2023-53129.json) (`2025-05-02T16:15:31.907`) +- [CVE-2023-53130](CVE-2023/CVE-2023-531xx/CVE-2023-53130.json) (`2025-05-02T16:15:31.997`) +- [CVE-2023-53131](CVE-2023/CVE-2023-531xx/CVE-2023-53131.json) (`2025-05-02T16:15:32.087`) +- [CVE-2023-53132](CVE-2023/CVE-2023-531xx/CVE-2023-53132.json) (`2025-05-02T16:15:32.170`) +- [CVE-2023-53133](CVE-2023/CVE-2023-531xx/CVE-2023-53133.json) (`2025-05-02T16:15:32.260`) +- [CVE-2023-53134](CVE-2023/CVE-2023-531xx/CVE-2023-53134.json) (`2025-05-02T16:15:32.353`) +- [CVE-2023-53135](CVE-2023/CVE-2023-531xx/CVE-2023-53135.json) (`2025-05-02T16:15:32.447`) +- [CVE-2023-53136](CVE-2023/CVE-2023-531xx/CVE-2023-53136.json) (`2025-05-02T16:15:32.540`) +- [CVE-2023-53137](CVE-2023/CVE-2023-531xx/CVE-2023-53137.json) (`2025-05-02T16:15:32.633`) +- [CVE-2023-53138](CVE-2023/CVE-2023-531xx/CVE-2023-53138.json) (`2025-05-02T16:15:32.720`) +- [CVE-2023-53139](CVE-2023/CVE-2023-531xx/CVE-2023-53139.json) (`2025-05-02T16:15:32.817`) +- [CVE-2023-53140](CVE-2023/CVE-2023-531xx/CVE-2023-53140.json) (`2025-05-02T16:15:32.920`) +- [CVE-2023-53141](CVE-2023/CVE-2023-531xx/CVE-2023-53141.json) (`2025-05-02T16:15:33.023`) +- [CVE-2023-53142](CVE-2023/CVE-2023-531xx/CVE-2023-53142.json) (`2025-05-02T16:15:33.137`) +- [CVE-2023-53143](CVE-2023/CVE-2023-531xx/CVE-2023-53143.json) (`2025-05-02T16:15:33.240`) +- [CVE-2023-53144](CVE-2023/CVE-2023-531xx/CVE-2023-53144.json) (`2025-05-02T16:15:33.357`) +- [CVE-2025-3879](CVE-2025/CVE-2025-38xx/CVE-2025-3879.json) (`2025-05-02T17:15:51.273`) +- [CVE-2025-4210](CVE-2025/CVE-2025-42xx/CVE-2025-4210.json) (`2025-05-02T16:15:36.743`) +- [CVE-2025-45800](CVE-2025/CVE-2025-458xx/CVE-2025-45800.json) (`2025-05-02T17:15:52.423`) +- [CVE-2025-46332](CVE-2025/CVE-2025-463xx/CVE-2025-46332.json) (`2025-05-02T17:15:52.947`) ### CVEs modified in the last Commit -Recently modified CVEs: `52` +Recently modified CVEs: `43` -- [CVE-2024-52019](CVE-2024/CVE-2024-520xx/CVE-2024-52019.json) (`2025-05-02T15:39:38.770`) -- [CVE-2024-52020](CVE-2024/CVE-2024-520xx/CVE-2024-52020.json) (`2025-05-02T15:39:40.467`) -- [CVE-2024-52021](CVE-2024/CVE-2024-520xx/CVE-2024-52021.json) (`2025-05-02T15:39:42.457`) -- [CVE-2024-52028](CVE-2024/CVE-2024-520xx/CVE-2024-52028.json) (`2025-05-02T15:36:28.180`) -- [CVE-2024-52029](CVE-2024/CVE-2024-520xx/CVE-2024-52029.json) (`2025-05-02T15:36:25.380`) -- [CVE-2024-52030](CVE-2024/CVE-2024-520xx/CVE-2024-52030.json) (`2025-05-02T15:36:21.870`) -- [CVE-2025-25891](CVE-2025/CVE-2025-258xx/CVE-2025-25891.json) (`2025-05-02T15:46:16.683`) -- [CVE-2025-25892](CVE-2025/CVE-2025-258xx/CVE-2025-25892.json) (`2025-05-02T15:46:15.050`) -- [CVE-2025-25893](CVE-2025/CVE-2025-258xx/CVE-2025-25893.json) (`2025-05-02T15:46:13.270`) -- [CVE-2025-25894](CVE-2025/CVE-2025-258xx/CVE-2025-25894.json) (`2025-05-02T15:46:11.650`) -- [CVE-2025-25895](CVE-2025/CVE-2025-258xx/CVE-2025-25895.json) (`2025-05-02T15:46:08.903`) -- [CVE-2025-25896](CVE-2025/CVE-2025-258xx/CVE-2025-25896.json) (`2025-05-02T15:46:07.087`) -- [CVE-2025-28219](CVE-2025/CVE-2025-282xx/CVE-2025-28219.json) (`2025-05-02T15:41:20.993`) -- [CVE-2025-31324](CVE-2025/CVE-2025-313xx/CVE-2025-31324.json) (`2025-05-02T14:22:39.743`) -- [CVE-2025-32755](CVE-2025/CVE-2025-327xx/CVE-2025-32755.json) (`2025-05-02T15:54:54.490`) -- [CVE-2025-3514](CVE-2025/CVE-2025-35xx/CVE-2025-3514.json) (`2025-05-02T15:15:48.797`) -- [CVE-2025-3928](CVE-2025/CVE-2025-39xx/CVE-2025-3928.json) (`2025-05-02T14:15:28.413`) -- [CVE-2025-46568](CVE-2025/CVE-2025-465xx/CVE-2025-46568.json) (`2025-05-02T14:15:19.860`) -- [CVE-2025-46625](CVE-2025/CVE-2025-466xx/CVE-2025-46625.json) (`2025-05-02T14:15:19.957`) -- [CVE-2025-46630](CVE-2025/CVE-2025-466xx/CVE-2025-46630.json) (`2025-05-02T15:15:49.420`) -- [CVE-2025-46631](CVE-2025/CVE-2025-466xx/CVE-2025-46631.json) (`2025-05-02T15:15:49.560`) -- [CVE-2025-46632](CVE-2025/CVE-2025-466xx/CVE-2025-46632.json) (`2025-05-02T15:15:49.710`) -- [CVE-2025-46633](CVE-2025/CVE-2025-466xx/CVE-2025-46633.json) (`2025-05-02T15:15:49.853`) -- [CVE-2025-46634](CVE-2025/CVE-2025-466xx/CVE-2025-46634.json) (`2025-05-02T15:15:50.023`) -- [CVE-2025-46635](CVE-2025/CVE-2025-466xx/CVE-2025-46635.json) (`2025-05-02T15:15:50.167`) +- [CVE-2024-13108](CVE-2024/CVE-2024-131xx/CVE-2024-13108.json) (`2025-05-02T17:56:14.720`) +- [CVE-2024-45757](CVE-2024/CVE-2024-457xx/CVE-2024-45757.json) (`2025-05-02T17:15:48.803`) +- [CVE-2025-25740](CVE-2025/CVE-2025-257xx/CVE-2025-25740.json) (`2025-05-02T17:53:59.500`) +- [CVE-2025-25741](CVE-2025/CVE-2025-257xx/CVE-2025-25741.json) (`2025-05-02T17:54:01.000`) +- [CVE-2025-25745](CVE-2025/CVE-2025-257xx/CVE-2025-25745.json) (`2025-05-02T17:53:57.653`) +- [CVE-2025-3503](CVE-2025/CVE-2025-35xx/CVE-2025-3503.json) (`2025-05-02T16:15:33.967`) +- [CVE-2025-3513](CVE-2025/CVE-2025-35xx/CVE-2025-3513.json) (`2025-05-02T16:15:34.100`) +- [CVE-2025-3927](CVE-2025/CVE-2025-39xx/CVE-2025-3927.json) (`2025-05-02T16:15:34.273`) +- [CVE-2025-4082](CVE-2025/CVE-2025-40xx/CVE-2025-4082.json) (`2025-05-02T16:15:36.307`) +- [CVE-2025-4084](CVE-2025/CVE-2025-40xx/CVE-2025-4084.json) (`2025-05-02T16:15:36.460`) +- [CVE-2025-4085](CVE-2025/CVE-2025-40xx/CVE-2025-4085.json) (`2025-05-02T16:15:36.603`) +- [CVE-2025-44192](CVE-2025/CVE-2025-441xx/CVE-2025-44192.json) (`2025-05-02T17:15:51.680`) +- [CVE-2025-44839](CVE-2025/CVE-2025-448xx/CVE-2025-44839.json) (`2025-05-02T16:15:34.367`) +- [CVE-2025-44840](CVE-2025/CVE-2025-448xx/CVE-2025-44840.json) (`2025-05-02T16:15:34.520`) +- [CVE-2025-44841](CVE-2025/CVE-2025-448xx/CVE-2025-44841.json) (`2025-05-02T16:15:34.667`) +- [CVE-2025-44842](CVE-2025/CVE-2025-448xx/CVE-2025-44842.json) (`2025-05-02T16:15:34.813`) +- [CVE-2025-44843](CVE-2025/CVE-2025-448xx/CVE-2025-44843.json) (`2025-05-02T16:15:34.960`) +- [CVE-2025-44844](CVE-2025/CVE-2025-448xx/CVE-2025-44844.json) (`2025-05-02T16:15:35.107`) +- [CVE-2025-44845](CVE-2025/CVE-2025-448xx/CVE-2025-44845.json) (`2025-05-02T16:15:35.263`) +- [CVE-2025-44860](CVE-2025/CVE-2025-448xx/CVE-2025-44860.json) (`2025-05-02T16:15:35.413`) +- [CVE-2025-44863](CVE-2025/CVE-2025-448xx/CVE-2025-44863.json) (`2025-05-02T16:15:35.563`) +- [CVE-2025-46626](CVE-2025/CVE-2025-466xx/CVE-2025-46626.json) (`2025-05-02T16:15:35.710`) +- [CVE-2025-46627](CVE-2025/CVE-2025-466xx/CVE-2025-46627.json) (`2025-05-02T16:15:35.860`) +- [CVE-2025-46628](CVE-2025/CVE-2025-466xx/CVE-2025-46628.json) (`2025-05-02T16:15:36.010`) +- [CVE-2025-46629](CVE-2025/CVE-2025-466xx/CVE-2025-46629.json) (`2025-05-02T16:15:36.160`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 16d146309e7..a221692d36c 100644 --- a/_state.csv +++ b/_state.csv @@ -8532,7 +8532,7 @@ CVE-2004-0226,0,0,7dddf8bbcd1e84ea078215413f0015dc0082739582d4bb1d428c42b278e1bf CVE-2004-0227,0,0,cfd200fe7bda0c79e9d7c011091f34ce7309c4ba064518d7971b2ed0615833d4,2025-04-03T01:03:51.193000 CVE-2004-0228,0,0,154a5cf02ee0d9c1c5e6f91fcd4c5c0889262a68b8350fa3c873740eb8e5bec0,2025-04-03T01:03:51.193000 CVE-2004-0229,0,0,f01937948d16a31826fd55d5dd41445509d1108429f6067fdb93b08249ff1448,2025-04-03T01:03:51.193000 -CVE-2004-0230,0,0,4b79315f15b75cc38178d4d4f685813bf7fface3ebc5c7a68ad8a83ad2d7b0a4,2025-04-03T01:03:51.193000 +CVE-2004-0230,0,1,a2334f40086182d1e9650cba7163f8432521735c27ee29080969ae25ce8f4114,2025-05-02T16:40:41.530000 CVE-2004-0231,0,0,322a9104e182f6b94f1321d5b30b39d096ea353afe920712a34cde2684aa95da,2025-04-03T01:03:51.193000 CVE-2004-0232,0,0,ad0bf5edb19e1e552c0ad01c9dc51659cf66b3b603373f5bcb87bf35ea1ecaa6,2025-04-03T01:03:51.193000 CVE-2004-0233,0,0,8fa694ef379966c29cd91c3b048148d2d061934fe7e9ab2defabc090c4117dfb,2025-04-03T01:03:51.193000 @@ -84972,7 +84972,7 @@ CVE-2016-1581,0,0,a8afba923c2961e53cde618242aed6ac1406335ba1c422b1fb46c95bf350a4 CVE-2016-1582,0,0,efca6be797de1d7a4b29f43ad37f876348b358d9e434ace0e7f0a321c84604ba,2025-04-12T10:46:40.837000 CVE-2016-1583,0,0,b2b461af4def7a6d94ca798d3ae71dda0045fe8ad13e0daba9109b2a73b130bc,2025-04-12T10:46:40.837000 CVE-2016-1584,0,0,4ea25a77743e8d0ef78d39ecc77c0d65249c08e03c79edebad2ffdfae60169f2,2024-11-21T02:46:41.390000 -CVE-2016-1585,0,1,d64a24ac3b4f715c38371d09ac5f55302bb2f5c741a480f99b7b55357fd711fb,2025-05-02T14:12:14.837000 +CVE-2016-1585,0,0,d64a24ac3b4f715c38371d09ac5f55302bb2f5c741a480f99b7b55357fd711fb,2025-05-02T14:12:14.837000 CVE-2016-1586,0,0,65de76fdf9e6197817e956a8ed87f41f2176a7828099cb215e094de008972435,2024-11-21T02:46:41.607000 CVE-2016-1587,0,0,c2ab1fc152e340965cef168aa7c0cb34bf61bd1fb4883dbbff5836875d6af46b,2024-11-21T02:46:41.720000 CVE-2016-1588,0,0,3000aec08d986ccdc31409f33f9984696ad6b40faf49b686ebc69041975d9505,2023-11-07T02:29:58.313000 @@ -109649,7 +109649,7 @@ CVE-2017-9839,0,0,b1d229a0c7cccaa2e61f2f592d190615769132f4f78b41c17bd67892e93802 CVE-2017-9840,0,0,acfdd3cf09568ef00857cb9f50b5ad0c2ae0ec53077e50db62ce129ab1309e68,2025-04-20T01:37:25.860000 CVE-2017-9841,0,0,61a45dadf4354da71691bf4ec415db23bda12505b65fa157aef689d0ceb70ec7,2025-04-20T01:37:25.860000 CVE-2017-9843,0,0,de833fb2581c030f6340bd35d4385fcdf7d2dbaf0245855b8b61595ca412d40a,2025-04-20T01:37:25.860000 -CVE-2017-9844,0,1,8de8898bd9672ef26c8a2f7f4c54005bad15e06ca26d8b4831bc09018fbd1690,2025-05-02T15:25:18.377000 +CVE-2017-9844,0,0,8de8898bd9672ef26c8a2f7f4c54005bad15e06ca26d8b4831bc09018fbd1690,2025-05-02T15:25:18.377000 CVE-2017-9845,0,0,8defb7b14a8370cbca10560824015d4acc4e95a71f9d243c055eb8907c1d9c10,2025-04-20T01:37:25.860000 CVE-2017-9846,0,0,18c360708070f1a75b90cec0ed1c0401c16d22233dc81faed29e21e22955f0d1,2025-04-20T01:37:25.860000 CVE-2017-9847,0,0,b3f86f1328e6a7ba6c47ae4802016ce7db9c3fa4fc53ab08a49cc84dbd8b5d77,2025-04-20T01:37:25.860000 @@ -153145,7 +153145,7 @@ CVE-2020-2141,0,0,a2ce4cfc8d83ff00e23f6c9719e321d7030412979b37981a1f5edd97ebc247 CVE-2020-2142,0,0,71f181a129cb616d1901f9a82a7a971c490c947ba679c3a6e7fd5a99b8834b24,2024-11-21T05:24:46.440000 CVE-2020-21426,0,0,5af3493a9678386c3c7f016df5d70aa675f49e259e61782d7dc31134ff6bee2a,2024-11-21T05:12:34.370000 CVE-2020-21427,0,0,27f34b4fd03445fbe9c7463665e80d82231015179adaa3731e02252d1e7c680b,2024-11-21T05:12:34.520000 -CVE-2020-21428,0,0,7c7c3012b0ba6aca6f889f0969a840fcf7f1f83a7e6af762d4fa2ce3cb5a6dcc,2024-11-21T05:12:34.680000 +CVE-2020-21428,0,1,17470f14cac87f1a279eea106c6b7f3916fe0d59a8386ccc9e2d6d3ca4ba9874,2025-05-02T16:15:21.390000 CVE-2020-2143,0,0,cd6ac2294470db52cc3e9f73e6f3a22c99ccedb6c610adf51813cd4e51fde8ad,2024-11-21T05:24:46.623000 CVE-2020-21431,0,0,86d6763191a50d165cbdc60694040bd2bb2a8475944c289c8b1af0175a08fb8a,2024-11-21T05:12:34.827000 CVE-2020-21434,0,0,2b29b3b77d95cf61cafced934da452a02a976cf44787004f9b350be7787165ff,2024-11-21T05:12:34.977000 @@ -193887,7 +193887,7 @@ CVE-2022-24305,0,0,9026f99b8e2720e0329eb981bd144ca46912d1ff53a76187534acfd923496 CVE-2022-24306,0,0,041554dce03a21fba4ab9596c8248199ee86f7e79866bc3e37a100712bbccdf6,2024-11-21T06:50:08.260000 CVE-2022-24307,0,0,69ad28fd60ab4d6aac4722a6d8de5569f22cb5c09aca727eca77158847abebfc,2024-11-21T06:50:08.400000 CVE-2022-24308,0,0,854ff5ef46265e4c0837068083a6284417eed3f26df139166fcc06a8eb2c8cef,2024-11-21T06:50:08.530000 -CVE-2022-24309,0,1,64a9f124eb79343c74e80e8c3bc5548ca1692a2416b8bffe66f0e82bc25da44a,2025-05-02T14:12:44.273000 +CVE-2022-24309,0,0,64a9f124eb79343c74e80e8c3bc5548ca1692a2416b8bffe66f0e82bc25da44a,2025-05-02T14:12:44.273000 CVE-2022-2431,0,0,4f359940fa270b61bdfa977fd813c1df64be8386d16fa8ec25a095fde08f3b97,2025-03-21T16:07:09.227000 CVE-2022-24310,0,0,d36379c362d121627e8434e68fbf543ed2360824f8a2666e55bb3f9534c5d27c,2024-11-21T06:50:08.793000 CVE-2022-24311,0,0,d6934e788423b1918a09dde7b2f85acd1c9a9e8e137049e9daca513894f9d806,2024-11-21T06:50:08.897000 @@ -204715,7 +204715,7 @@ CVE-2022-37429,0,0,c27d50cba078fda51159c2ec5c9d29f4a965f7e1b4f139446dccefe0c7eb2 CVE-2022-3743,0,0,8e9153fa0e9a6ddc63825139b3c7fb2451dabd6415df820ae8b7b2a041f1fc9e,2024-11-21T07:20:09.327000 CVE-2022-37430,0,0,39befd1a152e11c408a65c015280bfa9197747e1c8fe16b0bf0258638f79dc1a,2025-04-25T21:15:33.237000 CVE-2022-37431,0,0,288eb7c15a50de8385b06ad21a7c09009c78a5fc4f3b772d7147496f88a36d4c,2024-11-21T07:14:58.917000 -CVE-2022-37434,0,0,7e9d4507813341bae6a1d234897faa8d825eaf192793876cea776670edba8ae6,2024-11-21T07:14:59.070000 +CVE-2022-37434,0,1,4d9f42d34e68c55077685a06349aa21f03d6be257b8e9e241d939daf3ee0b874,2025-05-02T17:15:46.653000 CVE-2022-37435,0,0,f7f764d395db1059f1fefb777df38872ab6d3d6be767094d1c1d4dedea985c9d,2024-11-21T07:14:59.333000 CVE-2022-37436,0,0,d85b523f8c6e70658caf9882c99b99d4fa8216774155f02557163209e184e083,2025-04-04T18:15:42.127000 CVE-2022-37437,0,0,726e8ca933c62fc8a503ff4c253a97f2294b39523c1ea595af02bb42e1ef4e32,2024-11-21T07:14:59.620000 @@ -204769,7 +204769,7 @@ CVE-2022-37614,0,0,c3e8d399413541287625bf76e16c6f198be73b8a4ef0280687f4636fd9c91 CVE-2022-37616,0,0,9fb82a71c6346fae8e09383e86759101e3d762f5adb7467b9234a9ac6e38c6ad,2024-11-21T07:15:03.297000 CVE-2022-37617,0,0,a9832226abcb13512b3fbd4b47827899ac2094aebb9c293ae6456ae7752abc1b,2024-11-21T07:15:03.490000 CVE-2022-3762,0,0,36ecff47d441eb5342a5789a4073d9c542411a6e19335a22295ca559e6e2d286,2025-04-30T16:15:25.697000 -CVE-2022-37620,0,0,dc98dbca3ecb07883511f177552fed0a966a1401267a7d24c0489a01fabd1b9c,2024-11-21T07:15:03.663000 +CVE-2022-37620,0,1,6e9da80a9cfd1895e38ef50a2a5e2732366a34f2728763c634c82c4a93c715c2,2025-05-02T17:34:45.170000 CVE-2022-37621,0,0,b9370f6a7124ad31da7c670d76c6329679a9117e1cb131480706ef1d2d84ebc1,2024-11-21T07:15:03.860000 CVE-2022-37623,0,0,731aca8f5504dd4f3e691a7a2170cc40f767df3ca9aa301347d244f078cf6e41,2024-11-21T07:15:04.020000 CVE-2022-3763,0,0,d63559d4ec8308a4c26065bd6010b775b534980f7fa845f56ae956975c6dc29c,2025-04-30T16:15:25.897000 @@ -204906,8 +204906,8 @@ CVE-2022-37899,0,0,599f8406e1952815f06fe7133abac61724b2ea2e1594bb88f7724c9185f0a CVE-2022-3790,0,0,dfc8bd8f5ef8095fa0489ebd7214fc95662b0c8e024041c199385539a0f531ca,2023-11-07T03:51:48.363000 CVE-2022-37900,0,0,d6564090f7aa559240046b021105dfad0db5a25d35dd8a8231f0f26cc6d91e79,2025-05-01T15:15:55.493000 CVE-2022-37901,0,0,699e11c4917d2437869712683ad7c04b33a656e3251e12586e11a29bbbf2a36f,2024-11-21T07:15:20.683000 -CVE-2022-37902,0,1,e38314163fc0837c4e629220563fa2987be7088280578a9e701da26ef0d91fb1,2025-05-02T14:15:18.640000 -CVE-2022-37903,0,1,6c3a75e8beaad5beb4388d8901bf48fece32337df82455393c89b4be7eb70c0a,2025-05-02T15:15:46.230000 +CVE-2022-37902,0,0,e38314163fc0837c4e629220563fa2987be7088280578a9e701da26ef0d91fb1,2025-05-02T14:15:18.640000 +CVE-2022-37903,0,0,6c3a75e8beaad5beb4388d8901bf48fece32337df82455393c89b4be7eb70c0a,2025-05-02T15:15:46.230000 CVE-2022-37904,0,0,9e655056e7a9a07b858d558e31543d2e9bff10ca7e6669cef140ff1caedb1d21,2024-11-21T07:15:21.130000 CVE-2022-37905,0,0,e164839b67b0494749a396c217a8e6546e6b006492f6c07f09e5d9d51885d8e6,2024-11-21T07:15:21.260000 CVE-2022-37906,0,0,b54bd31f94bfc93bb7c2ba20bcb033d9cb468496280128ba2b59d5ae504cb313,2024-11-21T07:15:21.393000 @@ -204917,7 +204917,7 @@ CVE-2022-37909,0,0,3d94c317c88f5d0dd1702519c3daf832b34eb346a8d315437ca1233f1882d CVE-2022-3791,0,0,479b51447ce3a364e4029588993b854b21466c2213b7415469124710da8210ef,2023-11-07T03:51:48.403000 CVE-2022-37910,0,0,754f8eaa4c653d0cbb8f7eabafce5d9de65d7967932171f7f2cd36c9c52229f5,2024-11-21T07:15:21.910000 CVE-2022-37911,0,0,ba1476bca2b1106b7490adfa421b2d7549a131def2afeba7487796dbe72db95d,2024-11-21T07:15:22.033000 -CVE-2022-37912,0,1,5d0f9710865bb980b79b9108860cdf5a7f9f81fe32c308d038a4a58b34b9a43d,2025-05-02T15:15:47.160000 +CVE-2022-37912,0,0,5d0f9710865bb980b79b9108860cdf5a7f9f81fe32c308d038a4a58b34b9a43d,2025-05-02T15:15:47.160000 CVE-2022-37913,0,0,57f629a62a2a1bccb5f22f2d4b25835c1934ef9e50d39cbd2d11afec280e0e6e,2024-11-21T07:15:22.273000 CVE-2022-37914,0,0,b5d4fd16adf9b7d99191a625229a7fd3f6059a75274239034817da6748474130,2024-11-21T07:15:22.400000 CVE-2022-37915,0,0,4a411a033f2a9fdc8d0693f8843dd8e5685ed3516246936e5e1d9df1f7ef095f,2024-11-21T07:15:22.523000 @@ -209039,7 +209039,7 @@ CVE-2022-43221,0,0,f6392de47b9f494798f20f26803f27b2e4e81ab6623aa8275928b04318126 CVE-2022-43222,0,0,747c2c9fdc6758ce3c1f4e2e9419426a42913b25dec657dcb36b228f1b1cadaa,2024-11-21T07:26:04.127000 CVE-2022-43223,0,0,805974db31f60824f00598f9d27c72c6fecc31f87cad6cfc6b202c3ed0ab0bc1,2024-11-21T07:26:04.280000 CVE-2022-43226,0,0,a1c353ab0d2b56858c39491327073bf1ea203a73c4c276808776443a0999fcd6,2024-11-21T07:26:04.430000 -CVE-2022-43227,0,0,99b9e946794c427ffaa18d8bcfdd4be7f9e28ac63d2c6b581dc56232ec07416c,2024-11-21T07:26:04.617000 +CVE-2022-43227,0,1,f07bfc3b02e36d932f5c8cee69b2a689e6dd926d21369184c365d298778848d7,2025-05-02T16:15:21.887000 CVE-2022-43228,0,0,b9185d76c306eaa2fedea534050ad7bf3b35956f94634fa0b636321b47fa59d6,2024-11-21T07:26:04.783000 CVE-2022-43229,0,0,975e5ee2ffbfad4c5732c3bb17fa2dda5f0d6a89195e5835ac37c141b8c42ee7,2024-11-21T07:26:04.933000 CVE-2022-4323,0,0,f3be28e71ce65928b3a65fca5c3f86ece0ba691d8c76bb061324f0692c1ade8e,2025-04-02T15:15:49.673000 @@ -214221,6 +214221,8 @@ CVE-2022-49928,0,0,a2ffbda582379f26d537865d6daa8de980b0b9724e3a101cd1f94d54150b4 CVE-2022-49929,0,0,9405a7ff0b9c9a95fc9857cbd888f6cdc87000d222e5f4717654bef39dd6ffb5,2025-05-02T13:52:51.693000 CVE-2022-49930,0,0,8f60c24d65fe492c4a72bc37ee3d8f11b17ab1d8959848f8358029db340f4e4b,2025-05-02T13:52:51.693000 CVE-2022-49931,0,0,8211853d3306b6092a33802cfe2e5f1cfc4ea619715ada4aa94f3cd718a836df,2025-05-02T13:52:51.693000 +CVE-2022-49932,1,1,bb903afc250194024b6dd177c47f0de61e28bed8f7ac60bd7a29ee972928282b,2025-05-02T16:15:22.070000 +CVE-2022-49933,1,1,dec9123f751ca4b30e1815cf3802764ff034e724743f3943318caa25f0f9cb15,2025-05-02T16:15:22.163000 CVE-2023-0001,0,0,2dfbf6dbe59b530ec18f5af443ba14cd4d2a5b201d3a1ffcc25574a8da444091,2024-11-21T07:36:22.050000 CVE-2023-0002,0,0,d4360529168fea353efb6226181fd2ab0e85944e3049df689718cf07491ef7ac,2024-11-21T07:36:22.187000 CVE-2023-0003,0,0,e9130921c34a8d1b2e06e89be0ccfee8f78c6c04b42ac1af0311d8e1a3808a43,2025-02-13T17:15:52.570000 @@ -228654,7 +228656,7 @@ CVE-2023-35667,0,0,4da2691c8f78c1dfabb29541d5e545a7b92cc6630ce63989b8841686af957 CVE-2023-35668,0,0,ef20bf87ffad8bb2bf38b9dcc93fb7c24004d5152373a727f6295f75487ae096,2024-11-21T08:08:28.433000 CVE-2023-35669,0,0,2c887eb5af2bed4cb98e8fd3c7a6c03f059508eafe0245298747146f28dd31f0,2024-11-21T08:08:28.553000 CVE-2023-3567,0,0,5a1746b855d22f3bc6770c426b1bc9a187c738d6a1c14eeb7ccfd2f336b03c1c,2024-11-21T08:17:33.767000 -CVE-2023-35670,0,0,38494d55df7fcb1cd50e396b84188fbbbbb79aeb1bb20c46d39f680826b3fe15,2024-11-21T08:08:28.667000 +CVE-2023-35670,0,1,abf658a30f03f1f7bdbc45cf7ef9bd4f02c55f58d98752e7318fed1119164dfd,2025-05-02T17:15:47.687000 CVE-2023-35671,0,0,2c8339e5588b591eed92ded4f828b3d05b1e6303493784f34dbc335b2b14a7e7,2024-11-21T08:08:28.797000 CVE-2023-35673,0,0,8def3629a98a95d2af28794c62a9db710c67f5ee2b495d5869075b9e4f1d720e,2024-11-21T08:08:28.923000 CVE-2023-35674,0,0,a1022b87b8618552c684113a438b1c94efe6e352c747b4eb316fd9df24c62f28,2024-12-20T17:39:49.327000 @@ -232532,7 +232534,7 @@ CVE-2023-40355,0,0,86a32c63b27653c6b22e1b8e00b1f9f79652dbe38b49c3a63017450f2e1aa CVE-2023-40356,0,0,57669322ea7a666ae9c72db84e8f8492543af4d3b1efe73afca011c5ee9aa481,2024-11-21T08:19:17.447000 CVE-2023-40357,0,0,ffbeff8f1f151b26063079fe1f19cb87ce4b08bc5baf3b8bc513edfb69f3761b,2024-11-21T08:19:17.597000 CVE-2023-40359,0,0,3706a99e23b8e2a13d46fc8f1040aa42206e82f778da030f0968abaceeb5b5dd,2024-11-21T08:19:17.800000 -CVE-2023-4036,0,0,2995ae3b39f4ce7fbc2e3fd25667e0e1d125b61a65e3b2fcdb86017075720305,2024-11-21T08:34:16.370000 +CVE-2023-4036,0,1,e1810705a06f87093e10f706b1b62f376ef035ddad6e804f2e304d61c2b36bb0,2025-05-02T16:15:22.460000 CVE-2023-40360,0,0,69c2297ccb1ab11cf923381345d0876292bdc8bc644f6635b741bcc66e626dbb,2024-11-21T08:19:17.953000 CVE-2023-40361,0,0,0dd3214c0a9e348b5a0834af5c47e65b231daad7c6a37f6b466b34e3079a9585,2024-11-21T08:19:18.110000 CVE-2023-40362,0,0,f7abc7ad69c91ad8df3e4b13a9642d091e4bfd50d0987385f2c52a6f47ce7fd0,2024-11-21T08:19:18.263000 @@ -234350,7 +234352,7 @@ CVE-2023-42696,0,0,15b6169bb0ca9b84230a06ce9893a841e28c14b847fc8bc2f4f8c162023a7 CVE-2023-42697,0,0,8ac1cda484b52fce4a7014be5bdb1b9e4e5be7e0d9a21203e53ef5ffb937eb8e,2024-11-21T08:22:59.060000 CVE-2023-42698,0,0,3a2b32d17cc0fea8dac6b3a718f557abf1f30faa88966f951d9999ed8ce62910,2024-11-21T08:22:59.173000 CVE-2023-42699,0,0,ba2a9e94a73a04b84a9f5e17aae5f989f2f7fce524f98768f254d3a0c451fc01,2024-11-21T08:22:59.293000 -CVE-2023-4270,0,0,dcf352a03e4c342494717ac383e77e04b869674981a568d829488fd7f0d4ded0,2024-11-21T08:34:45.630000 +CVE-2023-4270,0,1,6ed7cf32478d550ccf86ed572e825f074247e0397c5bf50f772b40079cf6ef0d,2025-05-02T17:15:48.010000 CVE-2023-42700,0,0,9f7f00686c9c8d0aea211b4502ab6f46feef608127cb8f551b02911151b7678b,2024-11-21T08:22:59.407000 CVE-2023-42701,0,0,531c57b2a0b1b53f7582fbbd5bc06b6ad13cfed15ecb359fc1933e47132703c6,2024-11-21T08:22:59.523000 CVE-2023-42702,0,0,b41cc2ff0ad313a9d2c833b82a19f3fb4f7068ee052801c28b10c98fb4326d6c,2024-11-21T08:22:59.650000 @@ -234872,7 +234874,7 @@ CVE-2023-43492,0,0,7a7e359e002bd992e2c5ca74393c2e0ff956ea07b2444a5288d843fcba911 CVE-2023-43493,0,0,ce24f1bb4356303e4e35b3a9813725be585e97951713f251a2192638265ce2ae,2025-02-20T18:34:50.990000 CVE-2023-43494,0,0,b143555b57f154e4dc948e48eaba7f7a208774cc09626bcf0c4bbaf9566a3d47,2024-11-21T08:24:09.237000 CVE-2023-43495,0,0,ad9a36dcdebd80b7326e0f7a06320c01e45cfffe1adbc65a5de4c27956532575,2024-11-21T08:24:09.377000 -CVE-2023-43496,0,0,ffe1ef005f7babcd075672e6ee2de0ac82e9c4688be7aaf1d6612b5d6c21a3c0,2024-11-21T08:24:09.497000 +CVE-2023-43496,0,1,1cbc3a444ca4574728604fd340fbcc2e51c158103c5d174f6535bf8e7176138c,2025-05-02T16:15:22.290000 CVE-2023-43497,0,0,641c918f8e6712e26112e36de89d689aa9789dd13121a20cb3de0e4de734cda9,2024-11-21T08:24:09.610000 CVE-2023-43498,0,0,ff1edb3adef389a731a4f4cfb8ef43da34e1cda3cd6557c3bc700fae751f1db7,2024-11-21T08:24:09.730000 CVE-2023-43499,0,0,cf294bab171a799e8ee3e00212f8480a05c15d9798a2b239fd13034c48595af7,2024-11-21T08:24:09.850000 @@ -235405,7 +235407,7 @@ CVE-2023-4418,0,0,4fc4a18957f7fa2e9ba727b6ee61eeb560ea423901f0ca91ed56f5ea837761 CVE-2023-44181,0,0,7aa8c8da7145a135d0c824bbb3f2acd92ed443c72da94d79d32f30c029c2bd0a,2024-11-21T08:25:23 CVE-2023-44182,0,0,cf9ba2f518bcd13f05016fa87c24eaa8e7aa0fd9c89258a854682d8da721b4bd,2024-11-21T08:25:23.180000 CVE-2023-44183,0,0,f5596e86c069b4ee081b07ed9a26a95f3daefef59e43937a22528172b0af8c03,2024-11-21T08:25:23.323000 -CVE-2023-44184,0,0,e00b8dbc78ecd9c6aee45d73252d91832a0d0d5c9f6a841f783c6cdf46fa7f99,2024-11-21T08:25:23.523000 +CVE-2023-44184,0,1,5cb285dc1a5563fabb095f759272cca27de5a47681d5c4d8120a922847fdfb59,2025-05-02T16:12:56.360000 CVE-2023-44185,0,0,d0e7f6b176599ced2c6989f69fd33f03402c99ba62c35855724ce2fe8dc54e7a,2024-11-21T08:25:23.680000 CVE-2023-44186,0,0,0fd46ea81998eecf44ec530e612e5a2ff07d56a0e590e9fe9011b29312975a7c,2024-11-21T08:25:23.820000 CVE-2023-44187,0,0,8a130cc34373ffb69f4be9d73fe35f837d7cecf9319e9bcc3b72fb00c9d7a584,2024-11-21T08:25:23.983000 @@ -235425,7 +235427,7 @@ CVE-2023-44199,0,0,db50d9c01a02c534de5eca2747cab00749ae4b110c1e39da682ec1a15ec35 CVE-2023-4420,0,0,088d1d5461f1eee26f66b8a410799e2326735720890fab7c62fdb22f0460a457,2024-11-21T08:35:06.670000 CVE-2023-44201,0,0,8ac74c4071399324e73035fc5f350da8eed1f85f9905f1102fae983f5e1e3f0a,2024-11-21T08:25:25.863000 CVE-2023-44203,0,0,3eca2c5d9c903a6280cf0726a70bac7e9bd56c8f1b9a0eecb72410acd3b1cf21,2024-11-21T08:25:26.010000 -CVE-2023-44204,0,0,8a9cf5d1270549affb74aff2e110a7e8d323c1afac565ec850e7a4ae27bca29f,2024-11-21T08:25:26.153000 +CVE-2023-44204,0,1,60c0bba70d81c6d491b1872d74deca3b1b56ee8049bc6777f2a109268e7ff62c,2025-05-02T16:13:00.257000 CVE-2023-44205,0,0,85f3c10c8b1d01d6c9d704e515718276c847cfe40ba48629e62490fe6039bfc8,2024-11-21T08:25:26.293000 CVE-2023-44206,0,0,0a14afe8ff75d7baaf3e88e9a9ac88aa4896fc490f594b726f055f84dd20e7e2,2024-11-21T08:25:26.413000 CVE-2023-44207,0,0,69ef57e0887bf9c92c576a12ece8d3dbb3d75fe2e1ff8e05a1281ef0602f62bc,2024-11-21T08:25:26.543000 @@ -235443,7 +235445,7 @@ CVE-2023-44218,0,0,512e53d158bd4e2e4aaef07fbb365024641897b035b319eede239cce85b8d CVE-2023-44219,0,0,0a89cbc465c7cd80254e1e9ef524a8493909fc0be2c210ccb6b45d49461b2b30,2024-11-21T08:25:28.013000 CVE-2023-4422,0,0,50568c734ed78011a7c7fd778f417a694d05f90bcfc624af72b7c31a3801f95e,2024-11-21T08:35:06.970000 CVE-2023-44220,0,0,6f084371456785eba1f55fa3cc856ca6fe2c3952a3aa42fc7a7750e35f2a9933,2024-11-21T08:25:28.140000 -CVE-2023-44221,0,1,a371dca15ce1f0298309ed22a3cf19f9c52a3ff4e0f6e188c2875aa94f5b02d4,2025-05-02T14:15:47.227000 +CVE-2023-44221,0,0,a371dca15ce1f0298309ed22a3cf19f9c52a3ff4e0f6e188c2875aa94f5b02d4,2025-05-02T14:15:47.227000 CVE-2023-44227,0,0,9854ce7cdfbcc7426ad5f1eb735bda8183053df8bba2d829f2c6eafd211cceed,2024-11-21T08:25:28.377000 CVE-2023-44228,0,0,11dc446558d3dbb6d54abc198b7c2bc745db6f1a08db16a33edf388235a93b81,2024-11-21T08:25:28.487000 CVE-2023-44229,0,0,a71f4409b9f189249daf7757f7bb5353bd39eabefc298d360a0c7c0cd3e80000,2024-11-21T08:25:28.610000 @@ -235850,7 +235852,7 @@ CVE-2023-45016,0,0,c98709ef5d4df30b8f41e0ae4816738bd53fe7ed511739bb751640c4b1dae CVE-2023-45017,0,0,65e43eb5c20215dbd8113ce9610636bdf9d663f68632a4e6e9ea172ebce7e090,2024-01-02T19:15:10.937000 CVE-2023-45018,0,0,3efb65096b9dfff59a630560c7678d253efd1365fe6c13c3f205afae59c90b87,2024-11-21T08:26:14.410000 CVE-2023-45019,0,0,1aa010d2614bd99a8193c0ac084d25a381ace81f214513408f709a9fe535efcc,2024-11-21T08:26:14.530000 -CVE-2023-4502,0,0,d51bad6d3f643293c18b9929d20aac77ddd8ae831b82dcbdd761ea24837de551,2024-11-21T08:35:18.183000 +CVE-2023-4502,0,1,d0e7909443c6b06f6c4e11361b297e139171344e3ffb02f54099ce8be0a8335c,2025-05-02T17:15:48.200000 CVE-2023-45024,0,0,0e8dacc6c517243308079afc11d33728486f98de29c6eae45e9e90b1dfd30337,2024-11-21T08:26:14.663000 CVE-2023-45025,0,0,23d8976f4ab93f4d9dd45bad94ec1ae6cd72381adcee31691b996707ebaa99b9,2024-11-21T08:26:14.890000 CVE-2023-45026,0,0,5fba1291bd1469dfe192b999d52fbdb052f823e54c7d904dfa9dfccb94a65c5b,2024-11-21T08:26:15.040000 @@ -241975,17 +241977,127 @@ CVE-2023-53031,0,0,451f86f2688662f26c32d2314d26df257466645907dd1d2b936cba64435fc CVE-2023-53032,0,0,93ff98cea1dccacd110dbd1baf1362d079a1c6c42ed51d528b776f30ae2b7a78,2025-03-28T18:11:40.180000 CVE-2023-53033,0,0,8d057d9c44ce98261c228cb81506be1f3f8f50bb5bf9b573d71aa33383f2883c,2025-03-28T18:11:40.180000 CVE-2023-53034,0,0,874b21dc5d8893263c686e1d99ac0a563054392f5a4c1376cb4d7e9316ea3a18,2025-04-17T20:22:16.240000 +CVE-2023-53035,1,1,be3cdce0318c29e10a84d40ede413e707c8f7051d4efcdc49cb3418bd42fd576,2025-05-02T16:15:22.627000 +CVE-2023-53036,1,1,a5d6467f55f9fa2ed954ba63917c41aef8e1b3cad0944ed69c4f95688f8c4b34,2025-05-02T16:15:22.733000 +CVE-2023-53037,1,1,692b16aa8928b326850f13eaad11f5f97bbef107bbef0973076d9aff8c25c33a,2025-05-02T16:15:22.827000 +CVE-2023-53038,1,1,d581a437b83cafae4328638437c2be2ea4bab2144f632371f8de19402291a426,2025-05-02T16:15:22.920000 +CVE-2023-53039,1,1,bc828bcab6752984c39c74d6879182192d521ac307c9e40a6e4ccb4e1cedc0ce,2025-05-02T16:15:23.017000 CVE-2023-5304,0,0,0c927516ecfa012da696090d08f4ca4cc85e3e04790de8eb26a492ef0f0f359a,2024-11-21T08:41:29.560000 +CVE-2023-53040,1,1,7a0bfb3930e6424a747c08d1a54db3a599695206cdde4ffdb4a7519537f295c7,2025-05-02T16:15:23.113000 +CVE-2023-53041,1,1,83233f618dc9f67a57cb93a0bdea91347777428e4f123f7c4dac21d607a4509c,2025-05-02T16:15:23.220000 +CVE-2023-53042,1,1,e7e0a49411522c98b1fc775996db94cd5539862d76ad54b0c0906affdd2e897d,2025-05-02T16:15:23.320000 +CVE-2023-53043,1,1,c135bc521a949c898ee362c38a03c11330012addce55bc00aba2c2d624903638,2025-05-02T16:15:23.400000 +CVE-2023-53044,1,1,255603bebf2888c0edbe16307d6846a660bc5cd5d66ff947c2b0cfb8d4b4ca1a,2025-05-02T16:15:23.490000 +CVE-2023-53045,1,1,bc6e0e69872635edd1aeff9c5104dc4b5d16c9598bc7ff04f0c3330359da1aa6,2025-05-02T16:15:23.590000 +CVE-2023-53046,1,1,6042fdedb56da5cc18cc7643e7e1d0c53e0282033a3a5b871d7dd4b6810a0c38,2025-05-02T16:15:23.697000 +CVE-2023-53047,1,1,d6d1d45ddf42ea94ee9cc9c4b1b010ef825069a7711f50b7e807406376b3ab93,2025-05-02T16:15:23.790000 +CVE-2023-53048,1,1,310046153300be419ae3dca992a8e32d7c93ee171298d3d0c24b818ddb6ee504,2025-05-02T16:15:23.897000 +CVE-2023-53049,1,1,75e8ad3b060da7bdb96d11e5ed8ffba3082180b037330ae45a994e10608b3d54,2025-05-02T16:15:23.990000 CVE-2023-5305,0,0,a8016335a5ce7a2f26964ae5271ac31340d697aa75d3cef2db4225bce24964b6,2024-11-21T08:41:29.717000 +CVE-2023-53050,1,1,b6d29fd920e9c115b53d505704b3d671d66b4722015e5b71c22d6b15b244edb3,2025-05-02T16:15:24.093000 +CVE-2023-53051,1,1,cfc6a7edc7670cda5eee4c296cc5972fa927c0ecdd50b4ab50780796911a6927,2025-05-02T16:15:24.180000 +CVE-2023-53052,1,1,b83d4056fb9b2a6425dc990572b855bd6c714fa41d8c0d9baa1c4a26ddd6ce09,2025-05-02T16:15:24.283000 +CVE-2023-53053,1,1,93465d2b47a8a6965f6e64ff73a2f61a4832639c3a4592e12ba72d5f27483c14,2025-05-02T16:15:24.373000 +CVE-2023-53054,1,1,5db56d382a8952579025454e2edc635f43a8332acbb66ad274a96e458fe9ded4,2025-05-02T16:15:24.483000 +CVE-2023-53055,1,1,b0e6fc68a0453469c4fa08f60092f0998abeb8a1995108f07f0e57c53d728355,2025-05-02T16:15:24.590000 +CVE-2023-53056,1,1,2506dd21ae6f99d0cd19252444fd0c810625db98c2b78993565628bb50da483c,2025-05-02T16:15:24.680000 +CVE-2023-53057,1,1,4ff78c7658ffda2ad7ecd04d3c11c4f48189f7012857e1c6ed58c188415a9e01,2025-05-02T16:15:24.773000 +CVE-2023-53058,1,1,c8f079e069f47aab396a1002f398c5b8636df1b942ca928c5e7ca1ddbba31326,2025-05-02T16:15:24.867000 +CVE-2023-53059,1,1,ed8cc15db876db0123aa44f7ceec3d63106a80c024bc7f7379d227867c8c7ee5,2025-05-02T16:15:24.963000 CVE-2023-5306,0,0,476b3821b61b469afa7b1ea84617d24f0cc2f50c242f49afe4eefd5e4bb959a9,2024-01-02T16:15:12.483000 +CVE-2023-53060,1,1,685b4f8f1eac1145402c6cbabe4a0a5a71246a33d7ebdd5c334e31828cb5436b,2025-05-02T16:15:25.060000 +CVE-2023-53061,1,1,7c4501ec9bbe60776d54bba578b104b73e75b42a5acfbfb1067a7d6c3983d9c9,2025-05-02T16:15:25.163000 +CVE-2023-53062,1,1,56726ffe7fc3c9e23f0bc1acad38dfbfcb229816e64149151de55099fb1f19aa,2025-05-02T16:15:25.257000 +CVE-2023-53063,1,1,4a8a904bf623834a575e279751775a4dee9b45007c5089de3cdce0b8727e967b,2025-05-02T16:15:25.377000 +CVE-2023-53064,1,1,cc1ae0f6e65507322d7159012d215f94836fc91c6d336d9be77b13b8143da1e0,2025-05-02T16:15:25.480000 +CVE-2023-53065,1,1,ea168550e51a22c38490e015ad3d131c0c38b73642a7f67d07ec3b307bdcd53f,2025-05-02T16:15:25.580000 +CVE-2023-53066,1,1,454d4c849f27001dc4539b6e7bc553afc9752f4bb2a1da60b9ae75f357146437,2025-05-02T16:15:25.673000 +CVE-2023-53067,1,1,a2f4e6b5ed99fd69d01a1a93c633b35fb3c941b71b9af91f923769ddcce5701e,2025-05-02T16:15:25.777000 +CVE-2023-53068,1,1,626a1528627c1d203193f7e53e0775b1630f05899db42e10880c2582485fa53c,2025-05-02T16:15:25.870000 +CVE-2023-53069,1,1,8a735bb6765e3850853456ad66b20a9520d9c431f6f8895ce348674ae074b7eb,2025-05-02T16:15:25.960000 CVE-2023-5307,0,0,70a4fc05a1df6708953207043220ebb67fef6ec8321baaf1b6598056b0b6fb42,2025-04-22T20:15:27.617000 +CVE-2023-53070,1,1,5267caa2f4f68ef46463179c98b6e245ef84293f44c500c04f1c0254ac9dd3a1,2025-05-02T16:15:26.050000 +CVE-2023-53071,1,1,12fa1f86b4382336a4e59234000e46d6e865fb8a77d95ef8c07a5aef0fb52081,2025-05-02T16:15:26.140000 +CVE-2023-53072,1,1,9eaa175487b5ed710e2eed3cef26b264df58ce706869330131201d4cd76659ba,2025-05-02T16:15:26.237000 +CVE-2023-53073,1,1,c9e53df48cb56c925af656ecc4617ba5cb5c552021b012e0999f2a40320617f8,2025-05-02T16:15:26.330000 +CVE-2023-53074,1,1,8a012b3b50f81e9899d82360a46534a462af5150d111fc125c42a0ea34eae724,2025-05-02T16:15:26.420000 +CVE-2023-53075,1,1,5fd72f62b8c9a09ffa34b46a23818aec134969138fdef5724461fd394e79057c,2025-05-02T16:15:26.510000 +CVE-2023-53076,1,1,df180292a4fb6a7654d85b32adc1bf56bf002d7adcf679539689b7cf25cbeef4,2025-05-02T16:15:26.610000 +CVE-2023-53077,1,1,49e32959ff886749d2a184e9ba8dcfe6c289d2e4ae28a2858ca33d32a62bf819,2025-05-02T16:15:26.720000 +CVE-2023-53078,1,1,1833ccdaf5f820c3d16983c6a379287a945e1470cdfc48f7c525ece02aad1f72,2025-05-02T16:15:26.820000 +CVE-2023-53079,1,1,d854de3aa135de53519817b649fd311c3cda6ffee68e827cb327c6a22a89c36a,2025-05-02T16:15:26.923000 CVE-2023-5308,0,0,0bd63704a33840f9fb34c63561ae1f507086e98dd3ffbc3f3cc7a50083075ed0,2024-11-21T08:41:29.990000 +CVE-2023-53080,1,1,e1f0c6a0cef2d17a1071e2eefde658aecd3d731d4fe830ba893f6c62d8cc1334,2025-05-02T16:15:27.020000 +CVE-2023-53081,1,1,d0cb553e393710b48ac9b1fc4ac376972aec2c80b5f956604a5858801558d940,2025-05-02T16:15:27.117000 +CVE-2023-53082,1,1,466819ff0f942981916c668188e185918d4f90a203270b0ed5e6003fb34c9870,2025-05-02T16:15:27.220000 +CVE-2023-53083,1,1,e02aa9db7dc6b07b06e7a737dcd90f3dd7de300f5e71223edac7461667e44e5e,2025-05-02T16:15:27.310000 +CVE-2023-53084,1,1,1a0a16896344881ebacd2504c7c9215cb39e14310c2b276d28a28dce28904315,2025-05-02T16:15:27.403000 +CVE-2023-53085,1,1,8b9e62d1c724b9a79705d66b4b9cb3df43787bcf826e4ef69258061d10f63305,2025-05-02T16:15:27.493000 +CVE-2023-53086,1,1,59baa94e176ae9fcc78170e39c50221f1daf7787a595fcc622016aaa08d3780b,2025-05-02T16:15:27.580000 +CVE-2023-53087,1,1,f6052923e21f5d5d25cf3475f8110d9005538b16e766774a1f5d3a1f695b3a67,2025-05-02T16:15:27.667000 +CVE-2023-53088,1,1,81b579d76314d64526620e06cab459acf397172515d66a6208df0d779a0c2b02,2025-05-02T16:15:27.760000 +CVE-2023-53089,1,1,621c301735c278db5848abce9542888a7c9ca18e08b0f8617d78fea0910eacac,2025-05-02T16:15:27.853000 CVE-2023-5309,0,0,7ff36b51673413d4b93370e967f36f985fc56ef7bc3162c9c1596fd8da79b8c1,2024-11-21T08:41:30.110000 +CVE-2023-53090,1,1,12e0df2d30d7d5f102d4481718c306c525832238b95c46acb30d1d2af2d4e293,2025-05-02T16:15:27.957000 +CVE-2023-53091,1,1,4371b75c186775def73e695f1aafd370310015b1e6d3704de5aae19f9d5b2dce,2025-05-02T16:15:28.073000 +CVE-2023-53092,1,1,02022de707c0782b89c5a9e85ff4a5d2a822af7f483c20c10cbb7ca8c1337d78,2025-05-02T16:15:28.180000 +CVE-2023-53093,1,1,19ab2cea8764723c81fa4807f1646c3c49bf8e9a7e8781023c97d950b8ea67fc,2025-05-02T16:15:28.270000 +CVE-2023-53094,1,1,e58bafe36ebdd357ba7fb8e72cb8af665707ef6531bfc75f9231574f846b66f1,2025-05-02T16:15:28.363000 +CVE-2023-53095,1,1,79d5edec7136a265a1af1d295225a5490baf94d1874d581cdc7a99339f09e0dd,2025-05-02T16:15:28.453000 +CVE-2023-53096,1,1,60234494cd95fbd5c7725a1a0d5ea9fac7dde0067f5a62e812fbf3c10f6d4622,2025-05-02T16:15:28.543000 +CVE-2023-53097,1,1,c001784ee77eb488fa1e296f0bfade9c76141488730a538536ac242b23378ab8,2025-05-02T16:15:28.643000 +CVE-2023-53098,1,1,a1c6e0454eee5f2bdc342f659a8f9a85f19609dd247a81f3bacec276b980e259,2025-05-02T16:15:28.733000 +CVE-2023-53099,1,1,83facc441abc46cf2417ff9752d567352e25e068252a1b8bbfdacd843c7c0c72,2025-05-02T16:15:28.830000 CVE-2023-5310,0,0,ae19de1a22d7f22d6fd9acfd5ee40221bbaa3312e010ce020b441062ea91c97f,2024-11-21T08:41:30.240000 +CVE-2023-53100,1,1,86abb2f7beb01d26490345c9cf7c2bb8e9649ef1c0db350034927e149b2081d4,2025-05-02T16:15:28.923000 +CVE-2023-53101,1,1,eb810459505fa7d21c1a6d5c9b0ed96058b56d509816430f65df21b9d449452a,2025-05-02T16:15:29.023000 +CVE-2023-53102,1,1,c7ad684c637f54a87eb95ef468ae241c90efff6eda4c6941a5db18a0c9447cf4,2025-05-02T16:15:29.127000 +CVE-2023-53103,1,1,4fe26c0b98a011bc6eb49430a1cb305b15d1e9aa6eb161b213724213c343fbaf,2025-05-02T16:15:29.223000 +CVE-2023-53104,1,1,31290fb322cfb6d580e594d48c4c4175f9ec3a673c045296cfc42d12a67af193,2025-05-02T16:15:29.317000 +CVE-2023-53105,1,1,d2e7e68bcd609f202537cadfe9afb978eec89eb6d4b3b806d6fd9656a6642a01,2025-05-02T16:15:29.430000 +CVE-2023-53106,1,1,eab11af4dcd8ee2910f3d8b1e0613423af99ac9f8e0739c7a9383191deef08c6,2025-05-02T16:15:29.520000 +CVE-2023-53107,1,1,41a88103405b9b812ed1aaef160faf6b3913f54ad7a0cac088e371388626c009,2025-05-02T16:15:29.620000 +CVE-2023-53108,1,1,f9b7b8e3e5b9140e75b0a73c9d576a721ce5b82ee92e6e2c4a39f4c242734e8e,2025-05-02T16:15:29.713000 +CVE-2023-53109,1,1,b6f99a3f58f1de38b4d8b552bd63df4aab985ff645475a595e7cc0365d75bfb5,2025-05-02T16:15:29.823000 CVE-2023-5311,0,0,62b6ab15a640c341942aa3984f0eb204c70a157164b7d966ddfb1b9333dc4d0c,2024-11-21T08:41:30.370000 +CVE-2023-53110,1,1,04a713ac81ef414a8d5d1dc39ad84a264bcc6d4a1aa31b4105b7647baf76a763,2025-05-02T16:15:29.930000 +CVE-2023-53111,1,1,abc40fb228e97e4c7657c7f60eaf6c78f7dae74d334a62f9f29ccd4d3daf1089,2025-05-02T16:15:30.027000 +CVE-2023-53112,1,1,dfee42fefbcfbd6155cf77ac02989a8db436ad2fa818ef51900832d56868bd01,2025-05-02T16:15:30.140000 +CVE-2023-53113,1,1,3b6912e41a0bed08fa1b57608552da10cfb3a4fb0d361c8b8377318a5ae8f625,2025-05-02T16:15:30.407000 +CVE-2023-53114,1,1,5d86e005df9ecdc00820058da4bf558480567d9b89b99854058da9c4169a088d,2025-05-02T16:15:30.493000 +CVE-2023-53115,1,1,761b0fa9bcf73258c1344022c6314d65935b52c7eff97384719c654a907a9427,2025-05-02T16:15:30.590000 +CVE-2023-53116,1,1,e0d36c8b1d68aaeb7b150bd2fc56a56af6c59cf99a5fcce3376b40a22593c2c8,2025-05-02T16:15:30.680000 +CVE-2023-53117,1,1,969e7ad70671586732d2b3f376f290083682ed461e48b54c63651d08defe90c2,2025-05-02T16:15:30.783000 +CVE-2023-53118,1,1,091bca00398837bf8b68154e7cb769b30e1ae78a8ce4259b4a74ad57f46a5530,2025-05-02T16:15:30.880000 +CVE-2023-53119,1,1,bb02d20792b8eca4e810243ff5ee24e8e6a998a2085eb7af4571b28db5f78670,2025-05-02T16:15:30.980000 CVE-2023-5312,0,0,1415bfd069705ff55f79f6d249de3b45d246fa9bee5d6271b902326ea749ba1b,2023-11-07T04:23:52.920000 +CVE-2023-53120,1,1,5a2b8baca303dc1ff5247c352f5ae33517d83c34c82f83c9328c052d0ed9eb7a,2025-05-02T16:15:31.083000 +CVE-2023-53121,1,1,d78d33dd55413f2d5c21e3c5c50549c41d5bd04acc036e8071034cf778a7b565,2025-05-02T16:15:31.173000 +CVE-2023-53122,1,1,d56713c30256bf8ff0c74b62403fc8419d5f0846458c2bcb8f0c3e19e4f1b94f,2025-05-02T16:15:31.270000 +CVE-2023-53123,1,1,f670dbeadf514ffb602275560cccbfebb8cec96665a15464b808dc4c903c7841,2025-05-02T16:15:31.360000 +CVE-2023-53124,1,1,424fea2fbb7325f75dbb2f810e8be1b02628be1463c5cc60ca84870b9ded589d,2025-05-02T16:15:31.453000 +CVE-2023-53125,1,1,328abaa42e47e29ef8479e52679e901564827ea295e69e76c77168603b0e37fc,2025-05-02T16:15:31.547000 +CVE-2023-53126,1,1,1b0055712bd249884a0e78fbbb8329c21c58c9ef280d85a99f9761b685cc3fde,2025-05-02T16:15:31.643000 +CVE-2023-53127,1,1,63604213221efcc8588001abace933555a9de1ad6d7f08f2dd456864a28e74fb,2025-05-02T16:15:31.730000 +CVE-2023-53128,1,1,dd6a5ccd79644a2a624cc6537d97e7258f12399be14b6c094eda4b1935d46c56,2025-05-02T16:15:31.820000 +CVE-2023-53129,1,1,3d20f715ca77e6d0edd4a98718fd384e7d0df24d84f929d7189a18a6463f8ac2,2025-05-02T16:15:31.907000 CVE-2023-5313,0,0,cd3bd91ba814e0cfcdc6860d53d08840012171da1ca119fc7cc0fd9b81fc32e2,2024-11-21T08:41:30.507000 +CVE-2023-53130,1,1,67437a1f2523eef19b4553aecee7ff4b9cd7324b907d89f7eaaca82b777bb93d,2025-05-02T16:15:31.997000 +CVE-2023-53131,1,1,2724c9e1eeac9cc17c311d4bb2c3f0ff1c16cf5565e66e6a6f534eacedc22540,2025-05-02T16:15:32.087000 +CVE-2023-53132,1,1,0d415e76d6b9683f4afd02d22972f6e5e14ff3922d22a07d2a0f15037f7fa10e,2025-05-02T16:15:32.170000 +CVE-2023-53133,1,1,fcfff764e54901df52d4ce717b2a1a835773f60eef459062a5251a2e5e721a5f,2025-05-02T16:15:32.260000 +CVE-2023-53134,1,1,b369c859c855a1b0fffbb4bbfac83c6cbdcf7b826da230e0ca70f50f894f583f,2025-05-02T16:15:32.353000 +CVE-2023-53135,1,1,7b7495a6461e525c50174c2ef24a21ad9d6afd75864f242d673cc661b3e4d1cc,2025-05-02T16:15:32.447000 +CVE-2023-53136,1,1,ae07bbfd8ec0f89132fda5bdd073083c0de271965801262a4c374b28f1b3a2be,2025-05-02T16:15:32.540000 +CVE-2023-53137,1,1,ffe3b550bf27a4a095c6100a2ff952230fa78d19d9fce2769205f0835d33d892,2025-05-02T16:15:32.633000 +CVE-2023-53138,1,1,3be6f305de2b8c72d162107716df424d4dfd820697a626285e925b26521a9f8e,2025-05-02T16:15:32.720000 +CVE-2023-53139,1,1,a10251127f5ab64eb89bc3259f454ddf24311e4829d124eba2462bf43387dfb6,2025-05-02T16:15:32.817000 CVE-2023-5314,0,0,ab65d90f9e757aa5d5d35478939c7c9ec9fd5a6803914a758827aac0e3dc09cb,2024-11-21T08:41:30.647000 +CVE-2023-53140,1,1,88c83eb1b31cb63363d2b282aa1f8c891aa8073ad7b35df90b2f107ade4e9f3b,2025-05-02T16:15:32.920000 +CVE-2023-53141,1,1,87da139741a6351794592410fe2a2f16c93b923d2b324b6e496f4989efa8eccb,2025-05-02T16:15:33.023000 +CVE-2023-53142,1,1,e85f9388fdee9b0d12d68e396e0a1510455ad30a64bac2ed6d9a340ca4316b81,2025-05-02T16:15:33.137000 +CVE-2023-53143,1,1,0bb563a3e017de3aee9a7421cd3f13c6ee85a22f82cd0a0ea2bc9aa0e534765e,2025-05-02T16:15:33.240000 +CVE-2023-53144,1,1,da4f0b9db6a4aee505d54517db9ad445f67700b1f19c297d587f07c5fd4a9fd5,2025-05-02T16:15:33.357000 CVE-2023-5315,0,0,ec012dfdf1d4ffd80f480ed42eda0a7b14d22ca640de49440d3a3e864ea1c111,2024-11-21T08:41:30.760000 CVE-2023-5316,0,0,4dd949eef5257c1ac4959c105b0be2eae9c02e7723c6d1c31d51853bf817c921,2024-11-21T08:41:30.877000 CVE-2023-5317,0,0,e291501a2006b3e44a0722039d33ed0fbe57bd4fb10f3c022762a96ce3600f49,2024-11-21T08:41:30.997000 @@ -243234,7 +243346,7 @@ CVE-2023-6679,0,0,2433496c121ca610d17640117da3db027308473d1e8f376305a6f3251be248 CVE-2023-6680,0,0,c5ebb765eb58422ad2a1705f900d6e487ec280b792c1875e94c130510d5cd8c0,2024-11-21T08:44:19.957000 CVE-2023-6681,0,0,91563fb598452f1c3484ee761789db25b2163bbe2e240203cbbf2d313053bbda,2024-11-21T08:44:20.090000 CVE-2023-6682,0,0,e5f52769cb0df59da632712a20fc3a5019a15366395589044f5cca544e417af7,2024-12-12T16:34:32.097000 -CVE-2023-6683,0,1,2bdb354cf02c0c4d7da52cc2f5b9bf3dc195b2a8a0f750e60f3de3f2eab108a9,2025-05-02T15:10:54.503000 +CVE-2023-6683,0,0,2bdb354cf02c0c4d7da52cc2f5b9bf3dc195b2a8a0f750e60f3de3f2eab108a9,2025-05-02T15:10:54.503000 CVE-2023-6684,0,0,077aa23593860d2811e2eec2f5b3b49e9dc6e8fc11783a007b7a12730a0938d5,2024-11-21T08:44:20.570000 CVE-2023-6687,0,0,3d3661beda757389237f16a8f5299e52a2c9157ad3825608cd2860f3616f9968,2024-11-21T08:44:20.717000 CVE-2023-6688,0,0,d3bb8809ac7ec300c23ba3bd9b118a2caeda400dec41170962ba5dd127422cc6,2024-12-12T16:22:38.713000 @@ -247813,13 +247925,13 @@ CVE-2024-13099,0,0,3d7d2d4b382508acd5029b696f1351eb26fd52dd579ace298c4c370c6f1e1 CVE-2024-1310,0,0,8eacc1832dc63ed57a42c33584abbb481a62a43a07e6f25f2b4df813accea989,2024-11-21T08:50:17.717000 CVE-2024-13100,0,0,30ca900cb5e6fdec8dbd798099fab143225571e3bc8f4295e818fa0014f1f883,2025-01-31T17:15:12.263000 CVE-2024-13101,0,0,b8649741908515dc3d38937525b2c4c84a468157e5caace43177fbfef1376a2d,2025-03-19T17:15:39.643000 -CVE-2024-13102,0,0,92ed304eb0adab2cc3d1a1448a602c50cc957b6451492253400925d30eddabda,2025-01-02T18:15:16.517000 -CVE-2024-13103,0,0,f8ff11c917b1c6c878887a9bc93ed3b50ffbb81b1816baf12dde8356d92c8306,2025-01-02T18:15:16.747000 -CVE-2024-13104,0,0,0127d4c125bf39f84f3a00abb38c610705cfb224d01769761ab4944512d74b20,2025-01-02T18:15:16.890000 -CVE-2024-13105,0,0,39ac2170057dc94c75a47fc6b7641cb536146e53a7d8c1d333f648a84c15db89,2025-01-02T18:15:17.027000 -CVE-2024-13106,0,0,68a98caf1040dea6adfcd40bcfca2ad91ca18261ae00ef42be8595bd66bb3b1d,2025-01-02T18:15:17.167000 -CVE-2024-13107,0,0,883b56377a94a494f455cfde6cce600805ab77a9242769080c8c13b4f7496633,2025-01-02T18:15:17.310000 -CVE-2024-13108,0,0,71e10acac3caf42b947b5669990b29fa90f098b83f9c4627b0ffbb99c48a44e4,2025-01-02T17:15:07.933000 +CVE-2024-13102,0,1,8bbe4f910b297f155a5c3edbffbf1789471dd2f2ef99ff009779fb1e8a9fac5c,2025-05-02T17:56:25.510000 +CVE-2024-13103,0,1,645be8d49e7884cf7a1e0ce17337090a1fa4c59e75e74c99714b372d408774da,2025-05-02T17:56:23.807000 +CVE-2024-13104,0,1,328e4b9cac98d2edc7a11355b4b034477189bd7dc1ceaf94ea5bb9584779b4b7,2025-05-02T17:56:21.200000 +CVE-2024-13105,0,1,1abb26dc64babab053a0d64816f120a7f8ac8d2cfd7affba6bb6300447ee8f56,2025-05-02T17:56:19.653000 +CVE-2024-13106,0,1,7c2f6664054da4a1f023e2dbd5213ff7898b9c5a7a33921e88bec220bf0ac499,2025-05-02T17:56:18.030000 +CVE-2024-13107,0,1,54245516735f033d2846ba53cf66e070861afd8fea270e265e8e64b1b12306bc,2025-05-02T17:56:16.377000 +CVE-2024-13108,0,1,112b73ed3821af2115282b59abad6f2cf0154e797197f62fddc00bf259fc2b68,2025-05-02T17:56:14.720000 CVE-2024-13109,0,0,a262782a01dc7f4765e6517f84a662e10b4d03528d84ca6f322d4dcd2458501c,2025-01-02T17:15:08.073000 CVE-2024-1311,0,0,7288a22df752343e846f5ba6a82a81aad7d46e7208b97bb1330896fb02e609e9,2025-01-16T15:27:31.173000 CVE-2024-13110,0,0,fa44e94b5ff3e404a68f28b72a683cfc1061393cd75f912181dba49fb4aa76a2,2025-01-02T14:15:06.240000 @@ -252351,7 +252463,7 @@ CVE-2024-23751,0,0,3753d613c26761e7ab23ea3706bb7f1f6d6558f8e0ac9f2355e2fc0126390 CVE-2024-23752,0,0,02e1cd85dbc047d5ea5e99459ef29d9a97624e24d0a41fff7d1666a639be9980,2024-11-21T08:58:19.450000 CVE-2024-23755,0,0,942c8c1dd03386c4f23bb696e1043e7b764bc6e6f1fb02a739e988e98c910751,2024-11-21T08:58:19.613000 CVE-2024-23756,0,0,a3486c8801ed0a13f5024aa0c93e0c385a179ba3cd83bc610332661ca38cb2a4,2024-11-21T08:58:19.840000 -CVE-2024-23758,0,1,6df52a71401d6539653bf433e809e7cfa11b3ad1937a7af832bc2adf56d7cd29,2025-05-02T15:43:28.763000 +CVE-2024-23758,0,0,6df52a71401d6539653bf433e809e7cfa11b3ad1937a7af832bc2adf56d7cd29,2025-05-02T15:43:28.763000 CVE-2024-23759,0,0,d63ec419c4c029202f3754648f2eb7717042b9076ca63c1c1f631684b4092a3b,2024-11-21T08:58:20.227000 CVE-2024-2376,0,0,8a8f23c5e61e7fd977ef7f7329d9a59314850c5761ba91c0a3b410fa76dda3a2,2024-11-21T09:09:37.133000 CVE-2024-23760,0,0,8a0e2dc9dfb64057c7b1a99ee14bb98081e854df0f156bcdac9ca3dfc061217d,2025-03-28T23:15:17.300000 @@ -263737,7 +263849,7 @@ CVE-2024-38471,0,0,ebcf12a571805e01888c4360f251dd06cb2117656cccbb5ab123d9cababf2 CVE-2024-38472,0,0,b1123c48a89600eb7a31518ce0bb89b10b0778ec6be006c999b3121e02b83f79,2024-11-21T09:26:01.733000 CVE-2024-38473,0,0,bbb5e11b003247980ea92e43b9234c78ba249d78fc42472835f589d6b2f6e99d,2024-11-21T09:26:02.607000 CVE-2024-38474,0,0,4d750136f8bd7afdcd19bdfcac6eb4df136c41ef8eafadd4967459d63d721bd8,2025-03-25T19:15:43.623000 -CVE-2024-38475,0,1,c8d0b053ee3cf56c407428ed9d948369a45c56fbe443fab2afa220f77550268b,2025-05-02T15:43:59.747000 +CVE-2024-38475,0,0,c8d0b053ee3cf56c407428ed9d948369a45c56fbe443fab2afa220f77550268b,2025-05-02T15:43:59.747000 CVE-2024-38476,0,0,96df90db5dbf5efcc1d36711d52981a73ed110b8dfbeaa5665e3f3feb3c366d0,2024-12-02T17:36:33.403000 CVE-2024-38477,0,0,d6e33e4742edc4adac89b8f3cd05a29976b8b88837d06a0160e443a54d13d5d3,2025-03-18T19:15:42.683000 CVE-2024-38479,0,0,c70847aedbd201cfc354e550e0b90cec56f97441e95e9c598b1abef167a9ff30,2024-11-15T13:58:08.913000 @@ -269261,7 +269373,7 @@ CVE-2024-45752,0,0,8ef63b798ceb6fb22de0a9097dd56aecf32f0521fb355f3eaff367c60b34b CVE-2024-45754,0,0,934ce5414af5cca7a628d6eaaacc93e94a91678c8a6a39efddb47699edebe890,2024-10-15T16:35:07.827000 CVE-2024-45755,0,0,97cb1492c0eef5a46a223ec466609c380a29b5a6dce9b24e7674e3a55bf0d719,2024-11-26T16:15:15.597000 CVE-2024-45756,0,0,7b989385fc7b197f879f8cf8aef9e52470ad65f1c531f511c863d482d73a5624,2024-11-25T19:15:10.673000 -CVE-2024-45757,0,0,bf1316f0b7743cc8b2dd152914a491dabcdcc4f499d811d2cff0eb86873ad01f,2024-12-03T21:15:06.953000 +CVE-2024-45757,0,1,d3e66b8cce3f7b10477c0ad57c1edc6d5a8953612dcd96aaea6f83de957e8800,2025-05-02T17:15:48.803000 CVE-2024-45758,0,0,f0fb5f8c507698836da499cc5b1208e03d29350c5ed4c9f129b68f0a5cb78d3b,2024-09-06T18:35:13.043000 CVE-2024-45759,0,0,96ed0b2a7f9059dba88885e611a5e1fcb866322df76f436717311dca576bf841,2024-11-26T02:10:03.923000 CVE-2024-4576,0,0,5d6e20f8b249755ca9fcbe51fe3fd43fba59ef712e27f2f4bdb5a18fd3b16894,2024-11-21T09:43:08.357000 @@ -271374,7 +271486,7 @@ CVE-2024-48903,0,0,49fdfa095e9ba18ef9d33ae5dbb85500094116df8d52da97c48eb1a137b56 CVE-2024-48904,0,0,35d8cc445681b5e4ff1fcbbfd5a27253a724d76e1a2a2d6acebb5b7ec5903547,2024-10-23T15:12:34.673000 CVE-2024-48905,0,0,5838d56d294fde625bdda9019d9c662a7d93a8d7be83c3099d05354bd56f443a,2025-05-02T13:52:51.693000 CVE-2024-48906,0,0,de30013f5deafbd4621c4158a61d2a4faa4f16e87c30b79a3e4ccbac825cfc11,2025-05-02T13:52:51.693000 -CVE-2024-48907,0,1,14231d9f186da38d84883ca14e6b08746e54618d2f9672ab06ffe0d3df913e0d,2025-05-02T15:15:47.830000 +CVE-2024-48907,0,0,14231d9f186da38d84883ca14e6b08746e54618d2f9672ab06ffe0d3df913e0d,2025-05-02T15:15:47.830000 CVE-2024-48909,0,0,5af217867017b45645b1cd88e9368407196c63b062f42cfaf011c832caa8e595,2024-10-17T17:56:11.130000 CVE-2024-4891,0,0,da144f5b8eac6a1bb02dce3640ba1147c865a134b9c516618c4c8a80a71defd2,2025-01-30T15:45:34.377000 CVE-2024-48910,0,0,7f12c97e649c7955bf5eb5f3507eac6092487e8d427486ba58a1995cf7bdfe0b,2024-11-01T12:57:03.417000 @@ -273114,26 +273226,26 @@ CVE-2024-51001,0,0,ce5ec821a14006daab0a706d032cbf4204d912d28d411bb98f938567551ec CVE-2024-51002,0,0,a861de06883b910186dd349d8c90d5fd070517c7ce416b66fe30ac28eb9653ef,2025-04-30T16:30:32.437000 CVE-2024-51003,0,0,94ac8f56c1df8ec12f2d48769cc3ff9104708a9e34af842d98207e25e04b2ac9,2024-11-05T16:35:19.093000 CVE-2024-51004,0,0,d22dbba3539a0ae724546e7ba5964fbe4d61dfb9b4ba7b3866d2243bf11ced12,2025-04-30T16:30:44.230000 -CVE-2024-51005,0,1,6744b7b4a704101f206982bdc274e307fa812c362e55d560b72a7f421185e80c,2025-05-02T15:39:33.390000 +CVE-2024-51005,0,0,6744b7b4a704101f206982bdc274e307fa812c362e55d560b72a7f421185e80c,2025-05-02T15:39:33.390000 CVE-2024-51006,0,0,e3bd9c916a2bf37c85eb9aa0e28298c8c6e92e13b48f5b3b2fd9b260bd28b914,2025-04-22T18:16:00.370000 -CVE-2024-51007,0,1,e027f780d66db1698cb0f499ed1c8e62579e43bf4e092bacb7da432904bf4dd6,2025-05-02T15:43:02.980000 -CVE-2024-51008,0,1,f21bcdace9465e17e662cd5049e5b99c057d4890d1e09d8694e0e64415e6b7ef,2025-05-02T15:43:04.657000 -CVE-2024-51009,0,1,bfd786724333bef252f630b366405d3f1dd6ac42dc58a90f6b73c361a982aab5,2025-05-02T15:39:35.130000 +CVE-2024-51007,0,0,e027f780d66db1698cb0f499ed1c8e62579e43bf4e092bacb7da432904bf4dd6,2025-05-02T15:43:02.980000 +CVE-2024-51008,0,0,f21bcdace9465e17e662cd5049e5b99c057d4890d1e09d8694e0e64415e6b7ef,2025-05-02T15:43:04.657000 +CVE-2024-51009,0,0,bfd786724333bef252f630b366405d3f1dd6ac42dc58a90f6b73c361a982aab5,2025-05-02T15:39:35.130000 CVE-2024-5101,0,0,67156010bb41c2d8ada8c02a066eae18d869fc8f0b4eff13605870d895eac12e,2025-02-10T14:25:59.993000 CVE-2024-51010,0,0,22188b364cc253a2200f4fd29670f638ac09e00cab24cfcdc77113241a79f397,2024-11-05T16:35:25.043000 CVE-2024-51011,0,0,8f50abc4e50a0c23893d58fc8abdfcab2bfef2a05270cc0b4bb86347d8948b3f,2024-11-05T16:35:25.910000 -CVE-2024-51012,0,1,4099e7d2a7ccfb07aa5e0c7791c66642dc2465b62c4e4df0830422e730410dd1,2025-05-02T15:39:37.007000 -CVE-2024-51013,0,1,87d8e0dfd85ac97390d7e232657d2f860cb1574fc4335036aea5144f991be0d3,2025-05-02T15:37:45.777000 -CVE-2024-51014,0,1,2dae0c9017953262322dc2551ef7a3b847ee23c16ac59b9247a0d4369e045551,2025-05-02T15:43:06.327000 -CVE-2024-51015,0,1,1e550214d4d8e2c2af6e08776d0a4e0b1b13fa2725a4c5706225e782aaa0aaf9,2025-05-02T15:37:44.140000 -CVE-2024-51016,0,1,32b83eda1d13679351254cc4225932d5f2c3edf193b1adb65687d5d735c4a92c,2025-05-02T15:43:08.260000 -CVE-2024-51017,0,1,f788308f16455ac53aaeebe6a44de38aef13726efec01abee66d124be1b25018,2025-05-02T15:37:42.547000 -CVE-2024-51018,0,1,dd09ac52eb882fa593c12a0156f1ce32546159a854856fabbfba0dc72140a00f,2025-05-02T15:37:40.860000 -CVE-2024-51019,0,1,cb6500052e460e9195458e36a4edd46263e23fc97b6228a7bbebe4e267c3ed03,2025-05-02T15:37:39.137000 +CVE-2024-51012,0,0,4099e7d2a7ccfb07aa5e0c7791c66642dc2465b62c4e4df0830422e730410dd1,2025-05-02T15:39:37.007000 +CVE-2024-51013,0,0,87d8e0dfd85ac97390d7e232657d2f860cb1574fc4335036aea5144f991be0d3,2025-05-02T15:37:45.777000 +CVE-2024-51014,0,0,2dae0c9017953262322dc2551ef7a3b847ee23c16ac59b9247a0d4369e045551,2025-05-02T15:43:06.327000 +CVE-2024-51015,0,0,1e550214d4d8e2c2af6e08776d0a4e0b1b13fa2725a4c5706225e782aaa0aaf9,2025-05-02T15:37:44.140000 +CVE-2024-51016,0,0,32b83eda1d13679351254cc4225932d5f2c3edf193b1adb65687d5d735c4a92c,2025-05-02T15:43:08.260000 +CVE-2024-51017,0,0,f788308f16455ac53aaeebe6a44de38aef13726efec01abee66d124be1b25018,2025-05-02T15:37:42.547000 +CVE-2024-51018,0,0,dd09ac52eb882fa593c12a0156f1ce32546159a854856fabbfba0dc72140a00f,2025-05-02T15:37:40.860000 +CVE-2024-51019,0,0,cb6500052e460e9195458e36a4edd46263e23fc97b6228a7bbebe4e267c3ed03,2025-05-02T15:37:39.137000 CVE-2024-5102,0,0,5e7380c4aa37e6dcee24760df361256c348e37ad4bf1f4f7cf0b9d6c73ecfd16,2024-11-21T09:46:58.337000 -CVE-2024-51020,0,1,5573f1694a78465331cdd67ef4180cf5bff3ee578b11d11e112a616eeed2b2a2,2025-05-02T15:37:37.047000 +CVE-2024-51020,0,0,5573f1694a78465331cdd67ef4180cf5bff3ee578b11d11e112a616eeed2b2a2,2025-05-02T15:37:37.047000 CVE-2024-51021,0,0,dc4a75a0cd074306e04deb7d69668042d776bc0e2165ba9d2f17259fee2f309c,2024-11-05T16:35:34.170000 -CVE-2024-51022,0,1,d7ddf23a0acc73eb5be9dd8fbcfdc43e300a0585254afe74d17e9e25b0f3674c,2025-05-02T15:43:09.713000 +CVE-2024-51022,0,0,d7ddf23a0acc73eb5be9dd8fbcfdc43e300a0585254afe74d17e9e25b0f3674c,2025-05-02T15:43:09.713000 CVE-2024-51023,0,0,9a18854a7f98b73387269020b87c83d43d61687672a7417fdfb2ca98bc2f42c7,2024-11-05T21:35:11.923000 CVE-2024-51024,0,0,591d5456b79884bcaf690fc58eb2d5e416722b63f03748014dd860e9df3b2051,2024-11-05T20:35:25.253000 CVE-2024-51026,0,0,2eae5d4cdeca069e20ee72340c082bed5619244540ef913ee815d0d094b9a2f0,2024-11-12T18:35:32.357000 @@ -273868,21 +273980,21 @@ CVE-2024-52013,0,0,8b6296da77cd7ff5ac33141091f42af5f9ad4a6b318bbf04ba5caf894b9de CVE-2024-52014,0,0,95c63fbe0d36cf5f1402099d30f68bd084b42e8fece77b8a43cf34d740aab22d,2024-11-05T16:35:37.113000 CVE-2024-52015,0,0,84d00cdc9a202bb00e097769512e415450a582ad27ea697fe4aabe7efef8bade,2024-11-05T16:35:37.890000 CVE-2024-52016,0,0,c1fb56c3ee1a317e8be681053308c942bcde8344fd03944b8d3b24c441941d47,2024-11-05T17:35:27.993000 -CVE-2024-52017,0,1,794cef1a30f3c7864d949e64ecf5e0917ff682da73d8b90a0c8ead5a3d160e5b,2025-05-02T15:43:12.627000 -CVE-2024-52018,0,1,d8848aea9e01ed508e8591f292265378c23a475102146543f0b931fe1624c8cc,2025-05-02T15:43:14.700000 -CVE-2024-52019,0,1,30a50e4323000db27802410fe3f925bfed632e99ca516458d9887f3b6bc09dfd,2025-05-02T15:39:38.770000 +CVE-2024-52017,0,0,794cef1a30f3c7864d949e64ecf5e0917ff682da73d8b90a0c8ead5a3d160e5b,2025-05-02T15:43:12.627000 +CVE-2024-52018,0,0,d8848aea9e01ed508e8591f292265378c23a475102146543f0b931fe1624c8cc,2025-05-02T15:43:14.700000 +CVE-2024-52019,0,0,30a50e4323000db27802410fe3f925bfed632e99ca516458d9887f3b6bc09dfd,2025-05-02T15:39:38.770000 CVE-2024-5202,0,0,855dac87ee481156825e449cd0f9d2b12a129fb8608b04fa1ed329867e736770,2024-11-21T09:47:10.807000 -CVE-2024-52020,0,1,cc0bd8e3cea85751f70c8f21dda599e2429f859ef9f4ba99424e1479129969bc,2025-05-02T15:39:40.467000 -CVE-2024-52021,0,1,ab37c6ec882654e24e41883c288c9c981e89d4f61d5560d44cb51b08b5db432e,2025-05-02T15:39:42.457000 +CVE-2024-52020,0,0,cc0bd8e3cea85751f70c8f21dda599e2429f859ef9f4ba99424e1479129969bc,2025-05-02T15:39:40.467000 +CVE-2024-52021,0,0,ab37c6ec882654e24e41883c288c9c981e89d4f61d5560d44cb51b08b5db432e,2025-05-02T15:39:42.457000 CVE-2024-52022,0,0,e5fdd0c89e6dd86fb8a4c8bd3659541bdf68cb144a5d81d27287b4fbc7b745bd,2024-11-05T16:35:40.237000 CVE-2024-52023,0,0,5c6707211b95341101a0d436039d4487d8882b5bb98a91b0e067aa3ba9fad008,2024-11-05T16:35:41.013000 CVE-2024-52024,0,0,80e13c6d423b0c3ab8d7cb89a6a7dcde4ddac5235e1bd8024065cf0c83319f6a,2024-11-05T16:35:44.920000 CVE-2024-52025,0,0,9a00e7236bd2396680e29ee90a38efa74c75abd22328d0eef2b50cdc94a9ada7,2024-11-05T16:35:46.960000 CVE-2024-52026,0,0,5709608f227c1cf3f112b9d12acc194a1ec865aadb23fbee01fae61dbae8e95f,2024-11-05T16:35:48.997000 -CVE-2024-52028,0,1,1a5b771ae9647ab8ea483be57d4047bfd362e3b449fb81922d147e6a6cd0c74e,2025-05-02T15:36:28.180000 -CVE-2024-52029,0,1,12677c2320fcf1a9ef05d53db3632ff68bbabcefc6d54a45b6c73e35828150ce,2025-05-02T15:36:25.380000 +CVE-2024-52028,0,0,1a5b771ae9647ab8ea483be57d4047bfd362e3b449fb81922d147e6a6cd0c74e,2025-05-02T15:36:28.180000 +CVE-2024-52029,0,0,12677c2320fcf1a9ef05d53db3632ff68bbabcefc6d54a45b6c73e35828150ce,2025-05-02T15:36:25.380000 CVE-2024-5203,0,0,e867d44b31fa735ecaef1844aba382841138e742c9b7e957e6089969316cab00,2024-09-13T11:15:10.197000 -CVE-2024-52030,0,1,1c8c0fc19875fd13cb7d2c670514db2905b658fa65d7f02c2e79f836f774faeb,2025-05-02T15:36:21.870000 +CVE-2024-52030,0,0,1c8c0fc19875fd13cb7d2c670514db2905b658fa65d7f02c2e79f836f774faeb,2025-05-02T15:36:21.870000 CVE-2024-52032,0,0,ebce94fe2fa07c0a2426d75efa16d8e7877d250f9ee8dc2354264e2c39be86dc,2024-11-14T16:47:21.583000 CVE-2024-52033,0,0,0dfe20fd02897926b6d074909c30d74601a5c2c41f63e04fe1072b7b927bd8fe,2024-11-21T13:57:24.187000 CVE-2024-52034,0,0,c9473f84b9fc6d425259f88e7c5b60351f6ac73033e0eb23e91d0c305c1e3c69,2024-11-22T23:15:05.640000 @@ -282952,8 +283064,8 @@ CVE-2025-1879,0,0,9355f40d37312caf9c5221593203bac7c55019bfe92fbf4f954648294a4aad CVE-2025-1880,0,0,cc844a9a059e54c6839bcf63827f508bff1844fe6930a0e929d2d05e3fccda9d,2025-03-05T14:51:33.507000 CVE-2025-1881,0,0,95dec5d65133cd6781028029fb9e1825e9b380a1b235ead1a18388896a7a8017,2025-03-05T14:51:17.733000 CVE-2025-1882,0,0,775520acab9f4f6d6b04e782470e86873cd7470ddaa1607a687283b01b16d46d,2025-03-05T15:18:54.127000 -CVE-2025-1883,1,1,e38e31d7fb9f685ca92511a0c9783e5f473363856fd17c332b63a43802d2b6f9,2025-05-02T15:15:48.317000 -CVE-2025-1884,1,1,9629849105bc522309fe84eca1f5c2ac14c9efdb54ffd690cffb03b1b2ac18ee,2025-05-02T15:15:48.440000 +CVE-2025-1883,0,0,e38e31d7fb9f685ca92511a0c9783e5f473363856fd17c332b63a43802d2b6f9,2025-05-02T15:15:48.317000 +CVE-2025-1884,0,0,9629849105bc522309fe84eca1f5c2ac14c9efdb54ffd690cffb03b1b2ac18ee,2025-05-02T15:15:48.440000 CVE-2025-1886,0,0,eaf754cdcbd76e594498445e8a183b18d76e578c86df9a4473db58eab68b36a2,2025-03-07T11:15:15.843000 CVE-2025-1887,0,0,bddc21bc05d4cae4f660040038124541d0467cb3a445afa630affaed468d397e,2025-03-07T11:15:16.040000 CVE-2025-1888,0,0,3e8d1790cc44ab743ef758fc86281d2612ee29c3437c97526832c9d31e18e0b0,2025-03-14T17:15:50.807000 @@ -287078,12 +287190,12 @@ CVE-2025-25729,0,0,37dccbd23e8b05f5aabcfb584977649888f3f534d26d5e574ce2d7e88687c CVE-2025-2573,0,0,9533157eb5528ef7f577a7b77f9eee7a7a2ab78fc05533cbaab118aab8be28b5,2025-03-27T16:45:46.410000 CVE-2025-25730,0,0,2d4e8c99634c9753085f1bf0f3dc2ae2d2ae9a31f8634761394f303c2de1e717,2025-02-28T20:15:46.803000 CVE-2025-2574,0,0,653869cfb363acb2f0468669bbe8350777d1f02ebecb92b7935efe95ed02ca0d,2025-03-20T21:15:23.880000 -CVE-2025-25740,0,0,cd2bc7638ab565462203ba75cf0c1903fed130191464a51442647e9686692755,2025-03-17T19:15:25.963000 -CVE-2025-25741,0,0,1404a9908338c4c3c8ab2b43bd4acbaa79381acee099156008ee033cd0a719e8,2025-03-05T19:15:38.353000 +CVE-2025-25740,0,1,828db612c79270ec87dd7bd6aeff65dcb38eec84fcf0619fcd386af4bdbd1dbf,2025-05-02T17:53:59.500000 +CVE-2025-25741,0,1,dcf65f87864f77031e84c94e39c320820bb5688fbb215535dbe0a1bb87055fc8,2025-05-02T17:54:01 CVE-2025-25742,0,0,c12f86a073dc42e0b5bc1597ed8b153f52d2513d95a33b84da5b5e9f2c778df8,2025-03-05T19:15:38.503000 CVE-2025-25743,0,0,304984a5ab9ad7f158808ee9d3872992975a39931983d4ba42d4f443e0977c14,2025-03-05T19:15:38.693000 CVE-2025-25744,0,0,9b17d9cf4931ebf4a6e3aaab07248462238b28b620de67883e624c40839a59fc,2025-03-05T19:15:38.860000 -CVE-2025-25745,0,0,6954ac06db222a2d53d510e8895c4f26dd1f1d917e56ca97169f9eb9f3840768,2025-02-14T16:15:37.010000 +CVE-2025-25745,0,1,95e846c56270c909667b9b833d62217abcf55c71b1626e7a5f9ccde6a8cbcc18,2025-05-02T17:53:57.653000 CVE-2025-25746,0,0,fd009721daa4af3e200d61df53a7719cd37175870c5071dcbbd0f0b0dec3078c,2025-03-18T16:15:27.343000 CVE-2025-25747,0,0,bb6f0e2739bcbcef1c4960f0faa49a38e842e1028b8b39583b65f79f0338ec69,2025-03-12T16:15:23.153000 CVE-2025-25748,0,0,96ee59038cfc6610b701bf16c7385a6f931893dac6088fabf2cfc738c5088d27,2025-03-21T21:15:36.553000 @@ -287145,12 +287257,12 @@ CVE-2025-25877,0,0,b3fd28504a0e23ce488c969c1a770588e81ceea52f1510cebe0216471b910 CVE-2025-25878,0,0,6519a71ab63564b6276964f38d2df55cc8a3b38cf7b7d9f7eefea118ea1f4db2,2025-04-07T15:04:19.923000 CVE-2025-2588,0,0,e5c2bbb41b3b88eec44b76071e86886b9c10f4a1cf48acd56066b63d2f8315e1,2025-04-01T20:24:28.240000 CVE-2025-2589,0,0,b0246e27a1e75f3f77953e42dedba24e52cce0a41a13f01e0f165b00ff48a119,2025-04-01T20:23:54.560000 -CVE-2025-25891,0,1,9e484ab9c5984fc20df0dba816da15ef16e5f0aabc00e030699075739b1d1a68,2025-05-02T15:46:16.683000 -CVE-2025-25892,0,1,6ba20f1e750b835ef191d285d13e46fbfc2d343b1885fe9e0725ece1daf6cbb2,2025-05-02T15:46:15.050000 -CVE-2025-25893,0,1,6b3579d2a8c9fe12915d5423c2d6bec493f137319ba0c05f7bbd9468ea2ed433,2025-05-02T15:46:13.270000 -CVE-2025-25894,0,1,01634927cfef0c29e038412c7fd8e551e3fc862092cbb5d529b95d23ed45a727,2025-05-02T15:46:11.650000 -CVE-2025-25895,0,1,27806be7464ccaef1e3748718e704f196b2abcf2da8cbebb426a7b632be75e1f,2025-05-02T15:46:08.903000 -CVE-2025-25896,0,1,76f3db5e3554ecb5d100610170be24c700822e32b1b080d12375fbd4bdb89afa,2025-05-02T15:46:07.087000 +CVE-2025-25891,0,0,9e484ab9c5984fc20df0dba816da15ef16e5f0aabc00e030699075739b1d1a68,2025-05-02T15:46:16.683000 +CVE-2025-25892,0,0,6ba20f1e750b835ef191d285d13e46fbfc2d343b1885fe9e0725ece1daf6cbb2,2025-05-02T15:46:15.050000 +CVE-2025-25893,0,0,6b3579d2a8c9fe12915d5423c2d6bec493f137319ba0c05f7bbd9468ea2ed433,2025-05-02T15:46:13.270000 +CVE-2025-25894,0,0,01634927cfef0c29e038412c7fd8e551e3fc862092cbb5d529b95d23ed45a727,2025-05-02T15:46:11.650000 +CVE-2025-25895,0,0,27806be7464ccaef1e3748718e704f196b2abcf2da8cbebb426a7b632be75e1f,2025-05-02T15:46:08.903000 +CVE-2025-25896,0,0,76f3db5e3554ecb5d100610170be24c700822e32b1b080d12375fbd4bdb89afa,2025-05-02T15:46:07.087000 CVE-2025-25897,0,0,d9674c7c5fd9fd9b94366bbedbd501cc02c9ad2f3e9c6fed49cb7c232856e839,2025-03-18T16:15:27.567000 CVE-2025-25898,0,0,d58b45df31d2ab16820300309437bcd9af06cdd7005531ff67ae87c6f364cbef,2025-03-18T14:15:43.617000 CVE-2025-25899,0,0,0a94e1ac94f2348ced8620095f1a1cdbc8d00da1d929db972e382fd33828a613,2025-02-13T20:15:49.913000 @@ -288485,7 +288597,7 @@ CVE-2025-2819,0,0,38e9c36ae873a346ecdd7625eb6881a65dff946dea1e4d5fe1469a7230964d CVE-2025-28197,0,0,6014e266f4224c57ab1bd75f113da4696d8d67e68cf26ea7681631f15433ac64,2025-04-22T14:15:25.370000 CVE-2025-28198,0,0,73ff852cc2b9fbbbd6178c29b242eef1218bd0b40968701e88342b96e8ec1dbe,2025-04-22T18:24:06.670000 CVE-2025-2820,0,0,6cdeb95f9b6504397d792f97c785fc6adf2ecfa6c7ab16f1c8d1d83356fe06c9,2025-03-27T16:45:27.850000 -CVE-2025-28219,0,1,73203faaf55a8ace77f11100b9d76e7bf17216f95afab115624d10c911f31ad0,2025-05-02T15:41:20.993000 +CVE-2025-28219,0,0,73203faaf55a8ace77f11100b9d76e7bf17216f95afab115624d10c911f31ad0,2025-05-02T15:41:20.993000 CVE-2025-28220,0,0,2a9be01002f1dc2b4672c8acd71b54a7682229a546db55168a55598e83138fce,2025-04-21T19:15:19.847000 CVE-2025-28221,0,0,050434b4c9ad2db9b6e4bb33db878b308452bb320dec39f8513786fdc4e1e2c7,2025-04-21T19:15:19.973000 CVE-2025-28228,0,0,8049707a4d8b13c0b8aabdf604ba50d14afbcccd2f51d39c0b43374a0646e314,2025-04-22T15:16:10.817000 @@ -289820,7 +289932,7 @@ CVE-2025-31286,0,0,e856201c9b42834f1c9528734a2606281893fc23418757a05099912d18c27 CVE-2025-3129,0,0,9ce9125356a6ba22d5c34f89147622c417a2440c2d1cce155406586438a1f6de,2025-04-15T15:16:09.733000 CVE-2025-3130,0,0,3331839c90977481f0952c53c01c561e7ce3f9a4b6241dc2a679ea9232965364,2025-04-29T13:09:32.353000 CVE-2025-3131,0,0,22058460edb80eeb28e47627ce19a90708c04371cfdf5beafe6e1efa2f6db14c,2025-04-22T16:16:30.543000 -CVE-2025-31324,0,1,7759623834dc54a2c029ae7ddc9444fd47cb4c2e713c257679f56e55251a3418,2025-05-02T14:22:39.743000 +CVE-2025-31324,0,0,7759623834dc54a2c029ae7ddc9444fd47cb4c2e713c257679f56e55251a3418,2025-05-02T14:22:39.743000 CVE-2025-31327,0,0,32f90adc396c5de5b649e8fa5cbb5b70c97a786ce6ce173df87cdac30806552e,2025-04-23T14:08:13.383000 CVE-2025-31328,0,0,7562727b37bc696206e3437191848ea7fd9fb71483caff96e2687c6513ba8732,2025-04-23T14:08:13.383000 CVE-2025-31330,0,0,9b648c9ab2cbfab0d4ac3a100d1bd1b8fecdcaefd29ce618613bbd2f9e42ddfd,2025-04-08T18:13:53.347000 @@ -290913,7 +291025,7 @@ CVE-2025-32730,0,0,44cce1a9327b117b4904f0c237377c22ba67547a2108fe2d846b0c147958e CVE-2025-32743,0,0,22cd88375a4ea091d730f6e11751ffcb7fa9bb31f6c5963a03a37755aa77afd4,2025-04-11T15:39:52.920000 CVE-2025-3275,0,0,21a93c4b8629a3b2ced7ba0d70601ec8bc49832622baa8caefb367590d177cbe,2025-04-21T14:23:45.950000 CVE-2025-32754,0,0,b06e63b88f7bcd6c413b62f3af573f57520ee0eb9275ec793f6c9f8573602933,2025-04-11T15:39:52.920000 -CVE-2025-32755,0,1,e32d4749fcafcf69dcb6ba1ca9a1a70329867db7030a0a3a6955b6405162d04d,2025-05-02T15:54:54.490000 +CVE-2025-32755,0,0,e32d4749fcafcf69dcb6ba1ca9a1a70329867db7030a0a3a6955b6405162d04d,2025-05-02T15:54:54.490000 CVE-2025-32757,0,0,c640364748c5c666fd6dc8aec9d84948af9deb15cd9711efe75ce6833fb0d8c1,2025-04-11T03:15:13.903000 CVE-2025-32758,0,0,d3608f6f13a9a5b49230d2ebeae393f102196b87b92e834ebddf934752919dc3,2025-04-11T03:15:14.427000 CVE-2025-32759,0,0,4ec2028500fce9598ebd65d94b8913a1d569360cd32f22b47c68102fcbfca47a,2025-04-11T03:15:14.477000 @@ -291248,14 +291360,14 @@ CVE-2025-3491,0,0,764070d57369c52ed17db36acb0e46c080442745adab2da0d65d4052df55b4 CVE-2025-3495,0,0,fe640c81a3ed6a86c53f35442fa10e181d645418d808dffc6fff69a3880ca71e,2025-04-16T13:25:37.340000 CVE-2025-3501,0,0,b44a31b094864acab1ff386cddcad3fda5c65db85ee8c99ed4dbb344cd7aad09,2025-05-02T13:53:40.163000 CVE-2025-3502,0,0,75ea32fa2cd3fbdf71e1847d08b2644a5241af01cabb2715d0c1eb4ee6a64f64,2025-05-02T13:53:40.163000 -CVE-2025-3503,0,0,07fe8da0869b4a454d44b70dc77aec76d795a06bdaad4ac14a8f08821ff68d29,2025-05-02T13:53:40.163000 +CVE-2025-3503,0,1,dae0628adc43b14b68f1da17370d760cc84055dfc589ba20f5fb641b8716dbb0,2025-05-02T16:15:33.967000 CVE-2025-3504,0,0,72cd130b49f2d89e20a116b54430e1cab72e695ada1889705d48b9c4ab492336,2025-05-02T13:53:40.163000 CVE-2025-3509,0,0,96ce11e8415b6fa7a6d814b563a660b77be726c43a7ecd1b450b2b36646bd53b,2025-04-21T14:23:45.950000 CVE-2025-3510,0,0,7c0f264e12a5039875c9c81686107e1b94b438d7be8ed9d715409f0b7960f9c1,2025-05-02T13:52:51.693000 CVE-2025-3511,0,0,2581a75036be8d737bc9c5afcbd1a9fd25ea23392ab1ff727e244646bbc80fb2,2025-04-29T13:52:28.490000 CVE-2025-3512,0,0,20d5b7a0c651482d59ceef752919a6e419c7dc684bf79b235343ded68357dd77,2025-04-25T18:15:26.103000 -CVE-2025-3513,0,0,8263476286e1ee8865b18f1e6f509bc3dfebdd3cec1852d12f1cc8b73d42bc00,2025-05-02T13:52:51.693000 -CVE-2025-3514,0,1,80a5abb94a2b98ae1e1466350c8bce406d5f2a08c26c60df0edfd237d223acec,2025-05-02T15:15:48.797000 +CVE-2025-3513,0,1,7555376b3d276729a4f16a4aa64c4353d574fafba10c8aaad831c08d523e299c,2025-05-02T16:15:34.100000 +CVE-2025-3514,0,0,80a5abb94a2b98ae1e1466350c8bce406d5f2a08c26c60df0edfd237d223acec,2025-05-02T15:15:48.797000 CVE-2025-3517,0,0,caae9b762b2b0d64aa0f9ebb783adbaa4fa4e334c60ca53468bdb1f6904da50c,2025-05-02T13:52:51.693000 CVE-2025-3518,0,0,7497563947f75b629887a4413d991889fb74f762947f73f77cc72069a35bed4e,2025-04-24T15:15:58.393000 CVE-2025-3519,0,0,7a1e772e7e1a4f83fd384db353598690580e540b87458701710d69fa7ae08b1c,2025-04-23T14:08:13.383000 @@ -291487,8 +291599,8 @@ CVE-2025-37793,0,0,fbb8796400c973d011fa893397fc9cc5a0a16f7cdd4b9da321bd46d04bac7 CVE-2025-37794,0,0,6754d7a634587cb009194a8f50edb6dc8531e07b4f77e0131ea9b58c7ed16925,2025-05-02T13:53:20.943000 CVE-2025-37795,0,0,5f43e8ceb755c5733fd8a35ddc7331855ed93d7583ae7af5b4b692f304a02d90,2025-05-02T13:53:20.943000 CVE-2025-37796,0,0,428030d0653a748175c71827ea4c9ae20b71774709349878f4ddda1cd95c0c1c,2025-05-02T13:53:20.943000 -CVE-2025-37797,1,1,fd425782a48b046881f128317728db45417b5f38b0527d9336a706a21c37dd5f,2025-05-02T15:15:48.557000 -CVE-2025-37798,1,1,068915ee94d82c87e0b618724118634cebedff326c7a2b7bd3db281318e4f527,2025-05-02T15:15:48.657000 +CVE-2025-37797,0,0,fd425782a48b046881f128317728db45417b5f38b0527d9336a706a21c37dd5f,2025-05-02T15:15:48.557000 +CVE-2025-37798,0,0,068915ee94d82c87e0b618724118634cebedff326c7a2b7bd3db281318e4f527,2025-05-02T15:15:48.657000 CVE-2025-3783,0,0,08564e7625cce7923d54746f30fbc8f13bf12d9607faa6a7346084b96420b3f3,2025-04-23T18:03:35.193000 CVE-2025-37838,0,0,4627751962794eed95b754bca312ed3f7d5516acc6a64aabcd85c08f967ca274,2025-05-02T07:16:04.937000 CVE-2025-3785,0,0,34d9097de5cddb801f390505cfe685b8a98c847bdfd442c3d9a27ba845f11ce9,2025-04-21T14:23:45.950000 @@ -291566,6 +291678,7 @@ CVE-2025-3868,0,0,e109e29b4a56b298e188d2d4af5984428468734c332a2ae4218688aa746fb7 CVE-2025-3870,0,0,5d27427174a3606bfdd389a0cb245ecba9bd450174244992e8a6859595ce8c31,2025-04-29T13:52:28.490000 CVE-2025-3872,0,0,26604960001ce7e7efc01090e0c7f3ace8c54075c9f64bec667f2f9d611a1cbd,2025-04-29T13:52:47.470000 CVE-2025-3874,0,0,6f40e3d39b6867e250410377f21661a57584f341874166288ba33645e9fadbe8,2025-05-02T13:53:20.943000 +CVE-2025-3879,1,1,e186d5636519773339de92db123d68c5e49f15776f15e8d7a19230f5e4c55f4c,2025-05-02T17:15:51.273000 CVE-2025-3886,0,0,f9805f0706b699e818a837c8b7b69b045e46e370a62bab3d99d660c6876ebab1,2025-04-29T13:52:10.697000 CVE-2025-3889,0,0,b79eed537f7f75b8be829178fa23600e0dcb131cfe872f334b4d34c6a07d7707,2025-05-02T13:53:20.943000 CVE-2025-3890,0,0,c88622688d0063f87155ef166d3c4fd05f8aa924c32d68b3f6aeff89a37177cb,2025-05-02T13:53:20.943000 @@ -291583,8 +291696,8 @@ CVE-2025-3912,0,0,57d1aac638d5ebb58a5040fc8c1c81dae68dc606378b1f0b3ea535593bbf24 CVE-2025-3914,0,0,39dc48efa45cfb63bb1da9177bab074344fac91433ba43912e542c027c8ca801,2025-04-29T13:52:10.697000 CVE-2025-3915,0,0,7ef07e3557a0599cd61ae2360c99d37066278383396fda2be6ec28859bbb442d,2025-04-29T13:52:10.697000 CVE-2025-3923,0,0,ee152c7f1a42d63e1ca21cb1c49adcbe2fb8c27f05521d2bf1672c2da0c26904,2025-04-29T13:52:28.490000 -CVE-2025-3927,1,1,99395dd1b1b1073ebbb09d96688796d20b780a20d90222e04124b41bb8fb9be7,2025-05-02T15:15:49.017000 -CVE-2025-3928,0,1,d46b9c14e7aba95c51abe31baac71f7d9ed492709d856a746740d4fe91efaa0e,2025-05-02T14:15:28.413000 +CVE-2025-3927,0,1,9d4990b47789dce40b6ef7685dc00d0cccd4e67e2ae4c3634787a9e35c6249df,2025-05-02T16:15:34.273000 +CVE-2025-3928,0,0,d46b9c14e7aba95c51abe31baac71f7d9ed492709d856a746740d4fe91efaa0e,2025-05-02T14:15:28.413000 CVE-2025-3929,0,0,de5bd9ea37e87b389d88e7805d481de3e4f7a35295f779431804939babdded05,2025-04-29T13:52:10.697000 CVE-2025-3935,0,0,80d75d2841d93927d14c762eb28687b5d04ff0b86b4afd1b2a25489128931894,2025-04-29T13:52:28.490000 CVE-2025-39359,0,0,8cade7eb5a0a3d62159777effed30e36c7660bd8375986e1563b0eb49736a1f5,2025-04-29T13:52:47.470000 @@ -291857,10 +291970,10 @@ CVE-2025-4077,0,0,272c7248efc7694a5e7270d6f56922c7b5b3c232e80cdf13827cdcd44a106c CVE-2025-4078,0,0,4b8b5e7f15fa37ae5bc923ff04abd72923f120f9d21e9b75dc1df139d8ff0dd5,2025-05-02T13:53:40.163000 CVE-2025-4079,0,0,9593bf503b56d440fe8b8259764cf12b00cac57c9d213015e5acbfaee42ce05f,2025-05-02T13:53:40.163000 CVE-2025-4080,0,0,cf29ce5cddb15ab0e3f95ee769dfb28cd48ff38f7c0dfa84492ec231b2348f76,2025-05-02T13:53:40.163000 -CVE-2025-4082,0,0,c45776b4396d8a1d147336a11f2313d8c5a88fa4897f02bacf77bdb504271583,2025-05-02T13:53:40.163000 +CVE-2025-4082,0,1,5c24e4d96fb6dd0fdcb409f0720c443d710f6e9ad7a5056725092d6a679c2961,2025-05-02T16:15:36.307000 CVE-2025-4083,0,0,cdcf5c2a5cb68ffeb2afcda2652a48719e8489dc88b5d1c22e16eefe572f422d,2025-05-02T13:53:40.163000 -CVE-2025-4084,0,0,756a887e0347aaa729841e5e6b167b44c799062aad05e69bf0a023164d33e24b,2025-05-02T13:53:40.163000 -CVE-2025-4085,0,0,e5fd43f76a962a993b1eec9377fc08c7bc0f7f83299fe3c8ac11fe1dc24b3739,2025-05-02T13:53:40.163000 +CVE-2025-4084,0,1,b7c8fe55f640f288c7b703e13209ce46f837419088fecd64932b65119ea0bd5e,2025-05-02T16:15:36.460000 +CVE-2025-4085,0,1,f5f7891266763651cf59601cbdb1eba6a0b2c6954397910b9659f923a1f60f0a,2025-05-02T16:15:36.603000 CVE-2025-4086,0,0,0574716cc7861bdd2364676c2b9318611aba174e07fb35cc8d3b5a48912f2348,2025-05-02T13:53:40.163000 CVE-2025-4087,0,0,8ab1960de29781f55a17f555df721aa14a8a5eda86d385c1b46435e961cccda5,2025-05-02T13:53:40.163000 CVE-2025-4088,0,0,3357caf65802eb6f64b057ac56fcc1f570762a474f5de2a1a91a9892815d3247,2025-05-02T13:53:40.163000 @@ -291920,7 +292033,7 @@ CVE-2025-4161,0,0,ee2c706594848e11384fe5ef1e6e35d93353d7da4058845cd1624cdaa525e8 CVE-2025-4162,0,0,7e10fa2470ae962b46ab388d05de45b5591811aba32b28606d9620eb7e852f31,2025-05-02T13:53:20.943000 CVE-2025-4163,0,0,29ac9ba1c8bd926d6c4edac17368f59486932ffdeebafc07e8573eb8cebad78d,2025-05-02T13:53:20.943000 CVE-2025-4164,0,0,bccdadbad41a6a84cd3849ec0d2f02992a2e0237fe52168fb01ea661d928569b,2025-05-02T13:53:20.943000 -CVE-2025-4166,1,1,e3f57dcf82716d685569118e3c73d3c8b93af040f29e8d8c0f5a59e5577ccfae,2025-05-02T15:15:50.313000 +CVE-2025-4166,0,0,e3f57dcf82716d685569118e3c73d3c8b93af040f29e8d8c0f5a59e5577ccfae,2025-05-02T15:15:50.313000 CVE-2025-4173,0,0,cfd9917f81d91976b4924a0964ef70ff39b3c5b261bafa8de564ec1bd42cc930,2025-05-02T13:52:51.693000 CVE-2025-4174,0,0,4581911a7ea3231d50f39b27f21b0295910b0e4a33aa4237284e4df7f599036c,2025-05-02T13:52:51.693000 CVE-2025-4175,0,0,21c0d7f4fbdaf89b9b7c5307a4ed4fa92b5522085932b988fcd1f4ac80a1a8fc,2025-05-02T13:52:51.693000 @@ -291942,6 +292055,7 @@ CVE-2025-4195,0,0,51783effc4ccb0ac890cda440d76f44c17423cb78c6bb422e3a1061984fa5c CVE-2025-4196,0,0,d68521a62f66db6887e049a1e4fae1a290e42f6fdb39222b99ae3fd5cb96f9df,2025-05-02T13:52:51.693000 CVE-2025-4197,0,0,63d523c99e489842581a169bf80104bc82c8dcd37c61d6e4948d72615770ad6f,2025-05-02T13:52:51.693000 CVE-2025-4204,0,0,b9df2a1e113f2262dc1922a48306035d7f1d7459c849de132b9aee720dbefb55,2025-05-02T13:52:51.693000 +CVE-2025-4210,1,1,af861b701427c03cc1825521a8f85486a15b444e199aec55a73933be4bb55862,2025-05-02T16:15:36.743000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000 CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000 CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000 @@ -292013,35 +292127,35 @@ CVE-2025-43972,0,0,6cf5ff80d84e20a9d9ef8fb7311e786d26897e991bd2151d39ead59adce39 CVE-2025-43973,0,0,13dab0fb1f701205cfd9cad27015dccaf756a3a9efa54232fb7a7485989ce4fa,2025-04-21T14:23:45.950000 CVE-2025-44134,0,0,c0decd3d363f604830285cd961562924fffe823a249ba621863dcb721cf11427,2025-04-29T13:52:47.470000 CVE-2025-44135,0,0,2f14d8cd913bdc3dc0575273f090317f2dea5d37f51e4b759398031eab8adf71,2025-04-29T13:52:47.470000 -CVE-2025-44192,0,0,56be6ca117483cc64ede837536117c9ac2e9d51dff317852af0c12a451597c9e,2025-05-02T13:53:40.163000 +CVE-2025-44192,0,1,ed5b4ee2738ebde9b5e5926e31cf4f80d3be65ade8a2de02de84ac482777d480,2025-05-02T17:15:51.680000 CVE-2025-44193,0,0,8e3446e8c517f20275f85ac9db81ba70e2c0afd8559e9a475c537634c8b58ddc,2025-05-02T13:53:40.163000 CVE-2025-44194,0,0,08f734df9b54f87956278e7ba5d08b91c6afc88ee781f4fc078501c91f53a8d0,2025-05-02T13:53:40.163000 CVE-2025-44835,0,0,d982fb3907b5881c37094ad12cd5f5e55e57f266f5a6653ca05c4e9bf8f13027,2025-05-02T13:53:20.943000 CVE-2025-44836,0,0,9ce7e1eff07f63ae1e49858278680b6496f51c2b12980cfdc9631faf6a9542d4,2025-05-02T13:52:51.693000 CVE-2025-44837,0,0,7e27594af6ad55362f1076b04e07188c339d20753366eb4c11585500732bc255,2025-05-02T13:52:51.693000 CVE-2025-44838,0,0,3aa718735e4e9d8b05e6e553eee70119ea2f1f208bcb28fbf8bf94a55568c2f2,2025-05-02T13:52:51.693000 -CVE-2025-44839,0,0,1c84bf5a37f467f382a2a1f06603fccc2f05bc45033b900114d413969b446183,2025-05-02T13:52:51.693000 -CVE-2025-44840,0,0,d81674ccc0033942d6e09329deeb250de0be2517ae811baa13b17b087e52cfd2,2025-05-02T13:52:51.693000 -CVE-2025-44841,0,0,1c0ec6d4c104c4f11eb5aaac289dc5e186a0c55c6fe364291330d508b4a044ef,2025-05-02T13:52:51.693000 -CVE-2025-44842,0,0,1c6fefc70c7557f4a880fec602d79b2db3b94f8fe706d5c95e260a01bfa5d3c4,2025-05-02T13:52:51.693000 -CVE-2025-44843,0,0,e38ed8875ac9677c17ac14cc7e2b005f64f996ee31980935d7d02ba7b7ff25b1,2025-05-02T13:52:51.693000 -CVE-2025-44844,0,0,d1ca8be6d3c32b2a2bc48de327fd0075c2484742b999a33cb696667d2384ed57,2025-05-02T13:52:51.693000 -CVE-2025-44845,0,0,36fde3840ad5c4bb8011628c59d2c568e64deafc926b0d9c42be4936ec64e156,2025-05-02T13:52:51.693000 +CVE-2025-44839,0,1,3c004604795dab7da2d5f8763eaee6f51f0a7bb534f2b1f88191c423bd6c9dca,2025-05-02T16:15:34.367000 +CVE-2025-44840,0,1,ddb722416c42d9227b0b2f620516e885d78effa39a002acbfa29f56ca3c58f9b,2025-05-02T16:15:34.520000 +CVE-2025-44841,0,1,10de2edebcd232a788db2dda90363adcb78a74f419843e9cdaca7f28dc4c6d2a,2025-05-02T16:15:34.667000 +CVE-2025-44842,0,1,95714e206151326e57ce1b268022bcaee564d4fa5af63cb7303f07cd5de7d475,2025-05-02T16:15:34.813000 +CVE-2025-44843,0,1,0ee33823c9321a7c2111168449fe288e0f7ccd1d3e0ec5472330f273d62a748c,2025-05-02T16:15:34.960000 +CVE-2025-44844,0,1,bb122eeedc786b519321a4a37f710e5028c383f3b1cc044a5a324a13060a13ab,2025-05-02T16:15:35.107000 +CVE-2025-44845,0,1,9c106a8de9e749ebbe08ad3d4ef50b67e408ab31cd25701c2da1c23926d5480a,2025-05-02T16:15:35.263000 CVE-2025-44846,0,0,e728b98aa5cce2c29acb05e553afcf8ed83e22fb77ed5a0077649287c2b1a11e,2025-05-02T13:52:51.693000 CVE-2025-44847,0,0,74962b830daa5c81558ba548eb81bc04d605e349c961331d9a78286e266a2882,2025-05-02T13:52:51.693000 CVE-2025-44848,0,0,b29cc4c4400aec7b307405263b58aa266b4944c16adc23f2d7221dcf03d43377,2025-05-02T13:52:51.693000 CVE-2025-44854,0,0,6546f64e14d0ee61d1178ec4b3d03630e65ce8bea9d71a02975a5c4628be3c35,2025-05-02T13:53:20.943000 -CVE-2025-44860,0,0,5b2e34791539c09f6eb1ea4a221f5baf31b01037fc2c74798386162b88c364f5,2025-05-02T13:52:51.693000 +CVE-2025-44860,0,1,b56dcf16fb5e432ffc6ded95b1fbcb9e6d92d94cd275b44d8cc517852314e7df,2025-05-02T16:15:35.413000 CVE-2025-44861,0,0,e539fb27b68c0787c1ca9b17a305bf6ec1dcef7ec0211c132a0111f34df81470,2025-05-02T13:52:51.693000 CVE-2025-44862,0,0,abeb68eeb070a3d2f2d244c089782f7ed2724e9cc97c3535da82a6061b4f7dd2,2025-05-02T13:52:51.693000 -CVE-2025-44863,0,0,35d2305430a6f321e47aa85f948621d2e8cd83175812951e5ba818d4e4fee556,2025-05-02T13:52:51.693000 +CVE-2025-44863,0,1,9e170848962e3d0f42f45fd8a134f474401add176f622a5cff36fcd6b19f8ac6,2025-05-02T16:15:35.563000 CVE-2025-44864,0,0,7789f6d26f480117ab5f1e9e3fff36b83532a523dbd6053bdb908ae4f2d1cf8d,2025-05-02T13:52:51.693000 CVE-2025-44865,0,0,043e220304104c7f3f6b8f160744f5f3d19d02fad79a60b921987acb06a268e5,2025-05-02T13:52:51.693000 CVE-2025-44866,0,0,62ea0f3cc3e057b399b7e4d73c393f9ff587e75eb26373d868c78905b614bdcf,2025-05-02T13:52:51.693000 CVE-2025-44867,0,0,5d834ef889f696c090fb8c7cc0755641a0d17fc5fa997f4007ead308bd8dbbee,2025-05-02T13:52:51.693000 -CVE-2025-44868,1,1,bacfdb9d6ad38ee3b3a17d98d8057a8fc63513aa9c9fd12162c575d6d7d7edf8,2025-05-02T15:15:49.123000 -CVE-2025-44872,1,1,3a2eeb5df5d07c65cf058a81c733279464ff8402fea97f93cf8506de82cd047c,2025-05-02T15:15:49.227000 -CVE-2025-44877,1,1,d700299d5421e6aa9972ade26f97327176dc85c16c66285e59c2b912e62abce2,2025-05-02T15:15:49.323000 +CVE-2025-44868,0,0,bacfdb9d6ad38ee3b3a17d98d8057a8fc63513aa9c9fd12162c575d6d7d7edf8,2025-05-02T15:15:49.123000 +CVE-2025-44872,0,0,3a2eeb5df5d07c65cf058a81c733279464ff8402fea97f93cf8506de82cd047c,2025-05-02T15:15:49.227000 +CVE-2025-44877,0,0,d700299d5421e6aa9972ade26f97327176dc85c16c66285e59c2b912e62abce2,2025-05-02T15:15:49.323000 CVE-2025-45007,0,0,6ffa8b085097b8f4fc5e29bf0e6d52d2d49b887a52741886be19907646fbc723,2025-05-02T13:53:40.163000 CVE-2025-45009,0,0,0dd4c5d916c320ec1d3f1c18f03f979fd461212f9f78a87f6f450530c388bdf1,2025-05-02T13:53:40.163000 CVE-2025-45010,0,0,ee2e4c1f1d11edfe92994ff8553c3327a68447e4da1c5cecaef688ae9d424cca,2025-05-02T13:53:40.163000 @@ -292055,6 +292169,7 @@ CVE-2025-45021,0,0,0570c2ba1a9bca30da6999bec8772c055b0034e01feec4d7b897bff6a185f CVE-2025-45427,0,0,2acb289b4531d79e0a4fdda0743ea875280a2030836ee1f38a4e78112f2ff823,2025-04-30T13:51:20.023000 CVE-2025-45428,0,0,a55753fec0ea61e23d5357aef97cfebf259250af906a54fae9de1214ab7deb77,2025-04-30T16:12:11.190000 CVE-2025-45429,0,0,32099a126e41e157c073e4b282e42326bf59a85e3c0de57c5dd11afb3e22532d,2025-04-30T15:48:51.963000 +CVE-2025-45800,1,1,a77d3a8dbf101835cb427b4c2e8f5bcf9b064432ed9cdca7565eb017dda72333,2025-05-02T17:15:52.423000 CVE-2025-45947,0,0,359c9dbf14e503988017d67aa788a499a7ac3bca9ffc4dc379e7011548317f85,2025-04-30T18:59:47.113000 CVE-2025-45949,0,0,2cec517c1301a76b89b8ccefb135dc95210f8464628904a6679478252432eda9,2025-04-30T18:03:41.357000 CVE-2025-45953,0,0,4ae22ace1fa79622bebb714ee3a1b2bc44139600b15fc188f0269a639daf29ec,2025-04-30T18:03:25.497000 @@ -292112,6 +292227,7 @@ CVE-2025-46328,0,0,7c8abb208ccc6523eb572224383664c267b257283cd234f2c823864189702 CVE-2025-46329,0,0,1d8b0b655c5ee4be78d21cf937cad34a0490b04921710a8a7012c30d06a788f3,2025-04-29T13:52:10.697000 CVE-2025-46330,0,0,51af3999ada150afbbf505b46b013fc8998be7f881a043ebf16b2f9bf195bef4,2025-04-29T13:52:10.697000 CVE-2025-46331,0,0,361ec4e6d8671e18323b0342483f801d5e5ac6de37d5bb066d6159aeff4b631e,2025-05-02T13:53:40.163000 +CVE-2025-46332,1,1,96c2c457d28c67b449d8bc341e96f939c65e42814860e9980e4634cb0c192469,2025-05-02T17:15:52.947000 CVE-2025-46333,0,0,4ca215b72a98284b0530b719160d5251f8056ccde380184cb21e0e8b208b2507,2025-04-29T13:52:10.697000 CVE-2025-46337,0,0,9fa93dcfa0ecdd54bd97aa8c766f3b68148772ce860fa69b19dac15435faa8d8,2025-05-02T13:52:51.693000 CVE-2025-46338,0,0,8dd5ab3bf26120dbbf3d57add19341ad71bb2d2b518d4a3f65a5105f8b059051,2025-04-29T13:52:10.697000 @@ -292238,7 +292354,7 @@ CVE-2025-46560,0,0,3be426986ff05bf7a7a319430354e149a50534bcceaf7a085c479cb575739 CVE-2025-46565,0,0,d1d6a5d5b7358f2c6f1fcb295b40e81d22ba1416131f5f86b1d11d1358be17ff,2025-05-02T13:52:51.693000 CVE-2025-46566,0,0,e39914cf0cac20ec11d8f2566a9c7e95c25ba0b80bd93001f950f0a405ceb7f3,2025-05-02T13:52:51.693000 CVE-2025-46567,0,0,ddefbf91314640e1921c7c0feff34c892e0e5325a39f97d081653b321818271d,2025-05-02T13:52:51.693000 -CVE-2025-46568,0,1,85cbce905aedc800ce4a46bcc89f6b848f137b5459d1a5ef40ca461bc9c177ba,2025-05-02T14:15:19.860000 +CVE-2025-46568,0,0,85cbce905aedc800ce4a46bcc89f6b848f137b5459d1a5ef40ca461bc9c177ba,2025-05-02T14:15:19.860000 CVE-2025-46569,0,0,596192ea2f2bcb27dcfadc2be8975c11484ebb4929879c1b0161098a09bd2300,2025-05-02T13:52:51.693000 CVE-2025-46574,0,0,92478992098cfd3e1c073cf382d77a474f9304fa70a4c0ac8d3d7924ea977234,2025-04-29T13:52:10.697000 CVE-2025-46575,0,0,2f0a5b24310dd6fd0827bf911a3730e65f94967c7a1c701ec5837ae7adf431ee,2025-04-29T13:52:10.697000 @@ -292255,17 +292371,17 @@ CVE-2025-46616,0,0,a3467bedc13913153241aada047204661f44b5d0ba1c446ec0cc09c7d5e14 CVE-2025-46617,0,0,a067c3a85663b48a7bac38fc9c3c5761c1c7fcff2b5288d6d48d5707712e1ac2,2025-04-29T13:52:28.490000 CVE-2025-46618,0,0,c3b67f9c650592ec3402578e92b748c7bba440b755336274cfea73fc21e2f82e,2025-04-29T13:52:28.490000 CVE-2025-46619,0,0,c5f8521929961825f3a341159245d16322bdfd3dc470925973ad2b683316444a,2025-05-02T13:53:40.163000 -CVE-2025-46625,0,1,a4020db5d84196bb7236fd119d87901296251705b0b6319c4c613bbd10db6c4a,2025-05-02T14:15:19.957000 -CVE-2025-46626,0,0,73e52842231a41e0cc8ab7d5981bb1c16d5dc46e37b708c867c125c59b05b992,2025-05-02T13:52:51.693000 -CVE-2025-46627,0,0,1e2b5163cf260cc715d2704d8f8c619a3564f387064989cefa2bbd6cd835477c,2025-05-02T13:52:51.693000 -CVE-2025-46628,0,0,e8ad84791b839e1b2913ab7a9e1fdb39b767e97dbbcb1e9a38a580ea2144764f,2025-05-02T13:52:51.693000 -CVE-2025-46629,0,0,d53d2b63b67155fa6ed7f1f084e19cc4fe32db5e9e4a2c7d518a8d026ca3f895,2025-05-02T13:52:51.693000 -CVE-2025-46630,0,1,a3a6697ecfc0c974fb75e439adae9374a3a20608b7a562090d0181284329eeab,2025-05-02T15:15:49.420000 -CVE-2025-46631,0,1,3fe64498ac4baac5ba9a3c61fece83fcb9651dee0d77338da5bb22db3108fa6d,2025-05-02T15:15:49.560000 -CVE-2025-46632,0,1,52f47ec58e7fd69b976738233f12afb82b8085dae61dd90b780f0470f186eacc,2025-05-02T15:15:49.710000 -CVE-2025-46633,0,1,6b6f5da8eef4030c68f5b890f90642a926975852a7646fb44901989a430c16c6,2025-05-02T15:15:49.853000 -CVE-2025-46634,0,1,b5d1f14304eec2954ae8692e99c221eabfc27952ef39b61845ef4c57e120173f,2025-05-02T15:15:50.023000 -CVE-2025-46635,0,1,f0428cbb9cdd5b570fff302fa22c22c7a31992cb84e57bee0a902fc2c26bbd68,2025-05-02T15:15:50.167000 +CVE-2025-46625,0,0,a4020db5d84196bb7236fd119d87901296251705b0b6319c4c613bbd10db6c4a,2025-05-02T14:15:19.957000 +CVE-2025-46626,0,1,0c6b8fbe19684ab116f5ef9ba0eb9c7bdfce472ef0372abb9ba8f4951751ead5,2025-05-02T16:15:35.710000 +CVE-2025-46627,0,1,da1bb06018ab6207250b07273f4772e6a602944ed053ec2685691b0044b3d30b,2025-05-02T16:15:35.860000 +CVE-2025-46628,0,1,6cd5b995c7358b36b3ec5d1f21dc18509137278a23620bc8bff19964f420ed87,2025-05-02T16:15:36.010000 +CVE-2025-46629,0,1,45a3e22a97e54a4260ec0a89b97d64a10e7c655891fa07d3460c5ab5e727d81f,2025-05-02T16:15:36.160000 +CVE-2025-46630,0,0,a3a6697ecfc0c974fb75e439adae9374a3a20608b7a562090d0181284329eeab,2025-05-02T15:15:49.420000 +CVE-2025-46631,0,0,3fe64498ac4baac5ba9a3c61fece83fcb9651dee0d77338da5bb22db3108fa6d,2025-05-02T15:15:49.560000 +CVE-2025-46632,0,0,52f47ec58e7fd69b976738233f12afb82b8085dae61dd90b780f0470f186eacc,2025-05-02T15:15:49.710000 +CVE-2025-46633,0,0,6b6f5da8eef4030c68f5b890f90642a926975852a7646fb44901989a430c16c6,2025-05-02T15:15:49.853000 +CVE-2025-46634,0,0,b5d1f14304eec2954ae8692e99c221eabfc27952ef39b61845ef4c57e120173f,2025-05-02T15:15:50.023000 +CVE-2025-46635,0,0,f0428cbb9cdd5b570fff302fa22c22c7a31992cb84e57bee0a902fc2c26bbd68,2025-05-02T15:15:50.167000 CVE-2025-46646,0,0,777aacedd29eb87d2f3d4179421a3b07a825895319bd1804480c003b4bbcf895,2025-04-29T13:52:10.697000 CVE-2025-46652,0,0,9d812ecaad689bd29eeb08cd6e51fc2313308ed71660c22dce020d578677f79a,2025-04-29T13:52:10.697000 CVE-2025-46653,0,0,3b6009fc3a51ec55453aaec5d1f7a19d2114d1ff8e2f811535a6f418b5dab168,2025-04-29T16:15:37.150000