admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-05-02T18:00:19.871104+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-05-02 18:03:55 +00:00
parent 899408f9e8
commit 1cdd301d80
161 changed files with 6905 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

555
CVE-2004/CVE-2004-02xx/CVE-2004-0230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2004-0230", "id": "CVE-2004-0230",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2004-08-18T04:00:00.000", "published": "2004-08-18T04:00:00.000",
"lastModified": "2025-04-03T01:03:51.193", "lastModified": "2025-05-02T16:40:41.530",
"vulnStatus": "Deferred", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -55,6 +55,362 @@
} }
], ],
"configurations": [ "configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.4",
"matchCriteriaId": "4B07F91B-3981-423E-9ECF-752CC64D4E03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:-:*:*:*:*:*:*",
"matchCriteriaId": "5C947EA2-329F-4AC7-A1F4-64164C20CC4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "926EDB84-E8C5-4030-8B69-CDA9BF1A9D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r10:*:*:*:*:*:*",
"matchCriteriaId": "8CAECB8C-6B4D-440C-B031-2CF3061393DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "BAD7336D-EAAC-4817-9D3A-5664B0AAE6AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "BC336F14-5D8D-4B28-8F47-2A5EFFC7800C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r4:*:*:*:*:*:*",
"matchCriteriaId": "C47F92DD-59C4-4C86-9360-86E840243123"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r5:*:*:*:*:*:*",
"matchCriteriaId": "DE6B95FB-F936-430A-B715-7430327E1872"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r6:*:*:*:*:*:*",
"matchCriteriaId": "D4A8F07B-110F-4FE4-BA09-F23A4D1DCA5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r7:*:*:*:*:*:*",
"matchCriteriaId": "78A3616E-9666-4D09-9ED7-EFD796E6E08E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r8:*:*:*:*:*:*",
"matchCriteriaId": "2ACF87F1-B5DD-469A-87D6-94AD8D0758F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4:r9:*:*:*:*:*:*",
"matchCriteriaId": "9D4F8B25-B632-4C4B-9E90-3DF9FC98207B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4r13:s2:*:*:*:*:*:*",
"matchCriteriaId": "0A6BC136-FFA2-40AB-8E27-0B6CC153471F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*",
"matchCriteriaId": "80EFC6D6-43F9-4277-ACAC-D5929AF6FF7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BCE524EE-245F-4750-9963-9D0FB7A6A965"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE31A7E-657C-49FC-B3F8-5654B0C6087E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*",
"matchCriteriaId": "86141A33-344E-4152-8B76-2DB383954F02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*",
"matchCriteriaId": "AC405A12-112D-4C9D-90DA-6ED484109793"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*",
"matchCriteriaId": "3FC42F2D-7593-4DBE-AE89-A6B78E7F9089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*",
"matchCriteriaId": "731A6469-3DE0-491A-BCC5-7642FB347ACE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*",
"matchCriteriaId": "D12A8119-3E59-4062-9A04-1F6EA48B78E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*",
"matchCriteriaId": "E8B33B80-3189-4412-BFE0-359E755AB07A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*",
"matchCriteriaId": "C0E8F87E-DEB2-4849-ABB5-75A67CFD2D39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x45:-:*:*:*:*:*:*",
"matchCriteriaId": "A4D7E551-A150-415E-80D5-374DAB29B6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x45:d10:*:*:*:*:*:*",
"matchCriteriaId": "A5306185-574A-43B4-8B3B-1B047CA36D66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x45:d15:*:*:*:*:*:*",
"matchCriteriaId": "79F1F205-A4A9-4161-B6CF-55CEEFD7D8D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x45:d20:*:*:*:*:*:*",
"matchCriteriaId": "33FD6DB0-F995-4A22-A97F-6276AFE9EFB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*",
"matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
"matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
"matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*",
"matchCriteriaId": "ABBEDB3F-5FD1-4290-A80A-7EAD9B9C38C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:-:*:*:*:*:*:*",
"matchCriteriaId": "AF8575EF-C83B-4241-B033-A2C020E29286"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "43B661F8-1F43-4073-9275-AE1FFCB17BF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "EF88921E-18E4-49B2-AAF4-ED8C393D4750"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "144DA08B-A129-4DC6-81D2-782BD7C3074B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "F1936A41-302E-4546-9F7A-CAE3A3C68718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "6EB55673-5857-452F-9D22-B422CC9CC3F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r6:*:*:*:*:*:*",
"matchCriteriaId": "03D4519D-1289-47E9-BFB7-E3831BFD50F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.2:r7:*:*:*:*:*:*",
"matchCriteriaId": "77CDB10F-3BCE-41AF-B633-DFAC9B8A5D9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*",
"matchCriteriaId": "223C12D0-61A0-4C12-8AFC-A0CB64759A31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "371A7DF8-3F4B-439D-8990-D1BC6F0C25C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "7CC3BCFD-2B0F-4994-9FE4-9D37FA85F1E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "C6F309FD-0A5A-4C86-B227-B2B511A5CEB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "960059B5-0701-4B75-AB51-0A430247D9F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*",
"matchCriteriaId": "1D1DCA52-DA81-495B-B516-5571F01E3B0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "67B3BF03-9919-4C12-97A3-B20161725F35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "FCD4D8EB-8625-47CD-8F0E-D2FC8CAA5462"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "A0150A4C-2C5A-49FC-8FB3-B93CB45B8284"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "BFEB7A59-7536-4A92-A9C8-79FDE657B8AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "931D77A8-FA39-479E-91DB-CDDC9113252B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D3A0A607-7D3C-4F2A-B5F5-576A70649CB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "32E9620A-7C0A-474C-919E-13609FFE580D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "672D3A38-92B4-4F33-82A6-B2D3F3403AF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*",
"matchCriteriaId": "FE2FBBA2-6185-463F-96D3-9AB2C778B4F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "3FF9FF91-9184-4D18-8288-9110E35F4AE5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "530FC172-94E1-481A-9810-26061D22B6AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2354216-8103-49F9-A95C-7DE4F738BBEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:*",
"matchCriteriaId": "5AA32D8C-430E-4CA2-B2DF-FFF63714F480"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:-:*",
"matchCriteriaId": "7BC4A4A0-4EEE-4C51-BFF4-4B65C815AB4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "72CC2D03-538A-4603-B4FF-C6930F9D7E20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:x64:*:*:*:*:*",
"matchCriteriaId": "5894A4E3-D063-4BE2-8579-B9BBF581EE98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "54879DE7-47AE-4E94-986C-4D956B64411C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3"
}
]
}
]
},
{ {
"nodes": [ "nodes": [
{ {
@ -191,21 +547,6 @@
} }
] ]
}, },
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57562A7F-7AB2-4A35-88EB-586EF9546D50"
}
]
}
]
},
{ {
"nodes": [ "nodes": [
{ {
@ -232,35 +573,40 @@
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
@ -272,11 +618,17 @@
}, },
{ {
"url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2", "url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}, },
{ {
"url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2", "url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}, },
{ {
"url": "http://secunia.com/advisories/11440", "url": "http://secunia.com/advisories/11440",
@ -284,7 +636,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -293,7 +646,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -302,7 +656,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -337,11 +692,17 @@
}, },
{ {
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "http://www.securityfocus.com/bid/10183", "url": "http://www.securityfocus.com/bid/10183",
@ -371,82 +732,113 @@
"url": "http://www.vupen.com/english/advisories/2006/3983", "url": "http://www.vupen.com/english/advisories/2006/3983",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Permissions Required" "Permissions Required",
"Broken Link"
] ]
}, },
{ {
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Patch", "Patch",
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
@ -458,11 +850,17 @@
}, },
{ {
"url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2", "url": "http://marc.info/?l=bugtraq&m=108302060014745&w=2",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}, },
{ {
"url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2", "url": "http://marc.info/?l=bugtraq&m=108506952116653&w=2",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}, },
{ {
"url": "http://secunia.com/advisories/11440", "url": "http://secunia.com/advisories/11440",
@ -470,7 +868,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -479,7 +878,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -488,7 +888,8 @@
"tags": [ "tags": [
"Permissions Required", "Permissions Required",
"Third Party Advisory", "Third Party Advisory",
"VDB Entry" "VDB Entry",
"Broken Link"
] ]
}, },
{ {
@ -523,11 +924,17 @@
}, },
{ {
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "http://www.securityfocus.com/bid/10183", "url": "http://www.securityfocus.com/bid/10183",
@ -557,48 +964,74 @@
"url": "http://www.vupen.com/english/advisories/2006/3983", "url": "http://www.vupen.com/english/advisories/2006/3983",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Permissions Required" "Permissions Required",
"Broken Link"
] ]
}, },
{ {
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15886",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Patch", "Patch",
"Third Party Advisory" "Third Party Advisory",
"Broken Link"
] ]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
} }
], ],
"evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/331.html\">CWE-331: Insufficient Entropy</a>", "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/331.html\">CWE-331: Insufficient Entropy</a>",

32
CVE-2020/CVE-2020-214xx/CVE-2020-21428.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-21428", "id": "CVE-2020-21428",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:12.293", "published": "2023-08-22T19:16:12.293",
"lastModified": "2024-11-21T05:12:34.680", "lastModified": "2025-05-02T16:15:21.390",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-120" "value": "CWE-120"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
} }
], ],
"configurations": [ "configurations": [

6
CVE-2022/CVE-2022-374xx/CVE-2022-37434.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-37434", "id": "CVE-2022-37434",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-08-05T07:15:07.240", "published": "2022-08-05T07:15:07.240",
"lastModified": "2024-11-21T07:14:59.070", "lastModified": "2025-05-02T17:15:46.653",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -429,6 +429,10 @@
"Third Party Advisory" "Third Party Advisory"
] ]
}, },
{
"url": "https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d",
"source": "cve@mitre.org"
},
{ {
"url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1",
"source": "cve@mitre.org", "source": "cve@mitre.org",

31
CVE-2022/CVE-2022-376xx/CVE-2022-37620.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-37620", "id": "CVE-2022-37620",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-10-31T12:15:10.137", "published": "2022-10-31T12:15:10.137",
"lastModified": "2024-11-21T07:15:03.663", "lastModified": "2025-05-02T17:34:45.170",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -60,8 +60,25 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:html-minifier_project:html-minifier:4.0.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:terser:html-minifier-terser:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6CB8D90A-F60B-41DC-9A35-ED4FA773C595" "versionEndIncluding": "7.2.0",
"matchCriteriaId": "2F449F07-AE08-4B3E-9E57-3765B6A3A931"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kangax:html-minifier:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "4.0.0",
"matchCriteriaId": "80C98248-95AB-4049-92D9-19B9CBF77D59"
} }
] ]
} }
@ -88,7 +105,8 @@
"source": "cve@mitre.org", "source": "cve@mitre.org",
"tags": [ "tags": [
"Issue Tracking", "Issue Tracking",
"Third Party Advisory" "Third Party Advisory",
"Mitigation"
] ]
}, },
{ {
@ -110,7 +128,8 @@
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Issue Tracking", "Issue Tracking",
"Third Party Advisory" "Third Party Advisory",
"Mitigation"
] ]
} }
] ]

32
CVE-2022/CVE-2022-432xx/CVE-2022-43227.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43227", "id": "CVE-2022-43227",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-11-02T17:15:19.307", "published": "2022-11-02T17:15:19.307",
"lastModified": "2024-11-21T07:26:04.617", "lastModified": "2025-05-02T16:15:21.887",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

29
CVE-2022/CVE-2022-499xx/CVE-2022-49932.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49932",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.070",
"lastModified": "2025-05-02T16:15:22.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace\n\nCall kvm_init() only after _all_ setup is complete, as kvm_init() exposes\n/dev/kvm to userspace and thus allows userspace to create VMs (and call\nother ioctls). E.g. KVM will encounter a NULL pointer when attempting to\nadd a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to\ncreate a VM before vmx_init() configures said list.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]\n <TASK>\n vmx_vcpu_load+0x16/0x60 [kvm_intel]\n kvm_arch_vcpu_load+0x32/0x1f0 [kvm]\n vcpu_load+0x2f/0x40 [kvm]\n kvm_arch_vcpu_create+0x231/0x310 [kvm]\n kvm_vm_ioctl+0x79f/0xe10 [kvm]\n ? handle_mm_fault+0xb1/0x220\n __x64_sys_ioctl+0x80/0xb0\n do_syscall_64+0x2b/0x50\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7f5a6b05743b\n </TASK>\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e28533c08023c4b319b7f2cd77f3f7c9204eb517",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e32b120071ea114efc0b4ddd439547750b85f618",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-499xx/CVE-2022-49933.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49933",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.163",
"lastModified": "2025-05-02T16:15:22.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling\n\nReset the eVMCS controls in the per-CPU VP assist page during hardware\ndisabling instead of waiting until kvm-intel's module exit. The controls\nare activated if and only if KVM creates a VM, i.e. don't need to be\nreset if hardware is never enabled.\n\nDoing the reset during hardware disabling will naturally fix a potential\nNULL pointer deref bug once KVM disables CPU hotplug while enabling and\ndisabling hardware (which is necessary to fix a variety of bugs). If the\nkernel is running as the root partition, the VP assist page is unmapped\nduring CPU hot unplug, and so KVM's clearing of the eVMCS controls needs\nto occur with CPU hot(un)plug disabled, otherwise KVM could attempt to\nwrite to a CPU's VP assist page after it's unmapped."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01aa8e5704bac9fcd7401eb1a74a375fba594203",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2916b70fc342719f570640de07251b7f91feebdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afb26bfc01db6ef4728e96314f08431934ffe833",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-356xx/CVE-2023-35670.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35670", "id": "CVE-2023-35670",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-09-11T21:15:42.020", "published": "2023-09-11T21:15:42.020",
"lastModified": "2024-11-21T08:08:28.667", "lastModified": "2025-05-02T17:15:47.687",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-40xx/CVE-2023-4036.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4036", "id": "CVE-2023-4036",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-30T15:15:09.813", "published": "2023-08-30T15:15:09.813",
"lastModified": "2024-11-21T08:34:16.370", "lastModified": "2025-05-02T16:15:22.460",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
} }
] ]
}, },

22
CVE-2023/CVE-2023-42xx/CVE-2023-4270.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4270", "id": "CVE-2023-4270",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-11T20:15:11.593", "published": "2023-09-11T20:15:11.593",
"lastModified": "2024-11-21T08:34:45.630", "lastModified": "2025-05-02T17:15:48.010",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },

32
CVE-2023/CVE-2023-434xx/CVE-2023-43496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43496", "id": "CVE-2023-43496",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.820", "published": "2023-09-20T17:15:11.820",
"lastModified": "2024-11-21T08:24:09.497", "lastModified": "2025-05-02T16:15:22.290",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-276" "value": "CWE-276"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"configurations": [ "configurations": [

19
CVE-2023/CVE-2023-441xx/CVE-2023-44184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44184", "id": "CVE-2023-44184",
"sourceIdentifier": "sirt@juniper.net", "sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.067", "published": "2023-10-13T00:15:12.067",
"lastModified": "2024-11-21T08:25:23.523", "lastModified": "2025-05-02T16:12:56.360",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -414,21 +414,6 @@
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E" "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"
}, },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A"
},
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",

19
CVE-2023/CVE-2023-442xx/CVE-2023-44204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44204", "id": "CVE-2023-44204",
"sourceIdentifier": "sirt@juniper.net", "sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:13.070", "published": "2023-10-13T00:15:13.070",
"lastModified": "2024-11-21T08:25:26.153", "lastModified": "2025-05-02T16:13:00.257",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -143,11 +143,6 @@
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC" "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC"
}, },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66"
},
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
@ -277,16 +272,6 @@
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486" "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909"
} }
] ]
} }

22
CVE-2023/CVE-2023-45xx/CVE-2023-4502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4502", "id": "CVE-2023-4502",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.217", "published": "2023-09-25T16:15:15.217",
"lastModified": "2024-11-21T08:35:18.183", "lastModified": "2025-05-02T17:15:48.200",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.7, "exploitabilityScore": 1.7,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
} }
] ]
}, },

49
CVE-2023/CVE-2023-530xx/CVE-2023-53035.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53035",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.627",
"lastModified": "2025-05-02T16:15:22.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n copy_to_user include/linux/uaccess.h:169 [inline]\n nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/003587000276f81d0114b5ce773d80c119d8cb30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5bb105cc72beb9d51bf12f5c657336d2d35bdc5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f33b042f74fc9662eba17f4cd19b07d84bbc6c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a6550b365c0ce2e65905de57dcbfe1f7d629726",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8f5cbf6a8c0e19b062b829c5b7aca01468bb57f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c5034e9a0e03db8d5e9eabb176340259b5b97e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a94932381e8dae4117e9129b3c1282e18aa97b05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d18db946cc6a394291539e030df32324285648f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53036.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53036",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.733",
"lastModified": "2025-05-02T16:15:22.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] <TASK>\n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/93bb18d2a873d2fa9625c8ea927723660a868b95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a02dae3bbfe2df8e1c81e61a08695709e9588f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f06b902511ea05526f405ee64da54a8313d91831",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53037.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53037",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.827",
"lastModified": "2025-05-02T16:15:22.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53038.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53038",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.920",
"lastModified": "2025-05-02T16:15:22.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()\n\nIf kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on\nlpfc_read_object()'s routine to NULL check pdata.\n\nCurrently, an early return error is thrown from lpfc_read_object() to\nprotect us from NULL ptr dereference, but the errno code is -ENODEV.\n\nChange the errno code to a more appropriate -ENOMEM."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/312320b0e0ec21249a17645683fe5304d796aec1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4829a1e1171536978b240a1438789c2e4d5c9715",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/67b8343998b84418bc5b5206aa01fe9b461a80ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/908dd9a0853a88155a5a36018c7e2b32ccf20379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53039.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53039",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.017",
"lastModified": "2025-05-02T16:15:23.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a594cb490ca6232671fc09e2dc1a0fc7ccbb0b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ae2f2b0a28416ed2f6d8478ac8b9f7862f36785",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c1d378b8c224fd50247625255f09fc01dcc5836",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3ce3afd9f791dd1b7daedfcf8c396b60af5dec0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53040.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53040",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.113",
"lastModified": "2025-05-02T16:15:23.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nca8210: fix mac_len negative array access\n\nThis patch fixes a buffer overflow access of skb->data if\nieee802154_hdr_peek_addrs() fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5da4469a7aa011de614c3e2ae383c35a353a382e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c993779ea1d0cccdb3a5d7d45446dd229e610a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7df72bedbdd1d02bb216e1f6eca0a16900238c4e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/918944526a386f186dd818ea6b0bcbed75d8c16b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d143e327c97241599c958d1ba9fbaa88c37db721",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd176a18db96d574d8c4763708abcec4444a08b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2023/CVE-2023-530xx/CVE-2023-53041.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2023-53041",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.220",
"lastModified": "2025-05-02T16:15:23.220",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Perform lockless command completion in abort path\n\nWhile adding and removing the controller, the following call trace was\nobserved:\n\nWARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50\nCPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1\nRIP: 0010:dma_free_attrs+0x33/0x50\n\nCall Trace:\n qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]\n qla2x00_abort_srb+0x8e/0x250 [qla2xxx]\n ? ql_dbg+0x70/0x100 [qla2xxx]\n __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]\n qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]\n qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]\n qla2x00_remove_one+0x364/0x400 [qla2xxx]\n pci_device_remove+0x36/0xa0\n __device_release_driver+0x17a/0x230\n device_release_driver+0x24/0x30\n pci_stop_bus_device+0x68/0x90\n pci_stop_and_remove_bus_device_locked+0x16/0x30\n remove_store+0x75/0x90\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n ? do_user_addr_fault+0x1d8/0x680\n ? do_syscall_64+0x69/0x80\n ? exc_page_fault+0x62/0x140\n ? asm_exc_page_fault+0x8/0x30\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe command was completed in the abort path during driver unload with a\nlock held, causing the warning in abort path. Hence complete the command\nwithout any lock held."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0367076b0817d5c75dfb83001ce7ce5c64d803a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/231cfa78ec5badd84a1a2b09465bfad1a926aba1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/415d614344a4f1bbddf55d724fc7eb9ef4b39aad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd0a1804ac5bab2545ac700c8d0fe9ae9284c567",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6f7377528d2abf338e504126e44439541be8f7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53042.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53042",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.320",
"lastModified": "2025-05-02T16:15:23.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c20a098b507020936e02a98f4fbb924deeef44b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56574f89dbd84004c3fd6485bcaafb5aa9b8be14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53043.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53043",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.400",
"lastModified": "2025-05-02T16:15:23.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent\n\nIf the controller is not marked as cache coherent, then kernel will\ntry to ensure coherency during dma-ops and that may cause data corruption.\nSo, mark the PCIe node as dma-coherent as the devices on PCIe bus are\ncache coherent."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/267b899375bf38944d915c9654d6eb434edad0ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a63441e83724fee1ef3fd37b237d40d90780766",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e43bba938e2c9104bb4f8bc417ac4d7bb29755e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53044.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53044",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.490",
"lastModified": "2025-05-02T16:15:23.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()'s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn't being actively used."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d96bd507ed7e7d565b6d53ebd3874686f123b2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2287d7b721471a3d58bcd829250336e3cdf1635e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/443c9d522397511a4328dc2ec3c9c63c73049756",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a32a9a818a895671bd43e0c40351e60e4e9140b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5b66e36a3efd24041b7374432bfa4dec2ff01e95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a42180dd361584816bfe15c137b665699b994d90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c68f08cc745675a17894e1b4a5b5b9700ace6da4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3aa3e060c4a80827eb801fc448debc9daa7c46b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53045.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53045",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.590",
"lastModified": "2025-05-02T16:15:23.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: don't let userspace block driver unbind\n\nIn the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()\nvia g_audio_cleanup() will disconnect the card and then wait for all\nresources to be released, which happens when the refcount falls to zero.\nSince userspace can keep the refcount incremented by not closing the\nrelevant file descriptor, the call to unbind may block indefinitely.\nThis can cause a deadlock during reboot, as evidenced by the following\nblocked task observed on my machine:\n\n task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c\n Call trace:\n __switch_to+0xc8/0x140\n __schedule+0x2f0/0x7c0\n schedule+0x60/0xd0\n schedule_timeout+0x180/0x1d4\n wait_for_completion+0x78/0x180\n snd_card_free+0x90/0xa0\n g_audio_cleanup+0x2c/0x64\n afunc_unbind+0x28/0x60\n ...\n kernel_restart+0x4c/0xac\n __do_sys_reboot+0xcc/0x1ec\n __arm64_sys_reboot+0x28/0x30\n invoke_syscall+0x4c/0x110\n ...\n\nThe issue can also be observed by opening the card with arecord and\nthen stopping the process through the shell before unbinding:\n\n # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo\n ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind\n (observe that the unbind command never finishes)\n\nFix the problem by using snd_card_free_when_closed() instead, which will\nstill disconnect the card as desired, but defer the task of freeing the\nresources to the core once userspace closes its file descriptor."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0eda2004f38d95ef5715d62be884cd344260535b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3256e152b645fc1e788ba44c2d8ced690113e3e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/33f341c1fc60e172a3515c51bdabee11e83d1ee9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3bc7324e4911351e39c54a62e6ca46321cb10faf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e016ef2e72da93a2ea7afbb45de1b481b44d761",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43ca70753dfffd517d2af126da28690f8f615605",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c67ed9ad9b83e453e808f9b31a931a20a25629b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b131989797f7287d7fdadb2bababc05a15d44750",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53046.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53046",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.697",
"lastModified": "2025-05-02T16:15:23.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hci_cmd_sync_clear\n\nThere is a potential race condition in hci_cmd_sync_work and\nhci_cmd_sync_clear, and could lead to use-after-free. For instance,\nhci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync\nThe entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and\ncausing kernel panic when it is used in 'hci_cmd_sync_work'.\n\nHere's the call trace:\n\ndump_stack_lvl+0x49/0x63\nprint_report.cold+0x5e/0x5d3\n? hci_cmd_sync_work+0x282/0x320\nkasan_report+0xaa/0x120\n? hci_cmd_sync_work+0x282/0x320\n__asan_report_load8_noabort+0x14/0x20\nhci_cmd_sync_work+0x282/0x320\nprocess_one_work+0x77b/0x11c0\n? _raw_spin_lock_irq+0x8e/0xf0\nworker_thread+0x544/0x1180\n? poll_idle+0x1e0/0x1e0\nkthread+0x285/0x320\n? process_one_work+0x11c0/0x11c0\n? kthread_complete_and_exit+0x30/0x30\nret_from_fork+0x22/0x30\n</TASK>\n\nAllocated by task 266:\nkasan_save_stack+0x26/0x50\n__kasan_kmalloc+0xae/0xe0\nkmem_cache_alloc_trace+0x191/0x350\nhci_cmd_sync_queue+0x97/0x2b0\nhci_update_passive_scan+0x176/0x1d0\nle_conn_complete_evt+0x1b5/0x1a00\nhci_le_conn_complete_evt+0x234/0x340\nhci_le_meta_evt+0x231/0x4e0\nhci_event_packet+0x4c5/0xf00\nhci_rx_work+0x37d/0x880\nprocess_one_work+0x77b/0x11c0\nworker_thread+0x544/0x1180\nkthread+0x285/0x320\nret_from_fork+0x22/0x30\n\nFreed by task 269:\nkasan_save_stack+0x26/0x50\nkasan_set_track+0x25/0x40\nkasan_set_free_info+0x24/0x40\n____kasan_slab_free+0x176/0x1c0\n__kasan_slab_free+0x12/0x20\nslab_free_freelist_hook+0x95/0x1a0\nkfree+0xba/0x2f0\nhci_cmd_sync_clear+0x14c/0x210\nhci_unregister_dev+0xff/0x440\nvhci_release+0x7b/0xf0\n__fput+0x1f3/0x970\n____fput+0xe/0x20\ntask_work_run+0xd4/0x160\ndo_exit+0x8b0/0x22a0\ndo_group_exit+0xba/0x2a0\nget_signal+0x1e4a/0x25b0\narch_do_signal_or_restart+0x93/0x1f80\nexit_to_user_mode_prepare+0xf5/0x1a0\nsyscall_exit_to_user_mode+0x26/0x50\nret_from_fork+0x15/0x30"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c66bee492a5fe00ae3fe890bb693bfc99f994c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/608901a77c945ac15dea23f6098c9882ef19d9f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be586211a3ab40a4f4ca60450e0d31606afc55ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53047.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53047",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.790",
"lastModified": "2025-05-02T16:15:23.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix race condition in amdtee_open_session\n\nThere is a potential race condition in amdtee_open_session that may\nlead to use-after-free. For instance, in amdtee_open_session() after\nsess->sess_mask is set, and before setting:\n\n sess->session_info[i] = session_info;\n\nif amdtee_close_session() closes this same session, then 'sess' data\nstructure will be released, causing kernel panic when 'sess' is\naccessed within amdtee_open_session().\n\nThe solution is to set the bit sess->sess_mask as the last step in\namdtee_open_session()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02b296978a2137d7128151c542e84dc96400bc00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a63cce9393e4e7dbc5af82dc87e68cb321cb1a78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f632a90f8e39db39b322107b9a8d438b826a7f4f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8502fba45bd30e1a6a354d9d898bc99d1a11e6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53048.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53048",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.897",
"lastModified": "2025-05-02T16:15:23.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix warning when handle discover_identity message\n\nSince both source and sink device can send discover_identity message in\nPD3, kernel may dump below warning:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 169 at drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0\nModules linked in:\nCPU: 0 PID: 169 Comm: 1-0050 Not tainted 6.1.1-00038-g6a3c36cf1da2-dirty #567\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tcpm_queue_vdm+0xe0/0xf0\nlr : tcpm_queue_vdm+0x2c/0xf0\nsp : ffff80000c19bcd0\nx29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8\nx26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081\nx23: 0000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc\nx20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580\nx14: 0000000000000001 x13: ffff0000d716f507 x12: 0000000000000001\nx11: 0000000000000000 x10: 0000000000000020 x9 : 00000000000ee098\nx8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004\nCall trace:\ntcpm_queue_vdm+0xe0/0xf0\ntcpm_pd_rx_handler+0x340/0x1ab0\nkthread_worker_fn+0xcc/0x18c\nkthread+0x10c/0x110\nret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n\nBelow sequences may trigger this warning:\n\ntcpm_send_discover_work(work)\n tcpm_send_vdm(port, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0);\n tcpm_queue_vdm(port, header, data, count);\n port->vdm_state = VDM_STATE_READY;\n\nvdm_state_machine_work(work);\n\t\t\t<-- received discover_identity from partner\n vdm_run_state_machine(port);\n port->vdm_state = VDM_STATE_SEND_MESSAGE;\n mod_vdm_delayed_work(port, x);\n\ntcpm_pd_rx_handler(work);\n tcpm_pd_data_request(port, msg);\n tcpm_handle_vdm_request(port, msg->payload, cnt);\n tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);\n--> WARN_ON(port->vdm_state > VDM_STATE_DONE);\n\nFor this case, the state machine could still send out discover\nidentity message later if we skip current discover_identity message.\nSo we should handle the received message firstly and override the pending\ndiscover_identity message without warning in this case. Then, a delayed\nsend_discover work will send discover_identity message again."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/abfc4fa28f0160df61c7149567da4f6494dfb488",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb579b3f75c60bf488a7c36e092e8be583407d53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d55ca2d2ea1a7ec553213986993fba8c0257381c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e37d2c489d71e94ed4a39529bc9520a7fd983d42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53049.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53049",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.990",
"lastModified": "2025-05-02T16:15:23.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi: Fix NULL pointer deref in ucsi_connector_change()\n\nWhen ucsi_init() fails, ucsi->connector is NULL, yet in case of\nucsi_acpi we may still get events which cause the ucs_acpi code to call\nucsi_connector_change(), which then derefs the NULL ucsi->connector\npointer.\n\nFix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init()\nhas succeeded, so that ucsi_connector_change() ignores the events\nbecause UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c5abcb13491da8c049f20462189c12c753ba978",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7dd27aed9c456670b3882877ef17a48195f21693",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ef0423e43f877a328454059d46763043ce3da44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f87fb985452ab2083967103ac00bfd68fb182764",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53050.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53050",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.093",
"lastModified": "2025-05-02T16:15:24.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4->margining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53051.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53051",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.180",
"lastModified": "2025-05-02T16:15:24.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm crypt: add cond_resched() to dmcrypt_write()\n\nThe loop in dmcrypt_write may be running for unbounded amount of time,\nthus we need cond_resched() in it.\n\nThis commit fixes the following warning:\n\n[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]\n...\n[ 3391.387210][ C12] Call trace:\n[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158\n[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0\n[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550\n[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380\n[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt]\n[ 3391.416005][ C12] kthread+0x130/0x138\n[ 3391.419911][ C12] ret_from_fork+0x10/0x18"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c743db1193bf0e76c73d71ede08bd9b96e6c31d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66ff37993dd7e9954b6446237fe2453b380ce40d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b9f8efb5fc888dd938d2964e705b8e00f1dc0f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/885c28ceae7dab2b18c2cc0eb95f1f82b1f629d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e87cd83f70504f1cd2e428966f353c007d6d2d7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb485b7404a281d974bd445ddc5b0b8d5958f371",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0eb61b493dbbc32529fbd0d2e945b71b0e47306",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb294b1c0ba982144ca467a75e7d01ff26304e2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2023/CVE-2023-530xx/CVE-2023-53052.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-53052",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.283",
"lastModified": "2025-05-02T16:15:24.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] <TASK>\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/396935de145589c8bfe552fa03a5e38604071829",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2023/CVE-2023-530xx/CVE-2023-53053.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2023-53053",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.373",
"lastModified": "2025-05-02T16:15:24.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: do not use skb_mac_header() in ndo_start_xmit()\n\nDrivers should not assume skb_mac_header(skb) == skb->data in their\nndo_start_xmit().\n\nUse skb_network_offset() and skb_transport_offset() which\nbetter describe what is needed in erspan_fb_xmit() and\nip6erspan_tunnel_xmit()\n\nsyzbot reported:\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline]\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nModules linked in:\nCPU: 0 PID: 5083 Comm: syz-executor406 Not tainted 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [inline]\nRIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nCode: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00\nRSP: 0018:ffffc90003b2f830 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000\nRDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003\nRBP: ffffc90003b2f9d8 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00\nR13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000\nFS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\n__netdev_start_xmit include/linux/netdevice.h:4900 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4914 [inline]\n__dev_direct_xmit+0x504/0x730 net/core/dev.c:4300\ndev_direct_xmit include/linux/netdevice.h:3088 [inline]\npacket_xmit+0x20a/0x390 net/packet/af_packet.c:285\npacket_snd net/packet/af_packet.c:3075 [inline]\npacket_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107\nsock_sendmsg_nosec net/socket.c:724 [inline]\nsock_sendmsg+0xde/0x190 net/socket.c:747\n__sys_sendto+0x23a/0x340 net/socket.c:2142\n__do_sys_sendto net/socket.c:2154 [inline]\n__se_sys_sendto net/socket.c:2150 [inline]\n__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f123aaa1039\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f123aaa1039\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0\nR13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d4172732f0ee1639a361a6cc5c3114bbb397386",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e50ed774554f93d55426039b27b1e38d7fa64d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c7d6803689c99d55bbb862260d0ba486ff23c0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b41f37dbd9cdb60000e3b0dfad6df787591c2265",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b72f453e886af532bde1fd049a2d2421999630d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da149daf821a3c05cd04f7c60776c86c5ee9685c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8cec30541f5c5cc218e9a32138d45d227727f2f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53054.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.483",
"lastModified": "2025-05-02T16:15:24.483",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg->ll_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53055.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.590",
"lastModified": "2025-05-02T16:15:24.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don't get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/497ab5d9c7852dfedab2c9de75e41b60e54b7c5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/992a3f3e8a0c92151dfdf65fc85567c865fd558a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ccb820dc7d2236b1af0d54ae038a27b5b6d5ae5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d77531fac6a1fd9f1db0195438ba5419d72b96c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53056.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.680",
"lastModified": "2025-05-02T16:15:24.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Synchronize the IOCB count to be in order\n\nA system hang was observed with the following call trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1\nHardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022\nRIP: 0010:__wake_up_common+0x55/0x190\nCode: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d\n 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\\n 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31\n ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d\nRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018\nRBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8\nR10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)\n\tknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n __wake_up_common_lock+0x83/0xd0\n qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]\n __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]\n nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]\n nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]\n ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]\n nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]\n nvme_sysfs_delete+0x5f/0x70 [nvme_core]\n kernfs_fop_write_iter+0x12b/0x1c0\n vfs_write+0x2a3/0x3b0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exit_to_user_mode_loop+0xd0/0x130\n ? exit_to_user_mode_prepare+0xec/0x100\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n RIP: 0033:0x7f815cd3eb97\n\nThe IOCB counts are out of order and that would block any commands from\ngoing out and subsequently hang the system. Synchronize the IOCB count to\nbe in correct order."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6295b3ec64a3623fa96869ffb7cf17d0b3c92035",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d57b77d7369ed73836c82b25f785b34923eef84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3affdeb400f3adc925bd996f3839481f5291839",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffd7831841d3c56c655531fc8c5acafaaf20e1bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53057.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.773",
"lastModified": "2025-05-02T16:15:24.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix global-out-of-bounds\n\nTo loop a variable-length array, hci_init_stage_sync(stage) considers\nthat stage[i] is valid as long as stage[i-1].func is valid.\nThus, the last element of stage[].func should be intentionally invalid\nas hci_init0[], le_init2[], and others did.\nHowever, amp_init1[] and amp_init2[] have no invalid element, letting\nhci_init_stage_sync() keep accessing amp_init1[] over its valid range.\nThis patch fixes this by adding {} in the last of amp_init1[] and\namp_init2[].\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in hci_dev_open_sync (\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nRead of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032\nCPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04\nWorkqueue: hci1 hci_power_on\nCall Trace:\n <TASK>\ndump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))\nprint_report (/v6.2-bzimage/mm/kasan/report.c:307\n /v6.2-bzimage/mm/kasan/report.c:417)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nkasan_report (/v6.2-bzimage/mm/kasan/report.c:184\n /v6.2-bzimage/mm/kasan/report.c:519)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nhci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\n? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)\n? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190\n /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443\n /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781\n /v6.2-bzimage/kernel/locking/mutex.c:171\n /v6.2-bzimage/kernel/locking/mutex.c:285)\n? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)\nhci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485\n /v6.2-bzimage/net/bluetooth/hci_core.c:984)\n? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)\n? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)\n? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62\n /v6.2-bzimage/lib/string.c:161)\nprocess_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)\nworker_thread (/v6.2-bzimage/./include/linux/list.h:292\n /v6.2-bzimage/kernel/workqueue.c:2437)\n? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)\nkthread (/v6.2-bzimage/kernel/kthread.c:376)\n? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)\nret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)\n </TASK>\nThe buggy address belongs to the variable:\namp_init1+0x30/0x60\nThe buggy address belongs to the physical page:\npage:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00\n ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n>ffffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9\n \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/8497222b22b591c6b2d106e0e3c1672ffe4e10e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3168abd24245aa0775c5a387dcf94d36ca7e738",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bce56405201111807cc8e4f47c6de3e10b17c1ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53058.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.867",
"lastModified": "2025-05-02T16:15:24.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\". There is nothing we can do if\nit is an error pointer except returning the error code."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a9853a7437a22fd849347008fb3c85087906b56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/388188fb58bef9e7f3ca4f8970f03d493b66909f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5eadc80328298ef7beaaf0cd96791667d3b485ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/640fcdbcf27fc62de9223f958ceb4e897a00e791",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c4c977935b2fc60084b3735737d17a06e7ba1bd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2023/CVE-2023-530xx/CVE-2023-53059.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2023-53059",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.963",
"lastModified": "2025-05-02T16:15:24.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53060.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53060",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.060",
"lastModified": "2025-05-02T16:15:25.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching) | (USE from netdev core)\nigb_remove | igb_ndo_get_vf_config\n igb_disable_sriov | vf >= adapter->vfs_allocated_count?\n kfree(adapter->vf_data) |\n adapter->vfs_allocated_count = 0 |\n | memcpy(... adapter->vf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[ 141.420169] <TASK>\n[ 141.420672] __schedule+0x2dd/0x840\n[ 141.421427] schedule+0x50/0xc0\n[ 141.422041] schedule_preempt_disabled+0x11/0x20\n[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0\n[ 141.423324] unregister_netdev+0xe/0x20\n[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]\n[ 141.423791] pci_device_remove+0x36/0xb0\n[ 141.423990] device_release_driver_internal+0xc1/0x160\n[ 141.424270] pci_stop_bus_device+0x6d/0x90\n[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20\n[ 141.424789] pci_iov_remove_virtfn+0xba/0x120\n[ 141.425452] sriov_disable+0x2f/0xf0\n[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]\n[ 141.426353] igb_remove+0xa0/0x130 [igb]\n[ 141.426599] pci_device_remove+0x36/0xb0\n[ 141.426796] device_release_driver_internal+0xc1/0x160\n[ 141.427060] driver_detach+0x44/0x90\n[ 141.427253] bus_remove_driver+0x55/0xe0\n[ 141.427477] pci_unregister_driver+0x2a/0xa0\n[ 141.428296] __x64_sys_delete_module+0x141/0x2b0\n[ 141.429126] ? mntput_no_expire+0x4a/0x240\n[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0\n[ 141.429653] do_syscall_64+0x5b/0x80\n[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0\n[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.430849] ? do_syscall_64+0x67/0x80\n[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.432482] ? do_syscall_64+0x67/0x80\n[ 141.432714] ? exc_page_fault+0x64/0x140\n[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0dabb72b923e17cb3b4ac99ea1adc9ef35116930",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4d2626e10709ff8474ffd1a9db3cf4647569e89c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62a64645749926f9d75af82a96440941f22b046f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/65f69851e44d71248b952a687e44759a7abb5016",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66e5577cabc3d463eea540332727929d0ace41c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d845e9a485f287181ff81567c3900a8e7ad1e28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd1e320ac0958298c2774605ad050483f33a21f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de91528d8ba274c614a2265077d695c61e31fd43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53061.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.163",
"lastModified": "2025-05-02T16:15:25.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix possible refcount leak in smb2_open()\n\nReference count of acls will leak when memory allocation fails. Fix this\nby adding the missing posix_acl_release()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2624b445544ffc1472ccabfb6ec867c199d4c95c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/303f8e58cc3ace744801dcdcabfc06ffc72ed62d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a22c49a05e5e7aa2c414fbc42c49c4c01a5c9a78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c33344b7972225b232966f95d31f6312dcc6273d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53062.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.257",
"lastModified": "2025-05-02T16:15:25.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/33d1603a38e05886c538129ddfe00bd52d347e7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70eb25c6a6cde149affe8a587371a3a8ad295ba0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/733580e268a53db1cd01f2251419da91866378f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ba6c40227108f8ee428e42eb0337b48ed3001e65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3c145a4d24b752c9a1314d5a595014d51471418",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e041bef1adee02999cf24f9a2e15ed452bc363fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2111c791d885211714db85f9a06188571c57dd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff821092cf02a70c2bccd2d19269f01e29aa52cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53063.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.377",
"lastModified": "2025-05-02T16:15:25.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\n\nIn btsdio_probe, &data->work was bound with btsdio_work.In\nbtsdio_send_frame, it was started by schedule_work.\n\nIf we call btsdio_remove with an unfinished job, there may\nbe a race condition and cause UAF bug on hdev."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e9ac114c4428fdb7ff4635b45d4f46017e8916f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8efae2112d910d8e5166dd0a836791b08721eef1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95eacef5692545f199fae4e52abfbfa273acb351",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a18fb433ceb56e0787546a9d77056dd0f215e762",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af4d48754d5517d33bac5e504ff1f1de0808e29e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c59c65a14e8f7d738429648833f3bb3f9df0513f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cbf8deacb7053ce3e3fed64b277c6c6989e65bba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da3d3fdfb4d523c5da30e35a8dd90e04f0fd8962",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53064.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.480",
"lastModified": "2025-05-02T16:15:25.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix hang on reboot with ice\n\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\n\n Pid 1 is hung in iavf_remove(), part of a network driver:\n PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: \"systemd-shutdow\"\n #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\n RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7\n RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead\n RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90\n R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005\n R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000\n ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b\n\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat's not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\n\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e264be98b88a6d6f476c11087fe865696e8bef5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/502b898235f06130750c91512c86dd0e9efe28e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a29799fc141ba9e6cf921fc8e958e3398ad1a4f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f752ace58867de3c063512b21e0f1694fc27f043",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53065.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53065",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.580",
"lastModified": "2025-05-02T16:15:25.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac5f88642cb211152041f84a985309e9af4baf59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ddcf8320003638a06eb1e46412e045d0c5701575",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb81a2ed4f52be831c9fb879752d89645a312c13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53066.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.673",
"lastModified": "2025-05-02T16:15:25.673",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53067.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53067",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.777",
"lastModified": "2025-05-02T16:15:25.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Only call get_timer_irq() once in constant_clockevent_init()\n\nUnder CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see\nthe following messages on LoongArch, this is because using might_sleep()\nin preemption disable context.\n\n[ 0.001127] smp: Bringing up secondary CPUs ...\n[ 0.001222] Booting CPU#1...\n[ 0.001244] 64-bit Loongson Processor probed (LA464 Core)\n[ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit)\n[ 0.001250] FPU1 revision is: 00000000\n[ 0.001252] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n[ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.001257] preempt_count: 1, expected: 0\n[ 0.001258] RCU nest depth: 0, expected: 0\n[ 0.001259] Preemption disabled at:\n[ 0.001261] [<9000000000223800>] arch_dup_task_struct+0x20/0x110\n[ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc7+ #43\n[ 0.001275] Hardware name: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202\n[ 0.001277] Stack : 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000\n[ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 0000000000000000\n[ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50\n[ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500\n[ 0.001303] 0000000000000001 0000000000000001 00000000ffffe0a2 0000000000000020\n[ 0.001309] 000000000000002f 9000000001354116 00000000056b0000 ffffffffffffffff\n[ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000\n[ 0.001320] 900000000022b69c 0000000000000001 0000000000000000 9000000001736a90\n[ 0.001325] 9000000100038000 0000000000000000 9000000000222f34 0000000000000000\n[ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.001337] ...\n[ 0.001339] Call Trace:\n[ 0.001342] [<9000000000222f34>] show_stack+0x5c/0x180\n[ 0.001346] [<90000000010bdd80>] dump_stack_lvl+0x60/0x88\n[ 0.001352] [<9000000000266418>] __might_resched+0x180/0x1cc\n[ 0.001356] [<90000000010c742c>] mutex_lock+0x20/0x64\n[ 0.001359] [<90000000002a8ccc>] irq_find_matching_fwspec+0x48/0x124\n[ 0.001364] [<90000000002259c4>] constant_clockevent_init+0x68/0x204\n[ 0.001368] [<900000000022acf4>] start_secondary+0x40/0xa8\n[ 0.001371] [<90000000010c0124>] smpboot_entry+0x60/0x64\n\nHere are the complete call chains:\n\nsmpboot_entry()\n start_secondary()\n constant_clockevent_init()\n get_timer_irq()\n irq_find_matching_fwnode()\n irq_find_matching_fwspec()\n mutex_lock()\n might_sleep()\n __might_sleep()\n __might_resched()\n\nIn order to avoid the above issue, we should break the call chains,\nusing timer_irq_installed variable as check condition to only call\nget_timer_irq() once in constant_clockevent_init() is a simple and\nproper way."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/acadbd058fa12b510fbecca11eae22bd6f654250",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb7a78e343468873bf00b2b181fcfd3c02d8cb56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53068.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53068",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.870",
"lastModified": "2025-05-02T16:15:25.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/44b9ed73369fc5ec85dd2ee487e986301792a82d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83de34967473ed31d276381373713cc2869a42e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53069.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53069",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.960",
"lastModified": "2025-05-02T16:15:25.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-vf: Add missing free for alloc_percpu\n\nAdd the free_percpu for the allocated \"vf->hw.lmt_info\" in order to avoid\nmemory leak, same as the \"pf->hw.lmt_info\" in\n`drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/813b590840771890c738ce6dbfd0c5938a1bafb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/840631bcf21f58c0a3f01378a54d79e9ce86b226",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90874b76e5f82eaa3309714d72ff2cd8bb8d1b02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f038f3917baf04835ba2b7bcf2a04ac93fbf8a9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53070.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53070",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.050",
"lastModified": "2025-05-02T16:15:26.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nenabled to map PPTT once on the first invocation of acpi_get_pptt() and\nnever unmapped the same allowing it to be used at runtime with out the\nhassle of mapping and unmapping the table. This was needed to fetch LLC\ninformation from the PPTT in the cpuhotplug path which is executed in\nthe atomic context as the acpi_get_table() might sleep waiting for a\nmutex.\n\nHowever it missed to handle the case when there is no PPTT on the system\nwhich results in acpi_get_pptt() being called from all the secondary\nCPUs attempting to fetch the LLC information in the atomic context\nwithout knowing the absence of PPTT resulting in the splat like below:\n\n | BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:164\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | no locks held by swapper/1/0.\n | irq event stamp: 0\n | hardirqs last enabled at (0): 0x0\n | hardirqs last disabled at (0): copy_process+0x61c/0x1b40\n | softirqs last enabled at (0): copy_process+0x61c/0x1b40\n | softirqs last disabled at (0): 0x0\n | CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc1 #1\n | Call trace:\n | dump_backtrace+0xac/0x138\n | show_stack+0x30/0x48\n | dump_stack_lvl+0x60/0xb0\n | dump_stack+0x18/0x28\n | __might_resched+0x160/0x270\n | __might_sleep+0x58/0xb0\n | down_timeout+0x34/0x98\n | acpi_os_wait_semaphore+0x7c/0xc0\n | acpi_ut_acquire_mutex+0x58/0x108\n | acpi_get_table+0x40/0xe8\n | acpi_get_pptt+0x48/0xa0\n | acpi_get_cache_info+0x38/0x140\n | init_cache_level+0xf4/0x118\n | detect_cache_attributes+0x2e4/0x640\n | update_siblings_masks+0x3c/0x330\n | store_cpu_topology+0x88/0xf0\n | secondary_start_kernel+0xd0/0x168\n | __secondary_switched+0xb8/0xc0\n\nUpdate acpi_get_pptt() to consider the fact that PPTT is once checked and\nis not available on the system and return NULL avoiding any attempts to\nfetch PPTT and thereby avoiding any possible sleep waiting for a mutex\nin the atomic context."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1318a07706bb2f8c65f88f39a16c2b5260bcdcd4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/91d7b60a65d9f71230ea09b86d2058a884a3c2af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0c1106d51b9abc8eae03c5522b20649b6a55f6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53071.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53071",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.140",
"lastModified": "2025-05-02T16:15:26.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn't been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d34f27714c97a9786a30b3bb54944d6d8ed612f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/41130c32f3a18fcc930316da17f3a5f3bc326aa1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dffe86df26aee01a5fc56a175b7a7f157961e370",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53072.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.237",
"lastModified": "2025-05-02T16:15:26.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use the workqueue to destroy unaccepted sockets\n\nChristoph reported a UaF at token lookup time after having\nrefactored the passive socket initialization part:\n\n BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260\n Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198\n\n CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n __token_bucket_busy+0x253/0x260\n mptcp_token_new_connect+0x13d/0x490\n mptcp_connect+0x4ed/0x860\n __inet_stream_connect+0x80e/0xd90\n tcp_sendmsg_fastopen+0x3ce/0x710\n mptcp_sendmsg+0xff1/0x1a20\n inet_sendmsg+0x11d/0x140\n __sys_sendto+0x405/0x490\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nWe need to properly clean-up all the paired MPTCP-level\nresources and be sure to release the msk last, even when\nthe unaccepted subflow is destroyed by the TCP internals\nvia inet_child_forget().\n\nWe can re-use the existing MPTCP_WORK_CLOSE_SUBFLOW infra,\nexplicitly checking that for the critical scenario: the\nclosed subflow is the MPC one, the msk is not accepted and\neventually going through full cleanup.\n\nWith such change, __mptcp_destroy_sock() is always called\non msk sockets, even on accepted ones. We don't need anymore\nto transiently drop one sk reference at msk clone time.\n\nPlease note this commit depends on the parent one:\n\n mptcp: refactor passive socket initialization"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2827f099b3fb9a59263c997400e9182f5d423e84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/804cf487fb0031f3c74755b78d8663333f0ba636",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6985b9b82954caa53f862d6059d06c0526254f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53073.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53073",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.330",
"lastModified": "2025-05-02T16:15:26.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/core: Always clear status for idx\n\nThe variable 'status' (which contains the unhandled overflow bits) is\nnot being properly masked in some cases, displaying the following\nwarning:\n\n WARNING: CPU: 156 PID: 475601 at arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270\n\nThis seems to be happening because the loop is being continued before\nthe status bit being unset, in case x86_perf_event_set_period()\nreturns 0. This is also causing an inconsistency because the \"handled\"\ncounter is incremented, but the status bit is not cleaned.\n\nMove the bit cleaning together above, together when the \"handled\"\ncounter is incremented."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/263f5ecaf7080513efc248ec739b6d9e00f4129f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d4c7b1f12e101d6d6253092588b127416ddfb6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab33a8f7649b0324639a336e1081aaea51a4523e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53074.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53074",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.420",
"lastModified": "2025-05-02T16:15:26.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini\n\nThe call trace occurs when the amdgpu is removed after\nthe mode1 reset. During mode1 reset, from suspend to resume,\nthere is no need to reinitialize the ta firmware buffer\nwhich caused the bo pin_count increase redundantly.\n\n[ 489.885525] Call Trace:\n[ 489.885525] <TASK>\n[ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm]\n[ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu]\n[ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu]\n[ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu]\n[ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu]\n[ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0\n[ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu]\n[ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu]\n[ 489.886132] ? __pm_runtime_resume+0x60/0x90\n[ 489.886134] pci_device_remove+0x3e/0xb0\n[ 489.886135] __device_release_driver+0x1ab/0x2a0\n[ 489.886137] driver_detach+0xf3/0x140\n[ 489.886138] bus_remove_driver+0x6c/0xf0\n[ 489.886140] driver_unregister+0x31/0x60\n[ 489.886141] pci_unregister_driver+0x40/0x90\n[ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23f4a2d29ba57bf88095f817de5809d427fcbe7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/55a7c647ebf6e376c45d8322568dd6eb71937139",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7be9a2f8c5179520a7d5570e648e0c97d09e4fae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53075.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53075",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.510",
"lastModified": "2025-05-02T16:15:26.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53076.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53076",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.610",
"lastModified": "2025-05-02T16:15:26.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Adjust insufficient default bpf_jit_limit\n\nWe've seen recent AWS EKS (Kubernetes) user reports like the following:\n\n After upgrading EKS nodes from v20230203 to v20230217 on our 1.24 EKS\n clusters after a few days a number of the nodes have containers stuck\n in ContainerCreating state or liveness/readiness probes reporting the\n following error:\n\n Readiness probe errored: rpc error: code = Unknown desc = failed to\n exec in container: failed to start exec \"4a11039f730203ffc003b7[...]\":\n OCI runtime exec failed: exec failed: unable to start container process:\n unable to init seccomp: error loading seccomp filter into kernel:\n error loading seccomp filter: errno 524: unknown\n\n However, we had not been seeing this issue on previous AMIs and it only\n started to occur on v20230217 (following the upgrade from kernel 5.4 to\n 5.10) with no other changes to the underlying cluster or workloads.\n\n We tried the suggestions from that issue (sysctl net.core.bpf_jit_limit=452534528)\n which helped to immediately allow containers to be created and probes to\n execute but after approximately a day the issue returned and the value\n returned by cat /proc/vmallocinfo | grep bpf_jit | awk '{s+=$2} END {print s}'\n was steadily increasing.\n\nI tested bpf tree to observe bpf_jit_charge_modmem, bpf_jit_uncharge_modmem\ntheir sizes passed in as well as bpf_jit_current under tcpdump BPF filter,\nseccomp BPF and native (e)BPF programs, and the behavior all looks sane\nand expected, that is nothing \"leaking\" from an upstream perspective.\n\nThe bpf_jit_limit knob was originally added in order to avoid a situation\nwhere unprivileged applications loading BPF programs (e.g. seccomp BPF\npolicies) consuming all the module memory space via BPF JIT such that loading\nof kernel modules would be prevented. The default limit was defined back in\n2018 and while good enough back then, we are generally seeing far more BPF\nconsumers today.\n\nAdjust the limit for the BPF JIT pool from originally 1/4 to now 1/2 of the\nmodule memory space to better reflect today's needs and avoid more users\nrunning into potentially hard to debug issues."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ec8ca8ec1a2f04c4ed90897225231c58c124a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/374ed036309fce73f9db04c3054018a71912d46b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42049e65d338870e93732b0b80c6c41faf6aa781",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/54869daa6a437887614274f65298ba44a3fac63a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68ed00a37d2d1c932ff7be40be4b90c4bec48c56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9cda812c76067c8a771eae43bb6943481cc7effc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a4bbab27c4bf69486f5846d44134eb31c37e9b22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d69c2ded95b17d51cc6632c7848cbd476381ecd6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53077.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53077",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.720",
"lastModified": "2025-05-02T16:15:26.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes\n\n[WHY]\nWhen PTEBufferSizeInRequests is zero, UBSAN reports the following\nwarning because dml_log2 returns an unexpected negative value:\n\n shift exponent 4294966273 is too large for 32-bit type 'int'\n\n[HOW]\n\nIn the case PTEBufferSizeInRequests is zero, skip the dml_log2() and\nassign the result directly."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/031f196d1b1b6d5dfcb0533b431e3ab1750e6189",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a16394b5d661afec9a264fecac3abd87aea439ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bec1bea2fa974e63f6059c33edde669c7894d0bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e12b95680821b9880cd9992c0f3555389363604f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53078.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53078",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.820",
"lastModified": "2025-05-02T16:15:26.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53079.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53079",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.923",
"lastModified": "2025-05-02T16:15:26.923",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix steering rules cleanup\n\nvport's mc, uc and multicast rules are not deleted in teardown path when\nEEH happens. Since the vport's promisc settings(uc, mc and all) in\nfirmware are reset after EEH, mlx5 driver will try to delete the above\nrules in the initialization path. This cause kernel crash because these\nsoftware rules are no longer valid.\n\nFix by nullifying these rules right after delete to avoid accessing any dangling\npointers.\n\nCall Trace:\n__list_del_entry_valid+0xcc/0x100 (unreliable)\ntree_put_node+0xf4/0x1b0 [mlx5_core]\ntree_remove_node+0x30/0x70 [mlx5_core]\nmlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]\nesw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]\nesw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]\nesw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]\nesw_enable_vport+0x130/0x260 [mlx5_core]\nmlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]\nmlx5_device_enable_sriov+0x74/0x440 [mlx5_core]\nmlx5_load_one+0x114c/0x1550 [mlx5_core]\nmlx5_pci_resume+0x68/0xf0 [mlx5_core]\neeh_report_resume+0x1a4/0x230\neeh_pe_dev_traverse+0x98/0x170\neeh_handle_normal_event+0x3e4/0x640\neeh_handle_event+0x4c/0x370\neeh_event_handler+0x14c/0x210\nkthread+0x168/0x1b0\nret_from_kernel_thread+0x5c/0x84"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/18cead61e437f4c7898acca0a5f3df12f801d97f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4df1f2d36bdc9a368650bf14b9097c555e95f71d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63546395a0e6ac264f78f65218086ce6014b4494",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f5780536181d1d0d09a11a1bc92f22e143447e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/922f56e9a795d6f3dd72d3428ebdd7ee040fa855",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53080.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53080",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.020",
"lastModified": "2025-05-02T16:15:27.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Add missing overflow check in xdp_umem_reg\n\nThe number of chunks can overflow u32. Make sure to return -EINVAL on\noverflow. Also remove a redundant u32 cast assigning umem->npgs."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cfc3564411acf96bf2fb791f706a1aa4f872c1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/580634b03a55f04a3c1968bcbd97736c079c6601",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a069909acc4435eeb41d05ccc03baa447cc01b7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb2e3bfb2a79db0c2057c6f701b782954394c67f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7df4813b149362248d6ef7be41a311e27bf75fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53081.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53081",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.117",
"lastModified": "2025-05-02T16:15:27.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after failed write\n\nWhen buffered write fails to copy data into underlying page cache page,\nocfs2_write_end_nolock() just zeroes out and dirties the page. This can\nleave dirty page beyond EOF and if page writeback tries to write this page\nbefore write succeeds and expands i_size, page gets into inconsistent\nstate where page dirty bit is clear but buffer dirty bits stay set\nresulting in page data never getting written and so data copied to the\npage is lost. Fix the problem by invalidating page beyond EOF after\nfailed write."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1629f6f522b2d058019710466a84b240683bbee3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/205759c6c18f54659b0b5976b14a52d1b3eb9f57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/47eb055ad3588fc96d34e9e1dd87b210ce62906b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c24eb49ab44351424ac8fe8567f91ea48a06089",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90410bcf873cf05f54a32183afff0161f44f9715",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/91d7a4bd5656552d6259e2d0f8859f9e8cc5ef68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9e53869cb43c96d6d851c491fd4e26430ab6ba6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c26f3ff4c0be590c1250f945ac2e4fc5fcdc5f45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53082.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53082",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.220",
"lastModified": "2025-05-02T16:15:27.220",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix the crash in hot unplug with vp_vdpa\n\nWhile unplugging the vp_vdpa device, it triggers a kernel panic\nThe root cause is: vdpa_mgmtdev_unregister() will accesses modern\ndevices which will cause a use after free.\nSo need to change the sequence in vp_vdpa_remove\n\n[ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014\n[ 195.004012] #PF: supervisor read access in kernel mode\n[ 195.004486] #PF: error_code(0x0000) - not-present page\n[ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0\n[ 195.005578] Oops: 0000 1 PREEMPT SMP PTI\n[ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: loaded Not tainted 5.14.0-252.el9.x86_64 #1\n[ 195.006792] Hardware name: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown\n[ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn\n[ 195.008059] RIP: 0010:ioread8+0x31/0x80\n[ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc <8a> 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7\n[ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292\n[ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0\n[ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014\n[ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68\n[ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120\n[ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805\n[ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000\n[ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0\n[ 195.015741] PKRU: 55555554\n[ 195.016001] Call Trace:\n[ 195.016233] <TASK>\n[ 195.016434] vp_modern_get_status+0x12/0x20\n[ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa]\n[ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa]\n[ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net]\n[ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 195.018618] virtio_dev_remove+0x3d/0x90\n[ 195.018986] device_release_driver_internal+0x1aa/0x230\n[ 195.019466] bus_remove_device+0xd8/0x150\n[ 195.019841] device_del+0x18b/0x3f0\n[ 195.020167] ? kernfs_find_ns+0x35/0xd0\n[ 195.020526] device_unregister+0x13/0x60\n[ 195.020894] unregister_virtio_device+0x11/0x20\n[ 195.021311] device_release_driver_internal+0x1aa/0x230\n[ 195.021790] bus_remove_device+0xd8/0x150\n[ 195.022162] device_del+0x18b/0x3f0\n[ 195.022487] device_unregister+0x13/0x60\n[ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa]\n[ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa]\n[ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa]\n[ 195.024115] bus_for_each_dev+0x78/0xc0\n[ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa]\n[ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa]\n[ 195.025353] pci_device_remove+0x36/0xa0\n[ 195.025719] device_release_driver_internal+0x1aa/0x230\n[ 195.026201] pci_stop_bus_device+0x6c/0x90\n[ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20\n[ 195.027039] disable_slot+0x49/0x90\n[ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90\n[ 195.027832] hotplug_event+0xea/0x210\n[ 195.028171] ? hotplug_event+0x210/0x210\n[ 195.028535] acpiphp_hotplug_notify+0x22/0x80\n[ 195.028942] ? hotplug_event+0x210/0x210\n[ 195.029303] acpi_device_hotplug+0x8a/0x1d0\n[ 195.029690] acpi_hotplug_work_fn+0x1a/0x30\n[ 195.030077] process_one_work+0x1e8/0x3c0\n[ 195.030451] worker_thread+0x50/0x3b0\n[ 195.030791] ? rescuer_thread+0x3a0/0x3a0\n[ 195.031165] kthread+0xd9/0x100\n[ 195.031459] ? kthread_complete_and_exit+0x20/0x20\n[ 195.031899] ret_from_fork+0x22/0x30\n[ 195.032233] </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/aed8efddd39b3434c96718d39009285c52b1cafc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/baafa2960731211837d8fc04ff3873ecb7440464",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa1f327f93c9a7310cce9d2fcda28b7af91f7437",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53083.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53083",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.310",
"lastModified": "2025-05-02T16:15:27.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't replace page in rq_pages if it's a continuation of last page\n\nThe splice read calls nfsd_splice_actor to put the pages containing file\ndata into the svc_rqst->rq_pages array. It's possible however to get a\nsplice result that only has a partial page at the end, if (e.g.) the\nfilesystem hands back a short read that doesn't cover the whole page.\n\nnfsd_splice_actor will plop the partial page into its rq_pages array and\nreturn. Then later, when nfsd_splice_actor is called again, the\nremainder of the page may end up being filled out. At this point,\nnfsd_splice_actor will put the page into the array _again_ corrupting\nthe reply. If this is done enough times, rq_next_page will overrun the\narray and corrupt the trailing fields -- the rq_respages and\nrq_next_page pointers themselves.\n\nIf we've already added the page to the array in the last pass, don't add\nit to the array a second time when dealing with a splice continuation.\nThis was originally handled properly in nfsd_splice_actor, but commit\n91e23b1c3982 (\"NFSD: Clean up nfsd_splice_actor()\") removed the check\nfor it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0101067f376eb7b9afd00279270f25d5111a091d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/12eca509234acb6b666802edf77408bb70d7bfca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/27c934dd8832dd40fd34776f916dc201e18b319b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51ddb84baff6f09ad62b5999ece3ec172e4e3568",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8235cd619db6e67f1d7d26c55f1f3e4e575c947d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53084.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53084",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.403",
"lastModified": "2025-05-02T16:15:27.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove another errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own reference in error code path, resulting\nin the dma-buf shmem GEM object getting prematurely freed leading to a\nlater use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5cfb617967b05f8f27e862c97db1fabd8485f4db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/684c7372bbd6447c2e86a2a84e97a1478604d21f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/77d26c824aa5a7e0681ef1d5b75fe538d746addc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dede8c14a37a7ac458f9add56154a074ed78e7cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee9adb7a45516cfa536ca92253d7ae59d56db9e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2023/CVE-2023-530xx/CVE-2023-53085.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-53085",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.493",
"lastModified": "2025-05-02T16:15:27.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/edid: fix info leak when failing to get panel id\n\nMake sure to clear the transfer buffer before fetching the EDID to\navoid leaking slab data to the logs on errors that leave the buffer\nunchanged."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d8457fe0eb9c80ff7795cf8a30962128b71d853",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/598c42c78919117dc0d235ae22d17ad642377483",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2023/CVE-2023-530xx/CVE-2023-53086.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2023-53086",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.580",
"lastModified": "2025-05-02T16:15:27.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: do not check WED status for non-mmio devices\n\nWED is supported just for mmio devices, so do not check it for usb or\nsdio devices. This patch fixes the crash reported below:\n\n[ 21.946627] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.525298] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.548274] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.557694] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.565885] wlp0s3u1i3: authenticated\n[ 22.569502] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.578966] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3)\n[ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rejected association temporarily; comeback duration 1000 TU (1024 ms)\n[ 23.649518] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 2/3)\n[ 23.752528] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3)\n[ 23.797450] wlp0s3u1i3: associated\n[ 24.959527] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)\n[ 24.959640] BUG: unable to handle page fault for address: ffff88800c223200\n[ 24.959706] #PF: supervisor instruction fetch in kernel mode\n[ 24.959788] #PF: error_code(0x0011) - permissions violation\n[ 24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163\n[ 24.959957] Oops: 0011 [#1] PREEMPT SMP\n[ 24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant Not tainted 6.2.0-kvm #18\n[ 24.960089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n[ 24.960191] RIP: 0010:0xffff88800c223200\n[ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282\n[ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058\n[ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010\n[ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c\n[ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001\n[ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644\n[ 24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\n[ 24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0\n[ 24.961190] Call Trace:\n[ 24.961219] <TASK>\n[ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310\n[ 24.961313] ? mt7921_set_key+0x150/0x200\n[ 24.961365] ? drv_set_key+0xa9/0x1b0\n[ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240\n[ 24.961485] ? ieee80211_key_replace+0x3f3/0x730\n[ 24.961541] ? crypto_shash_setkey+0x89/0xd0\n[ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0\n[ 24.961664] ? crypto_aead_setauthsize+0x31/0x50\n[ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0\n[ 24.961785] ? ieee80211_add_key+0x1fc/0x250\n[ 24.961842] ? rdev_add_key+0x41/0x140\n[ 24.961882] ? nl80211_parse_key+0x6c/0x2f0\n[ 24.961940] ? nl80211_new_key+0x24a/0x290\n[ 24.961984] ? genl_rcv_msg+0x36c/0x3a0\n[ 24.962036] ? rdev_mod_link_station+0xe0/0xe0\n[ 24.962102] ? nl80211_set_key+0x410/0x410\n[ 24.962143] ? nl80211_pre_doit+0x200/0x200\n[ 24.962187] ? genl_bind+0xc0/0xc0\n[ 24.962217] ? netlink_rcv_skb+0xaa/0xd0\n[ 24.962259] ? genl_rcv+0x24/0x40\n[ 24.962300] ? netlink_unicast+0x224/0x2f0\n[ 24.962345] ? netlink_sendmsg+0x30b/0x3d0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962440] ? __import_iovec+0x2e/0x110\n[ 24.962482] ? ___sys_sendmsg+0xbe/0xe0\n[ 24.962525] ? mod_objcg_state+0x25c/0x330\n[ 24.962576] ? __dentry_kill+0x19e/0x1d0\n[ 24.962618] ? call_rcu+0x18f/0x270\n[ 24.962660] ? __dentry_kill+0x19e/0x1d0\n[ 24.962702] ? __x64_sys_sendmsg+0x70/0x90\n[ 24.962744] ? do_syscall_64+0x3d/0x80\n[ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70\n[ 24.962852] ? entry_SYSCA\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/53edfda851dd1ce41ac049ce2f195dc41dd27cc1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5683e1488aa9b0805a9403d215e48fed29d6d923",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53087.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53087",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.667",
"lastModified": "2025-05-02T16:15:27.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/active: Fix misuse of non-idle barriers as fence trackers\n\nUsers reported oopses on list corruptions when using i915 perf with a\nnumber of concurrently running graphics applications. Root cause analysis\npointed at an issue in barrier processing code -- a race among perf open /\nclose replacing active barriers with perf requests on kernel context and\nconcurrent barrier preallocate / acquire operations performed during user\ncontext first pin / last unpin.\n\nWhen adding a request to a composite tracker, we try to reuse an existing\nfence tracker, already allocated and registered with that composite. The\ntracker we obtain may already track another fence, may be an idle barrier,\nor an active barrier.\n\nIf the tracker we get occurs a non-idle barrier then we try to delete that\nbarrier from a list of barrier tasks it belongs to. However, while doing\nthat we don't respect return value from a function that performs the\nbarrier deletion. Should the deletion ever fail, we would end up reusing\nthe tracker still registered as a barrier task. Since the same structure\nfield is reused with both fence callback lists and barrier tasks list,\nlist corruptions would likely occur.\n\nBarriers are now deleted from a barrier tasks list by temporarily removing\nthe list content, traversing that content with skip over the node to be\ndeleted, then populating the list back with the modified content. Should\nthat intentionally racy concurrent deletion attempts be not serialized,\none or more of those may fail because of the list being temporary empty.\n\nRelated code that ignores the results of barrier deletion was initially\nintroduced in v5.4 by commit d8af05ff38ae (\"drm/i915: Allow sharing the\nidle-barrier from other kernel requests\"). However, all users of the\nbarrier deletion routine were apparently serialized at that time, then the\nissue didn't exhibit itself. Results of git bisect with help of a newly\ndeveloped igt@gem_barrier_race@remote-request IGT test indicate that list\ncorruptions might start to appear after commit 311770173fac (\"drm/i915/gt:\nSchedule request retirement when timeline idles\"), introduced in v5.5.\n\nRespect results of barrier deletion attempts -- mark the barrier as idle\nonly if successfully deleted from the list. Then, before proceeding with\nsetting our fence as the one currently tracked, make sure that the tracker\nwe've got is not a non-idle barrier. If that check fails then don't use\nthat tracker but go back and try to acquire a new, usable one.\n\nv3: use unlikely() to document what outcome we expect (Andi),\n - fix bad grammar in commit description.\nv2: no code changes,\n - blame commit 311770173fac (\"drm/i915/gt: Schedule request retirement\n when timeline idles\"), v5.5, not commit d8af05ff38ae (\"drm/i915: Allow\n sharing the idle-barrier from other kernel requests\"), v5.4,\n - reword commit description.\n\n(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c7591b8574c52c56b3994c2fbef1a3a311b5715",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e784a7d07af42057c0576fb647b482f4cb0dc2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ab7d33617559cced63d467928f478ea5c459021",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9159db27fb19bbf1c91b5c9d5285e66cc96cc5ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0e6b416b25ee14716f3549e0cbec1011b193809",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53088.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53088",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.760",
"lastModified": "2025-05-02T16:15:27.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix UaF in listener shutdown\n\nAs reported by Christoph after having refactored the passive\nsocket initialization, the mptcp listener shutdown path is prone\nto an UaF issue.\n\n BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0\n Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266\n\n CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n kasan_check_range+0x14a/0x1a0\n _raw_spin_lock_bh+0x73/0xe0\n subflow_error_report+0x6d/0x110\n sk_error_report+0x3b/0x190\n tcp_disconnect+0x138c/0x1aa0\n inet_child_forget+0x6f/0x2e0\n inet_csk_listen_stop+0x209/0x1060\n __mptcp_close_ssk+0x52d/0x610\n mptcp_destroy_common+0x165/0x640\n mptcp_destroy+0x13/0x80\n __mptcp_destroy_sock+0xe7/0x270\n __mptcp_close+0x70e/0x9b0\n mptcp_close+0x2b/0x150\n inet_release+0xe9/0x1f0\n __sock_release+0xd2/0x280\n sock_close+0x15/0x20\n __fput+0x252/0xa20\n task_work_run+0x169/0x250\n exit_to_user_mode_prepare+0x113/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe msk grace period can legitly expire in between the last\nreference count dropped in mptcp_subflow_queue_clean() and\nthe later eventual access in inet_csk_listen_stop()\n\nAfter the previous patch we don't need anymore special-casing\nmsk listener socket cleanup: the mptcp worker will process each\nof the unaccepted msk sockets.\n\nJust drop the now unnecessary code.\n\nPlease note this commit depends on the two parent ones:\n\n mptcp: refactor passive socket initialization\n mptcp: use the workqueue to destroy unaccepted sockets"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a3f4f1f9c27215e4ddcd312558342e57b93e518",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0f4f4cf5d32f10543deb946a37111e714579511e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5564be74a22a61855f8b8c100d8c4abb003bb792",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-530xx/CVE-2023-53089.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53089",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.853",
"lastModified": "2025-05-02T16:15:27.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix task hung in ext4_xattr_delete_inode\n\nSyzbot reported a hung task problem:\n==================================================================\nINFO: task syz-executor232:5073 blocked for more than 143 seconds.\n Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004\nCall Trace:\n <TASK>\n context_switch kernel/sched/core.c:5244 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6555\n schedule+0xcb/0x190 kernel/sched/core.c:6631\n __wait_on_freeing_inode fs/inode.c:2196 [inline]\n find_inode_fast+0x35a/0x4c0 fs/inode.c:950\n iget_locked+0xb1/0x830 fs/inode.c:1273\n __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861\n ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389\n ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148\n ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880\n ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296\n evict+0x2a4/0x620 fs/inode.c:664\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fa5406fd5ea\nRSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea\nRDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970\nRBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432\nR10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004\nR13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000\n </TASK>\n==================================================================\n\nThe problem is that the inode contains an xattr entry with ea_inum of 15\nwhen cleaning up an orphan inode <15>. When evict inode <15>, the reference\ncounting of the corresponding EA inode is decreased. When EA inode <15> is\nfound by find_inode_fast() in __ext4_iget(), it is found that the EA inode\nholds the I_FREEING flag and waits for the EA inode to complete deletion.\nAs a result, when inode <15> is being deleted, we wait for inode <15> to\ncomplete the deletion, resulting in an infinite loop and triggering Hung\nTask. To solve this problem, we only need to check whether the ino of EA\ninode and parent is the same before getting EA inode."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f7bfd6f8164be32dbbdf36aa1e5d00485c53cd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1aec41c98cce61d19ce89650895e51b9f3cdef13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2c96c52aeaa6fd9163cfacdd98778b4a0398ef18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64b72f5e7574020dea62ab733d88a54d903c42a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73f7987fe1b82596f1a380e85cd0097ebaae7e01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94fd091576b12540924f6316ebc0678e84cb2800",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a98160d8f3e6242ca9b7f443f26e7ef3a61ba684",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efddc7e106fdf8d1f62d45e79de78f63b7c04fba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2023/CVE-2023-530xx/CVE-2023-53090.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2023-53090",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.957",
"lastModified": "2025-05-02T16:15:27.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix an illegal memory access\n\nIn the kfd_wait_on_events() function, the kfd_event_waiter structure is\nallocated by alloc_event_waiters(), but the event field of the waiter\nstructure is not initialized; When copy_from_user() fails in the\nkfd_wait_on_events() function, it will enter exception handling to\nrelease the previously allocated memory of the waiter structure;\nDue to the event field of the waiters structure being accessed\nin the free_waiters() function, this results in illegal memory access\nand system crash, here is the crash log:\n\nlocalhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0\nlocalhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082\nlocalhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000\nlocalhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0\nlocalhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64\nlocalhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002\nlocalhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698\nlocalhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000\nlocalhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nlocalhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0\nlocalhost kernel: Call Trace:\nlocalhost kernel: _raw_spin_lock_irqsave+0x30/0x40\nlocalhost kernel: remove_wait_queue+0x12/0x50\nlocalhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu]\nlocalhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu]\nlocalhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: __x64_sys_ioctl+0x8e/0xd0\nlocalhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0\nlocalhost kernel: do_syscall_64+0x33/0x80\nlocalhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9\nlocalhost kernel: RIP: 0033:0x152a4dff68d7\n\nAllocate the structure with kcalloc, and remove redundant 0-initialization\nand a redundant loop condition check."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fece63b55c5d74cd6f5de51159e2cde37e10555",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4fc8fff378b2f2039f2a666d9f8c570f4e58352c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a3fb3b745af0ce46ec2e0c8e507bae45b937334",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/61f306f8df0d5559659c5578cf6d95236bcdcb25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6936525142a015e854d0a23e9ad9ea0a28b3843d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bbf5eada4334a96e3a204b2307ff5b14dc380b0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9923e7214a870b312bf61f6a89c7554d0966985",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53091.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53091",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.073",
"lastModified": "2025-05-02T16:15:28.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update s_journal_inum if it changes after journal replay\n\nWhen mounting a crafted ext4 image, s_journal_inum may change after journal\nreplay, which is obviously unreasonable because we have successfully loaded\nand replayed the journal through the old s_journal_inum. And the new\ns_journal_inum bypasses some of the checks in ext4_get_journal(), which\nmay trigger a null pointer dereference problem. So if s_journal_inum\nchanges after the journal replay, we ignore the change, and rewrite the\ncurrent journal_inum to the superblock."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3039d8b8692408438a618fac2776b629852663c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/499fef2030fb754c68b1c7cb3a799a3bc1d0d925",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70e66bdeae4d0f7c8e87762f425b68aedd5e8955",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee0c5277d4fab920bd31345c49e193ecede9ecef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53092.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53092",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.180",
"lastModified": "2025-05-02T16:15:28.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3aab264875bf3c915ea2517fae1eec213e0b4987",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b71dd43bd49bd68186c1d19dbeedee219e003149",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c479e4ac4a3d1485a48599e66ce46547c1367828",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd4738ae1a0c216d25360a98e835967b06d6a253",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53093.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53093",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.270",
"lastModified": "2025-05-02T16:15:28.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events\n # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fc0ee435c9264cdb7c5e872f76cd9bb97640227",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/39cd75f2f3a43c0e2f95749eb6dd6420c553f87d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0213434fe3e4a0d118923dc98d31e7ff1cd9e45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53094.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53094",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.363",
"lastModified": "2025-05-02T16:15:28.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: fix race on RX DMA shutdown\n\nFrom time to time DMA completion can come in the middle of DMA shutdown:\n\n<process ctx>:\t\t\t\t<IRQ>:\nlpuart32_shutdown()\n lpuart_dma_shutdown()\n del_timer_sync()\n\t\t\t\t\tlpuart_dma_rx_complete()\n\t\t\t\t\t lpuart_copy_rx_to_tty()\n\t\t\t\t\t mod_timer()\n lpuart_dma_rx_free()\n\nWhen the timer fires a bit later, sport->dma_rx_desc is NULL:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\npc : lpuart_copy_rx_to_tty+0xcc/0x5bc\nlr : lpuart_timer_func+0x1c/0x2c\nCall trace:\n lpuart_copy_rx_to_tty\n lpuart_timer_func\n call_timer_fn\n __run_timers.part.0\n run_timer_softirq\n __do_softirq\n __irq_exit_rcu\n irq_exit\n handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n ...\n\nTo fix this fold del_timer_sync() into lpuart_dma_rx_free() after\ndmaengine_terminate_sync() to make sure timer will not be re-started in\nlpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19a98d56dfedafb25652bdb9cd48a4e73ceba702",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1be6f2b15f902c02e055ae0b419ca789200473c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2a36b444cace9580380467fd1183bb5e85bcc80a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90530e7214c8a04dcdde57502d93fa96af288c38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/954fc9931f0aabf272b5674cf468affdd88d3a36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-530xx/CVE-2023-53095.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53095",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.453",
"lastModified": "2025-05-02T16:15:28.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix a NULL pointer dereference\n\nThe LRU mechanism may look up a resource in the process of being removed\nfrom an object. The locking rules here are a bit unclear but it looks\ncurrently like res->bo assignment is protected by the LRU lock, whereas\nbo->resource is protected by the object lock, while *clearing* of\nbo->resource is also protected by the LRU lock. This means that if\nwe check that bo->resource points to the LRU resource under the LRU\nlock we should be safe.\nSo perform that check before deciding to swap out a bo. That avoids\ndereferencing a NULL bo->resource in ttm_bo_swapout()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a9a8fe26751334b7739193a94eba741073b8a55",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d9b1f9f7a72d83ebf173534e76b246349f32374",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2023/CVE-2023-530xx/CVE-2023-53096.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2023-53096",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.543",
"lastModified": "2025-05-02T16:15:28.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: fix mem leak when freeing nodes\n\nThe node link array is allocated when adding links to a node but is not\ndeallocated when nodes are destroyed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e0b13a1827229a02abef97b50ffaf89ba25370a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3167306455d0fbbbcf08cb25651acc527a86a95e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5904f415e1af72fa8fe6665aa4f554dc2099a95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c1722e4113281fb34e5b4fb5c5387b17cd39a537",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efae80ca13faa94457208852825731da44a788ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1e3a20c60196c37a402c584d0c9de306ba988ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-530xx/CVE-2023-53097.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53097",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.643",
"lastModified": "2025-05-02T16:15:28.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/24c1bd1cd0d1ff821fd7d2f01a1e648c7882dfc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4050498c0ae3946c223fc63e9dd7b878b76611e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b505063910c134778202dfad9332dfcecb76bab3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3a62a35f903fd8be5b44542fe3901ec45f16757",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53098.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53098",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.733",
"lastModified": "2025-05-02T16:15:28.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00e81f191bc00cb6faabf468960e96ebf0404a6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ece4d2f7eac1cb51dc0e9859e09bfdb00faa28e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30040818b338b8ebc956ce0ebd198f8d593586a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/513572bb89e8075f5d2a2bb4c89f1152e44da9d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5c140d88a69eb43de2a030f1d7ff7b16bff3b1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-530xx/CVE-2023-53099.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53099",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.830",
"lastModified": "2025-05-02T16:15:28.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don't make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 6.702431] 2 locks held by swapper/0/1:\n[ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[ 6.723156] irq event stamp: 304030\n[ 6.726596] hardirqs last enabled at (304029): [<ffffffc008d17ee0>] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[ 6.736142] hardirqs last disabled at (304030): [<ffffffc00876bc5c>] clk_enable_lock+0xfc/0x140\n[ 6.744742] softirqs last enabled at (303958): [<ffffffc0080904f0>] _stext+0x4f0/0x894\n[ 6.752655] softirqs last disabled at (303951): [<ffffffc0080e53b8>] irq_exit+0x238/0x280\n[ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2\n[ 6.768048] Hardware name: xlnx,zynqmp (DT)\n[ 6.772179] Call trace:\n[ 6.774584] dump_backtrace+0x0/0x300\n[ 6.778197] show_stack+0x18/0x30\n[ 6.781465] dump_stack_lvl+0xb8/0xec\n[ 6.785077] dump_stack+0x1c/0x38\n[ 6.788345] ___might_sleep+0x1a8/0x2a0\n[ 6.792129] __might_sleep+0x6c/0xd0\n[ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0\n[ 6.800127] do_feature_check_call+0x100/0x220\n[ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0\n[ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0\n[ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120\n[ 6.817327] zynqmp_pll_enable+0x38/0xc0\n[ 6.821197] clk_core_enable+0x144/0x400\n[ 6.825067] clk_core_enable+0xd4/0x400\n[ 6.828851] clk_core_enable+0xd4/0x400\n[ 6.832635] clk_core_enable+0xd4/0x400\n[ 6.836419] clk_core_enable+0xd4/0x400\n[ 6.840203] clk_core_enable+0xd4/0x400\n[ 6.843987] clk_core_enable+0xd4/0x400\n[ 6.847771] clk_core_enable+0xd4/0x400\n[ 6.851555] clk_core_enable_lock+0x24/0x50\n[ 6.855683] clk_enable+0x24/0x40\n[ 6.858952] fclk_probe+0x84/0xf0\n[ 6.862220] platform_probe+0x8c/0x110\n[ 6.865918] really_probe+0x110/0x5f0\n[ 6.869530] __driver_probe_device+0xcc/0x210\n[ 6.873830] driver_probe_device+0x64/0x140\n[ 6.877958] __driver_attach+0x114/0x1f0\n[ 6.881828] bus_for_each_dev+0xe8/0x160\n[ 6.885698] driver_attach+0x34/0x50\n[ 6.889224] bus_add_driver+0x228/0x300\n[ 6.893008] driver_register+0xc0/0x1e0\n[ 6.896792] __platform_driver_register+0x44/0x60\n[ 6.901436] fclk_driver_init+0x1c/0x28\n[ 6.905220] do_one_initcall+0x104/0x590\n[ 6.909091] kernel_init_freeable+0x254/0x2bc\n[ 6.913390] kernel_init+0x24/0x130\n[ 6.916831] ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/162049c31eb64308afa22e341a257a723526eb5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38ed310c22e7a0fc978b1f8292136a4a4a8b3051",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86afb633beaa02ee95b5126a14c9f22cfade4fd9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9bbab2843f2d1337a268499a1c02b435d2985a17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b37d3ccbd549494890672136a0e623eb010d46a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53100.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53100",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.923",
"lastModified": "2025-05-02T16:15:28.923",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in ext4_update_inline_data\n\nSyzbot found the following issue:\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\nfscrypt: AES-256-CTS-CBC using implementation \"cts-cbc-aes-aesni\"\nfscrypt: AES-256-XTS using implementation \"xts-aes-aesni\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nModules linked in:\nCPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nRSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246\nRAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000\nRDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248\nRBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220\nR10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40\nR13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c\nFS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __alloc_pages_node include/linux/gfp.h:237 [inline]\n alloc_pages_node include/linux/gfp.h:260 [inline]\n __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113\n __do_kmalloc_node mm/slab_common.c:956 [inline]\n __kmalloc+0xfe/0x190 mm/slab_common.c:981\n kmalloc include/linux/slab.h:584 [inline]\n kzalloc include/linux/slab.h:720 [inline]\n ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346\n ext4_update_inline_dir fs/ext4/inline.c:1115 [inline]\n ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307\n ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385\n ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772\n ext4_create+0x36c/0x560 fs/ext4/namei.c:2817\n lookup_open fs/namei.c:3413 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x12ac/0x2dd0 fs/namei.c:3711\n do_filp_open+0x264/0x4f0 fs/namei.c:3741\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_openat fs/open.c:1342 [inline]\n __se_sys_openat fs/open.c:1337 [inline]\n __x64_sys_openat+0x243/0x290 fs/open.c:1337\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue happens as follows:\next4_iget\n ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60\next4_try_add_inline_entry\n __ext4_mark_inode_dirty\n ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44\n ext4_xattr_shift_entries\n\t ->after shift i_inline_off is incorrect, actually is change to 176\next4_try_add_inline_entry\n ext4_update_inline_dir\n get_max_inline_xattr_value_size\n if (EXT4_I(inode)->i_inline_off)\n\tentry = (struct ext4_xattr_entry *)((void *)raw_inode +\n\t\t\tEXT4_I(inode)->i_inline_off);\n free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size));\n\t->As entry is incorrect, then 'free' may be negative\n ext4_update_inline_data\n value = kzalloc(len, GFP_NOFS);\n -> len is unsigned int, maybe very large, then trigger warning when\n 'kzalloc()'\n\nTo resolve the above issue we need to update 'i_inline_off' after\n'ext4_xattr_shift_entries()'. We do not need to set\nEXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty()\nalready sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA\nwhen it is needed may trigger a BUG_ON in ext4_writepages()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b96b4a5d9443ca4cad58b0040be455803c05a42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/35161cec76772f74526f5886ad4082ec48511d5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/39c5df2ca544368b44b59d0f6d80131e90763371",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/74d775083e9f3d9dadf9e3b5f3e0028d1ad0bd5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92eee6a82a9a6f9f83559e17a2b6b935e1a5cd25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9bd94f67b27739bbe8583c52256502bd4cc7e83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5aa102b433b1890e1ccaa40c06826c77dda1665",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca500cf2eceb5a8e93bf71ab97b5f7a18ecabce2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53101.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53101",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.023",
"lastModified": "2025-05-02T16:15:29.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: zero i_disksize when initializing the bootloader inode\n\nIf the boot loader inode has never been used before, the\nEXT4_IOC_SWAP_BOOT inode will initialize it, including setting the\ni_size to 0. However, if the \"never before used\" boot loader has a\nnon-zero i_size, then i_disksize will be non-zero, and the\ninconsistency between i_size and i_disksize can trigger a kernel\nwarning:\n\n WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319\n CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa\n RIP: 0010:ext4_file_write_iter+0xbc7/0xd10\n Call Trace:\n vfs_write+0x3b1/0x5c0\n ksys_write+0x77/0x160\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x39/0x80\n\nReproducer:\n 1. create corrupted image and mount it:\n mke2fs -t ext4 /tmp/foo.img 200\n debugfs -wR \"sif <5> size 25700\" /tmp/foo.img\n mount -t ext4 /tmp/foo.img /mnt\n cd /mnt\n echo 123 > file\n 2. Run the reproducer program:\n posix_memalign(&buf, 1024, 1024)\n fd = open(\"file\", O_RDWR | O_DIRECT);\n ioctl(fd, EXT4_IOC_SWAP_BOOT);\n write(fd, buf, 1024);\n\nFix this by setting i_disksize as well as i_size to zero when\ninitiaizing the boot loader inode."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01a821aacc64d4b05dafd239dbc9b7856686002f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0d8a6c9a6415999fee1259ccf1796480c026b7d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3f00c476da8fe7c4c34ea16abb55d74127120413",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59eee0cdf8c036f554add97a4da7c06d7a9ff34a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9cb27b1e76f0cc886ac09055bc41c0ab3f205167",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e9a4cc5486356158554f6ad73027d8635a48b34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6c1447e483c05dbcfb3ff77ac04237a82070b8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5361da1e60d54ec81346aee8e3d8baf1be0b762",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-531xx/CVE-2023-53102.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53102",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.127",
"lastModified": "2025-05-02T16:15:29.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: disable txq irq before flushing hw\n\nice_qp_dis() intends to stop a given queue pair that is a target of xsk\npool attach/detach. One of the steps is to disable interrupts on these\nqueues. It currently is broken in a way that txq irq is turned off\n*after* HW flush which in turn takes no effect.\n\nice_qp_dis():\n-> ice_qvec_dis_irq()\n--> disable rxq irq\n--> flush hw\n-> ice_vsi_stop_tx_ring()\n-->disable txq irq\n\nBelow splat can be triggered by following steps:\n- start xdpsock WITHOUT loading xdp prog\n- run xdp_rxq_info with XDP_TX action on this interface\n- start traffic\n- terminate xdpsock\n\n[ 256.312485] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[ 256.319560] #PF: supervisor read access in kernel mode\n[ 256.324775] #PF: error_code(0x0000) - not-present page\n[ 256.329994] PGD 0 P4D 0\n[ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G OE 6.2.0-rc5+ #51\n[ 256.345218] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice]\n[ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 <49> 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44\n[ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206\n[ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f\n[ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80\n[ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000\n[ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000\n[ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600\n[ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000\n[ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0\n[ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 256.457770] PKRU: 55555554\n[ 256.460529] Call Trace:\n[ 256.463015] <TASK>\n[ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice]\n[ 256.469437] ice_napi_poll+0x46d/0x680 [ice]\n[ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40\n[ 256.478863] __napi_poll+0x29/0x160\n[ 256.482409] net_rx_action+0x136/0x260\n[ 256.486222] __do_softirq+0xe8/0x2e5\n[ 256.489853] ? smpboot_thread_fn+0x2c/0x270\n[ 256.494108] run_ksoftirqd+0x2a/0x50\n[ 256.497747] smpboot_thread_fn+0x1c1/0x270\n[ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 256.506594] kthread+0xea/0x120\n[ 256.509785] ? __pfx_kthread+0x10/0x10\n[ 256.513597] ret_from_fork+0x29/0x50\n[ 256.517238] </TASK>\n\nIn fact, irqs were not disabled and napi managed to be scheduled and run\nwhile xsk_pool pointer was still valid, but SW ring of xdp_buff pointers\nwas already freed.\n\nTo fix this, call ice_qvec_dis_irq() after ice_vsi_stop_tx_ring(). Also\nwhile at it, remove redundant ice_clean_rx_ring() call - this is handled\nin ice_qp_clean_rings()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/243cde8de10894d7812c8a6b62653bf04d8f9700",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ecc6e44959382f95c9d427cd8da85121a9cecda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b830c9642386867863ac64295185f896ff2928ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b89a453c6918e0f346fb0562e8c7812b94d28c73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cccba1ff0798a27f7b8d0c06762ef977400a2afb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-531xx/CVE-2023-53103.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53103",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.223",
"lastModified": "2025-05-02T16:15:29.223",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails\n\nsyzbot reported a warning[1] where the bond device itself is a slave and\nwe try to enslave a non-ethernet device as the first slave which fails\nbut then in the error path when ether_setup() restores the bond device\nit also clears all flags. In my previous fix[2] I restored the\nIFF_MASTER flag, but I didn't consider the case that the bond device\nitself might also be a slave with IFF_SLAVE set, so we need to restore\nthat flag as well. Use the bond_ether_setup helper which does the right\nthing and restores the bond's flags properly.\n\nSteps to reproduce using a nlmon dev:\n $ ip l add nlmon0 type nlmon\n $ ip l add bond1 type bond\n $ ip l add bond2 type bond\n $ ip l set bond1 master bond2\n $ ip l set dev nlmon0 master bond1\n $ ip -d l sh dev bond1\n 22: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000\n (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we\n try to delete it)\n\n[1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef\n[2] commit 7d5cd2ce5292 (\"bonding: correctly handle bonding type change on enslave failure\")\n[3] example warning:\n [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address\n [ 27.008692] bond1: (slave nlmon0): Error -95 calling set_mac_address\n [ 32.464639] bond1 (unregistering): Released all slaves\n [ 32.464685] ------------[ cut here ]------------\n [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780\n [ 32.464694] Modules linked in: br_netfilter bridge bonding virtio_net\n [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47\n [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780\n [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59\n [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206\n [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000\n [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520\n [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728\n [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140\n [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140\n [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000\n [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0\n [ 32.464730] Call Trace:\n [ 32.464763] <TASK>\n [ 32.464767] rtnl_dellink+0x13e/0x380\n [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100\n [ 32.464780] ? __rtnl_unlock+0x33/0x60\n [ 32.464783] ? bpf_lsm_capset+0x10/0x10\n [ 32.464786] ? security_capable+0x36/0x50\n [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0\n [ 32.464792] ? _copy_to_iter+0xb1/0x790\n [ 32.464796] ? post_alloc_hook+0xa0/0x160\n [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110\n [ 32.464802] netlink_rcv_skb+0x50/0xf0\n [ 32.464806] netlink_unicast+0x216/0x340\n [ 32.464809] netlink_sendmsg+0x23f/0x480\n [ 32.464812] sock_sendmsg+0x5e/0x60\n [ 32.464815] ____sys_sendmsg+0x22c/0x270\n [ 32.464818] ? import_iovec+0x17/0x20\n [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90\n [ 32.464823] ? do_set_pte+0xa0/0xe0\n [ 32.464828] ___sys_sendmsg+0x81/0xc0\n [ 32.464832] ? mod_objcg_state+0xc6/0x300\n [ 32.464835] ? refill_obj_stock+0xa9/0x160\n [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0\n [ 32.464842] __sys_sendm\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0276813b8ab08d9bf5ca4159f301d0829ecf13fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93c8cbeb1b2b8ff670b3dfd01b3abd843995c80f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e667d469098671261d558be0cd93dca4d285ce1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecb1b5135bd3f232d5335b3935e2c2ac11bfa02f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53104.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53104",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.317",
"lastModified": "2025-05-02T16:15:29.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull\n\nPacket length check needs to be located after size and align_count\ncalculation to prevent kernel panic in skb_pull() in case\nrx_cmd_a & RX_CMD_A_RED evaluates to true."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/181e9db5caec4daae57a58675a1ceaa47348958f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2cc46ed406bb325f10a251b03d9a83ae67b3d3d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43ffe6caccc7a1bb9d7442fbab521efbf6c1378c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4caee8e7d91e4f06f21881726da9c1bb2cd6e4fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c96eeba93980c5cef5176a4bac0ddb722fd57dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7bf0eac3fdd2d25f5c6ceab63e3e4902e274f7ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89441504d66d116eb5ce58c132f58cdcca5b498a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0d07a3203c36d073af2177edfc6b070220a60cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53105.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53105",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.430",
"lastModified": "2025-05-02T16:15:29.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] <TASK>\n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01fdaea410787fe372daeaeda93a29ed0606d334",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7350f8dbe0c2a1d4d3ad7c35b610abd3cb91750",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9668f0b1d28570327dbba189f2c61f6f9e43ae7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53106.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53106",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.520",
"lastModified": "2025-05-02T16:15:29.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc->ndev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc->ndev"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2156490c4b7cacda9a18ec99929940b8376dc0e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3405eb641dafcc8b28d174784b203c1622c121bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43aa468df246175207a7d5d7d6d31b231f15b49c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e331022b448fbc5e76f24349cd0246844dcad25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84dd9cc34014e3a3dcce0eb6d54b8a067e97676b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b0c202a8dc63008205a5d546559736507a9aae66",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f589e5b56c562d99ea74e05b1c3f0eab78aa17a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53107.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53107",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.620",
"lastModified": "2025-05-02T16:15:29.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Fix use after free in XDP_REDIRECT\n\nCommit 718a18a0c8a6 (\"veth: Rework veth_xdp_rcv_skb in order\nto accept non-linear skb\") introduced a bug where it tried to\nuse pskb_expand_head() if the headroom was less than\nXDP_PACKET_HEADROOM. This however uses kmalloc to expand the head,\nwhich will later allow consume_skb() to free the skb while is it still\nin use by AF_XDP.\n\nPreviously if the headroom was less than XDP_PACKET_HEADROOM we\ncontinued on to allocate a new skb from pages so this restores that\nbehavior.\n\nBUG: KASAN: use-after-free in __xsk_rcv+0x18d/0x2c0\nRead of size 78 at addr ffff888976250154 by task napi/iconduit-g/148640\n\nCPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: loaded Tainted: G O 6.1.4-cloudflare-kasan-2023.1.2 #1\nHardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018\nCall Trace:\n <TASK>\n dump_stack_lvl+0x34/0x48\n print_report+0x170/0x473\n ? __xsk_rcv+0x18d/0x2c0\n kasan_report+0xad/0x130\n ? __xsk_rcv+0x18d/0x2c0\n kasan_check_range+0x149/0x1a0\n memcpy+0x20/0x60\n __xsk_rcv+0x18d/0x2c0\n __xsk_map_redirect+0x1f3/0x490\n ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n xdp_do_redirect+0x5ca/0xd60\n veth_xdp_rcv_skb+0x935/0x1ba0 [veth]\n ? __netif_receive_skb_list_core+0x671/0x920\n ? veth_xdp+0x670/0x670 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n ? do_xdp_generic+0x150/0x150\n ? veth_xdp_rcv_one+0xde0/0xde0 [veth]\n ? _raw_spin_lock_bh+0xe0/0xe0\n ? newidle_balance+0x887/0xe30\n ? __perf_event_task_sched_in+0xdb/0x800\n veth_poll+0x139/0x571 [veth]\n ? veth_xdp_rcv+0xa20/0xa20 [veth]\n ? _raw_spin_unlock+0x39/0x70\n ? finish_task_switch.isra.0+0x17e/0x7d0\n ? __switch_to+0x5cf/0x1070\n ? __schedule+0x95b/0x2640\n ? io_schedule_timeout+0x160/0x160\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n ? __napi_poll+0x440/0x440\n ? __kthread_parkme+0xc6/0x1f0\n ? __napi_poll+0x440/0x440\n kthread+0x2a2/0x340\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>\n\nFreed by task 148640:\n kasan_save_stack+0x23/0x50\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x169/0x1d0\n slab_free_freelist_hook+0xd2/0x190\n __kmem_cache_free+0x1a1/0x2f0\n skb_release_data+0x449/0x600\n consume_skb+0x9f/0x1c0\n veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n veth_poll+0x139/0x571 [veth]\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n kthread+0x2a2/0x340\n ret_from_fork+0x22/0x30\n\nThe buggy address belongs to the object at ffff888976250000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 340 bytes inside of\n 2048-byte region [ffff888976250000, ffff888976250800)\n\nThe buggy address belongs to the physical page:\npage:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250\nhead:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff)\nraw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00\nraw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e755b56896df48b0fae0db275e148f8d8aa7d6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/717d20710596b5b26595ede454d1105fa176f4a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c10131803e45269ddc6c817f19ed649110f3cae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53108.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53108",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.713",
"lastModified": "2025-05-02T16:15:29.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Fix size of interrupt data\n\niucv_irq_data needs to be 4 bytes larger.\nThese bytes are not used by the iucv module, but written by\nthe z/VM hypervisor in case a CPU is deconfigured.\n\nReported as:\nBUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten\n-----------------------------------------------------------------------------\n0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc\nAllocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1\n__kmem_cache_alloc_node+0x166/0x450\nkmalloc_node_trace+0x3a/0x70\niucv_cpu_prepare+0x44/0xd0\ncpuhp_invoke_callback+0x156/0x2f0\ncpuhp_issue_call+0xf0/0x298\n__cpuhp_setup_state_cpuslocked+0x136/0x338\n__cpuhp_setup_state+0xf4/0x288\niucv_init+0xf4/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nFreed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1\n__kmem_cache_free+0x308/0x358\niucv_init+0x92/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nSlab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|\nObject 0x0000000000400540 @offset=1344 fp=0x0000000000000000\nRedzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nObject 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................\nObject 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................\nObject 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................\nObject 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400580: cc cc cc cc cc cc cc cc ........\nPadding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\nCPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n[<000000032aa034ec>] dump_stack_lvl+0xac/0x100\n[<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140\n[<0000000329f5aa78>] check_object+0x370/0x3c0\n[<0000000329f5ede6>] free_debug_processing+0x15e/0x348\n[<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0\n[<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8\n[<0000000329f61768>] __kmem_cache_free+0x308/0x358\n[<000000032a91465c>] iucv_cpu_dead+0x6c/0x88\n[<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0\n[<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0\n[<0000000329c3243e>] cpu_device_down+0x4e/0x78\n[<000000032a61dee0>] device_offline+0xc8/0x118\n[<000000032a61e048>] online_store+0x60/0xe0\n[<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8\n[<0000000329fab65c>] vfs_write+0x174/0x360\n[<0000000329fab9fc>] ksys_write+0x74/0x100\n[<000000032aa03a5a>] __do_syscall+0x1da/0x208\n[<000000032aa177b2>] system_call+0x82/0xb0\nINFO: lockdep is turned off.\nFIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc\nFIX dma-kmalloc-64: Object at 0x0000000000400540 not freed"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cfdefdaaa4b2a77e84d0db5e0a47a7aa3bb615a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d87debb8ed2649608ff432699e7c961c0c6f03b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71da5991b6438ad6da13ceb25465ee2760a1c52f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93a970494881004c348d8feb38463ee72496e99a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a908eae0f71811afee86be7088692f1aa5855c3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b0d2bb5e31a693ebc8888eb407f8a257a3680efa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd2e78462ae18484e55ae4d285df2c86b86bdd12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c78f1345db4e4b3b78f9b768f4074ebd60abe966",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53109.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53109",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.823",
"lastModified": "2025-05-02T16:15:29.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev->needed_headroom\n\nIP tunnels can apparently update dev->needed_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/i\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b397c06cb987935b1b097336532aa6b4210e091",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51f3bd3765bc5ca4583af07a00833da00d2ace1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5aaab217c8f5387b9c5fff9e940d80f135e04366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e206f66d824b3b28a7f9ee1366dfc79a937bb46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b86a8702b042ee4e15d2d46375be873a6a8834f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a69b72b57b7d269e833e520ba7500d556e8189b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be59b87ee4aed81db7c10e44f603866a0ac3ca5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0a557fc1daf5c1086e47150a4571aebadbb62be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2023/CVE-2023-531xx/CVE-2023-53110.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2023-53110",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.930",
"lastModified": "2025-05-02T16:15:29.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn->sndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn->sndbuf_desc->len);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn->sndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2023/CVE-2023-531xx/CVE-2023-53111.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-53111",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.027",
"lastModified": "2025-05-02T16:15:30.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Fix use-after-free issues\n\ndo_req_filebacked() calls blk_mq_complete_request() synchronously or\nasynchronously when using asynchronous I/O unless memory allocation fails.\nHence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor\n'rq' after do_req_filebacked() finished unless we are sure that the request\nhas not yet been completed. This patch fixes the following kernel crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000054\nCall trace:\n css_put.42938+0x1c/0x1ac\n loop_process_work+0xc8c/0xfd4\n loop_rootcg_workfn+0x24/0x34\n process_one_work+0x244/0x558\n worker_thread+0x400/0x8fc\n kthread+0x16c/0x1e0\n ret_from_fork+0x10/0x20"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/407badf73ec9fb0d5744bf2ca1745c1818aa222f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6917395c4667cfb607ed8bf1826205a59414657c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b0cb770f5d7b1ff40bea7ca385438ee94570eec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3fda704903f6d1fc351412f1bc6620333959ada",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53112.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53112",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.140",
"lastModified": "2025-05-02T16:15:30.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n index 6 is out of range for type 'u16 [6]'\n CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n Call Trace:\n <TASK>\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x3a\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\n gen11_compute_sseu_info+0x121/0x130 [i915]\n intel_sseu_info_init+0x15d/0x2b0 [i915]\n intel_gt_init_mmio+0x23/0x40 [i915]\n i915_driver_mmio_probe+0x129/0x400 [i915]\n ? intel_gt_probe_all+0x91/0x2e0 [i915]\n i915_driver_probe+0xe1/0x3f0 [i915]\n ? drm_privacy_screen_get+0x16d/0x190 [drm]\n ? acpi_dev_found+0x64/0x80\n i915_pci_probe+0xac/0x1b0 [i915]\n ...\n\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/193c41926d152761764894f46e23b53c00186a82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1a1682abf7399318ac074b1f2ac6a8c992b5b3da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/36b076ab6247cf0d2135b2ad6bb337617c3b5a1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53113.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53113",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.407",
"lastModified": "2025-05-02T16:15:30.407",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NULL-ptr deref in offchan check\n\nIf, e.g. in AP mode, the link was already created by userspace\nbut not activated yet, it has a chandef but the chandef isn't\nvalid and has no channel. Check for this and ignore this link."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/201a836c2385fdd2b9d0a8e7737bba5b26f1863a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87e80ea4fbc9ce2f2005905fdbcd38baaa47463a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f624bb6fad23df3270580b4fcef415c6e7bf7705",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2023/CVE-2023-531xx/CVE-2023-53114.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2023-53114",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.493",
"lastModified": "2025-05-02T16:15:30.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during reboot when adapter is in recovery mode\n\nIf the driver detects during probe that firmware is in recovery\nmode then i40e_init_recovery_mode() is called and the rest of\nprobe function is skipped including pci_set_drvdata(). Subsequent\ni40e_shutdown() called during shutdown/reboot dereferences NULL\npointer as pci_get_drvdata() returns NULL.\n\nTo fix call pci_set_drvdata() also during entering to recovery mode.\n\nReproducer:\n1) Lets have i40e NIC with firmware in recovery mode\n2) Run reboot\n\nResult:\n[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver\n[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.\n[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.\n[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0\n[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.\n[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0\n...\n[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2\n[ 156.318330] #PF: supervisor write access in kernel mode\n[ 156.323546] #PF: error_code(0x0002) - not-present page\n[ 156.328679] PGD 0 P4D 0\n[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1\n[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022\n[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]\n[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00\n[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282\n[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001\n[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000\n[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40\n[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000\n[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000\n[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000\n[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0\n[ 156.438944] PKRU: 55555554\n[ 156.441647] Call Trace:\n[ 156.444096] <TASK>\n[ 156.446199] pci_device_shutdown+0x38/0x60\n[ 156.450297] device_shutdown+0x163/0x210\n[ 156.454215] kernel_restart+0x12/0x70\n[ 156.457872] __do_sys_reboot+0x1ab/0x230\n[ 156.461789] ? vfs_writev+0xa6/0x1a0\n[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10\n[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0\n[ 156.475034] do_syscall_64+0x3e/0x90\n[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 156.483658] RIP: 0033:0x7fe7bff37ab7"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cbecb1c9085a00155639404f7addbcbfc987ba3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ff82695266576a0b4f1077a7100b2451e476df4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e18f66b704bd725196508c1db93bf7338cdc8de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e4f8a0c495413a50413e8c9f1032ce1bc633bae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3826fb3ea14646b3d4e6309bfc384b349f36eb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c703362a66ea971905b9dc153fc54d1b6ac05423",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53115.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53115",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.590",
"lastModified": "2025-05-02T16:15:30.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon't allocate memory again when IOC is being reinitialized."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5aab9342f12f980b64617a034d121efbbf09100a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7277b4eec2f25a0653646ba95b1f25fa16be1d6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c798304470cab88723d895726d17fcb96472e0e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53116.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53116",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.680",
"lastModified": "2025-05-02T16:15:30.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target ->queue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04c394208831d5e0d5cfee46722eb0f033cd4083",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6173a77b7e9d3e202bdb9897b23f2a8afe7bf286",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ed9813871038b25a934b21ab76b5b7dbf44fc3a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6317235da8aa7cb97529ebc8121cc2a4c4c437a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcd535f07c58342302a2cd2bdd8894fe0872c8a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e5d99b29012bbf0e86929403209723b2806500c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1d5888a5efe345b63c430b256e95acb0a475642",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fafcb4b26393870c45462f9af6a48e581dbbcf7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53117.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53117",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.783",
"lastModified": "2025-05-02T16:15:30.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d5d9501b634fd268eb56428cda92cd317752d69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/609d54441493c99f21c1823dfd66fa7f4c512ff4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6631c8da02cfad96c53b217cf647b511c7f34faf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a759905de9cd6ec9ca08ceadf0920272772ed830",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cec08b7d1ebcd3138d4658b3868ce26aeb1e8e06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eea8e4e056a5ffbeb539a13854c017d5d62c756a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8cd8754a03a3748384ee438c572423643c9c315",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2023/CVE-2023-531xx/CVE-2023-53118.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2023-53118",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.880",
"lastModified": "2025-05-02T16:15:30.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a764d55e938743efa7c2cba7305633bcf227f09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68c665bb185037e7eb66fb792c61da9d7151e99c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e0ae8667fcdd99d1756922e1140cac75f5fa279",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2023/CVE-2023-531xx/CVE-2023-53119.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2023-53119",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.980",
"lastModified": "2025-05-02T16:15:30.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized 'phy' field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n <IRQ>\n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f9c1f26d434c32520dfe33326b28c5954bc4299",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2703da78849c47b6b5b4471edb35fc7b7f91dead",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2bd1ed6d607d7013ed4959e86990a04f028543ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2bee84369b76f6c9ef71938069c65a6ebd1a12f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2cbd4213baf7be5d87d183e2032c54003de0790f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/484b7059796e3bc1cb527caa61dfc60da649b4f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c20a07ed26a71a8ccc9c6d935fc181573f5462e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a97ef110c491b72c138111a595a3a3af56cbc94c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2023/CVE-2023-531xx/CVE-2023-53120.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-53120",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:31.083",
"lastModified": "2025-05-02T16:15:31.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix config page DMA memory leak\n\nA fix for:\n\nDMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5fc4d698ed4b6507be2eb36d040a678adcb89da4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d2b02172b6a2ae6aecd7ef6480b9c4bf3dc59f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dca06ccf13de14e144d34f158f73ae0032f80e63",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More