admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-05-05T22:00:20.312480+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-05-05 22:03:57 +00:00
parent 8e2946f4d4
commit 1f9e924c39
319 changed files with 4578 additions and 1112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2021/CVE-2021-286xx/CVE-2021-28656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-28656",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-09T10:15:07.610",
"lastModified": "2024-11-21T06:00:02.420",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-05-05T20:49:50.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.0",
"matchCriteriaId": "26319B3A-B658-40AE-83DA-62FEDEA6D002"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/3",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/dttzkkv4qyn1rq2fdv1r94otb1osxztc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-215xx/CVE-2022-21546.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-21546",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-05-02T22:15:15.290",
"lastModified": "2025-05-02T22:15:15.290",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like \"sg_write_same --ndob\" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "En versiones m\u00e1s recientes de las especificaciones de SBC, tenemos un bit NDOB que indica que no hay b\u00fafer de datos que se escriba. Si este bit se activa mediante comandos como \"sg_write_same --ndob\", se producir\u00e1 un fallo en los controladores \"execute_write_same\" de target_core_iblock/file al acceder a se_cmd->t_data_sg, ya que es nulo. Puntuaci\u00f3n base de CVSS 3.1: 7.7 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
],
"metrics": {

24
CVE-2022/CVE-2022-23xx/CVE-2022-2387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2387",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-11-07T10:15:11.413",
"lastModified": "2025-02-07T19:44:53.660",
"lastModified": "2025-05-05T21:15:45.570",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,13 +36,33 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

24
CVE-2022/CVE-2022-27xx/CVE-2022-2711.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2711",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-11-07T10:15:11.480",
"lastModified": "2024-11-21T07:01:33.883",
"lastModified": "2025-05-05T21:15:46.147",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,13 +36,33 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

24
CVE-2022/CVE-2022-38xx/CVE-2022-3872.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3872",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-11-07T21:15:09.610",
"lastModified": "2024-11-21T07:20:24.477",
"lastModified": "2025-05-05T21:15:46.473",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,13 +36,33 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

32
CVE-2022/CVE-2022-423xx/CVE-2022-42316.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42316",
"sourceIdentifier": "security@xen.org",
"published": "2022-11-01T13:15:11.607",
"lastModified": "2024-11-21T07:24:44.080",
"lastModified": "2025-05-05T20:15:18.057",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-423xx/CVE-2022-42317.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42317",
"sourceIdentifier": "security@xen.org",
"published": "2022-11-01T13:15:11.660",
"lastModified": "2024-11-21T07:24:44.213",
"lastModified": "2025-05-05T20:15:18.737",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-423xx/CVE-2022-42327.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-42327",
"sourceIdentifier": "security@xen.org",
"published": "2022-11-01T13:15:12.163",
"lastModified": "2024-11-21T07:24:45.573",
"lastModified": "2025-05-05T20:15:18.900",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

65
CVE-2022/CVE-2022-478xx/CVE-2022-47894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47894",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-09T10:15:08.343",
"lastModified": "2025-02-13T17:15:49.627",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-05-05T20:48:37.760",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "security@apache.org",
@ -56,32 +56,81 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.8.0",
"versionEndExcluding": "0.11.0",
"matchCriteriaId": "010D5072-43DC-42DF-A7BC-E193EC362190"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/apache/zeppelin/pull/4302",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://github.com/apache/zeppelin/pull/4302",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-499xx/CVE-2022-49932.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-49932",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.070",
"lastModified": "2025-05-02T16:15:22.070",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace\n\nCall kvm_init() only after _all_ setup is complete, as kvm_init() exposes\n/dev/kvm to userspace and thus allows userspace to create VMs (and call\nother ioctls). E.g. KVM will encounter a NULL pointer when attempting to\nadd a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to\ncreate a VM before vmx_init() configures said list.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]\n <TASK>\n vmx_vcpu_load+0x16/0x60 [kvm_intel]\n kvm_arch_vcpu_load+0x32/0x1f0 [kvm]\n vcpu_load+0x2f/0x40 [kvm]\n kvm_arch_vcpu_create+0x231/0x310 [kvm]\n kvm_vm_ioctl+0x79f/0xe10 [kvm]\n ? handle_mm_fault+0xb1/0x220\n __x64_sys_ioctl+0x80/0xb0\n do_syscall_64+0x2b/0x50\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7f5a6b05743b\n </TASK>\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: Inicializa _toda_ la instancia antes de exponer /dev/kvm al espacio de usuario. Llama a kvm_init() solo despu\u00e9s de que se complete la configuraci\u00f3n _toda_, ya que kvm_init() expone /dev/kvm al espacio de usuario y, por lo tanto, permite que este cree m\u00e1quinas virtuales (y llame a otras ioctl). Por ejemplo, KVM encontrar\u00e1 un puntero nulo al intentar agregar una vCPU a la lista por CPU load_vmcss_on_cpu si el espacio de usuario puede crear una m\u00e1quina virtual antes de que vmx_init() configure dicha lista. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 #PF: acceso de escritura del supervisor en modo kernel #PF: error_code(0x0002) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0002 [#1] CPU SMP: 6 PID: 1143 Comm: estable No contaminado 6.0.0-rc7+ #988 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel] vmx_vcpu_load+0x16/0x60 [kvm_intel] kvm_arch_vcpu_load+0x32/0x1f0 [kvm] vcpu_load+0x2f/0x40 [kvm] kvm_arch_vcpu_create+0x231/0x310 [kvm] kvm_vm_ioctl+0x79f/0xe10 [kvm] ? handle_mm_fault+0xb1/0x220 __x64_sys_ioctl+0x80/0xb0 do_syscall_64+0x2b/0x50 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f5a6b05743b M\u00f3dulos vinculados en: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass"
}
],
"metrics": {},

8
CVE-2022/CVE-2022-499xx/CVE-2022-49933.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-49933",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.163",
"lastModified": "2025-05-02T16:15:22.163",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling\n\nReset the eVMCS controls in the per-CPU VP assist page during hardware\ndisabling instead of waiting until kvm-intel's module exit. The controls\nare activated if and only if KVM creates a VM, i.e. don't need to be\nreset if hardware is never enabled.\n\nDoing the reset during hardware disabling will naturally fix a potential\nNULL pointer deref bug once KVM disables CPU hotplug while enabling and\ndisabling hardware (which is necessary to fix a variety of bugs). If the\nkernel is running as the root partition, the VP assist page is unmapped\nduring CPU hot unplug, and so KVM's clearing of the eVMCS controls needs\nto occur with CPU hot(un)plug disabled, otherwise KVM could attempt to\nwrite to a CPU's VP assist page after it's unmapped."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: VMX: Restablecer los controles eVMCS en la p\u00e1gina de asistencia de VP durante la deshabilitaci\u00f3n del hardware Restablezca los controles eVMCS en la p\u00e1gina de asistencia de VP por CPU durante la deshabilitaci\u00f3n del hardware en lugar de esperar hasta que salga el m\u00f3dulo de kvm-intel. Los controles se activan si y solo si KVM crea una VM, es decir, no necesitan restablecerse si el hardware nunca se habilita. Hacer el restablecimiento durante la deshabilitaci\u00f3n del hardware solucionar\u00e1 naturalmente un posible error de desreferencia de puntero NULL una vez que KVM deshabilite la conexi\u00f3n en caliente de la CPU mientras habilita y deshabilita el hardware (lo cual es necesario para solucionar una variedad de errores). Si el kernel se ejecuta como la partici\u00f3n ra\u00edz, la p\u00e1gina de asistencia de VP no se asigna durante la desconexi\u00f3n en caliente de la CPU y, por lo tanto, el borrado de los controles eVMCS por parte de KVM debe ocurrir con la (des)conexi\u00f3n en caliente de la CPU deshabilitada; de lo contrario, KVM podr\u00eda intentar escribir en la p\u00e1gina de asistencia de VP de una CPU despu\u00e9s de que se desasigne."
}
],
"metrics": {},

46
CVE-2023/CVE-2023-503xx/CVE-2023-50379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50379",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T09:15:36.827",
"lastModified": "2025-02-13T18:15:50.790",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-05-05T21:01:27.150",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.8",
"matchCriteriaId": "C18362CB-E929-4C5F-9526-B33DAA1719EB"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory",
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory",
"Mailing List"
]
}
]
}

38
CVE-2023/CVE-2023-515xx/CVE-2023-51518.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51518",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T09:15:36.983",
"lastModified": "2024-11-21T08:38:17.540",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-05-05T21:01:52.963",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:james:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40A5D89F-8F58-45CD-8AC6-9A6DCA6DEBF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:james:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30D1AC70-87D6-4FA1-A995-14AB73002CD3"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/wbdm61ch6l0kzjn6nnfmyqlng82qz0or",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory",
"Mailing List"
]
},
{
"url": "https://lists.apache.org/thread/wbdm61ch6l0kzjn6nnfmyqlng82qz0or",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory",
"Mailing List"
]
}
]
}

70
CVE-2023/CVE-2023-517xx/CVE-2023-51747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51747",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-27T14:15:27.030",
"lastModified": "2025-02-13T18:15:53.470",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-05-05T21:02:14.223",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -65,38 +65,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:james:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40A5D89F-8F58-45CD-8AC6-9A6DCA6DEBF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:james:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6759186-CA76-4B74-8C89-6AB659477F43"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://postfix.org/smtp-smuggling.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Product"
]
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Product"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://postfix.org/smtp-smuggling.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}
]
}

8
CVE-2023/CVE-2023-530xx/CVE-2023-53035.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53035",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.627",
"lastModified": "2025-05-02T16:15:22.627",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n copy_to_user include/linux/uaccess.h:169 [inline]\n nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: correcci\u00f3n de una fuga de informaci\u00f3n del kernel en nilfs_ioctl_wrap_copy(). La funci\u00f3n auxiliar de ioctl nilfs_ioctl_wrap_copy(), que intercambia una matriz de metadatos hacia/desde el espacio de usuario, puede copiar regiones de b\u00fafer no inicializadas a la memoria del espacio de usuario para los comandos ioctl de solo lectura NILFS_IOCTL_GET_SUINFO y NILFS_IOCTL_GET_CPINFO. Esto puede ocurrir cuando el tama\u00f1o del elemento de los metadatos del espacio de usuario, indicado por el miembro v_size de la estructura del argumento nilfs_argv, es mayor que el tama\u00f1o del elemento de metadatos (estructura nilfs_suinfo o nilfs_cpinfo) en el sistema de archivos. Los kernels con KMSAN habilitado detectan este problema de la siguiente manera: ERROR: KMSAN: fuga de informaci\u00f3n del kernel en instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] ERROR: KMSAN: fuga de informaci\u00f3n del kernel en _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [en l\u00ednea] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [en l\u00ednea] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [en l\u00ednea] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [en l\u00ednea] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [en l\u00ednea] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit se cre\u00f3 en: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [en l\u00ednea] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [en l\u00ednea] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [en l\u00ednea] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Los bytes 16-127 de 3968 no est\u00e1n inicializados... Esto elimina el problema de p\u00e9rdida al inicializar la p\u00e1gina asignada como b\u00fafer usando get_zeroed_page()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53036.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53036",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.733",
"lastModified": "2025-05-02T16:15:22.733",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] <TASK>\n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la advertencia de seguimiento de llamadas y el bloqueo al quitar el dispositivo amdgpu. En las GPU con RAS habilitado, se observan el siguiente seguimiento de llamadas y bloqueo al apagar el dispositivo. v2: use el indicador de dispositivo DRM desconectado en lugar del indicador de apagado como verificaci\u00f3n para evitar el borrado de memoria en la etapa de apagado. [ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu] [ +0.000001] PKRU: 55555554 [ +0.000001] Rastreo de llamadas: [ +0.000001] [ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu] [ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu] [ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu] [ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu] [ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu] [ +0.000090] drm_dev_release+0x28/0x50 [drm] [ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm] [ +0.000011] devm_action_release+0x15/0x20 [ +0.000003] release_nodes+0x40/0xc0 [ +0.000001] devres_release_all+0x9e/0xe0 [ +0.000001] device_unbind_cleanup+0x12/0x80 [ +0.000003] device_release_driver_internal+0xff/0x160 [ +0.000001] driver_detach+0x4a/0x90 [ +0.000001] bus_remove_driver+0x6c/0xf0 [ +0.000001] driver_unregister+0x31/0x50 [ +0.000001] pci_unregister_driver+0x40/0x90 [ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu] "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53037.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53037",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.827",
"lastModified": "2025-05-02T16:15:22.827",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Una unidad defectuosa en la topolog\u00eda provoca un bloqueo del kernel. Cuando se habilita la compatibilidad con la capa de transporte SAS y un dispositivo expuesto al sistema operativo por el controlador no cumple con los comandos INQUIRY, el controlador libera la memoria asignada a una estructura de datos de puerto HBA interno. Sin embargo, en algunos lugares, la referencia a la memoria liberada no se borra. Cuando el firmware vuelve a enviar el evento de cambio de informaci\u00f3n del dispositivo para el mismo dispositivo, se accede a la memoria liberada, lo que provoca la corrupci\u00f3n de la memoria y el bloqueo del sistema operativo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53038",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:22.920",
"lastModified": "2025-05-02T16:15:22.920",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()\n\nIf kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on\nlpfc_read_object()'s routine to NULL check pdata.\n\nCurrently, an early return error is thrown from lpfc_read_object() to\nprotect us from NULL ptr dereference, but the errno code is -ENODEV.\n\nChange the errno code to a more appropriate -ENOMEM."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Comprobaci\u00f3n de kzalloc() en lpfc_sli4_cgn_params_read(). Si kzalloc() falla en lpfc_sli4_cgn_params_read(), dependemos de la rutina de lpfc_read_object() para comprobar si pdata es nulo. Actualmente, lpfc_read_object() genera un error de retorno anticipado para protegernos de la desreferencia de ptr nulo, pero el c\u00f3digo de error es -ENODEV. Cambie el c\u00f3digo de error a -ENOMEM, que es m\u00e1s apropiado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53039.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53039",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.017",
"lastModified": "2025-05-02T16:15:23.017",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: intel-ish-hid: ipc: Se corrige un posible fallo de use after free en la funci\u00f3n de trabajo. Cuando se recibe un mensaje de notificaci\u00f3n de reinicio de IPC, el ISR programa una funci\u00f3n de trabajo y le transfiere el dispositivo ISHTP mediante un puntero global ishtp_dev. Si ish_probe() falla, se liberan los recursos del dispositivo administrados por devm, incluyendo ishtp_dev, pero el trabajo no se cancela, lo que provoca un fallo de use after free cuando la funci\u00f3n de trabajo intenta acceder a ishtp_dev. En su lugar, utilice devm_work_autocancel() para que el trabajo se cancele autom\u00e1ticamente si falla la sonda."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53040.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53040",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.113",
"lastModified": "2025-05-02T16:15:23.113",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nca8210: fix mac_len negative array access\n\nThis patch fixes a buffer overflow access of skb->data if\nieee802154_hdr_peek_addrs() fails."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ca8210: corrige el acceso negativo a la matriz mac_len. Este parche corrige un acceso de desbordamiento de b\u00fafer de skb-&gt;data si falla ieee802154_hdr_peek_addrs()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53041",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.220",
"lastModified": "2025-05-02T16:15:23.220",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Perform lockless command completion in abort path\n\nWhile adding and removing the controller, the following call trace was\nobserved:\n\nWARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50\nCPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1\nRIP: 0010:dma_free_attrs+0x33/0x50\n\nCall Trace:\n qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]\n qla2x00_abort_srb+0x8e/0x250 [qla2xxx]\n ? ql_dbg+0x70/0x100 [qla2xxx]\n __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]\n qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]\n qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]\n qla2x00_remove_one+0x364/0x400 [qla2xxx]\n pci_device_remove+0x36/0xa0\n __device_release_driver+0x17a/0x230\n device_release_driver+0x24/0x30\n pci_stop_bus_device+0x68/0x90\n pci_stop_and_remove_bus_device_locked+0x16/0x30\n remove_store+0x75/0x90\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n ? do_user_addr_fault+0x1d8/0x680\n ? do_syscall_64+0x69/0x80\n ? exc_page_fault+0x62/0x140\n ? asm_exc_page_fault+0x8/0x30\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe command was completed in the abort path during driver unload with a\nlock held, causing the warning in abort path. Hence complete the command\nwithout any lock held."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Realizar la finalizaci\u00f3n de comandos sin bloqueo en la ruta de aborto Al agregar y quitar el controlador, se observ\u00f3 el siguiente seguimiento de llamada: ADVERTENCIA: CPU: 3 PID: 623596 en kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: cargado No contaminado 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Seguimiento de llamada: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_dbg+0x70/0x100 [qla2xxx] __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] qla2x00_remove_one+0x364/0x400 [qla2xxx] pci_device_remove+0x36/0xa0 __device_release_driver+0x17a/0x230 device_release_driver+0x24/0x30 pci_stop_bus_device+0x68/0x90 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0x75/0x90 kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x11f/0x1b0 vfs_write+0x1eb/0x280 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x80 ? do_user_addr_fault+0x1d8/0x680 ? do_syscall_64+0x69/0x80 ? exc_page_fault+0x62/0x140 ? asm_exc_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xae. El comando se complet\u00f3 en la ruta de interrupci\u00f3n durante la descarga del controlador con un bloqueo, lo que provoc\u00f3 la advertencia en la ruta de interrupci\u00f3n. Por lo tanto, complete el comando sin ning\u00fan bloqueo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53042.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53042",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.320",
"lastModified": "2025-05-02T16:15:23.320",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: No configure DRR en el commit de tuber\u00eda [POR QU\u00c9] Escribir en registros DRR como OTG_V_TOTAL_MIN en el mismo marco que una confirmaci\u00f3n de tuber\u00eda puede causar desbordamiento."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53043.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53043",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.400",
"lastModified": "2025-05-02T16:15:23.400",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent\n\nIf the controller is not marked as cache coherent, then kernel will\ntry to ensure coherency during dma-ops and that may cause data corruption.\nSo, mark the PCIe node as dma-coherent as the devices on PCIe bus are\ncache coherent."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: dts: qcom: sc7280: Marcar el controlador PCIe como coherente con la cach\u00e9. Si el controlador no est\u00e1 marcado como coherente con la cach\u00e9, el kernel intentar\u00e1 asegurar la coherencia durante las operaciones DMA, lo que puede causar corrupci\u00f3n de datos. Por lo tanto, marque el nodo PCIe como coherente con la cach\u00e9, ya que los dispositivos en el bus PCIe s\u00ed lo son."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53044.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53044",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.490",
"lastModified": "2025-05-02T16:15:23.490",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()'s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn't being actively used."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm stats: comprobar y propagar el fallo de alloc_percpu. Comprueba el valor de retorno de alloc_precpu() y devuelve un error de dm_stats_init() si falla. Actualice alloc_dev() para que falle si dm_stats_init() falla. De lo contrario, se producir\u00e1 una desreferencia de puntero nulo en dm_stats_cleanup(), incluso si dm-stats no se est\u00e1 utilizando activamente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53045.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53045",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.590",
"lastModified": "2025-05-02T16:15:23.590",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: don't let userspace block driver unbind\n\nIn the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()\nvia g_audio_cleanup() will disconnect the card and then wait for all\nresources to be released, which happens when the refcount falls to zero.\nSince userspace can keep the refcount incremented by not closing the\nrelevant file descriptor, the call to unbind may block indefinitely.\nThis can cause a deadlock during reboot, as evidenced by the following\nblocked task observed on my machine:\n\n task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c\n Call trace:\n __switch_to+0xc8/0x140\n __schedule+0x2f0/0x7c0\n schedule+0x60/0xd0\n schedule_timeout+0x180/0x1d4\n wait_for_completion+0x78/0x180\n snd_card_free+0x90/0xa0\n g_audio_cleanup+0x2c/0x64\n afunc_unbind+0x28/0x60\n ...\n kernel_restart+0x4c/0xac\n __do_sys_reboot+0xcc/0x1ec\n __arm64_sys_reboot+0x28/0x30\n invoke_syscall+0x4c/0x110\n ...\n\nThe issue can also be observed by opening the card with arecord and\nthen stopping the process through the shell before unbinding:\n\n # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo\n ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind\n (observe that the unbind command never finishes)\n\nFix the problem by using snd_card_free_when_closed() instead, which will\nstill disconnect the card as desired, but defer the task of freeing the\nresources to the core once userspace closes its file descriptor."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_audio: no permitir que el espacio de usuario bloquee la desvinculaci\u00f3n del controlador. En la llamada de desvinculaci\u00f3n para f_uac1 y f_uac2, una llamada a snd_card_free() mediante g_audio_cleanup() desconectar\u00e1 la tarjeta y esperar\u00e1 a que se liberen todos los recursos, lo que ocurre cuando el recuento de referencias llega a cero. Dado que el espacio de usuario puede mantener el recuento de referencias incrementado al no cerrar el descriptor de archivo correspondiente, la llamada a desvinculaci\u00f3n podr\u00eda bloquearse indefinidamente. Esto puede causar un bloqueo durante el reinicio, como lo demuestra la siguiente tarea bloqueada observada en mi m\u00e1quina: task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c Rastreo de llamadas: __switch_to+0xc8/0x140 __schedule+0x2f0/0x7c0 schedule+0x60/0xd0 schedule_timeout+0x180/0x1d4 wait_for_completion+0x78/0x180 snd_card_free+0x90/0xa0 g_audio_cleanup+0x2c/0x64 afunc_unbind+0x28/0x60 ... kernel_restart+0x4c/0xac __do_sys_reboot+0xcc/0x1ec __arm64_sys_reboot+0x28/0x30 invoke_syscall+0x4c/0x110 ... El problema tambi\u00e9n se puede observar al abrir la tarjeta con arecord y luego detener el proceso a trav\u00e9s del shell antes de desvincular: # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null # echo gadget.0 &gt; /sys/bus/gadget/drivers/configfs-gadget/unbind (observe que el comando de desvinculaci\u00f3n nunca finaliza) Corrija el problema usando snd_card_free_when_closed() en su lugar, que a\u00fan desconectar\u00e1 la tarjeta como se desea, pero pospondr\u00e1 la tarea de liberar los recursos al n\u00facleo una vez que el espacio de usuario cierre su descriptor de archivo."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53046.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53046",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.697",
"lastModified": "2025-05-02T16:15:23.697",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hci_cmd_sync_clear\n\nThere is a potential race condition in hci_cmd_sync_work and\nhci_cmd_sync_clear, and could lead to use-after-free. For instance,\nhci_cmd_sync_work is added to the 'req_workqueue' after cancel_work_sync\nThe entry of 'cmd_sync_work_list' may be freed in hci_cmd_sync_clear, and\ncausing kernel panic when it is used in 'hci_cmd_sync_work'.\n\nHere's the call trace:\n\ndump_stack_lvl+0x49/0x63\nprint_report.cold+0x5e/0x5d3\n? hci_cmd_sync_work+0x282/0x320\nkasan_report+0xaa/0x120\n? hci_cmd_sync_work+0x282/0x320\n__asan_report_load8_noabort+0x14/0x20\nhci_cmd_sync_work+0x282/0x320\nprocess_one_work+0x77b/0x11c0\n? _raw_spin_lock_irq+0x8e/0xf0\nworker_thread+0x544/0x1180\n? poll_idle+0x1e0/0x1e0\nkthread+0x285/0x320\n? process_one_work+0x11c0/0x11c0\n? kthread_complete_and_exit+0x30/0x30\nret_from_fork+0x22/0x30\n</TASK>\n\nAllocated by task 266:\nkasan_save_stack+0x26/0x50\n__kasan_kmalloc+0xae/0xe0\nkmem_cache_alloc_trace+0x191/0x350\nhci_cmd_sync_queue+0x97/0x2b0\nhci_update_passive_scan+0x176/0x1d0\nle_conn_complete_evt+0x1b5/0x1a00\nhci_le_conn_complete_evt+0x234/0x340\nhci_le_meta_evt+0x231/0x4e0\nhci_event_packet+0x4c5/0xf00\nhci_rx_work+0x37d/0x880\nprocess_one_work+0x77b/0x11c0\nworker_thread+0x544/0x1180\nkthread+0x285/0x320\nret_from_fork+0x22/0x30\n\nFreed by task 269:\nkasan_save_stack+0x26/0x50\nkasan_set_track+0x25/0x40\nkasan_set_free_info+0x24/0x40\n____kasan_slab_free+0x176/0x1c0\n__kasan_slab_free+0x12/0x20\nslab_free_freelist_hook+0x95/0x1a0\nkfree+0xba/0x2f0\nhci_cmd_sync_clear+0x14c/0x210\nhci_unregister_dev+0xff/0x440\nvhci_release+0x7b/0xf0\n__fput+0x1f3/0x970\n____fput+0xe/0x20\ntask_work_run+0xd4/0x160\ndo_exit+0x8b0/0x22a0\ndo_group_exit+0xba/0x2a0\nget_signal+0x1e4a/0x25b0\narch_do_signal_or_restart+0x93/0x1f80\nexit_to_user_mode_prepare+0xf5/0x1a0\nsyscall_exit_to_user_mode+0x26/0x50\nret_from_fork+0x15/0x30"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Corregir condici\u00f3n de ejecuci\u00f3n en hci_cmd_sync_clear Existe una posible condici\u00f3n de ejecuci\u00f3n en hci_cmd_sync_work y hci_cmd_sync_clear, y podr\u00eda provocar un use-after-free. Por ejemplo, hci_cmd_sync_work se a\u00f1ade a 'req_workqueue' despu\u00e9s de cancel_work_sync La entrada de 'cmd_sync_work_list' puede liberarse en hci_cmd_sync_clear y provocar un p\u00e1nico del kernel cuando se utiliza en 'hci_cmd_sync_work'. Aqu\u00ed est\u00e1 el seguimiento de la llamada: dump_stack_lvl+0x49/0x63 print_report.cold+0x5e/0x5d3 ? hci_cmd_sync_work+0x282/0x320 kasan_report+0xaa/0x120 ? hci_cmd_sync_work+0x282/0x320 __asan_report_load8_noabort+0x14/0x20 hci_cmd_sync_work+0x282/0x320 process_one_work+0x77b/0x11c0 ? _raw_spin_lock_irq+0x8e/0xf0 worker_thread+0x544/0x1180 ? poll_idle+0x1e0/0x1e0 kthread+0x285/0x320 ? process_one_work+0x11c0/0x11c0 ? kthread_complete_and_exit+0x30/0x30 ret_from_fork+0x22/0x30 Allocated by task 266: kasan_save_stack+0x26/0x50 __kasan_kmalloc+0xae/0xe0 kmem_cache_alloc_trace+0x191/0x350 hci_cmd_sync_queue+0x97/0x2b0 hci_update_passive_scan+0x176/0x1d0 le_conn_complete_evt+0x1b5/0x1a00 hci_le_conn_complete_evt+0x234/0x340 hci_le_meta_evt+0x231/0x4e0 hci_event_packet+0x4c5/0xf00 hci_rx_work+0x37d/0x880 process_one_work+0x77b/0x11c0 worker_thread+0x544/0x1180 kthread+0x285/0x320 ret_from_fork+0x22/0x30 Freed by task 269: kasan_save_stack+0x26/0x50 kasan_set_track+0x25/0x40 kasan_set_free_info+0x24/0x40 ____kasan_slab_free+0x176/0x1c0 __kasan_slab_free+0x12/0x20 slab_free_freelist_hook+0x95/0x1a0 kfree+0xba/0x2f0 hci_cmd_sync_clear+0x14c/0x210 hci_unregister_dev+0xff/0x440 vhci_release+0x7b/0xf0 __fput+0x1f3/0x970 ____fput+0xe/0x20 task_work_run+0xd4/0x160 do_exit+0x8b0/0x22a0 do_group_exit+0xba/0x2a0 get_signal+0x1e4a/0x25b0 arch_do_signal_or_restart+0x93/0x1f80 exit_to_user_mode_prepare+0xf5/0x1a0 syscall_exit_to_user_mode+0x26/0x50 ret_from_fork+0x15/0x30 "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53047.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53047",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.790",
"lastModified": "2025-05-02T16:15:23.790",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: amdtee: fix race condition in amdtee_open_session\n\nThere is a potential race condition in amdtee_open_session that may\nlead to use-after-free. For instance, in amdtee_open_session() after\nsess->sess_mask is set, and before setting:\n\n sess->session_info[i] = session_info;\n\nif amdtee_close_session() closes this same session, then 'sess' data\nstructure will be released, causing kernel panic when 'sess' is\naccessed within amdtee_open_session().\n\nThe solution is to set the bit sess->sess_mask as the last step in\namdtee_open_session()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: amdtee: correcci\u00f3n de la condici\u00f3n de ejecuci\u00f3n en amdtee_open_session. Existe una posible condici\u00f3n de ejecuci\u00f3n en amdtee_open_session que podr\u00eda provocar un use-after-free. Por ejemplo, en amdtee_open_session(), despu\u00e9s de configurar sess-&gt;sess_mask y antes de configurar: sess-&gt;session_info[i] = session_info; si amdtee_close_session() cierra esta misma sesi\u00f3n, se liberar\u00e1 la estructura de datos 'sess', lo que provocar\u00e1 un p\u00e1nico del kernel al acceder a 'sess' dentro de amdtee_open_session(). La soluci\u00f3n es configurar el bit sess-&gt;sess_mask como \u00faltimo paso en amdtee_open_session()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53048.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53048",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.897",
"lastModified": "2025-05-02T16:15:23.897",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix warning when handle discover_identity message\n\nSince both source and sink device can send discover_identity message in\nPD3, kernel may dump below warning:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 169 at drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0\nModules linked in:\nCPU: 0 PID: 169 Comm: 1-0050 Not tainted 6.1.1-00038-g6a3c36cf1da2-dirty #567\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : tcpm_queue_vdm+0xe0/0xf0\nlr : tcpm_queue_vdm+0x2c/0xf0\nsp : ffff80000c19bcd0\nx29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8\nx26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081\nx23: 0000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc\nx20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580\nx14: 0000000000000001 x13: ffff0000d716f507 x12: 0000000000000001\nx11: 0000000000000000 x10: 0000000000000020 x9 : 00000000000ee098\nx8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004\nCall trace:\ntcpm_queue_vdm+0xe0/0xf0\ntcpm_pd_rx_handler+0x340/0x1ab0\nkthread_worker_fn+0xcc/0x18c\nkthread+0x10c/0x110\nret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n\nBelow sequences may trigger this warning:\n\ntcpm_send_discover_work(work)\n tcpm_send_vdm(port, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0);\n tcpm_queue_vdm(port, header, data, count);\n port->vdm_state = VDM_STATE_READY;\n\nvdm_state_machine_work(work);\n\t\t\t<-- received discover_identity from partner\n vdm_run_state_machine(port);\n port->vdm_state = VDM_STATE_SEND_MESSAGE;\n mod_vdm_delayed_work(port, x);\n\ntcpm_pd_rx_handler(work);\n tcpm_pd_data_request(port, msg);\n tcpm_handle_vdm_request(port, msg->payload, cnt);\n tcpm_queue_vdm(port, response[0], &response[1], rlen - 1);\n--> WARN_ON(port->vdm_state > VDM_STATE_DONE);\n\nFor this case, the state machine could still send out discover\nidentity message later if we skip current discover_identity message.\nSo we should handle the received message firstly and override the pending\ndiscover_identity message without warning in this case. Then, a delayed\nsend_discover work will send discover_identity message again."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: se corrige la advertencia al manejar el mensaje discover_identity Dado que tanto el dispositivo de origen como el receptor pueden enviar el mensaje discover_identity en PD3, el kernel puede mostrar la siguiente advertencia: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 169 en drivers/usb/typec/tcpm/tcpm.c:1446 tcpm_queue_vdm+0xe0/0xf0 M\u00f3dulos vinculados: CPU: 0 PID: 169 Comm: 1-0050 No contaminado 6.1.1-00038-g6a3c36cf1da2-dirty #567 Nombre del hardware: Placa NXP i.MX8MPlus EVK (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : tcpm_queue_vdm+0xe0/0xf0 lr : tcpm_queue_vdm+0x2c/0xf0 sp : ffff80000c19bcd0 x29: ffff80000c19bcd0 x28: 0000000000000001 x27: ffff0000d11c8ab8 x26: ffff0000d11cc000 x25: 0000000000000000 x24: 00000000ff008081 x23: 000000000000001 x22: 00000000ff00a081 x21: ffff80000c19bdbc x20: 0000000000000000 x19: ffff0000d11c8080 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffff0000d716f580 x14: 0000000000000001 x13: ffff0000d716f507 x12: 000000000000001 x11: 000000000000000 x10: 000000000000020 x9 : 00000000000ee098 x8 : 00000000ffffffff x7 : 000000000000001c x6 : ffff0000d716f580 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : ffff80000c19bdbc x1 : 00000000ff00a081 x0 : 0000000000000004 Rastreo de llamadas: tcpm_queue_vdm+0xe0/0xf0 tcpm_pd_rx_handler+0x340/0x1ab0 kthread_worker_fn+0xcc/0x18c kthread+0x10c/0x110 ret_from_fork+0x10/0x20 ---[ fin del seguimiento 000000000000000 ]--- Las siguientes secuencias pueden activar esta advertencia: tcpm_send_discover_work(trabajo) tcpm_send_vdm(puerto, USB_SID_PD, CMD_DISCOVER_IDENT, NULL, 0); tcpm_queue_vdm(puerto, encabezado, datos, recuento); puerto-&gt;vdm_state = VDM_STATE_READY; vdm_state_machine_work(trabajo); &lt;-- se recibi\u00f3 discover_identity del socio vdm_run_state_machine(puerto); puerto-&gt;vdm_state = VDM_STATE_SEND_MESSAGE; mod_vdm_delayed_work(puerto, x); tcpm_pd_rx_handler(trabajo); tcpm_pd_data_request(port, msg); tcpm_handle_vdm_request(port, msg-&gt;payload, cnt); tcpm_queue_vdm(port, response[0], &amp;response[1], rlen - 1); --&gt; WARN_ON(port-&gt;vdm_state &gt; VDM_STATE_DONE); En este caso, la m\u00e1quina de estados podr\u00eda enviar el mensaje de descubrimiento de identidad m\u00e1s tarde si omitimos el mensaje de descubrimiento de identidad actual. Por lo tanto, debemos procesar primero el mensaje recibido y anular el mensaje de descubrimiento de identidad pendiente sin previo aviso. Posteriormente, una operaci\u00f3n de env\u00edo de descubrimiento retrasado enviar\u00e1 el mensaje de descubrimiento de identidad nuevamente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53049.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53049",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:23.990",
"lastModified": "2025-05-02T16:15:23.990",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi: Fix NULL pointer deref in ucsi_connector_change()\n\nWhen ucsi_init() fails, ucsi->connector is NULL, yet in case of\nucsi_acpi we may still get events which cause the ucs_acpi code to call\nucsi_connector_change(), which then derefs the NULL ucsi->connector\npointer.\n\nFix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init()\nhas succeeded, so that ucsi_connector_change() ignores the events\nbecause UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: ucsi: Se corrige la desreferencia del puntero nulo en ucsi_connector_change(). Cuando ucsi_init() falla, ucsi-&gt;connector es nulo; sin embargo, en el caso de ucsi_acpi, a\u00fan pueden aparecer eventos que provocan que el c\u00f3digo ucs_acpi llame a ucsi_connector_change(), que a su vez desreferencia el puntero nulo ucsi-&gt;connector. Para solucionar esto, no configure ucsi-&gt;ntfy dentro de ucsi_init() hasta que ucsi_init() se haya ejecutado correctamente, de modo que ucsi_connector_change() ignore los eventos, ya que UCSI_ENABLE_NTFY_CONNECTOR_CHANGE no est\u00e1 configurado en la m\u00e1scara ntfy."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53050.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53050",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.093",
"lastModified": "2025-05-02T16:15:24.093",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4->margining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thunderbolt: Se corrige la p\u00e9rdida de memoria en el margining. La memoria para usb4-&gt;margining tambi\u00e9n debe liberarse para el puerto ascendente del router, aunque el directorio debugfs se libera al eliminar el dispositivo del router. Se soluciona."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53051.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53051",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.180",
"lastModified": "2025-05-02T16:15:24.180",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm crypt: add cond_resched() to dmcrypt_write()\n\nThe loop in dmcrypt_write may be running for unbounded amount of time,\nthus we need cond_resched() in it.\n\nThis commit fixes the following warning:\n\n[ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897]\n...\n[ 3391.387210][ C12] Call trace:\n[ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158\n[ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0\n[ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550\n[ 3391.405856][ C12] submit_bio_noacct+0x308/0x380\n[ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt]\n[ 3391.416005][ C12] kthread+0x130/0x138\n[ 3391.419911][ C12] ret_from_fork+0x10/0x18"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm crypt: a\u00f1adir cond_resched() a dmcrypt_write(). El bucle en dmcrypt_write podr\u00eda estar ejecut\u00e1ndose durante un tiempo ilimitado, por lo que necesitamos cond_resched(). Esta confirmaci\u00f3n corrige la siguiente advertencia: [3391.153255][C12] watchdog: BUG: soft lockup - CPU#12 atascada durante 23 s. [dmcrypt_write/2:2897] ... [3391.387210][C12] Rastreo de llamadas: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 [ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 [ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] [ 3391.416005][ C12] kthread+0x130/0x138 [ 3391.419911][ C12] ret_from_fork+0x10/0x18 "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53052.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53052",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.283",
"lastModified": "2025-05-02T16:15:24.283",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] <TASK>\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] </TASK>"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: se corrige el error de use-after-free en refresh_cache_worker(). El error de UAF se produjo porque se estaban asignando sesiones root de DFS en cifs_umount() mientras se ejecutaba el actualizador de cach\u00e9 DFS. Se ha establecido que las sesiones root de DFS tengan la misma duraci\u00f3n que las tcons de DFS para evitar el error de use-after-free en el actualizador de cach\u00e9 DFS y en otros lugares que requieren que los IPC obtengan nuevas referencias DFS. Adem\u00e1s, se ha eliminado la gesti\u00f3n de grupos de montaje en la cach\u00e9 DFS, ya que ya no es necesaria. Esto corrige el siguiente error de use-after-free detectado por KASAN [379.946955] ERROR: KASAN: use-after-free en __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.947642] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888018f57030 por la tarea kworker/u4:3/56 [379.948096] [379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 No contaminado 6.2.0-rc7-lku #23 [379.948661] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552-rebuilt.opensuse.org 01/04/2014 [ 379.949368] Cola de trabajo: cifs-dfscache refresh_cache_worker [cifs] [ 379.949942] Rastreo de llamadas: [ 379.950113] [ 379.950260] dump_stack_lvl+0x50/0x67 [ 379.950510] print_report+0x16a/0x48e [ 379.950759] ? __virt_addr_valid+0xd8/0x160 [ 379.951040] ? __phys_addr+0x41/0x80 [379.951285] kasan_report+0xdb/0x110 [379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs] [379.953637] ? __pfx___mutex_lock+0x10/0x10 [ 379.953915] ? lock_release+0xb6/0x720 [ 379.954167] ? __pfx_lock_acquire+0x10/0x10 [ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs] [ 379.954960] ? __pfx_wb_workfn+0x10/0x10 [ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs] [ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs] [ 379.956323] ? __pfx_lock_acquired+0x10/0x10 [ 379.956615] ? read_word_at_a_time+0xe/0x20 [ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220 [ 379.957235] process_one_work+0x535/0x990 [ 379.957509] ? __pfx_process_one_work+0x10/0x10 [ 379.957812] ? bloqueo_adquirido+0xb7/0x5f0 [ 379.958069] ? __lista_add_valid+0x37/0xd0 [ 379.958341] ? __lista_add_valid+0x37/0xd0 [ 379.958611] subproceso_de_trabajo+0x8e/0x630 [ 379.958861] ? __pfx_subproceso_de_trabajo+0x10/0x10 [ 379.959148] kthread+0x17d/0x1b0 [ 379.959369] ? __pfx_kthread+0x10/0x10 [379.959630] ret_from_fork+0x2c/0x50 [379.959879] "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53053.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53053",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.373",
"lastModified": "2025-05-02T16:15:24.373",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerspan: do not use skb_mac_header() in ndo_start_xmit()\n\nDrivers should not assume skb_mac_header(skb) == skb->data in their\nndo_start_xmit().\n\nUse skb_network_offset() and skb_transport_offset() which\nbetter describe what is needed in erspan_fb_xmit() and\nip6erspan_tunnel_xmit()\n\nsyzbot reported:\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline]\nWARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nModules linked in:\nCPU: 0 PID: 5083 Comm: syz-executor406 Not tainted 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [inline]\nRIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962\nCode: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00\nRSP: 0018:ffffc90003b2f830 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000\nRDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003\nRBP: ffffc90003b2f9d8 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00\nR13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000\nFS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\n__netdev_start_xmit include/linux/netdevice.h:4900 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4914 [inline]\n__dev_direct_xmit+0x504/0x730 net/core/dev.c:4300\ndev_direct_xmit include/linux/netdevice.h:3088 [inline]\npacket_xmit+0x20a/0x390 net/packet/af_packet.c:285\npacket_snd net/packet/af_packet.c:3075 [inline]\npacket_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107\nsock_sendmsg_nosec net/socket.c:724 [inline]\nsock_sendmsg+0xde/0x190 net/socket.c:747\n__sys_sendto+0x23a/0x340 net/socket.c:2142\n__do_sys_sendto net/socket.c:2154 [inline]\n__se_sys_sendto net/socket.c:2150 [inline]\n__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f123aaa1039\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f123aaa1039\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0\nR13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erspan: no utilice skb_mac_header() en ndo_start_xmit() Los controladores no deben asumir que skb_mac_header(skb) == skb-&gt;data en su ndo_start_xmit(). Utilice skb_network_offset() y skb_transport_offset() que describen mejor lo que se necesita en erspan_fb_xmit() e ip6erspan_tunnel_xmit() syzbot inform\u00f3: ADVERTENCIA: CPU: 0 PID: 5083 en include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [en l\u00ednea] ADVERTENCIA: CPU: 0 PID: 5083 en include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962 M\u00f3dulos vinculados: CPU: 0 PID: 5083 Comm: syz-executor406 No contaminado 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/03/2023 RIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [en l\u00ednea] RIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962 C\u00f3digo: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 &lt;0f&gt; 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00 RSP: 0018:ffffc90003b2f830 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000 RDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003 RBP: ffffc90003b2f9d8 R08: 00000000000000003 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00 R13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000 FS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 000000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: __netdev_start_xmit include/linux/netdevice.h:4900 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4914 [en l\u00ednea] __dev_direct_xmit+0x504/0x730 net/core/dev.c:4300 dev_direct_xmit include/linux/netdevice.h:3088 [en l\u00ednea] packet_xmit+0x20a/0x390 net/packet/af_packet.c:285 packet_snd net/packet/af_packet.c:3075 [en l\u00ednea] packet_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107 sock_sendmsg_nosec net/socket.c:724 [en l\u00ednea] sock_sendmsg+0xde/0x190 net/socket.c:747 __sys_sendto+0x23a/0x340 net/socket.c:2142 __do_sys_sendto net/socket.c:2154 [en l\u00ednea] __se_sys_sendto net/socket.c:2150 [en l\u00ednea] __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f123aaa1039 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000000000 RCX: 00007f123aaa1039 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0 R13: 431bde82d7b634db R14: 000000000000000 R15: 0000000000000000"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53054.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.483",
"lastModified": "2025-05-02T16:15:24.483",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg->ll_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: se corrige una fuga de devres en hw_enable al reanudar la suspensi\u00f3n. Cada vez que la plataforma pasa a bajo consumo, las rutinas de suspensi\u00f3n/reinicio de PM llaman a __dwc2_lowlevel_hw_enable -&gt; devm_add_action_or_reset(). Esto agrega un nuevo devres cada vez. Esto tambi\u00e9n puede ocurrir en tiempo de ejecuci\u00f3n, ya que dwc2_lowlevel_hw_enable() puede llamarse desde udc_start(). Esto se puede ver con el seguimiento: - echo 1 &gt; /sys/kernel/debug/tracing/events/dev/devres_log/enable - ir a bajo consumo - cat /sys/kernel/debug/tracing/trace Se encuentra una nueva entrada \"ADD\" en cada ciclo de bajo consumo: ... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes) ... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes) ... Aqu\u00ed se aborda un segundo problema: - regulator_bulk_enable() se llama en cada ciclo de PM (suspender/reanudar). - regulator_bulk_disable() nunca se llama. Por lo tanto, el recuento de referencias para estos reguladores aumenta constantemente, en uno con cada ciclo de bajo consumo, debido a la falta de la llamada a regulator_bulk_disable() en __dwc2_lowlevel_hw_disable(). La correcci\u00f3n original, que introdujo la llamada a devm_add_action_or_reset(), solucion\u00f3 un problema durante el sondeo que se produce debido a otros errores en dwc2_driver_probe() -&gt; dwc2_core_reset(). En ese caso, el sondeo falla sin deshabilitar los reguladores cuando dr_mode == USB_DR_MODE_PERIPHERAL. Mejor soluci\u00f3n: deshabilite todo el hardware de bajo nivel en la ruta de error mediante el indicador \"hsotg-&gt;ll_hw_enabled\". Se ha introducido la comprobaci\u00f3n de dr_mode para evitar una llamada dual a dwc2_lowlevel_hw_disable(). \"ll_hw_enabled\" deber\u00eda lograr el mismo efecto (y se utiliza actualmente en la rutina remove())."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53055.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.590",
"lastModified": "2025-05-02T16:15:24.590",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: destroy keyring after security_sb_delete()\n\nfscrypt_destroy_keyring() must be called after all potentially-encrypted\ninodes were evicted; otherwise it cannot safely destroy the keyring.\nSince inodes that are in-use by the Landlock LSM don't get evicted until\nsecurity_sb_delete(), this means that fscrypt_destroy_keyring() must be\ncalled *after* security_sb_delete().\n\nThis fixes a WARN_ON followed by a NULL dereference, only possible if\nLandlock was being used on encrypted files."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscrypt: destruir el anillo de claves despu\u00e9s de security_sb_delete(). fscrypt_destroy_keyring() debe llamarse despu\u00e9s de expulsar todos los inodos potencialmente cifrados; de lo contrario, no puede destruir el anillo de claves de forma segura. Dado que los inodos en uso por el LSM de Landlock no se expulsan hasta security_sb_delete(), esto significa que fscrypt_destroy_keyring() debe llamarse *despu\u00e9s* de security_sb_delete(). Esto corrige un WARN_ON seguido de una desreferencia a NULL, solo posible si Landlock se utilizaba en archivos cifrados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.680",
"lastModified": "2025-05-02T16:15:24.680",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Synchronize the IOCB count to be in order\n\nA system hang was observed with the following call trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1\nHardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022\nRIP: 0010:__wake_up_common+0x55/0x190\nCode: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d\n 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\\n 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31\n ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d\nRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018\nRBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8\nR10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)\n\tknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0\nCall Trace:\n <TASK>\n __wake_up_common_lock+0x83/0xd0\n qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]\n __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]\n nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]\n nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]\n ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]\n nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]\n nvme_sysfs_delete+0x5f/0x70 [nvme_core]\n kernfs_fop_write_iter+0x12b/0x1c0\n vfs_write+0x2a3/0x3b0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exit_to_user_mode_loop+0xd0/0x130\n ? exit_to_user_mode_prepare+0xec/0x100\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n RIP: 0033:0x7f815cd3eb97\n\nThe IOCB counts are out of order and that would block any commands from\ngoing out and subsequently hang the system. Synchronize the IOCB count to\nbe in correct order."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Sincronizar el recuento de IOCB para que est\u00e9 en orden Se observ\u00f3 un bloqueo del sistema con el siguiente seguimiento de llamada: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: cargado No contaminado 6.2.0+ #1 Nombre del hardware: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 31/03/2022 RIP: 0010:__wake_up_common+0x55/0x190 C\u00f3digo: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\ 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 &lt;49&gt; 8b 40 18 89 6c 24 14 31 ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082 RAX: 00000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018 RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8 R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0 Rastreo de llamadas: __wake_up_common_lock+0x83/0xd0 qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx] __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc] nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc] nvme_fc_delete_association+0x1bf/0x220 [nvme_fc] ? nvme_remove_namespaces+0x9f/0x140 [n\u00facleo_nvme] nvme_do_delete_ctrl+0x5b/0xa0 [n\u00facleo_nvme] nvme_sysfs_delete+0x5f/0x70 [n\u00facleo_nvme] kernfs_fop_write_iter+0x12b/0x1c0 vfs_write+0x2a3/0x3b0 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_loop+0xd0/0x130 ? exit_to_user_mode_prepare+0xec/0x100 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f815cd3eb97 Los conteos de IOCB est\u00e1n desordenados, lo que impedir\u00eda la salida de cualquier comando y, posteriormente, bloquear\u00eda el sistema. Sincronice el conteo de IOCB para que est\u00e9 en el orden correcto."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53057.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.773",
"lastModified": "2025-05-02T16:15:24.773",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix global-out-of-bounds\n\nTo loop a variable-length array, hci_init_stage_sync(stage) considers\nthat stage[i] is valid as long as stage[i-1].func is valid.\nThus, the last element of stage[].func should be intentionally invalid\nas hci_init0[], le_init2[], and others did.\nHowever, amp_init1[] and amp_init2[] have no invalid element, letting\nhci_init_stage_sync() keep accessing amp_init1[] over its valid range.\nThis patch fixes this by adding {} in the last of amp_init1[] and\namp_init2[].\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in hci_dev_open_sync (\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nRead of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032\nCPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04\nWorkqueue: hci1 hci_power_on\nCall Trace:\n <TASK>\ndump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))\nprint_report (/v6.2-bzimage/mm/kasan/report.c:307\n /v6.2-bzimage/mm/kasan/report.c:417)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nkasan_report (/v6.2-bzimage/mm/kasan/report.c:184\n /v6.2-bzimage/mm/kasan/report.c:519)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nhci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\n? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)\n? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190\n /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443\n /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781\n /v6.2-bzimage/kernel/locking/mutex.c:171\n /v6.2-bzimage/kernel/locking/mutex.c:285)\n? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)\nhci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485\n /v6.2-bzimage/net/bluetooth/hci_core.c:984)\n? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)\n? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)\n? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62\n /v6.2-bzimage/lib/string.c:161)\nprocess_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)\nworker_thread (/v6.2-bzimage/./include/linux/list.h:292\n /v6.2-bzimage/kernel/workqueue.c:2437)\n? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)\nkthread (/v6.2-bzimage/kernel/kthread.c:376)\n? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)\nret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)\n </TASK>\nThe buggy address belongs to the variable:\namp_init1+0x30/0x60\nThe buggy address belongs to the physical page:\npage:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00\n ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n>ffffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9\n \n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: HCI: Correcci\u00f3n de un error global fuera de los l\u00edmites. Para repetir una matriz de longitud variable, hci_init_stage_sync(stage) considera que stage[i] es v\u00e1lido siempre que stage[i-1].func lo sea. Por lo tanto, el \u00faltimo elemento de stage[].func deber\u00eda ser intencionalmente inv\u00e1lido, como hicieron hci_init0[], le_init2[] y otros. Sin embargo, amp_init1[] y amp_init2[] no tienen ning\u00fan elemento inv\u00e1lido, lo que permite que hci_init_stage_sync() siga accediendo a amp_init1[] por encima de su rango v\u00e1lido. Este parche corrige esto a\u00f1adiendo {} al final de amp_init1[] y amp_init2[]. ====================================================================== ERROR: KASAN: global fuera de los l\u00edmites en hci_dev_open_sync ( /v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffffffaed1ab70 por tarea kworker/u5:0/1032 CPU: 0 PID: 1032 Comm: kworker/u5:0 No contaminado 6.2.0 #3 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 04 Cola de trabajo: hci1 hci_power_on Rastreo de llamadas: dump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1)) print_report (/v6.2-bzimage/mm/kasan/report.c:307 /v6.2-bzimage/mm/kasan/report.c:417) ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) kasan_report (/v6.2-bzimage/mm/kasan/report.c:184 /v6.2-bzimage/mm/kasan/report.c:519) ? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154 /v6.2-bzimage/net/bluetooth/hci_sync.c:3343 /v6.2-bzimage/net/bluetooth/hci_sync.c:4418 /v6.2-bzimage/net/bluetooth/hci_sync.c:4609 /v6.2-bzimage/net/bluetooth/hci_sync.c:4689) ? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635) ? bloqueo mutex (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190 /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443 /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781 /v6.2-bzimage/kernel/locking/mutex.c:171 /v6.2-bzimage/kernel/locking/mutex.c:285) ? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282) hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485 /v6.2-bzimage/net/bluetooth/hci_core.c:984) ? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969) ? leer_palabra_a_la_vez (/v6.2-bzimage/./include/asm-generic/rwonce.h:85) ? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62 /v6.2-bzimage/lib/string.c:161) process_one_work (/v6.2-bzimage/kernel/workqueue.c:2294) work_thread (/v6.2-bzimage/./include/linux/list.h:292 /v6.2-bzimage/kernel/workqueue.c:2437) ? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379) kthread (/v6.2-bzimage/kernel/kthread.c:376) ? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331) ret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314) La direcci\u00f3n con errores pertenece a la variable: amp_init1+0x30/0x60 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:000000003a157ec6 refcount:1 mapcount:0 mapping:000000000000000 ia flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: fffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 &gt;ffffffffaed1ab00 ---truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53058.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.867",
"lastModified": "2025-05-02T16:15:24.867",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\". There is nothing we can do if\nit is an error pointer except returning the error code."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: E-Switch. Se corrige un error en el c\u00f3digo de gesti\u00f3n de errores. El c\u00f3digo de gesti\u00f3n de errores desreferencia \"vport\". Si se trata de un puntero de error, no podemos hacer nada m\u00e1s que devolver el c\u00f3digo de error."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53059.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53059",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:24.963",
"lastModified": "2025-05-02T16:15:24.963",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page's data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/chrome: cros_ec_chardev: se corrige la fuga de datos del kernel desde ioctl. Es posible acceder a los datos de la p\u00e1gina del kernel proporcionando un valor `insize` mayor en la estructura cros_ec_command[1] al invocar comandos del host EC. Se corrige utilizando memoria a cero. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53060.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53060",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.060",
"lastModified": "2025-05-02T16:15:25.060",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching) | (USE from netdev core)\nigb_remove | igb_ndo_get_vf_config\n igb_disable_sriov | vf >= adapter->vfs_allocated_count?\n kfree(adapter->vf_data) |\n adapter->vfs_allocated_count = 0 |\n | memcpy(... adapter->vf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[ 141.420169] <TASK>\n[ 141.420672] __schedule+0x2dd/0x840\n[ 141.421427] schedule+0x50/0xc0\n[ 141.422041] schedule_preempt_disabled+0x11/0x20\n[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0\n[ 141.423324] unregister_netdev+0xe/0x20\n[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]\n[ 141.423791] pci_device_remove+0x36/0xb0\n[ 141.423990] device_release_driver_internal+0xc1/0x160\n[ 141.424270] pci_stop_bus_device+0x6d/0x90\n[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20\n[ 141.424789] pci_iov_remove_virtfn+0xba/0x120\n[ 141.425452] sriov_disable+0x2f/0xf0\n[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]\n[ 141.426353] igb_remove+0xa0/0x130 [igb]\n[ 141.426599] pci_device_remove+0x36/0xb0\n[ 141.426796] device_release_driver_internal+0xc1/0x160\n[ 141.427060] driver_detach+0x44/0x90\n[ 141.427253] bus_remove_driver+0x55/0xe0\n[ 141.427477] pci_unregister_driver+0x2a/0xa0\n[ 141.428296] __x64_sys_delete_module+0x141/0x2b0\n[ 141.429126] ? mntput_no_expire+0x4a/0x240\n[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0\n[ 141.429653] do_syscall_64+0x5b/0x80\n[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0\n[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.430849] ? do_syscall_64+0x67/0x80\n[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.432482] ? do_syscall_64+0x67/0x80\n[ 141.432714] ? exc_page_fault+0x64/0x140\n[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: revertir rtnl_lock() que causa un bloqueo el commit 6faee3d4ee8b (\"igb: Agregar bloqueo para evitar ejecuci\u00f3n de datos\") agrega rtnl_lock para eliminar una ejecuci\u00f3n de datos falsa que se muestra a continuaci\u00f3n (GRATIS de la desconexi\u00f3n del dispositivo) | (USO desde el n\u00facleo netdev) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf &gt;= adapter-&gt;vfs_allocated_count? kfree(adapter-&gt;vf_data) | adapter-&gt;vfs_allocated_count = 0 | | memcpy(... adapter-&gt;vf_data[vf] La ejecuci\u00f3n anterior nunca ocurrir\u00e1 y el rtnl_lock adicional provoca un bloqueo a continuaci\u00f3n [ 141.420169] [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] ? do_syscall_64+0x5b/0x80 [ 141.429847] ? salir_al_modo_usuario_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_salir_al_modo_usuario+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [141.432482] ? do_syscall_64+0x67/0x80 [141.432714] ? exc_page_fault+0x64/0x140 [141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc. Dado que igb_disable_sriov() llamar\u00e1 a pci_disable_sriov() antes de liberar recursos, el n\u00facleo netdev sincronizar\u00e1 la limpieza para evitar ejecuci\u00f3ns. Este parche elimina el bloqueo rtnl_(un)lock innecesario para garantizar la correcci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53061.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.163",
"lastModified": "2025-05-02T16:15:25.163",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix possible refcount leak in smb2_open()\n\nReference count of acls will leak when memory allocation fails. Fix this\nby adding the missing posix_acl_release()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige una posible fuga de recuento de referencias en smb2_open(). El recuento de referencias de las ACL se filtra cuando falla la asignaci\u00f3n de memoria. Se soluciona a\u00f1adiendo la funci\u00f3n posix_acl_release() que faltaba."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.257",
"lastModified": "2025-05-02T16:15:25.257",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: smsc95xx: Limitar la longitud del paquete a skb-&gt;len. La longitud del paquete obtenida del descriptor puede ser mayor que la longitud real del b\u00fafer del socket. En tal caso, el skb clonado que se pasa a la pila de red filtrar\u00e1 el contenido de la memoria del kernel."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53063.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.377",
"lastModified": "2025-05-02T16:15:25.377",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\n\nIn btsdio_probe, &data->work was bound with btsdio_work.In\nbtsdio_send_frame, it was started by schedule_work.\n\nIf we call btsdio_remove with an unfinished job, there may\nbe a race condition and cause UAF bug on hdev."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btsdio: se corrige el error \"use after free\" en btsdio_remove debido a un trabajo inacabado. En btsdio_probe, &amp;data-&gt;work estaba enlazado con btsdio_work. En btsdio_send_frame, se inici\u00f3 mediante schedule_work. Si se llama a btsdio_remove con un trabajo inacabado, podr\u00eda producirse una condici\u00f3n de ejecuci\u00f3n y causar un error de UAF en hdev."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53064.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.480",
"lastModified": "2025-05-02T16:15:25.480",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix hang on reboot with ice\n\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\n\n Pid 1 is hung in iavf_remove(), part of a network driver:\n PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: \"systemd-shutdow\"\n #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\n RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7\n RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead\n RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90\n R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005\n R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000\n ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b\n\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat's not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\n\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: se corrige el bloqueo al reiniciar con hielo Cuando se reinicia un sistema con E810 con VF existentes, se puede observar el siguiente bloqueo. El Pid 1 est\u00e1 colgado en iavf_remove(), parte de un controlador de red: PID: 1 TAREA: ffff965400e5a340 CPU: 24 COMANDO: \"systemd-shutdow\" #0 [ffffaad04005fa50] __schedule en ffffffff8b3239cb #1 [ffffaad04005fae8] schedule en ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock en ffffffff8b32cebc #3 [ffffaad04005fb80] usleep_range_state en ffffffff8b32c930 #4 [ffffaad04005fbb0] iavf_remove en ffffffffc12b9b4c [iavf] #5 [ffffaad04005fbf0] pci_device_remove en ffffffff8add7513 #6 [ffffaad04005fc10] device_release_driver_internal en ffffffff8af08baa #7 [ffffaad04005fc40] pci_stop_bus_device en ffffffff8adcc5fc #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device en ffffffff8adcc81e #9 [ffffaad04005fc70] pci_iov_remove_virtfn en ffffffff8adf9429 #10 [ffffaad04005fca8] sriov_disable en ffffffff8adf98e4 #11 [ffffaad04005fcc8] ice_free_vfs en ffffffffc04bb2c8 [ice] #12 [ffffaad04005fd10] ice_remove en ffffffffc04778fe [ice] #13 [ffffaad04005fd38] ice_shutdown en ffffffffc0477946 [ice] #14 [ffffaad04005fd50] pci_device_shutdown en ffffffff8add58f1 #15 [ffffaad04005fd70] device_shutdown en ffffffff8af05386 #16 [ffffaad04005fd98] kernel_restart en ffffffff8a92a870 #17 [ffffaad04005fda8] __do_sys_reboot en ffffffff8a92abd6 #18 [ffffaad04005fee0] do_syscall_64 en ffffffff8b317159 #19 [ffffaad04005ff08] __context_tracking_enter en ffffffff8b31b6fc #20 [ffffaad04005ff18] syscall_exit_to_user_mode en ffffffff8b31b50d #21 [ffffaad04005ff28] do_syscall_64 en ffffffff8b317169 #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe en ffffffff8b40009b RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7 RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead RBP: 00007fffbcc55ca0 R8: 000000000000000 R9: 00007fffbcc54e90 R10: 00007fffbcc55050 R11: 00000000000000202 R12: 0000000000000005 R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000 ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b Durante el reinicio, se invocan las devoluciones de llamada de apagado de PM de todos los controladores. En iavf_shutdown(), el estado del adaptador cambia a __IAVF_REMOVE. En ice_shutdown() se ejecuta la cadena de llamadas anterior, que en alg\u00fan momento llama a iavf_remove(). Sin embargo, iavf_remove() espera que el VF est\u00e9 en uno de los estados __IAVF_RUNNING, __IAVF_DOWN o __IAVF_INIT_FAILED. De lo contrario, se suspende indefinidamente. Por lo tanto, si se invoca iavf_shutdown() antes que iavf_remove(), el sistema se bloquear\u00e1 indefinidamente porque el adaptador ya est\u00e1 en el estado __IAVF_REMOVE. Para solucionar esto, regrese de iavf_remove() si el estado es __IAVF_REMOVE, como ya se explic\u00f3 con iavf_shutdown()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53065.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53065",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.580",
"lastModified": "2025-05-02T16:15:25.580",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: Se solucion\u00f3 que el par\u00e1metro perf_output_begin se invocara incorrectamente en perf_event_bpf_output syzkaller informa un problema de KASAN con una pila fuera de los l\u00edmites. El seguimiento de la llamada es el siguiente: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 workers_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 (\"perf: Reducir el uso de la pila de perf_output_begin()\") usa la estructura en pila perf_sample_data de la funci\u00f3n que llama. Sin embargo, perf_event_bpf_output utiliza un par\u00e1metro incorrecto para convertir datos de tama\u00f1o peque\u00f1o (struct perf_bpf_event) en datos de tama\u00f1o grande (struct perf_sample_data), lo que provoca que se sobrescriba la memoria en __perf_event_header__init_id."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53066.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.673",
"lastModified": "2025-05-02T16:15:25.673",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: qed/qed_sriov: protecci\u00f3n contra desreferencias nulas de qed_iov_get_vf_info. Debemos asegurarnos de que la informaci\u00f3n devuelta por el ayudante sea v\u00e1lida antes de usarla. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53067.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53067",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.777",
"lastModified": "2025-05-02T16:15:25.777",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Only call get_timer_irq() once in constant_clockevent_init()\n\nUnder CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see\nthe following messages on LoongArch, this is because using might_sleep()\nin preemption disable context.\n\n[ 0.001127] smp: Bringing up secondary CPUs ...\n[ 0.001222] Booting CPU#1...\n[ 0.001244] 64-bit Loongson Processor probed (LA464 Core)\n[ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit)\n[ 0.001250] FPU1 revision is: 00000000\n[ 0.001252] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283\n[ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.001257] preempt_count: 1, expected: 0\n[ 0.001258] RCU nest depth: 0, expected: 0\n[ 0.001259] Preemption disabled at:\n[ 0.001261] [<9000000000223800>] arch_dup_task_struct+0x20/0x110\n[ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc7+ #43\n[ 0.001275] Hardware name: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202\n[ 0.001277] Stack : 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000\n[ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 0000000000000000\n[ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50\n[ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500\n[ 0.001303] 0000000000000001 0000000000000001 00000000ffffe0a2 0000000000000020\n[ 0.001309] 000000000000002f 9000000001354116 00000000056b0000 ffffffffffffffff\n[ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000\n[ 0.001320] 900000000022b69c 0000000000000001 0000000000000000 9000000001736a90\n[ 0.001325] 9000000100038000 0000000000000000 9000000000222f34 0000000000000000\n[ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.001337] ...\n[ 0.001339] Call Trace:\n[ 0.001342] [<9000000000222f34>] show_stack+0x5c/0x180\n[ 0.001346] [<90000000010bdd80>] dump_stack_lvl+0x60/0x88\n[ 0.001352] [<9000000000266418>] __might_resched+0x180/0x1cc\n[ 0.001356] [<90000000010c742c>] mutex_lock+0x20/0x64\n[ 0.001359] [<90000000002a8ccc>] irq_find_matching_fwspec+0x48/0x124\n[ 0.001364] [<90000000002259c4>] constant_clockevent_init+0x68/0x204\n[ 0.001368] [<900000000022acf4>] start_secondary+0x40/0xa8\n[ 0.001371] [<90000000010c0124>] smpboot_entry+0x60/0x64\n\nHere are the complete call chains:\n\nsmpboot_entry()\n start_secondary()\n constant_clockevent_init()\n get_timer_irq()\n irq_find_matching_fwnode()\n irq_find_matching_fwspec()\n mutex_lock()\n might_sleep()\n __might_sleep()\n __might_resched()\n\nIn order to avoid the above issue, we should break the call chains,\nusing timer_irq_installed variable as check condition to only call\nget_timer_irq() once in constant_clockevent_init() is a simple and\nproper way."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: solo llamar a get_timer_irq() una vez en constant_clockevent_init() Bajo CONFIG_DEBUG_ATOMIC_SLEEP=y y CONFIG_DEBUG_PREEMPT=y, podemos ver los siguientes mensajes en LoongArch, esto se debe a que se usa might_sleep() en el contexto de deshabilitaci\u00f3n de preempci\u00f3n. [ 0.001127] smp: Activando CPU secundarias... [ 0.001222] Arrancando CPU#1... [ 0.001244] Procesador Loongson de 64 bits probado (n\u00facleo LA464) [ 0.001247] La revisi\u00f3n de CPU1 es: 0014c012 (Loongson-64bit) [ 0.001250] La revisi\u00f3n de FPU1 es: 00000000 [ 0.001252] ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:283 [ 0.001255] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.001257] preempt_count: 1, expected: 0 [ 0.001258] Profundidad de anidamiento de RCU: 0, esperado: 0 [ 0.001259] Preempci\u00f3n deshabilitada en: [ 0.001261] [&lt;9000000000223800&gt;] arch_dup_task_struct+0x20/0x110 [ 0.001272] CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.2.0-rc7+ #43 [ 0.001275] Nombre del hardware: Loongson Loongson-3A5000-7A1000-1w-A2101/Loongson-LS3A5000-7A1000-1w-A2101, BIOS vUDK2018-LoongArch-V4.0.05132-beta10 12/13/202 [ 0.001277] Pila: 0072617764726148 0000000000000000 9000000000222f1c 90000001001e0000 [ 0.001286] 90000001001e3be0 90000001001e3be8 0000000000000000 000000000000000 [ 0.001292] 90000001001e3be8 0000000000000040 90000001001e3cb8 90000001001e3a50 [ 0.001297] 9000000001642000 90000001001e3be8 be694d10ce4139dd 9000000100174500 [ 0.001303] 0000000000000001 000000000000001 000000000ffffe0a2 0000000000000020 [ 0.001309] 00000000000002f 9000000001354116 00000000056b0000 ffffffffffffffffff [ 0.001314] 0000000000000000 0000000000000000 90000000014f6e90 9000000001642000 [ 0.001320] 900000000022b69c 0000000000000001 000000000000000 9000000001736a90 [ 0.001325] 9000000100038000 000000000000000 9000000000222f34 000000000000000 [ 0.001331] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.001337] ... [ 0.001339] Rastreo de llamadas: [ 0.001342] [&lt;9000000000222f34&gt;] show_stack+0x5c/0x180 [ 0.001346] [&lt;90000000010bdd80&gt;] dump_stack_lvl+0x60/0x88 [ 0.001352] [&lt;9000000000266418&gt;] __might_resched+0x180/0x1cc [ 0.001356] [&lt;90000000010c742c&gt;] mutex_lock+0x20/0x64 [ 0.001359] [&lt;90000000002a8ccc&gt;] irq_find_matching_fwspec+0x48/0x124 [ 0.001364] [&lt;90000000002259c4&gt;] constant_clockevent_init+0x68/0x204 [ 0.001368] [&lt;900000000022acf4&gt;] start_secondary+0x40/0xa8 [ 0.001371] [&lt;90000000010c0124&gt;] smpboot_entry+0x60/0x64 Estas son las cadenas de llamadas completas: Para evitar el problema anterior, debemos romper las cadenas de llamadas, utilizando la variable timer_irq_installed como condici\u00f3n de verificaci\u00f3n para llamar a get_timer_irq() solo una vez en constant_clockevent_init() es una forma simple y adecuada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53068.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53068",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.870",
"lastModified": "2025-05-02T16:15:25.870",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb->len\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: lan78xx: Limitar la longitud del paquete a skb-&gt;len. La longitud del paquete obtenida del descriptor puede ser mayor que la longitud real del b\u00fafer del socket. En tal caso, el skb clonado que se pasa a la pila de red filtrar\u00e1 el contenido de la memoria del kernel. Adem\u00e1s, se evita el subdesbordamiento de enteros cuando el tama\u00f1o es menor que ETH_FCS_LEN."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53069.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53069",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:25.960",
"lastModified": "2025-05-02T16:15:25.960",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-vf: Add missing free for alloc_percpu\n\nAdd the free_percpu for the allocated \"vf->hw.lmt_info\" in order to avoid\nmemory leak, same as the \"pf->hw.lmt_info\" in\n`drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-vf: Agregar libre faltante para alloc_percpu Agregue libre_percpu para el \"vf-&gt;hw.lmt_info\" asignado para evitar fugas de memoria, igual que \"pf-&gt;hw.lmt_info\" en `drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c`."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53070.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53070",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.050",
"lastModified": "2025-05-02T16:15:26.050",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nenabled to map PPTT once on the first invocation of acpi_get_pptt() and\nnever unmapped the same allowing it to be used at runtime with out the\nhassle of mapping and unmapping the table. This was needed to fetch LLC\ninformation from the PPTT in the cpuhotplug path which is executed in\nthe atomic context as the acpi_get_table() might sleep waiting for a\nmutex.\n\nHowever it missed to handle the case when there is no PPTT on the system\nwhich results in acpi_get_pptt() being called from all the secondary\nCPUs attempting to fetch the LLC information in the atomic context\nwithout knowing the absence of PPTT resulting in the splat like below:\n\n | BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:164\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | no locks held by swapper/1/0.\n | irq event stamp: 0\n | hardirqs last enabled at (0): 0x0\n | hardirqs last disabled at (0): copy_process+0x61c/0x1b40\n | softirqs last enabled at (0): copy_process+0x61c/0x1b40\n | softirqs last disabled at (0): 0x0\n | CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc1 #1\n | Call trace:\n | dump_backtrace+0xac/0x138\n | show_stack+0x30/0x48\n | dump_stack_lvl+0x60/0xb0\n | dump_stack+0x18/0x28\n | __might_resched+0x160/0x270\n | __might_sleep+0x58/0xb0\n | down_timeout+0x34/0x98\n | acpi_os_wait_semaphore+0x7c/0xc0\n | acpi_ut_acquire_mutex+0x58/0x108\n | acpi_get_table+0x40/0xe8\n | acpi_get_pptt+0x48/0xa0\n | acpi_get_cache_info+0x38/0x140\n | init_cache_level+0xf4/0x118\n | detect_cache_attributes+0x2e4/0x640\n | update_siblings_masks+0x3c/0x330\n | store_cpu_topology+0x88/0xf0\n | secondary_start_kernel+0xd0/0x168\n | __secondary_switched+0xb8/0xc0\n\nUpdate acpi_get_pptt() to consider the fact that PPTT is once checked and\nis not available on the system and return NULL avoiding any attempts to\nfetch PPTT and thereby avoiding any possible sleep waiting for a mutex\nin the atomic context."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: PPTT: Correcci\u00f3n para evitar la suspensi\u00f3n en el contexto at\u00f3mico cuando PPTT est\u00e1 ausente. el commit 0c80f9e165f8 (\"ACPI: PPTT: Dejar la tabla asignada para el uso en tiempo de ejecuci\u00f3n\") habilit\u00f3 la asignaci\u00f3n de PPTT una vez en la primera invocaci\u00f3n de acpi_get_pptt() y nunca la desasign\u00f3, lo que permite su uso en tiempo de ejecuci\u00f3n sin la molestia de asignar y desasignar la tabla. Esto era necesario para obtener informaci\u00f3n de LLC del PPTT en la ruta cpuhotplug, que se ejecuta en el contexto at\u00f3mico, ya que acpi_get_table() podr\u00eda estar en suspensi\u00f3n esperando un mutex. Sin embargo, no logr\u00f3 gestionar el caso en que no hay PPTT en el sistema, lo que provoca que acpi_get_pptt() se llame desde todas las CPU secundarias que intentan obtener la informaci\u00f3n de LLC en el contexto at\u00f3mico sin conocer la ausencia de PPTT, lo que resulta en un error como el siguiente: | ERROR: funci\u00f3n inactiva llamada desde contexto no v\u00e1lido en kernel/locking/semaphore.c:164 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 1, expected: 0 | Profundidad de anidamiento de RCU: 0, expected: 0 | swapper/1/0 no tiene bloqueos. | marca de evento irq: 0 | hardirqs habilitado por \u00faltima vez en (0): 0x0 | hardirqs deshabilitado por \u00faltima vez en (0): copy_process+0x61c/0x1b40 | softirqs habilitado por \u00faltima vez en (0): copy_process+0x61c/0x1b40 | softirqs deshabilitado por \u00faltima vez en (0): 0x0 | CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.3.0-rc1 #1 | Rastreo de llamadas: | dump_backtrace+0xac/0x138 | show_stack+0x30/0x48 | dump_stack_lvl+0x60/0xb0 | dump_stack+0x18/0x28 | __might_resched+0x160/0x270 | __might_sleep+0x58/0xb0 | down_timeout+0x34/0x98 | acpi_os_wait_semaphore+0x7c/0xc0 | acpi_ut_acquire_mutex+0x58/0x108 | acpi_get_table+0x40/0xe8 | acpi_get_pptt+0x48/0xa0 | acpi_get_cache_info+0x38/0x140 | init_cache_level+0xf4/0x118 | detect_cache_attributes+0x2e4/0x640 | update_siblings_masks+0x3c/0x330 | store_cpu_topology+0x88/0xf0 | secondary_start_kernel+0xd0/0x168 | __secondary_switched+0xb8/0xc0 Actualice acpi_get_pptt() para considerar el hecho de que PPTT se verifica una vez y no est\u00e1 disponible en el sistema y devuelve NULL evitando cualquier intento de obtener PPTT y, por lo tanto, evitando cualquier posible suspensi\u00f3n esperando un mutex en el contexto at\u00f3mico."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53071.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53071",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.140",
"lastModified": "2025-05-02T16:15:26.140",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn't been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: no ejecutar mt76_unregister_device() en hardware no registrado. Al intentar sondear una tarjeta PCI mt7921e sin firmware, se obtiene un sondeo exitoso donde no se ha llamado a ieee80211_register_hw. Al desinstalar el controlador, se llama a ieee802111_unregister_hw incondicionalmente, lo que provoca una desreferencia de puntero nulo en el kernel. Se solucion\u00f3 el problema al ejecutar la rutina mt76_unregister_device solo para hardware registrado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53072.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.237",
"lastModified": "2025-05-02T16:15:26.237",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use the workqueue to destroy unaccepted sockets\n\nChristoph reported a UaF at token lookup time after having\nrefactored the passive socket initialization part:\n\n BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260\n Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198\n\n CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n __token_bucket_busy+0x253/0x260\n mptcp_token_new_connect+0x13d/0x490\n mptcp_connect+0x4ed/0x860\n __inet_stream_connect+0x80e/0xd90\n tcp_sendmsg_fastopen+0x3ce/0x710\n mptcp_sendmsg+0xff1/0x1a20\n inet_sendmsg+0x11d/0x140\n __sys_sendto+0x405/0x490\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nWe need to properly clean-up all the paired MPTCP-level\nresources and be sure to release the msk last, even when\nthe unaccepted subflow is destroyed by the TCP internals\nvia inet_child_forget().\n\nWe can re-use the existing MPTCP_WORK_CLOSE_SUBFLOW infra,\nexplicitly checking that for the critical scenario: the\nclosed subflow is the MPC one, the msk is not accepted and\neventually going through full cleanup.\n\nWith such change, __mptcp_destroy_sock() is always called\non msk sockets, even on accepted ones. We don't need anymore\nto transiently drop one sk reference at msk clone time.\n\nPlease note this commit depends on the parent one:\n\n mptcp: refactor passive socket initialization"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: usa workqueue para destruir sockets no aceptados Christoph inform\u00f3 un UaF en el momento de la b\u00fasqueda del token despu\u00e9s de haber refactorizado la parte de inicializaci\u00f3n del socket pasivo: ERROR: KASAN: use-after-free en __token_bucket_busy+0x253/0x260 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88810698d5b0 por la tarea syz-executor653/3198 CPU: 1 PID: 3198 Comm: syz-executor653 No contaminado 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x6e/0x91 print_report+0x16a/0x46f kasan_report+0xad/0x130 __token_bucket_busy+0x253/0x260 mptcp_token_new_connect+0x13d/0x490 mptcp_connect+0x4ed/0x860 __inet_stream_connect+0x80e/0xd90 tcp_sendmsg_fastopen+0x3ce/0x710 mptcp_sendmsg+0xff1/0x1a20 inet_sendmsg+0x11d/0x140 __sys_sendto+0x405/0x490 __x64_sys_sendto+0xdc/0x1b0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Necesitamos limpiar correctamente todos los recursos emparejados de nivel MPTCP y asegurarnos de liberar el msk al final, incluso cuando el subflujo no aceptado es destruido por los procesos internos de TCP mediante inet_child_forget(). Podemos reutilizar la infra MPTCP_WORK_CLOSE_SUBFLOW existente, comprobando expl\u00edcitamente que para el escenario cr\u00edtico: el subflujo cerrado es el de MPC, el msk no es aceptado y finalmente se realiza una limpieza completa. Con este cambio, __mptcp_destroy_sock() siempre se llama en los sockets msk, incluso en los aceptados. Ya no es necesario eliminar temporalmente una referencia sk al clonar msk. Tenga en cuenta que esta confirmaci\u00f3n depende de la principal: mptcp: refactorizar la inicializaci\u00f3n pasiva del socket."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53073",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.330",
"lastModified": "2025-05-02T16:15:26.330",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/core: Always clear status for idx\n\nThe variable 'status' (which contains the unhandled overflow bits) is\nnot being properly masked in some cases, displaying the following\nwarning:\n\n WARNING: CPU: 156 PID: 475601 at arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270\n\nThis seems to be happening because the loop is being continued before\nthe status bit being unset, in case x86_perf_event_set_period()\nreturns 0. This is also causing an inconsistency because the \"handled\"\ncounter is incremented, but the status bit is not cleaned.\n\nMove the bit cleaning together above, together when the \"handled\"\ncounter is incremented."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/x86/amd/core: Siempre borrar el estado de idx. La variable 'status' (que contiene los bits de desbordamiento no controlados) no se enmascara correctamente en algunos casos, mostrando la siguiente advertencia: ADVERTENCIA: CPU: 156 PID: 475601 en arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270. Esto parece estar sucediendo porque el bucle contin\u00faa antes de que se desactive el bit de estado, en caso de que x86_perf_event_set_period() devuelva 0. Esto tambi\u00e9n causa una inconsistencia porque el contador \"controlado\" se incrementa, pero el bit de estado no se limpia. Mueva la limpieza de bits junto arriba, junto cuando se incrementa el contador \"controlado\"."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53074.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53074",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.420",
"lastModified": "2025-05-02T16:15:26.420",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini\n\nThe call trace occurs when the amdgpu is removed after\nthe mode1 reset. During mode1 reset, from suspend to resume,\nthere is no need to reinitialize the ta firmware buffer\nwhich caused the bo pin_count increase redundantly.\n\n[ 489.885525] Call Trace:\n[ 489.885525] <TASK>\n[ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm]\n[ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu]\n[ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu]\n[ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu]\n[ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu]\n[ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0\n[ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu]\n[ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu]\n[ 489.886132] ? __pm_runtime_resume+0x60/0x90\n[ 489.886134] pci_device_remove+0x3e/0xb0\n[ 489.886135] __device_release_driver+0x1ab/0x2a0\n[ 489.886137] driver_detach+0xf3/0x140\n[ 489.886138] bus_remove_driver+0x6c/0xf0\n[ 489.886140] driver_unregister+0x31/0x60\n[ 489.886141] pci_unregister_driver+0x40/0x90\n[ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de seguimiento de llamadas ttm_bo en psp_hw_fini. El seguimiento de llamadas se produce al eliminar amdgpu tras el reinicio en modo 1. Durante el reinicio en modo 1, desde la suspensi\u00f3n hasta la reanudaci\u00f3n, no es necesario reinicializar el b\u00fafer de firmware ta, lo que provocaba un aumento redundante en el recuento de pines de bo. [ 489.885525] Seguimiento de llamadas: [ 489.885525] [ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm] [ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu] [ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu] [ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu] [ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu] [ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0 [ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu] [ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu] [ 489.886132] ? __pm_runtime_resume+0x60/0x90 [ 489.886134] pci_device_remove+0x3e/0xb0 [ 489.886135] __device_release_driver+0x1ab/0x2a0 [ 489.886137] driver_detach+0xf3/0x140 [ 489.886138] bus_remove_driver+0x6c/0xf0 [ 489.886140] driver_unregister+0x31/0x60 [ 489.886141] pci_unregister_driver+0x40/0x90 [ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu] "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53075.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53075",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.510",
"lastModified": "2025-05-02T16:15:26.510",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg->index++, index is 0 and accessing pg->records[-1].ip\nwill cause this problem.\n\nDon't check the ip when pg->index is 0."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Se corrige el acceso a direcciones no v\u00e1lidas en lookup_rec() cuando el \u00edndice es 0 KASAN inform\u00f3 el siguiente problema: BUG: KASAN: use-after-free en lookup_rec Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff000199270ff0 por la tarea modprobe CPU: 2 Comm: modprobe Rastreo de llamadas: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe Al verificar pg-&gt;records[pg-&gt;index - 1].ip en lookup_rec(), puede obtener un pg que se agreg\u00f3 recientemente a ftrace_pages_start en ftrace_process_locs(). Antes del primer pg-&gt;index++, el \u00edndice es 0 y acceder a pg-&gt;records[-1].ip causar\u00e1 este problema. No verifique la IP cuando pg-&gt;index sea 0."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53077.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53077",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.720",
"lastModified": "2025-05-02T16:15:26.720",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes\n\n[WHY]\nWhen PTEBufferSizeInRequests is zero, UBSAN reports the following\nwarning because dml_log2 returns an unexpected negative value:\n\n shift exponent 4294966273 is too large for 32-bit type 'int'\n\n[HOW]\n\nIn the case PTEBufferSizeInRequests is zero, skip the dml_log2() and\nassign the result directly."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corregir desplazamiento fuera de los l\u00edmites en CalculateVMAndRowBytes [POR QU\u00c9] Cuando PTEBufferSizeInRequests es cero, UBSAN informa la siguiente advertencia porque dml_log2 devuelve un valor negativo inesperado: el exponente de desplazamiento 4294966273 es demasiado grande para el tipo de 32 bits 'int' [C\u00d3MO] En el caso de que PTEBufferSizeInRequests sea cero, omita dml_log2() y asigne el resultado directamente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53078.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53078",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.820",
"lastModified": "2025-05-02T16:15:26.820",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_dh_alua: Se corrige la fuga de memoria para 'qdata' en alua_activate(). Si alua_rtpg_queue() falla desde alua_activate(), entonces 'qdata' no se libera, lo que causar\u00e1 la siguiente fuga de memoria: objeto sin referencia 0xffff88810b2c6980 (tama\u00f1o 32): comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (edad 1216426.076s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [&lt;0000000098f3a26d&gt;] alua_activate+0xb0/0x320 [&lt;000000003b529641&gt;] scsi_dh_activate+0xb2/0x140 [&lt;000000007b296db3&gt;] activate_path_work+0xc6/0xe0 [dm_multipath] [&lt;000000007adc9ace&gt;] process_one_work+0x3c5/0x730 [&lt;00000000c457a985&gt;] worker_thread+0x93/0x650 [&lt;00000000cb80e628&gt;] kthread+0x1ba/0x210 [&lt;00000000a1e61077&gt;] ret_from_fork+0x22/0x30 Solucione el problema liberando 'qdata' en la ruta de error."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53079.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53079",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:26.923",
"lastModified": "2025-05-02T16:15:26.923",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix steering rules cleanup\n\nvport's mc, uc and multicast rules are not deleted in teardown path when\nEEH happens. Since the vport's promisc settings(uc, mc and all) in\nfirmware are reset after EEH, mlx5 driver will try to delete the above\nrules in the initialization path. This cause kernel crash because these\nsoftware rules are no longer valid.\n\nFix by nullifying these rules right after delete to avoid accessing any dangling\npointers.\n\nCall Trace:\n__list_del_entry_valid+0xcc/0x100 (unreliable)\ntree_put_node+0xf4/0x1b0 [mlx5_core]\ntree_remove_node+0x30/0x70 [mlx5_core]\nmlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]\nesw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]\nesw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]\nesw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]\nesw_enable_vport+0x130/0x260 [mlx5_core]\nmlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]\nmlx5_device_enable_sriov+0x74/0x440 [mlx5_core]\nmlx5_load_one+0x114c/0x1550 [mlx5_core]\nmlx5_pci_resume+0x68/0xf0 [mlx5_core]\neeh_report_resume+0x1a4/0x230\neeh_pe_dev_traverse+0x98/0x170\neeh_handle_normal_event+0x3e4/0x640\neeh_handle_event+0x4c/0x370\neeh_event_handler+0x14c/0x210\nkthread+0x168/0x1b0\nret_from_kernel_thread+0x5c/0x84"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Se corrige la eliminaci\u00f3n de las reglas de direccionamiento de las reglas de limpieza de vport mc, uc y multicast en la ruta de desmontaje cuando se produce EEH. Dado que la configuraci\u00f3n promisc del vport (uc, mc y todas) en el firmware se restablece despu\u00e9s de EEH, el controlador mlx5 intentar\u00e1 eliminar las reglas mencionadas en la ruta de inicializaci\u00f3n. Esto provoca un fallo del kernel porque estas reglas de software ya no son v\u00e1lidas. Se corrige anulando estas reglas justo despu\u00e9s de la eliminaci\u00f3n para evitar el acceso a punteros colgantes. Rastreo de llamadas: __list_del_entry_valid+0xcc/0x100 (unreliable) tree_put_node+0xf4/0x1b0 [mlx5_core] tree_remove_node+0x30/0x70 [mlx5_core] mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core] esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core] esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core] esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core] esw_enable_vport+0x130/0x260 [mlx5_core] mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core] mlx5_device_enable_sriov+0x74/0x440 [mlx5_core] mlx5_load_one+0x114c/0x1550 [mlx5_core] mlx5_pci_resume+0x68/0xf0 [mlx5_core] eeh_report_resume+0x1a4/0x230 eeh_pe_dev_traverse+0x98/0x170 eeh_handle_normal_event+0x3e4/0x640 eeh_handle_event+0x4c/0x370 eeh_event_handler+0x14c/0x210 kthread+0x168/0x1b0 ret_from_kernel_thread+0x5c/0x84 "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53080.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53080",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.020",
"lastModified": "2025-05-02T16:15:27.020",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Add missing overflow check in xdp_umem_reg\n\nThe number of chunks can overflow u32. Make sure to return -EINVAL on\noverflow. Also remove a redundant u32 cast assigning umem->npgs."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: Se ha a\u00f1adido una comprobaci\u00f3n de desbordamiento faltante en xdp_umem_reg. El n\u00famero de fragmentos puede desbordar u32. Aseg\u00farese de devolver -EINVAL en caso de desbordamiento. Tambi\u00e9n se ha eliminado una conversi\u00f3n u32 redundante que asigna umem-&gt;npgs."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53081.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53081",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.117",
"lastModified": "2025-05-02T16:15:27.117",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after failed write\n\nWhen buffered write fails to copy data into underlying page cache page,\nocfs2_write_end_nolock() just zeroes out and dirties the page. This can\nleave dirty page beyond EOF and if page writeback tries to write this page\nbefore write succeeds and expands i_size, page gets into inconsistent\nstate where page dirty bit is clear but buffer dirty bits stay set\nresulting in page data never getting written and so data copied to the\npage is lost. Fix the problem by invalidating page beyond EOF after\nfailed write."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: se corrige la corrupci\u00f3n de datos tras una escritura fallida. Cuando una escritura en b\u00fafer no copia los datos en la p\u00e1gina de cach\u00e9 de la p\u00e1gina subyacente, ocfs2_write_end_nolock() simplemente pone a cero y contamina la p\u00e1gina. Esto puede dejar una p\u00e1gina contaminada m\u00e1s all\u00e1 del EOF. Si la escritura diferida intenta escribir en esta p\u00e1gina antes de que la escritura tenga \u00e9xito y expande i_size, la p\u00e1gina entra en un estado inconsistente donde el bit de p\u00e1gina contaminada se borra, pero los bits de b\u00fafer contaminados permanecen activos, lo que resulta en que los datos de la p\u00e1gina nunca se escriban y, por lo tanto, se pierdan los datos copiados. Se soluciona el problema invalidando la p\u00e1gina m\u00e1s all\u00e1 del EOF tras una escritura fallida."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53082.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53082",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.220",
"lastModified": "2025-05-02T16:15:27.220",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix the crash in hot unplug with vp_vdpa\n\nWhile unplugging the vp_vdpa device, it triggers a kernel panic\nThe root cause is: vdpa_mgmtdev_unregister() will accesses modern\ndevices which will cause a use after free.\nSo need to change the sequence in vp_vdpa_remove\n\n[ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014\n[ 195.004012] #PF: supervisor read access in kernel mode\n[ 195.004486] #PF: error_code(0x0000) - not-present page\n[ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0\n[ 195.005578] Oops: 0000 1 PREEMPT SMP PTI\n[ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: loaded Not tainted 5.14.0-252.el9.x86_64 #1\n[ 195.006792] Hardware name: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown\n[ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn\n[ 195.008059] RIP: 0010:ioread8+0x31/0x80\n[ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc <8a> 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7\n[ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292\n[ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0\n[ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014\n[ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68\n[ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120\n[ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805\n[ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000\n[ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0\n[ 195.015741] PKRU: 55555554\n[ 195.016001] Call Trace:\n[ 195.016233] <TASK>\n[ 195.016434] vp_modern_get_status+0x12/0x20\n[ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa]\n[ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa]\n[ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net]\n[ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 195.018618] virtio_dev_remove+0x3d/0x90\n[ 195.018986] device_release_driver_internal+0x1aa/0x230\n[ 195.019466] bus_remove_device+0xd8/0x150\n[ 195.019841] device_del+0x18b/0x3f0\n[ 195.020167] ? kernfs_find_ns+0x35/0xd0\n[ 195.020526] device_unregister+0x13/0x60\n[ 195.020894] unregister_virtio_device+0x11/0x20\n[ 195.021311] device_release_driver_internal+0x1aa/0x230\n[ 195.021790] bus_remove_device+0xd8/0x150\n[ 195.022162] device_del+0x18b/0x3f0\n[ 195.022487] device_unregister+0x13/0x60\n[ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa]\n[ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa]\n[ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa]\n[ 195.024115] bus_for_each_dev+0x78/0xc0\n[ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa]\n[ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa]\n[ 195.025353] pci_device_remove+0x36/0xa0\n[ 195.025719] device_release_driver_internal+0x1aa/0x230\n[ 195.026201] pci_stop_bus_device+0x6c/0x90\n[ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20\n[ 195.027039] disable_slot+0x49/0x90\n[ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90\n[ 195.027832] hotplug_event+0xea/0x210\n[ 195.028171] ? hotplug_event+0x210/0x210\n[ 195.028535] acpiphp_hotplug_notify+0x22/0x80\n[ 195.028942] ? hotplug_event+0x210/0x210\n[ 195.029303] acpi_device_hotplug+0x8a/0x1d0\n[ 195.029690] acpi_hotplug_work_fn+0x1a/0x30\n[ 195.030077] process_one_work+0x1e8/0x3c0\n[ 195.030451] worker_thread+0x50/0x3b0\n[ 195.030791] ? rescuer_thread+0x3a0/0x3a0\n[ 195.031165] kthread+0xd9/0x100\n[ 195.031459] ? kthread_complete_and_exit+0x20/0x20\n[ 195.031899] ret_from_fork+0x22/0x30\n[ 195.032233] </TASK>"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vp_vdpa: corrige el fallo en la desconexi\u00f3n activa con vp_vdpa Al desconectar el dispositivo vp_vdpa, se desencadena un p\u00e1nico del kernel La causa ra\u00edz es: vdpa_mgmtdev_unregister() acceder\u00e1 a dispositivos modernos, lo que provocar\u00e1 un use-after-free. Entonces es necesario cambiar la secuencia en vp_vdpa_remove [ 195.003359] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ff4e8beb80199014 [ 195.004012] #PF: acceso de lectura del supervisor en modo kernel [ 195.004486] #PF: error_code(0x0000) - p\u00e1gina no presente [ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0 [ 195.005578] Oops: 0000 1 PREEMPT SMP PTI [ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: cargado No contaminado 5.14.0-252.el9.x86_64 #1 [ 195.006792] Nombre del hardware: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown [ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn [ 195.008059] RIP: 0010:ioread8+0x31/0x80 [ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc &lt;8a&gt; 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7 [ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292 [ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0 [ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014 [ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68 [ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120 [ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805 [ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000 [ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0 [ 195.015741] PKRU: 55555554 [ 195.016001] Call Trace: [ 195.016233] [ 195.016434] vp_modern_get_status+0x12/0x20 [ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa] [ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa] [ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net] [ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net] [ 195.018618] virtio_dev_remove+0x3d/0x90 [ 195.018986] device_release_driver_internal+0x1aa/0x230 [ 195.019466] bus_remove_device+0xd8/0x150 [ 195.019841] device_del+0x18b/0x3f0 [ 195.020167] ? kernfs_find_ns+0x35/0xd0 [ 195.020526] device_unregister+0x13/0x60 [ 195.020894] unregister_virtio_device+0x11/0x20 [ 195.021311] device_release_driver_internal+0x1aa/0x230 [ 195.021790] bus_remove_device+0xd8/0x150 [ 195.022162] device_del+0x18b/0x3f0 [ 195.022487] device_unregister+0x13/0x60 [ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa] [ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa] [ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa] [ 195.024115] bus_for_each_dev+0x78/0xc0 [ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa] [ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa] [ 195.025353] pci_device_remove+0x36/0xa0 [ 195.025719] device_release_driver_internal+0x1aa/0x230 [ 195.026201] pci_stop_bus_device+0x6c/0x90 [ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20 [ 195.027039] disable_slot+0x49/0x90 [ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90 [ 195.027832] hotplug_event+0xea/0x210 [ 195.028171] ? hotplug_event+0x210/0x210 [ 195.028535] acpiphp_hotplug_notify+0x22/0x80 [ 195.028942] ? hotplug_event+0x210/0x210 [ 195.029303] acpi_device_hotplug+0x8a/0x1d0 [ 195.029690] acpi_hotplug_work_fn+0x1a/0x30 [ 195.030077] process_one_work+0x1e8/0x3c0 [ 195.030451] worker_thread+0x50/0x3b0 [ 195.030791] ? rescuer_thread+0x3a0/0x3a0 [ 195.031165] kthread+0xd9/0x100 [ 195.031459] ? kthread_complete_and_exit+0x20/0x20 [ 195.031899] ret_from_fork+0x22/0x30 [ 195.032233] "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53083.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53083",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.310",
"lastModified": "2025-05-02T16:15:27.310",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't replace page in rq_pages if it's a continuation of last page\n\nThe splice read calls nfsd_splice_actor to put the pages containing file\ndata into the svc_rqst->rq_pages array. It's possible however to get a\nsplice result that only has a partial page at the end, if (e.g.) the\nfilesystem hands back a short read that doesn't cover the whole page.\n\nnfsd_splice_actor will plop the partial page into its rq_pages array and\nreturn. Then later, when nfsd_splice_actor is called again, the\nremainder of the page may end up being filled out. At this point,\nnfsd_splice_actor will put the page into the array _again_ corrupting\nthe reply. If this is done enough times, rq_next_page will overrun the\narray and corrupt the trailing fields -- the rq_respages and\nrq_next_page pointers themselves.\n\nIf we've already added the page to the array in the last pass, don't add\nit to the array a second time when dealing with a splice continuation.\nThis was originally handled properly in nfsd_splice_actor, but commit\n91e23b1c3982 (\"NFSD: Clean up nfsd_splice_actor()\") removed the check\nfor it."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: no reemplace la p\u00e1gina en rq_pages si es una continuaci\u00f3n de la \u00faltima p\u00e1gina la lectura de empalme llama a nfsd_splice_actor para poner las p\u00e1ginas que contienen datos de archivo en la matriz svc_rqst-&gt;rq_pages. Sin embargo, es posible obtener un resultado de empalme que solo tenga una p\u00e1gina parcial al final, si (p. ej.) el sistema de archivos devuelve una lectura corta que no cubre toda la p\u00e1gina. nfsd_splice_actor colocar\u00e1 la p\u00e1gina parcial en su matriz rq_pages y retornar\u00e1. Luego, m\u00e1s tarde, cuando se vuelva a llamar a nfsd_splice_actor, el resto de la p\u00e1gina puede terminar llen\u00e1ndose. En este punto, nfsd_splice_actor colocar\u00e1 la p\u00e1gina en array _again_ corrompiendo la respuesta. Si esto se repite varias veces, rq_next_page saturar\u00e1 el array y corromper\u00e1 los campos finales: los punteros rq_respages y rq_next_page. Si ya a\u00f1adimos la p\u00e1gina al array en la \u00faltima pasada, no la a\u00f1adamos una segunda vez al tratar con una continuaci\u00f3n de empalme. Esto se gestionaba correctamente en nfsd_splice_actor, pero el commit 91e23b1c3982 (\"NFSD: Limpiar nfsd_splice_actor()\") elimin\u00f3 la comprobaci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53084.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53084",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.403",
"lastModified": "2025-05-02T16:15:27.403",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove another errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own reference in error code path, resulting\nin the dma-buf shmem GEM object getting prematurely freed leading to a\nlater use-after-free."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/shmem-helper: Eliminar otro objeto errante en la ruta de error drm_gem_shmem_mmap() no posee una referencia en la ruta del c\u00f3digo de error, lo que da como resultado que el objeto GEM shmem dma-buf se libere prematuramente y genere un use-after-free posterior."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53085.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53085",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.493",
"lastModified": "2025-05-02T16:15:27.493",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/edid: fix info leak when failing to get panel id\n\nMake sure to clear the transfer buffer before fetching the EDID to\navoid leaking slab data to the logs on errors that leave the buffer\nunchanged."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/edid: corrige p\u00e9rdida de informaci\u00f3n cuando no se puede obtener el ID del panel. Aseg\u00farese de borrar el b\u00fafer de transferencia antes de obtener el EDID para evitar filtrar datos de la losa a los registros en errores que dejan el b\u00fafer sin cambios."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53086.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53086",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.580",
"lastModified": "2025-05-02T16:15:27.580",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: connac: do not check WED status for non-mmio devices\n\nWED is supported just for mmio devices, so do not check it for usb or\nsdio devices. This patch fixes the crash reported below:\n\n[ 21.946627] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.525298] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.548274] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d\n[ 22.557694] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.565885] wlp0s3u1i3: authenticated\n[ 22.569502] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 1/3)\n[ 22.578966] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3)\n[ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rejected association temporarily; comeback duration 1000 TU (1024 ms)\n[ 23.649518] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 2/3)\n[ 23.752528] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3)\n[ 23.797450] wlp0s3u1i3: associated\n[ 24.959527] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)\n[ 24.959640] BUG: unable to handle page fault for address: ffff88800c223200\n[ 24.959706] #PF: supervisor instruction fetch in kernel mode\n[ 24.959788] #PF: error_code(0x0011) - permissions violation\n[ 24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163\n[ 24.959957] Oops: 0011 [#1] PREEMPT SMP\n[ 24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant Not tainted 6.2.0-kvm #18\n[ 24.960089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n[ 24.960191] RIP: 0010:0xffff88800c223200\n[ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282\n[ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058\n[ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010\n[ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c\n[ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001\n[ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644\n[ 24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\n[ 24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0\n[ 24.961190] Call Trace:\n[ 24.961219] <TASK>\n[ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310\n[ 24.961313] ? mt7921_set_key+0x150/0x200\n[ 24.961365] ? drv_set_key+0xa9/0x1b0\n[ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240\n[ 24.961485] ? ieee80211_key_replace+0x3f3/0x730\n[ 24.961541] ? crypto_shash_setkey+0x89/0xd0\n[ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0\n[ 24.961664] ? crypto_aead_setauthsize+0x31/0x50\n[ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0\n[ 24.961785] ? ieee80211_add_key+0x1fc/0x250\n[ 24.961842] ? rdev_add_key+0x41/0x140\n[ 24.961882] ? nl80211_parse_key+0x6c/0x2f0\n[ 24.961940] ? nl80211_new_key+0x24a/0x290\n[ 24.961984] ? genl_rcv_msg+0x36c/0x3a0\n[ 24.962036] ? rdev_mod_link_station+0xe0/0xe0\n[ 24.962102] ? nl80211_set_key+0x410/0x410\n[ 24.962143] ? nl80211_pre_doit+0x200/0x200\n[ 24.962187] ? genl_bind+0xc0/0xc0\n[ 24.962217] ? netlink_rcv_skb+0xaa/0xd0\n[ 24.962259] ? genl_rcv+0x24/0x40\n[ 24.962300] ? netlink_unicast+0x224/0x2f0\n[ 24.962345] ? netlink_sendmsg+0x30b/0x3d0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962388] ? ____sys_sendmsg+0x109/0x1b0\n[ 24.962440] ? __import_iovec+0x2e/0x110\n[ 24.962482] ? ___sys_sendmsg+0xbe/0xe0\n[ 24.962525] ? mod_objcg_state+0x25c/0x330\n[ 24.962576] ? __dentry_kill+0x19e/0x1d0\n[ 24.962618] ? call_rcu+0x18f/0x270\n[ 24.962660] ? __dentry_kill+0x19e/0x1d0\n[ 24.962702] ? __x64_sys_sendmsg+0x70/0x90\n[ 24.962744] ? do_syscall_64+0x3d/0x80\n[ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70\n[ 24.962852] ? entry_SYSCA\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: connac: no verifique el estado de WED para dispositivos que no sean mmio WED solo es compatible con dispositivos mmio, por lo que no lo verifique para dispositivos usb o sdio. Este parche corrige el fallo informado a continuaci\u00f3n: [ 21.946627] wlp0s3u1i3: autenticar con c4:41:1e:f5:2b:1d [ 22.525298] wlp0s3u1i3: enviar autenticaci\u00f3n a c4:41:1e:f5:2b:1d (intentar 1/3) [ 22.548274] wlp0s3u1i3: autenticar con c4:41:1e:f5:2b:1d [ 22.557694] wlp0s3u1i3: enviar autenticaci\u00f3n a c4:41:1e:f5:2b:1d (intentar 1/3) [ 22.565885] wlp0s3u1i3: autenticado [ 22.569502] wlp0s3u1i3: asociar con c4:41:1e:f5:2b:1d (try 1/3) [ 22.578966] wlp0s3u1i3: RX AssocResp de c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3) [ 22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rechaz\u00f3 la asociaci\u00f3n temporalmente; duraci\u00f3n del regreso 1000 TU (1024 ms) [ 23.649518] wlp0s3u1i3: asociado con c4:41:1e:f5:2b:1d (intento 2/3) [ 23.752528] wlp0s3u1i3: RX AssocResp de c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3) [ 23.797450] wlp0s3u1i3: asociado [ 24.959527] el kernel intent\u00f3 ejecutar p\u00e1gina protegida por NX - \u00bfintento de explotaci\u00f3n? (uid: 0) [24.959640] ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffff88800c223200 [24.959706] #PF: obtenci\u00f3n de instrucci\u00f3n de supervisor en modo kernel [24.959788] #PF: error_code(0x0011) - violaci\u00f3n de permisos [24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163 [24.959957] Oops: 0011 [#1] PREEMPT SMP [24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant No contaminado 6.2.0-kvm #18 [ 24.960089] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 01/04/2014 [ 24.960191] RIP: 0010:0xffff88800c223200 [ 24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282 [ 24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058 [ 24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010 [ 24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c [ 24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 000000000000001 [ 24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644 [24.960950] FS: 00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [24.961036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0 [24.961190] Rastreo de llamadas: [24.961219] [ 24.961245] ? mt76_connac_mcu_add_key+0x2cf/0x310 [ 24.961313] ? mt7921_set_key+0x150/0x200 [ 24.961365] ? drv_set_key+0xa9/0x1b0 [ 24.961418] ? ieee80211_key_enable_hw_accel+0xd9/0x240 [ 24.961485] ? ieee80211_key_replace+0x3f3/0x730 [ 24.961541] ? crypto_shash_setkey+0x89/0xd0 [ 24.961597] ? ieee80211_key_link+0x2d7/0x3a0 [ 24.961664] ? crypto_aead_setauthsize+0x31/0x50 [ 24.961730] ? sta_info_hash_lookup+0xa6/0xf0 [ 24.961785] ? ieee80211_add_key+0x1fc/0x250 [ 24.961842] ? rdev_add_key+0x41/0x140 [ 24.961882] ? nl80211_parse_key+0x6c/0x2f0 [ 24.961940] ? nl80211_new_key+0x24a/0x290 [ 24.961984] ? genl_rcv_msg+0x36c/0x3a0 [ 24.962036] ? rdev_mod_link_station+0xe0/0xe0 [ 24.962102] ? nl80211_set_key+0x410/0x410 [ 24.962143] ? nl80211_pre_doit+0x200/0x200 [ 24.962187] ? genl_bind+0xc0/0xc0 [ 24.962217] ? netlink_rcv_skb+0xaa/0xd0 [ 24.962259] ? genl_rcv+0x24/0x40 [ 24.962300] ? netlink_unicast+0x224/0x2f0 [ 24.962345] ? netlink_sendmsg+0x30b/0x3d0 [ 24.962388] ? ____sys_sendmsg+0x109/0x1b0 [ 24.962388] ? ____sys_sendmsg+0x109/0x1b0 [ 24.962440] ? __import_iovec+0x2e/0x110 [ 24.962482] ? ___sys_sendmsg+0xbe/0xe0 [ 24.962525] ? mod_objcg_state+0x25c/0x330 [ 24.962576] ? __dentry_kill+0x19e/0x1d0 [ 24.962618] ? call_rcu+0x18f/0x270 [ 24.962660] ? __dentry_kill+0x19e/0x1d0 [ 24.962702] ? __x64_sys_sendmsg+0x70/0x90 [ 24.962744] ? do_syscall_64+0x3d/0x80 [ 24.962796] ? exit_to_user_mode_prepare+0x1b/0x70 [ 24.962852] ? entry_SYSCA ---truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53087.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53087",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.667",
"lastModified": "2025-05-02T16:15:27.667",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/active: Fix misuse of non-idle barriers as fence trackers\n\nUsers reported oopses on list corruptions when using i915 perf with a\nnumber of concurrently running graphics applications. Root cause analysis\npointed at an issue in barrier processing code -- a race among perf open /\nclose replacing active barriers with perf requests on kernel context and\nconcurrent barrier preallocate / acquire operations performed during user\ncontext first pin / last unpin.\n\nWhen adding a request to a composite tracker, we try to reuse an existing\nfence tracker, already allocated and registered with that composite. The\ntracker we obtain may already track another fence, may be an idle barrier,\nor an active barrier.\n\nIf the tracker we get occurs a non-idle barrier then we try to delete that\nbarrier from a list of barrier tasks it belongs to. However, while doing\nthat we don't respect return value from a function that performs the\nbarrier deletion. Should the deletion ever fail, we would end up reusing\nthe tracker still registered as a barrier task. Since the same structure\nfield is reused with both fence callback lists and barrier tasks list,\nlist corruptions would likely occur.\n\nBarriers are now deleted from a barrier tasks list by temporarily removing\nthe list content, traversing that content with skip over the node to be\ndeleted, then populating the list back with the modified content. Should\nthat intentionally racy concurrent deletion attempts be not serialized,\none or more of those may fail because of the list being temporary empty.\n\nRelated code that ignores the results of barrier deletion was initially\nintroduced in v5.4 by commit d8af05ff38ae (\"drm/i915: Allow sharing the\nidle-barrier from other kernel requests\"). However, all users of the\nbarrier deletion routine were apparently serialized at that time, then the\nissue didn't exhibit itself. Results of git bisect with help of a newly\ndeveloped igt@gem_barrier_race@remote-request IGT test indicate that list\ncorruptions might start to appear after commit 311770173fac (\"drm/i915/gt:\nSchedule request retirement when timeline idles\"), introduced in v5.5.\n\nRespect results of barrier deletion attempts -- mark the barrier as idle\nonly if successfully deleted from the list. Then, before proceeding with\nsetting our fence as the one currently tracked, make sure that the tracker\nwe've got is not a non-idle barrier. If that check fails then don't use\nthat tracker but go back and try to acquire a new, usable one.\n\nv3: use unlikely() to document what outcome we expect (Andi),\n - fix bad grammar in commit description.\nv2: no code changes,\n - blame commit 311770173fac (\"drm/i915/gt: Schedule request retirement\n when timeline idles\"), v5.5, not commit d8af05ff38ae (\"drm/i915: Allow\n sharing the idle-barrier from other kernel requests\"), v5.4,\n - reword commit description.\n\n(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/active: Arregla el mal uso de barreras no inactivas como rastreadores de vallas Los usuarios informaron errores en las corrupciones de listas al usar i915 perf con varias aplicaciones gr\u00e1ficas que se ejecutan simult\u00e1neamente. El an\u00e1lisis de la causa ra\u00edz apunt\u00f3 a un problema en el c\u00f3digo de procesamiento de barreras: una ejecuci\u00f3n entre la apertura/cierre de perf que reemplaza las barreras activas con solicitudes de perf en el contexto del kernel y las operaciones de preasignaci\u00f3n/adquisici\u00f3n de barreras simult\u00e1neas realizadas durante el primer pin/\u00faltimo desanclaje del contexto del usuario. Al agregar una solicitud a un rastreador compuesto, intentamos reutilizar un rastreador de vallas existente, ya asignado y registrado con ese compuesto. El rastreador que obtenemos puede que ya rastree otra valla, puede ser una barrera inactiva o una barrera activa. Si el rastreador que obtenemos ocurre con una barrera no inactiva, entonces intentamos eliminar esa barrera de una lista de tareas de barrera a la que pertenece. Sin embargo, mientras hacemos eso no respetamos el valor de retorno de una funci\u00f3n que realiza la eliminaci\u00f3n de la barrera. Si la eliminaci\u00f3n falla, terminar\u00edamos reutilizando el rastreador a\u00fan registrado como tarea de barrera. Dado que el mismo campo de estructura se reutiliza tanto con las listas de devoluci\u00f3n de llamadas de valla como con la lista de tareas de barrera, es probable que se produzcan da\u00f1os en la lista. Ahora, las barreras se eliminan de una lista de tareas de barrera eliminando temporalmente su contenido, recorri\u00e9ndolo con la omisi\u00f3n del nodo que se va a eliminar y, a continuaci\u00f3n, rellenando la lista con el contenido modificado. Si estos intentos de eliminaci\u00f3n concurrentes, intencionalmente agresivos, no se serializan, uno o m\u00e1s de ellos podr\u00edan fallar debido a que la lista est\u00e1 temporalmente vac\u00eda. El c\u00f3digo relacionado que ignora los resultados de la eliminaci\u00f3n de barrera se introdujo inicialmente en la versi\u00f3n 5.4 mediante el commit d8af05ff38ae (\"drm/i915: Permitir compartir la barrera inactiva con otras solicitudes del kernel\"). Sin embargo, todos los usuarios de la rutina de eliminaci\u00f3n de barrera aparentemente estaban serializados en ese momento, por lo que el problema no se manifest\u00f3. Los resultados de git bisect con la ayuda de una prueba IGT igt@gem_barrier_race@remote-request recientemente desarrollada indican que podr\u00edan aparecer corrupciones en la lista despu\u00e9s deel commit 311770173fac (\"drm/i915/gt: Retirada de solicitud de programaci\u00f3n cuando la l\u00ednea de tiempo est\u00e1 inactiva\"), introducida en la v5.5. Respetar los resultados de los intentos de eliminaci\u00f3n de barreras: marcar la barrera como inactiva solo si se elimina correctamente de la lista. Luego, antes de configurar nuestra barrera como la que se rastrea actualmente, asegurarse de que el rastreador que tenemos no sea una barrera no inactiva. Si la comprobaci\u00f3n falla, no usar ese rastreador, sino volver atr\u00e1s e intentar obtener uno nuevo y utilizable. v3: usar Unlikely() para documentar el resultado esperado (Andi). Corregir errores gramaticales en la descripci\u00f3n de la confirmaci\u00f3n. v2: sin cambios de c\u00f3digo, - culpar a el commit 311770173fac (\"drm/i915/gt: Programar el retiro de solicitudes cuando la l\u00ednea de tiempo est\u00e1 inactiva\"), v5.5, no confirmar d8af05ff38ae (\"drm/i915: Permitir compartir la barrera de inactividad con otras solicitudes del kernel\"), v5.4, - reformular la descripci\u00f3n deel commit. (Seleccionado de la confirmaci\u00f3n 506006055769b10d1b2b4e22f636f3b45e0e9fc7)"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53088.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53088",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.760",
"lastModified": "2025-05-02T16:15:27.760",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix UaF in listener shutdown\n\nAs reported by Christoph after having refactored the passive\nsocket initialization, the mptcp listener shutdown path is prone\nto an UaF issue.\n\n BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x73/0xe0\n Write of size 4 at addr ffff88810cb23098 by task syz-executor731/1266\n\n CPU: 1 PID: 1266 Comm: syz-executor731 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n kasan_check_range+0x14a/0x1a0\n _raw_spin_lock_bh+0x73/0xe0\n subflow_error_report+0x6d/0x110\n sk_error_report+0x3b/0x190\n tcp_disconnect+0x138c/0x1aa0\n inet_child_forget+0x6f/0x2e0\n inet_csk_listen_stop+0x209/0x1060\n __mptcp_close_ssk+0x52d/0x610\n mptcp_destroy_common+0x165/0x640\n mptcp_destroy+0x13/0x80\n __mptcp_destroy_sock+0xe7/0x270\n __mptcp_close+0x70e/0x9b0\n mptcp_close+0x2b/0x150\n inet_release+0xe9/0x1f0\n __sock_release+0xd2/0x280\n sock_close+0x15/0x20\n __fput+0x252/0xa20\n task_work_run+0x169/0x250\n exit_to_user_mode_prepare+0x113/0x120\n syscall_exit_to_user_mode+0x1d/0x40\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe msk grace period can legitly expire in between the last\nreference count dropped in mptcp_subflow_queue_clean() and\nthe later eventual access in inet_csk_listen_stop()\n\nAfter the previous patch we don't need anymore special-casing\nmsk listener socket cleanup: the mptcp worker will process each\nof the unaccepted msk sockets.\n\nJust drop the now unnecessary code.\n\nPlease note this commit depends on the two parent ones:\n\n mptcp: refactor passive socket initialization\n mptcp: use the workqueue to destroy unaccepted sockets"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: correcci\u00f3n de UaF en el apagado del oyente Como inform\u00f3 Christoph despu\u00e9s de haber refactorizado la inicializaci\u00f3n del socket pasivo, la ruta de apagado del oyente mptcp es propensa a un problema de UaF. ERROR: KASAN: use-after-free en _raw_spin_lock_bh+0x73/0xe0 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff88810cb23098 por la tarea syz-executor731/1266 CPU: 1 PID: 1266 Comm: syz-executor731 No contaminado 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x6e/0x91 print_report+0x16a/0x46f kasan_report+0xad/0x130 kasan_check_range+0x14a/0x1a0 _raw_spin_lock_bh+0x73/0xe0 subflow_error_report+0x6d/0x110 sk_error_report+0x3b/0x190 tcp_disconnect+0x138c/0x1aa0 inet_child_forget+0x6f/0x2e0 inet_csk_listen_stop+0x209/0x1060 __mptcp_close_ssk+0x52d/0x610 mptcp_destroy_common+0x165/0x640 mptcp_destroy+0x13/0x80 __mptcp_destroy_sock+0xe7/0x270 __mptcp_close+0x70e/0x9b0 mptcp_close+0x2b/0x150 inet_release+0xe9/0x1f0 __sock_release+0xd2/0x280 sock_close+0x15/0x20 __fput+0x252/0xa20 task_work_run+0x169/0x250 exit_to_user_mode_prepare+0x113/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc puede expirar leg\u00edtimamente entre el \u00faltimo recuento de referencias introducido en mptcp_subflow_queue_clean() y el acceso eventual posterior en inet_csk_listen_stop(). Tras la actualizaci\u00f3n anterior, ya no necesitamos la limpieza de sockets del receptor MSK con casos especiales: el trabajador de mptcp procesar\u00e1 cada uno de los sockets MSK no aceptados. Simplemente elimine el c\u00f3digo innecesario. Tenga en cuenta que esta confirmaci\u00f3n depende de las dos principales: mptcp: refactorizar la inicializaci\u00f3n pasiva de sockets. mptcp: usar la cola de trabajo para eliminar los sockets no aceptados."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53089.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53089",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.853",
"lastModified": "2025-05-02T16:15:27.853",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix task hung in ext4_xattr_delete_inode\n\nSyzbot reported a hung task problem:\n==================================================================\nINFO: task syz-executor232:5073 blocked for more than 143 seconds.\n Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0\n\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004\nCall Trace:\n <TASK>\n context_switch kernel/sched/core.c:5244 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6555\n schedule+0xcb/0x190 kernel/sched/core.c:6631\n __wait_on_freeing_inode fs/inode.c:2196 [inline]\n find_inode_fast+0x35a/0x4c0 fs/inode.c:950\n iget_locked+0xb1/0x830 fs/inode.c:1273\n __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861\n ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389\n ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148\n ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880\n ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296\n evict+0x2a4/0x620 fs/inode.c:664\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fa5406fd5ea\nRSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea\nRDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970\nRBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432\nR10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004\nR13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000\n </TASK>\n==================================================================\n\nThe problem is that the inode contains an xattr entry with ea_inum of 15\nwhen cleaning up an orphan inode <15>. When evict inode <15>, the reference\ncounting of the corresponding EA inode is decreased. When EA inode <15> is\nfound by find_inode_fast() in __ext4_iget(), it is found that the EA inode\nholds the I_FREEING flag and waits for the EA inode to complete deletion.\nAs a result, when inode <15> is being deleted, we wait for inode <15> to\ncomplete the deletion, resulting in an infinite loop and triggering Hung\nTask. To solve this problem, we only need to check whether the ino of EA\ninode and parent is the same before getting EA inode."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de tarea bloqueada en ext4_xattr_delete_inode. Syzbot inform\u00f3 de un problema de tarea bloqueada: =================================================================== INFORMACI\u00d3N: La tarea syz-executor232:5073 se bloque\u00f3 durante m\u00e1s de 143 segundos. No contaminada. 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 \"echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs\" desactiva este mensaje. tarea:syz-exec232 estado:D pila:21024 pid:5073 ppid:5072 indicadores:0x00004004 Rastreo de llamadas: context_switch kernel/sched/core.c:5244 [en l\u00ednea] __schedule+0x995/0xe20 kernel/sched/core.c:6555 schedule+0xcb/0x190 kernel/sched/core.c:6631 __wait_on_freeing_inode fs/inode.c:2196 [en l\u00ednea] find_inode_fast+0x35a/0x4c0 fs/inode.c:950 iget_locked+0xb1/0x830 fs/inode.c:1273 __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861 ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389 ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148 ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880 ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296 evict+0x2a4/0x620 fs/inode.c:664 ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5516 [en l\u00ednea] ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644 get_tree_bdev+0x400/0x620 fs/super.c:1282 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [en l\u00ednea] __do_sys_mount fs/namespace.c:3697 [en l\u00ednea] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa5406fd5ea RSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea RDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970 RBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432 R10: 0000000000804a03 R11: 0000000000000202 R12: 000000000000004 R13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 000000000000000 == ... Para resolver este problema, solo necesitamos verificar si el ino del inodo EA y el padre es el mismo antes de obtener el inodo EA."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53090.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53090",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:27.957",
"lastModified": "2025-05-02T16:15:27.957",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix an illegal memory access\n\nIn the kfd_wait_on_events() function, the kfd_event_waiter structure is\nallocated by alloc_event_waiters(), but the event field of the waiter\nstructure is not initialized; When copy_from_user() fails in the\nkfd_wait_on_events() function, it will enter exception handling to\nrelease the previously allocated memory of the waiter structure;\nDue to the event field of the waiters structure being accessed\nin the free_waiters() function, this results in illegal memory access\nand system crash, here is the crash log:\n\nlocalhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0\nlocalhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082\nlocalhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000\nlocalhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0\nlocalhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64\nlocalhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002\nlocalhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698\nlocalhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000\nlocalhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nlocalhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0\nlocalhost kernel: Call Trace:\nlocalhost kernel: _raw_spin_lock_irqsave+0x30/0x40\nlocalhost kernel: remove_wait_queue+0x12/0x50\nlocalhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu]\nlocalhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu]\nlocalhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: __x64_sys_ioctl+0x8e/0xd0\nlocalhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0\nlocalhost kernel: do_syscall_64+0x33/0x80\nlocalhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9\nlocalhost kernel: RIP: 0033:0x152a4dff68d7\n\nAllocate the structure with kcalloc, and remove redundant 0-initialization\nand a redundant loop condition check."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Se corrige un acceso ilegal a memoria En la funci\u00f3n kfd_wait_on_events(), la estructura kfd_event_waiter es asignada por alloc_event_waiters(), pero el campo de evento de la estructura waiter no se inicializa; Cuando copy_from_user() falla en la funci\u00f3n kfd_wait_on_events(), ingresar\u00e1 al control de excepciones para liberar la memoria previamente asignada de la estructura waiter; Debido a que se accede al campo de evento de la estructura waiters en la funci\u00f3n free_waiters(), esto da como resultado un acceso ilegal a la memoria y un bloqueo del sistema. Aqu\u00ed est\u00e1 el registro de bloqueo: kernel localhost: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0 kernel localhost: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082 kernel localhost: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000 kernel localhost: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0 kernel localhost: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64 n\u00facleo del host local: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002 n\u00facleo del host local: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698 n\u00facleo del host local: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000 n\u00facleo localhost: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 n\u00facleo localhost: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0 n\u00facleo localhost: Seguimiento de llamadas: n\u00facleo localhost: _raw_spin_lock_irqsave+0x30/0x40 n\u00facleo localhost: remove_wait_queue+0x12/0x50 n\u00facleo localhost: kfd_wait_on_events+0x1b6/0x490 [hydcu] n\u00facleo localhost: ? ftrace_graph_caller+0xa0/0xa0 n\u00facleo local del host: kfd_ioctl+0x38c/0x4a0 [hydcu] n\u00facleo local del host: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu] n\u00facleo local del host: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu] n\u00facleo local del host: ? ftrace_graph_caller+0xa0/0xa0 n\u00facleo local del host: __x64_sys_ioctl+0x8e/0xd0 n\u00facleo local del host: ? syscall_trace_enter.isra.18+0x143/0x1b0 kernel localhost: do_syscall_64+0x33/0x80 kernel localhost: entry_SYSCALL_64_after_hwframe+0x44/0xa9 kernel localhost: RIP: 0033:0x152a4dff68d7 Asigne la estructura con kcalloc y elimine la inicializaci\u00f3n 0 redundante y una verificaci\u00f3n de condici\u00f3n de bucle redundante."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53091.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53091",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.073",
"lastModified": "2025-05-02T16:15:28.073",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update s_journal_inum if it changes after journal replay\n\nWhen mounting a crafted ext4 image, s_journal_inum may change after journal\nreplay, which is obviously unreasonable because we have successfully loaded\nand replayed the journal through the old s_journal_inum. And the new\ns_journal_inum bypasses some of the checks in ext4_get_journal(), which\nmay trigger a null pointer dereference problem. So if s_journal_inum\nchanges after the journal replay, we ignore the change, and rewrite the\ncurrent journal_inum to the superblock."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: actualizar s_journal_inum si cambia despu\u00e9s de la reproducci\u00f3n del diario. Al montar una imagen ext4 manipulada, s_journal_inum puede cambiar despu\u00e9s de la reproducci\u00f3n del diario, lo cual es obviamente irrazonable porque hemos cargado y reproducido correctamente el diario a trav\u00e9s del antiguo s_journal_inum. Y el nuevo s_journal_inum omite algunas de las comprobaciones en ext4_get_journal(), lo que puede desencadenar un problema de desreferencia de puntero nulo. Por lo tanto, si s_journal_inum cambia despu\u00e9s de la reproducci\u00f3n del diario, ignoramos el cambio y reescribimos el journal_inum actual en el superbloque."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53092.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53092",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.180",
"lastModified": "2025-05-02T16:15:28.180",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: exynos: se corrige la p\u00e9rdida de nodo en la ruta de error de QoS de PM de la sonda Aseg\u00farese de agregar el nodo de interconexi\u00f3n reci\u00e9n asignado al proveedor antes de agregar la solicitud de QoS de PM para que el nodo se libere en caso de errores."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53093.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53093",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.270",
"lastModified": "2025-05-02T16:15:28.270",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events\n # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: No permitir que los valores del histograma tengan modificadores. Los valores del histograma no pueden ser cadenas, seguimientos de pila, gr\u00e1ficos, s\u00edmbolos, llamadas al sistema ni agruparse en contenedores o registros. Se genera un error si se configura un valor para ello. Tenga en cuenta que el c\u00f3digo del histograma no estaba preparado para manejar estos modificadores, lo que provoc\u00f3 un error. Mark Rutland inform\u00f3: # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' &gt;&gt; /sys/kernel/tracing/kprobe_events # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' &gt; /sys/kernel/tracing/events/kprobes/copy_to_user/trigger # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist [ 143.694628] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 [ 143.695190] Informaci\u00f3n de aborto de memoria: [ 143.695362] ESR = 0x0000000096000004 [ 143.695604] EC = 0x25: DABT (EL actual), IL = 32 bits [ 143.695889] SET = 0, FnV = 0 [ 143.696077] EA = 0, S1PTW = 0 [ 143.696302] FSC = 0x04: fallo de traducci\u00f3n de nivel 0 [ 143.702381] Informaci\u00f3n de cancelaci\u00f3n de datos: [ 143.702614] ISV = 0, ISS = 0x00000004 [ 143.702832] CM = 0, WnR = 0 [ 143.703087] pgtable de usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=00000000448f9000 [ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 143.704137] Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP [ 143.704714] M\u00f3dulos vinculados: [ 143.705273] CPU: 0 PID: 133 Comm: cat No contaminado 6.2.0-00003-g6fc512c10a7c #3 [ 143.706138] Nombre del hardware: linux,dummy-virt (DT) [ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 143.707120] pc : nombre_campo_hist.parte.0+0x14/0x140 [ 143.707504] lr : nombre_campo_hist.parte.0+0x104/0x140 [ 143.707774] sp : ffff800008333a30 [ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0 [ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800 [ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001 [ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000 [ 143.709478] x17: 000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023 [ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9: ffffd7a6521e018c [143.710584] x8: 000000000000002c x7: 7f7f7f7f7f7f7f7f x6: 000000000000002c [ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d [ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000 [ 143.711746] Rastreo de llamadas:[ 143.712115] hist_field_name.part.0+0x14/0x140 [ 143.712642] hist_field_name.part.0+0x104/0x140 [ 143.712925] hist_field_print+0x28/0x140 [ 143.713125] event_hist_trigger_print+0x174/0x4d0 [ 143.713348] hist_show+0xf8/0x980 [ 143.713521] seq_read_iter+0x1bc/0x4b0 [ 143.713711] seq_read+0x8c/0xc4 [ 143.713876] vfs_read+0xc8/0x2a4 [ 143.714043] ksys_read+0x70/0xfc [ 143.714218] __arm64_sys_read+0x24/0x30 [ 143.714400] invoke_syscall+0x50/0x120 [ 143.714587] el0_svc_common.constprop.0+0x4c/0x100 [ 143.714807] do_el0_svc+0x44/0xd0 [ 143.714970] el0_svc+0x2c/0x84 [ 143.715134] el0t_64_sync_handler+0xbc/0x140 [ 143.715334] el0t_64_sync+0x190/0x194 [ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000) [ 143.716510]--- Fallo de segmentaci\u00f3n"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53094.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53094",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.363",
"lastModified": "2025-05-02T16:15:28.363",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: fix race on RX DMA shutdown\n\nFrom time to time DMA completion can come in the middle of DMA shutdown:\n\n<process ctx>:\t\t\t\t<IRQ>:\nlpuart32_shutdown()\n lpuart_dma_shutdown()\n del_timer_sync()\n\t\t\t\t\tlpuart_dma_rx_complete()\n\t\t\t\t\t lpuart_copy_rx_to_tty()\n\t\t\t\t\t mod_timer()\n lpuart_dma_rx_free()\n\nWhen the timer fires a bit later, sport->dma_rx_desc is NULL:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\npc : lpuart_copy_rx_to_tty+0xcc/0x5bc\nlr : lpuart_timer_func+0x1c/0x2c\nCall trace:\n lpuart_copy_rx_to_tty\n lpuart_timer_func\n call_timer_fn\n __run_timers.part.0\n run_timer_softirq\n __do_softirq\n __irq_exit_rcu\n irq_exit\n handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n ...\n\nTo fix this fold del_timer_sync() into lpuart_dma_rx_free() after\ndmaengine_terminate_sync() to make sure timer will not be re-started in\nlpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: serial: fsl_lpuart: fix race on RX DMA shutting De vez en cuando, la finalizaci\u00f3n de DMA puede llegar en medio del shutting de DMA: : : lpuart32_shutdown() lpuart_dma_shutdown() del_timer_sync() lpuart_dma_rx_complete() lpuart_copy_rx_to_tty() mod_timer() lpuart_dma_rx_free() Cuando el temporizador se activa un poco m\u00e1s tarde, sport-&gt;dma_rx_desc es NULL: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000004 pc : lpuart_copy_rx_to_tty+0xcc/0x5bc lr : lpuart_timer_func+0x1c/0x2c Rastreo de llamadas: lpuart_copy_rx_to_tty lpuart_timer_func call_timer_fn __run_timers.part.0 run_timer_softirq __do_softirq __irq_exit_rcu irq_exit handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler ... Para solucionar esto, incorpore del_timer_sync() en lpuart_dma_rx_free() despu\u00e9s de dmaengine_terminate_sync() para asegurarse de que el temporizador no se reinicie en lpuart_copy_rx_to_tty() &lt;= lpuart_dma_rx_complete()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53095.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53095",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.453",
"lastModified": "2025-05-02T16:15:28.453",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix a NULL pointer dereference\n\nThe LRU mechanism may look up a resource in the process of being removed\nfrom an object. The locking rules here are a bit unclear but it looks\ncurrently like res->bo assignment is protected by the LRU lock, whereas\nbo->resource is protected by the object lock, while *clearing* of\nbo->resource is also protected by the LRU lock. This means that if\nwe check that bo->resource points to the LRU resource under the LRU\nlock we should be safe.\nSo perform that check before deciding to swap out a bo. That avoids\ndereferencing a NULL bo->resource in ttm_bo_swapout()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/ttm: Corregir una desreferencia de puntero NULL. El mecanismo LRU puede buscar un recurso en proceso de ser eliminado de un objeto. Las reglas de bloqueo aqu\u00ed son un poco confusas, pero actualmente parece que la asignaci\u00f3n res-&gt;bo est\u00e1 protegida por el bloqueo LRU, mientras que bo-&gt;resource est\u00e1 protegida por el bloqueo de objeto, mientras que la *limpieza* de bo-&gt;resource tambi\u00e9n est\u00e1 protegida por el bloqueo LRU. Esto significa que si comprobamos que bo-&gt;resource apunta al recurso LRU bajo el bloqueo LRU, deber\u00edamos estar seguros. As\u00ed que realice esa comprobaci\u00f3n antes de decidir intercambiar un bo. Esto evita la desreferencia de un bo-&gt;resource NULL en ttm_bo_swapout()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53096.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53096",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.543",
"lastModified": "2025-05-02T16:15:28.543",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: fix mem leak when freeing nodes\n\nThe node link array is allocated when adding links to a node but is not\ndeallocated when nodes are destroyed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: se corrige una p\u00e9rdida de memoria al liberar nodos. La matriz de enlaces de nodos se asigna cuando se agregan enlaces a un nodo, pero no se desasigna cuando se destruyen los nodos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53097.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53097",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.643",
"lastModified": "2025-05-02T16:15:28.643",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/iommu: se corrige una fuga de memoria con debugfs_lookup(). Al llamar a debugfs_lookup(), se debe ejecutar dput() en el resultado; de lo contrario, la fuga de memoria se producir\u00e1 con el tiempo. Para simplificar, simplemente llame a debugfs_lookup_and_remove(), que gestiona toda la l\u00f3gica a la vez."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53098.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53098",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.733",
"lastModified": "2025-05-02T16:15:28.733",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: rc: gpio-ir-recv: agregar funci\u00f3n de eliminaci\u00f3n En caso de que PM en tiempo de ejecuci\u00f3n est\u00e9 habilitado, realice una limpieza de PM en tiempo de ejecuci\u00f3n para eliminar la solicitud de calidad de servicio de latencia de la CPU; de lo contrario, la eliminaci\u00f3n del controlador puede tener el siguiente volcado de kernel: [19.463299] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000048 [19.472161] Informaci\u00f3n de aborto de memoria: [19.474985] ESR = 0x0000000096000004 [19.478754] EC = 0x25: DABT (EL actual), IL = 32 bits [19.484081] SET = 0, FnV = 0 [19.487149] EA = 0, S1PTW = 0 [ [19.490361] FSC = 0x04: error de traducci\u00f3n de nivel 0 [19.495256] Informaci\u00f3n de cancelaci\u00f3n de datos: [19.498149] ISV = 0, ISS = 0x00000004 [19.501997] CM = 0, WnR = 0 [19.504977] usuario pgtable: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ fin de seguimiento 0000000000000000 ]---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-530xx/CVE-2023-53099.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53099",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.830",
"lastModified": "2025-05-02T16:15:28.830",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don't make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 6.702431] 2 locks held by swapper/0/1:\n[ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[ 6.723156] irq event stamp: 304030\n[ 6.726596] hardirqs last enabled at (304029): [<ffffffc008d17ee0>] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[ 6.736142] hardirqs last disabled at (304030): [<ffffffc00876bc5c>] clk_enable_lock+0xfc/0x140\n[ 6.744742] softirqs last enabled at (303958): [<ffffffc0080904f0>] _stext+0x4f0/0x894\n[ 6.752655] softirqs last disabled at (303951): [<ffffffc0080e53b8>] irq_exit+0x238/0x280\n[ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2\n[ 6.768048] Hardware name: xlnx,zynqmp (DT)\n[ 6.772179] Call trace:\n[ 6.774584] dump_backtrace+0x0/0x300\n[ 6.778197] show_stack+0x18/0x30\n[ 6.781465] dump_stack_lvl+0xb8/0xec\n[ 6.785077] dump_stack+0x1c/0x38\n[ 6.788345] ___might_sleep+0x1a8/0x2a0\n[ 6.792129] __might_sleep+0x6c/0xd0\n[ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0\n[ 6.800127] do_feature_check_call+0x100/0x220\n[ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0\n[ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0\n[ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120\n[ 6.817327] zynqmp_pll_enable+0x38/0xc0\n[ 6.821197] clk_core_enable+0x144/0x400\n[ 6.825067] clk_core_enable+0xd4/0x400\n[ 6.828851] clk_core_enable+0xd4/0x400\n[ 6.832635] clk_core_enable+0xd4/0x400\n[ 6.836419] clk_core_enable+0xd4/0x400\n[ 6.840203] clk_core_enable+0xd4/0x400\n[ 6.843987] clk_core_enable+0xd4/0x400\n[ 6.847771] clk_core_enable+0xd4/0x400\n[ 6.851555] clk_core_enable_lock+0x24/0x50\n[ 6.855683] clk_enable+0x24/0x40\n[ 6.858952] fclk_probe+0x84/0xf0\n[ 6.862220] platform_probe+0x8c/0x110\n[ 6.865918] really_probe+0x110/0x5f0\n[ 6.869530] __driver_probe_device+0xcc/0x210\n[ 6.873830] driver_probe_device+0x64/0x140\n[ 6.877958] __driver_attach+0x114/0x1f0\n[ 6.881828] bus_for_each_dev+0xe8/0x160\n[ 6.885698] driver_attach+0x34/0x50\n[ 6.889224] bus_add_driver+0x228/0x300\n[ 6.893008] driver_register+0xc0/0x1e0\n[ 6.896792] __platform_driver_register+0x44/0x60\n[ 6.901436] fclk_driver_init+0x1c/0x28\n[ 6.905220] do_one_initcall+0x104/0x590\n[ 6.909091] kernel_init_freeable+0x254/0x2bc\n[ 6.913390] kernel_init+0x24/0x130\n[ 6.916831] ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: xilinx: no realice una asignaci\u00f3n de memoria inactiva desde un contexto at\u00f3mico El siguiente problema se descubri\u00f3 utilizando lockdep: [ 6.691371] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 bloqueos mantenidos por swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&amp;dev-&gt;mutex){....}-{3:3}, en: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, en: clk_enable_lock+0x4c/0x140 [ 6.723156] marca de evento irq: 304030 [ 6.726596] hardirqs se habilitaron por \u00faltima vez en (304029): [] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs se deshabilitaron por \u00faltima vez en (304030): [] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs se habilitaron por \u00faltima vez en (303958): [] _stext+0x4f0/0x894 [ 6.752655] \u00daltima desactivaci\u00f3n de softirqs en (303951): [] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Contaminado: GU 5.15.36 #2 [ 6.768048] Nombre del hardware: xlnx,zynqmp (DT) [ 6.772179] Rastreo de llamadas: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] ___might_sleep+0x1a8/0x2a0 [ 6.792129] __might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20 Arr\u00e9glelo pasando el indicador gfp GFP_ATOMIC para la asignaci\u00f3n de memoria correspondiente."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53100.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53100",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:28.923",
"lastModified": "2025-05-02T16:15:28.923",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in ext4_update_inline_data\n\nSyzbot found the following issue:\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\nfscrypt: AES-256-CTS-CBC using implementation \"cts-cbc-aes-aesni\"\nfscrypt: AES-256-XTS using implementation \"xts-aes-aesni\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nModules linked in:\nCPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nRSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246\nRAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000\nRDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248\nRBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220\nR10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40\nR13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c\nFS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __alloc_pages_node include/linux/gfp.h:237 [inline]\n alloc_pages_node include/linux/gfp.h:260 [inline]\n __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113\n __do_kmalloc_node mm/slab_common.c:956 [inline]\n __kmalloc+0xfe/0x190 mm/slab_common.c:981\n kmalloc include/linux/slab.h:584 [inline]\n kzalloc include/linux/slab.h:720 [inline]\n ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346\n ext4_update_inline_dir fs/ext4/inline.c:1115 [inline]\n ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307\n ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385\n ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772\n ext4_create+0x36c/0x560 fs/ext4/namei.c:2817\n lookup_open fs/namei.c:3413 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x12ac/0x2dd0 fs/namei.c:3711\n do_filp_open+0x264/0x4f0 fs/namei.c:3741\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_openat fs/open.c:1342 [inline]\n __se_sys_openat fs/open.c:1337 [inline]\n __x64_sys_openat+0x243/0x290 fs/open.c:1337\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue happens as follows:\next4_iget\n ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60\next4_try_add_inline_entry\n __ext4_mark_inode_dirty\n ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44\n ext4_xattr_shift_entries\n\t ->after shift i_inline_off is incorrect, actually is change to 176\next4_try_add_inline_entry\n ext4_update_inline_dir\n get_max_inline_xattr_value_size\n if (EXT4_I(inode)->i_inline_off)\n\tentry = (struct ext4_xattr_entry *)((void *)raw_inode +\n\t\t\tEXT4_I(inode)->i_inline_off);\n free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size));\n\t->As entry is incorrect, then 'free' may be negative\n ext4_update_inline_data\n value = kzalloc(len, GFP_NOFS);\n -> len is unsigned int, maybe very large, then trigger warning when\n 'kzalloc()'\n\nTo resolve the above issue we need to update 'i_inline_off' after\n'ext4_xattr_shift_entries()'. We do not need to set\nEXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty()\nalready sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA\nwhen it is needed may trigger a BUG_ON in ext4_writepages()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de ADVERTENCIA en ext4_update_inline_data. Syzbot encontr\u00f3 el siguiente problema: EXT4-fs (loop0): sistema de archivos montado 00000000-0000-0000-0000-00000000000 sin registro. Modo de cuota: ninguno. fscrypt: AES-256-CTS-CBC con implementaci\u00f3n \"cts-cbc-aes-aesni\" fscrypt: AES-256-XTS con implementaci\u00f3n \"xts-aes-aesni\" ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 5071 en mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 M\u00f3dulos vinculados: CPU: 1 PID: 5071 Comm: syz-executor263 No contaminado 6.2.0-rc1-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 000000000003506f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 00000000 __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock -&gt;i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea -&gt;i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries -&gt;after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)-&gt;i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)-&gt;i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry-&gt;e_value_size)); -&gt;Como la entrada es incorrecta, entonces 'libre' puede ser negativo ext4_update_inline_data valor = kzalloc(len, GFP_NOFS); -&gt; len es un entero sin signo, posiblemente muy grande, por lo que se activa una advertencia al ejecutar 'kzalloc()'. Para resolver el problema anterior, debemos actualizar 'i_inline_off' despu\u00e9s de 'ext4_xattr_shift_entries()'. No es necesario activar el indicador EXT4_STATE_MAY_INLINE_DATA, ya que ext4_mark_inode_dirty() ya lo activa si es necesario. Activar EXT4_STATE_MAY_INLINE_DATA cuando es necesario puede activar un error BUG_ON en ext4_writepages()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53101.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53101",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.023",
"lastModified": "2025-05-02T16:15:29.023",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: zero i_disksize when initializing the bootloader inode\n\nIf the boot loader inode has never been used before, the\nEXT4_IOC_SWAP_BOOT inode will initialize it, including setting the\ni_size to 0. However, if the \"never before used\" boot loader has a\nnon-zero i_size, then i_disksize will be non-zero, and the\ninconsistency between i_size and i_disksize can trigger a kernel\nwarning:\n\n WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319\n CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa\n RIP: 0010:ext4_file_write_iter+0xbc7/0xd10\n Call Trace:\n vfs_write+0x3b1/0x5c0\n ksys_write+0x77/0x160\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x39/0x80\n\nReproducer:\n 1. create corrupted image and mount it:\n mke2fs -t ext4 /tmp/foo.img 200\n debugfs -wR \"sif <5> size 25700\" /tmp/foo.img\n mount -t ext4 /tmp/foo.img /mnt\n cd /mnt\n echo 123 > file\n 2. Run the reproducer program:\n posix_memalign(&buf, 1024, 1024)\n fd = open(\"file\", O_RDWR | O_DIRECT);\n ioctl(fd, EXT4_IOC_SWAP_BOOT);\n write(fd, buf, 1024);\n\nFix this by setting i_disksize as well as i_size to zero when\ninitiaizing the boot loader inode."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: i_disksize cero al inicializar el inodo del cargador de arranque. Si el inodo del cargador de arranque nunca se ha usado antes, el inodo EXT4_IOC_SWAP_BOOT lo inicializar\u00e1, incluyendo el establecimiento de i_size a 0. Sin embargo, si el cargador de arranque \"nunca usado antes\" tiene un i_size distinto de cero, entonces i_disksize ser\u00e1 distinto de cero, y la inconsistencia entre i_size e i_disksize puede activar una advertencia del kernel: ADVERTENCIA: CPU: 0 PID: 2580 en fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb No contaminado 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Rastreo de llamadas: vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80 Reproductor: 1. crear una imagen da\u00f1ada y montarla: mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR \"sif &lt;5&gt; size 25700\" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 &gt; file 2. Ejecutar el programa reproductor: posix_memalign(&amp;buf, 1024, 1024) fd = open(\"file\", O_RDWR | Solucione esto configurando i_disksize e i_size en cero al iniciar el inodo del cargador de arranque."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53102.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53102",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.127",
"lastModified": "2025-05-02T16:15:29.127",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: disable txq irq before flushing hw\n\nice_qp_dis() intends to stop a given queue pair that is a target of xsk\npool attach/detach. One of the steps is to disable interrupts on these\nqueues. It currently is broken in a way that txq irq is turned off\n*after* HW flush which in turn takes no effect.\n\nice_qp_dis():\n-> ice_qvec_dis_irq()\n--> disable rxq irq\n--> flush hw\n-> ice_vsi_stop_tx_ring()\n-->disable txq irq\n\nBelow splat can be triggered by following steps:\n- start xdpsock WITHOUT loading xdp prog\n- run xdp_rxq_info with XDP_TX action on this interface\n- start traffic\n- terminate xdpsock\n\n[ 256.312485] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[ 256.319560] #PF: supervisor read access in kernel mode\n[ 256.324775] #PF: error_code(0x0000) - not-present page\n[ 256.329994] PGD 0 P4D 0\n[ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G OE 6.2.0-rc5+ #51\n[ 256.345218] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice]\n[ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 <49> 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44\n[ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206\n[ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f\n[ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80\n[ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000\n[ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000\n[ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600\n[ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000\n[ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0\n[ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 256.457770] PKRU: 55555554\n[ 256.460529] Call Trace:\n[ 256.463015] <TASK>\n[ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice]\n[ 256.469437] ice_napi_poll+0x46d/0x680 [ice]\n[ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40\n[ 256.478863] __napi_poll+0x29/0x160\n[ 256.482409] net_rx_action+0x136/0x260\n[ 256.486222] __do_softirq+0xe8/0x2e5\n[ 256.489853] ? smpboot_thread_fn+0x2c/0x270\n[ 256.494108] run_ksoftirqd+0x2a/0x50\n[ 256.497747] smpboot_thread_fn+0x1c1/0x270\n[ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 256.506594] kthread+0xea/0x120\n[ 256.509785] ? __pfx_kthread+0x10/0x10\n[ 256.513597] ret_from_fork+0x29/0x50\n[ 256.517238] </TASK>\n\nIn fact, irqs were not disabled and napi managed to be scheduled and run\nwhile xsk_pool pointer was still valid, but SW ring of xdp_buff pointers\nwas already freed.\n\nTo fix this, call ice_qvec_dis_irq() after ice_vsi_stop_tx_ring(). Also\nwhile at it, remove redundant ice_clean_rx_ring() call - this is handled\nin ice_qp_clean_rings()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: xsk: deshabilitar la IRQ de txq antes de vaciar el hardware. ice_qp_dis() intenta detener un par de colas determinado que es objetivo de la conexi\u00f3n/desconexi\u00f3n del grupo xsk. Uno de los pasos consiste en deshabilitar las interrupciones en estas colas. Actualmente, el problema es que la IRQ de txq se desactiva *despu\u00e9s* de vaciar el hardware, lo que no tiene efecto. ice_qp_dis(): -&gt; ice_qvec_dis_irq() --&gt; deshabilitar irq rxq --&gt; vaciar hw -&gt; ice_vsi_stop_tx_ring() --&gt; deshabilitar irq txq El splat que aparece a continuaci\u00f3n se puede activar siguiendo los pasos: - iniciar xdpsock SIN cargar el programa xdp - ejecutar xdp_rxq_info con la acci\u00f3n XDP_TX en esta interfaz - iniciar tr\u00e1fico - finalizar xdpsock [ 256.312485] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000018 [ 256.319560] #PF: acceso de lectura del supervisor en modo kernel [ 256.324775] #PF: error_code(0x0000) - p\u00e1gina no presente [ 256.329994] PGD 0 P4D 0 [ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Contaminado: G OE 6.2.0-rc5+ #51 [ 256.345218] Nombre del hardware: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice] [ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 &lt;49&gt; 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44 [ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206 [ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f [ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80 [ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000 [ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000 [ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600 [ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000 [ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0 [ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 256.457770] PKRU: 55555554 [ 256.460529] Call Trace: [ 256.463015] [ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice] [ 256.469437] ice_napi_poll+0x46d/0x680 [ice] [ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40 [ 256.478863] __napi_poll+0x29/0x160 [ 256.482409] net_rx_action+0x136/0x260 [ 256.486222] __do_softirq+0xe8/0x2e5 [ 256.489853] ? smpboot_thread_fn+0x2c/0x270 [ 256.494108] run_ksoftirqd+0x2a/0x50 [ 256.497747] smpboot_thread_fn+0x1c1/0x270 [ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 256.506594] kthread+0xea/0x120 [ 256.509785] ? __pfx_kthread+0x10/0x10 [ 256.513597] ret_from_fork+0x29/0x50 [ 256.517238] De hecho, las IRQ no se deshabilitaron y napi logr\u00f3 programarse y ejecutarse mientras el puntero xsk_pool a\u00fan era v\u00e1lido, pero el anillo de SW de punteros xdp_buff ya estaba liberado. Para solucionar esto, llame a ice_qvec_dis_irq() despu\u00e9s de ice_vsi_stop_tx_ring(). Adem\u00e1s, elimine la llamada redundante a ice_clean_rx_ring(); esto se gestiona en ice_qp_clean_rings()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53103.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53103",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.223",
"lastModified": "2025-05-02T16:15:29.223",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails\n\nsyzbot reported a warning[1] where the bond device itself is a slave and\nwe try to enslave a non-ethernet device as the first slave which fails\nbut then in the error path when ether_setup() restores the bond device\nit also clears all flags. In my previous fix[2] I restored the\nIFF_MASTER flag, but I didn't consider the case that the bond device\nitself might also be a slave with IFF_SLAVE set, so we need to restore\nthat flag as well. Use the bond_ether_setup helper which does the right\nthing and restores the bond's flags properly.\n\nSteps to reproduce using a nlmon dev:\n $ ip l add nlmon0 type nlmon\n $ ip l add bond1 type bond\n $ ip l add bond2 type bond\n $ ip l set bond1 master bond2\n $ ip l set dev nlmon0 master bond1\n $ ip -d l sh dev bond1\n 22: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000\n (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we\n try to delete it)\n\n[1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef\n[2] commit 7d5cd2ce5292 (\"bonding: correctly handle bonding type change on enslave failure\")\n[3] example warning:\n [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address\n [ 27.008692] bond1: (slave nlmon0): Error -95 calling set_mac_address\n [ 32.464639] bond1 (unregistering): Released all slaves\n [ 32.464685] ------------[ cut here ]------------\n [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780\n [ 32.464694] Modules linked in: br_netfilter bridge bonding virtio_net\n [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47\n [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014\n [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780\n [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59\n [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206\n [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000\n [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520\n [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728\n [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140\n [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140\n [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000\n [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0\n [ 32.464730] Call Trace:\n [ 32.464763] <TASK>\n [ 32.464767] rtnl_dellink+0x13e/0x380\n [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100\n [ 32.464780] ? __rtnl_unlock+0x33/0x60\n [ 32.464783] ? bpf_lsm_capset+0x10/0x10\n [ 32.464786] ? security_capable+0x36/0x50\n [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0\n [ 32.464792] ? _copy_to_iter+0xb1/0x790\n [ 32.464796] ? post_alloc_hook+0xa0/0x160\n [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110\n [ 32.464802] netlink_rcv_skb+0x50/0xf0\n [ 32.464806] netlink_unicast+0x216/0x340\n [ 32.464809] netlink_sendmsg+0x23f/0x480\n [ 32.464812] sock_sendmsg+0x5e/0x60\n [ 32.464815] ____sys_sendmsg+0x22c/0x270\n [ 32.464818] ? import_iovec+0x17/0x20\n [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90\n [ 32.464823] ? do_set_pte+0xa0/0xe0\n [ 32.464828] ___sys_sendmsg+0x81/0xc0\n [ 32.464832] ? mod_objcg_state+0xc6/0x300\n [ 32.464835] ? refill_obj_stock+0xa9/0x160\n [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0\n [ 32.464842] __sys_sendm\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: enlace: restaurar el indicador IFF_SLAVE del enlace si falla la ejecuci\u00f3n de un dispositivo no ethernet. syzbot report\u00f3 una advertencia[1] donde el dispositivo de enlace es esclavo e intentamos ejecutar un dispositivo no ethernet como primer esclavo, lo cual falla. Sin embargo, en la ruta de error, cuando ether_setup() restaura el dispositivo de enlace, tambi\u00e9n borra todos los indicadores. En mi correcci\u00f3n anterior[2], restaur\u00e9 el indicador IFF_MASTER, pero no consider\u00e9 la posibilidad de que el dispositivo de enlace tambi\u00e9n sea esclavo con IFF_SLAVE activado, por lo que tambi\u00e9n debemos restaurar ese indicador. Use el asistente bond_ether_setup, que realiza la acci\u00f3n correcta y restaura los indicadores del enlace correctamente. Pasos para reproducir usando un dev nlmon: $ ip l add nlmon0 type nlmon $ ip l add bond1 type bond $ ip l add bond2 type bond $ ip l set bond1 master bond2 $ ip l set dev nlmon0 master bond1 $ ip -dl sh dev bond1 22: bond1: mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000 (ahora el indicador IFF_SLAVE de bond1 desapareci\u00f3 y recibiremos una advertencia[3] si intentamos eliminarlo) [1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef [2] commit 7d5cd2ce5292 (\"bonding: \"Manejar correctamente el cambio de tipo de enlace en caso de fallo de esclavizaci\u00f3n\") [3] Ejemplo de advertencia: [27.008664] bond1: (esclavo nlmon0): El dispositivo esclavo especificado no admite la configuraci\u00f3n de la direcci\u00f3n MAC [27.008692] bond1: (esclavo nlmon0): Error -95 al llamar a set_mac_address [32.464639] bond1 (anulando registro): Se liberaron todos los esclavos [32.464685] ------------[cortar aqu\u00ed]------------ [32.464686] ADVERTENCIA: CPU: 1 PID: 2004 en net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780 [32.464694] M\u00f3dulos vinculados: br_netfilter puente enlace virtio_net [32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: cargado No contaminado 5.18.0-rc3+ #47 [ 32.464703] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 01/04/2014 [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780 [ 32.464707] C\u00f3digo: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff &lt;0f&gt; 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59 [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206 [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000 [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520 [32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728 [32.464717] R10: 000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140 [32.464719] R13: muerto000000000122 R14: muerto000000000100 R15: ffff8f6e12edb140 [32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000 [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0 [ 32.464730] Rastreo de llamadas: [ 32.464763] [ 32.464767] rtnl_dellink+0x13e/0x380 [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100 [ 32.464780] ? __rtnl_unlock+0x33/0x60 [ 32.464783] ? bpf_lsm_capset+0x10/0x10 [ 32.464786] ? security_capable+0x36/0x50 [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0 [ 32.464792] ? _copy_to_iter+0xb1/0x790 [ 32.464796] ? post_alloc_hook+0xa0/0x160 [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110 [ 32.464802] netlink_rcv_skb+0x50/0xf0 [ 32.464806] netlink_unicast+0x216/0x340 [ 32.464809] netlink_sendmsg+0x23f/0x480 [ 32.464812] sock_sendmsg+0x5e/0x60 [ 32.464815] ____sys_sendmsg+0x22c/0x270 [ 32.464818] ? import_iovec+0x17/0x20 [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90 [ 32.464823] ? do_set_pte+0xa0/0xe0 [ 32.464828] ___sys_sendmsg+0x81/0xc0 [ 32.464832] ? mod_objcg_state+0xc6/0x300 [ 32.464835] ? refill_obj_stock+0xa9/0x160 [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0 [ 32.464842] __sys_sendm ---truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53104.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53104",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.317",
"lastModified": "2025-05-02T16:15:29.317",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull\n\nPacket length check needs to be located after size and align_count\ncalculation to prevent kernel panic in skb_pull() in case\nrx_cmd_a & RX_CMD_A_RED evaluates to true."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: usb: smsc75xx: Mover la comprobaci\u00f3n de la longitud del paquete para evitar el p\u00e1nico del kernel en skb_pull La comprobaci\u00f3n de la longitud del paquete se debe ubicar despu\u00e9s del c\u00e1lculo de tama\u00f1o y align_count para evitar el p\u00e1nico del kernel en skb_pull() en caso de que rx_cmd_a y RX_CMD_A_RED se eval\u00faen como verdaderos."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53105.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53105",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.430",
"lastModified": "2025-05-02T16:15:29.430",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] <TASK>\n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Se corrige la limpieza de null-ptr deref en el bloqueo de encap. Durante la descarga del m\u00f3dulo mientras un flujo tc de igual a\u00fan est\u00e1 descargado, primero se cambia el perfil de representante de enlace ascendente de igual a un perfil NIC, y as\u00ed se destruye el bloqueo de encap vecino. A continuaci\u00f3n, durante la descarga, se anula el registro de los representantes VF netdevs, lo que provoca la eliminaci\u00f3n del flujo tc original no par, lo que elimina el flujo par. La eliminaci\u00f3n del flujo par separa la entrada de encap e intenta tomar el bloqueo de encap ya destruido, causando el siguiente rastro. Solucione esto borrando los flujos de igual durante la limpieza del conmutador de eswitch de tc (mlx5e_tc_esw_cleanup()). Rastreo relevante: [ 4316.837128] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 00000000000001d8 [ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40 [ 4316.851897] Rastreo de llamada: [ 4316.852481] [ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core] [ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core] [ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core] [ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core] [ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core] [ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core] [ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core] [ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core] [ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core] [ 4316.865486] tc_setup_cb_reoffload+0x20/0x80 [ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower] [ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0 [ 4316.869649] tcf_block_unbind+0xe7/0x1b0 [ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270 [ 4316.879266] tcf_block_offload_unbind+0x61/0xa0 [ 4316.879711] __tcf_block_put+0xa4/0x310 "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53106.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53106",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.520",
"lastModified": "2025-05-02T16:15:29.520",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc->ndev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc->ndev"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: st-nci: Fix use after free bug en ndlc_remove debido a una condici\u00f3n de ejecuci\u00f3n Este error afecta tanto a st_nci_i2c_remove como a st_nci_spi_remove. Tomemos st_nci_i2c_remove como ejemplo. En st_nci_i2c_probe, llam\u00f3 a ndlc_probe y vincul\u00f3 &amp;ndlc-&gt;sm_work con llt_ndlc_sm_work. Cuando llama a ndlc_recv o al controlador de tiempo de espera, finalmente llamar\u00e1 a schedule_work para iniciar el trabajo. Cuando llamamos a st_nci_i2c_remove para eliminar el controlador, puede haber una secuencia como la siguiente: Arr\u00e9glelo finalizando el trabajo antes de la limpieza en ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //liberar ndlc-&gt;ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//usar ndlc-&gt;ndev"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53107.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53107",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.620",
"lastModified": "2025-05-02T16:15:29.620",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Fix use after free in XDP_REDIRECT\n\nCommit 718a18a0c8a6 (\"veth: Rework veth_xdp_rcv_skb in order\nto accept non-linear skb\") introduced a bug where it tried to\nuse pskb_expand_head() if the headroom was less than\nXDP_PACKET_HEADROOM. This however uses kmalloc to expand the head,\nwhich will later allow consume_skb() to free the skb while is it still\nin use by AF_XDP.\n\nPreviously if the headroom was less than XDP_PACKET_HEADROOM we\ncontinued on to allocate a new skb from pages so this restores that\nbehavior.\n\nBUG: KASAN: use-after-free in __xsk_rcv+0x18d/0x2c0\nRead of size 78 at addr ffff888976250154 by task napi/iconduit-g/148640\n\nCPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: loaded Tainted: G O 6.1.4-cloudflare-kasan-2023.1.2 #1\nHardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018\nCall Trace:\n <TASK>\n dump_stack_lvl+0x34/0x48\n print_report+0x170/0x473\n ? __xsk_rcv+0x18d/0x2c0\n kasan_report+0xad/0x130\n ? __xsk_rcv+0x18d/0x2c0\n kasan_check_range+0x149/0x1a0\n memcpy+0x20/0x60\n __xsk_rcv+0x18d/0x2c0\n __xsk_map_redirect+0x1f3/0x490\n ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n xdp_do_redirect+0x5ca/0xd60\n veth_xdp_rcv_skb+0x935/0x1ba0 [veth]\n ? __netif_receive_skb_list_core+0x671/0x920\n ? veth_xdp+0x670/0x670 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n ? do_xdp_generic+0x150/0x150\n ? veth_xdp_rcv_one+0xde0/0xde0 [veth]\n ? _raw_spin_lock_bh+0xe0/0xe0\n ? newidle_balance+0x887/0xe30\n ? __perf_event_task_sched_in+0xdb/0x800\n veth_poll+0x139/0x571 [veth]\n ? veth_xdp_rcv+0xa20/0xa20 [veth]\n ? _raw_spin_unlock+0x39/0x70\n ? finish_task_switch.isra.0+0x17e/0x7d0\n ? __switch_to+0x5cf/0x1070\n ? __schedule+0x95b/0x2640\n ? io_schedule_timeout+0x160/0x160\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n ? __napi_poll+0x440/0x440\n ? __kthread_parkme+0xc6/0x1f0\n ? __napi_poll+0x440/0x440\n kthread+0x2a2/0x340\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>\n\nFreed by task 148640:\n kasan_save_stack+0x23/0x50\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x169/0x1d0\n slab_free_freelist_hook+0xd2/0x190\n __kmem_cache_free+0x1a1/0x2f0\n skb_release_data+0x449/0x600\n consume_skb+0x9f/0x1c0\n veth_xdp_rcv_skb+0x89c/0x1ba0 [veth]\n veth_xdp_rcv+0x304/0xa20 [veth]\n veth_poll+0x139/0x571 [veth]\n __napi_poll+0xa1/0x440\n napi_threaded_poll+0x3d1/0x460\n kthread+0x2a2/0x340\n ret_from_fork+0x22/0x30\n\nThe buggy address belongs to the object at ffff888976250000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 340 bytes inside of\n 2048-byte region [ffff888976250000, ffff888976250800)\n\nThe buggy address belongs to the physical page:\npage:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250\nhead:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff)\nraw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00\nraw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: veth: Correcci\u00f3n del use after free en XDP_REDIRECT. el commit 718a18a0c8a6 (\"veth: Reestructurar veth_xdp_rcv_skb para aceptar skb no lineal\") introdujo un error que provocaba que se intentara usar pskb_expand_head() si el espacio libre era inferior a XDP_PACKET_HEADROOM. Sin embargo, esto utiliza kmalloc para expandir el espacio libre, lo que posteriormente permitir\u00e1 que consuma_skb() libere el skb mientras AF_XDP lo siga utilizando. Anteriormente, si el espacio libre era inferior a XDP_PACKET_HEADROOM, se asignaba un nuevo skb desde las p\u00e1ginas, por lo que esto restaura ese comportamiento. ERROR: KASAN: use-after-free en __xsk_rcv+0x18d/0x2c0 Lectura de tama\u00f1o 78 en la direcci\u00f3n ffff888976250154 por la tarea napi/iconduit-g/148640 CPU: 5 PID: 148640 Comm: napi/iconduit-g Kdump: cargado Contaminado: GO 6.1.4-cloudflare-kasan-2023.1.2 #1 Nombre del hardware: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 21/06/2018 Seguimiento de llamadas: dump_stack_lvl+0x34/0x48 print_report+0x170/0x473 ? __xsk_rcv+0x18d/0x2c0 kasan_report+0xad/0x130 ? __xsk_rcv+0x18d/0x2c0 kasan_check_range+0x149/0x1a0 memcpy+0x20/0x60 __xsk_rcv+0x18d/0x2c0 __xsk_map_redirect+0x1f3/0x490 ? veth_xdp_rcv_skb+0x89c/0x1ba0 [veth] xdp_do_redirect+0x5ca/0xd60 veth_xdp_rcv_skb+0x935/0x1ba0 [veth] ? __netif_receive_skb_list_core+0x671/0x920 ? veth_xdp+0x670/0x670 [veth] veth_xdp_rcv+0x304/0xa20 [veth] ? do_xdp_generic+0x150/0x150 ? veth_xdp_rcv_one+0xde0/0xde0 [veth] ? _raw_spin_lock_bh+0xe0/0xe0 ? newidle_balance+0x887/0xe30 ? __perf_event_task_sched_in+0xdb/0x800 veth_poll+0x139/0x571 [veth] ? veth_xdp_rcv+0xa20/0xa20 [veth] ? _raw_spin_unlock+0x39/0x70 ? finish_task_switch.isra.0+0x17e/0x7d0 ? __switch_to+0x5cf/0x1070 ? __schedule+0x95b/0x2640 ? io_schedule_timeout+0x160/0x160 __napi_poll+0xa1/0x440 napi_threaded_poll+0x3d1/0x460 ? __napi_poll+0x440/0x440 ? __kthread_parkme+0xc6/0x1f0 ? __napi_poll+0x440/0x440 kthread+0x2a2/0x340 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 Freed by task 148640: kasan_save_stack+0x23/0x50 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 ____kasan_slab_free+0x169/0x1d0 slab_free_freelist_hook+0xd2/0x190 __kmem_cache_free+0x1a1/0x2f0 skb_release_data+0x449/0x600 consume_skb+0x9f/0x1c0 veth_xdp_rcv_skb+0x89c/0x1ba0 [veth] veth_xdp_rcv+0x304/0xa20 [veth] veth_poll+0x139/0x571 [veth] __napi_poll+0xa1/0x440 napi_threaded_poll+0x3d1/0x460 kthread+0x2a2/0x340 ret_from_fork+0x22/0x30 The buggy address belongs to the object at ffff888976250000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 340 bytes inside of 2048-byte region [ffff888976250000, ffff888976250800) The buggy address belongs to the physical page: page:00000000ae18262a refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x976250 head:00000000ae18262a order:3 compound_mapcount:0 compound_pincount:0 flags: 0x2ffff800010200(slab|head|node=0|zone=2|lastcpupid=0x1ffff) raw: 002ffff800010200 0000000000000000 dead000000000122 ffff88810004cf00 raw: 0000000000000000 0000000080080008 00000002ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888976250000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888976250080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb &gt; ffff888976250100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888976250180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888976250200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53108.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53108",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.713",
"lastModified": "2025-05-02T16:15:29.713",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Fix size of interrupt data\n\niucv_irq_data needs to be 4 bytes larger.\nThese bytes are not used by the iucv module, but written by\nthe z/VM hypervisor in case a CPU is deconfigured.\n\nReported as:\nBUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten\n-----------------------------------------------------------------------------\n0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc\nAllocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1\n__kmem_cache_alloc_node+0x166/0x450\nkmalloc_node_trace+0x3a/0x70\niucv_cpu_prepare+0x44/0xd0\ncpuhp_invoke_callback+0x156/0x2f0\ncpuhp_issue_call+0xf0/0x298\n__cpuhp_setup_state_cpuslocked+0x136/0x338\n__cpuhp_setup_state+0xf4/0x288\niucv_init+0xf4/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nFreed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1\n__kmem_cache_free+0x308/0x358\niucv_init+0x92/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nSlab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|\nObject 0x0000000000400540 @offset=1344 fp=0x0000000000000000\nRedzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nObject 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................\nObject 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................\nObject 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................\nObject 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400580: cc cc cc cc cc cc cc cc ........\nPadding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\nCPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n[<000000032aa034ec>] dump_stack_lvl+0xac/0x100\n[<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140\n[<0000000329f5aa78>] check_object+0x370/0x3c0\n[<0000000329f5ede6>] free_debug_processing+0x15e/0x348\n[<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0\n[<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8\n[<0000000329f61768>] __kmem_cache_free+0x308/0x358\n[<000000032a91465c>] iucv_cpu_dead+0x6c/0x88\n[<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0\n[<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0\n[<0000000329c3243e>] cpu_device_down+0x4e/0x78\n[<000000032a61dee0>] device_offline+0xc8/0x118\n[<000000032a61e048>] online_store+0x60/0xe0\n[<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8\n[<0000000329fab65c>] vfs_write+0x174/0x360\n[<0000000329fab9fc>] ksys_write+0x74/0x100\n[<000000032aa03a5a>] __do_syscall+0x1da/0x208\n[<000000032aa177b2>] system_call+0x82/0xb0\nINFO: lockdep is turned off.\nFIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc\nFIX dma-kmalloc-64: Object at 0x0000000000400540 not freed"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/iucv: Se corrige que el tama\u00f1o de los datos de interrupci\u00f3n iucv_irq_data deba ser 4 bytes mayor. Estos bytes no son utilizados por el m\u00f3dulo iucv, sino por el hipervisor z/VM en caso de desconfiguraci\u00f3n de una CPU. Reportado como: BUG dma-kmalloc-64 (No contaminado): kmalloc Redzone sobrescrito ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1 __kmem_cache_alloc_node+0x166/0x450 kmalloc_node_trace+0x3a/0x70 iucv_cpu_prepare+0x44/0xd0 cpuhp_invoke_callback+0x156/0x2f0 cpuhp_issue_call+0xf0/0x298 __cpuhp_setup_state_cpuslocked+0x136/0x338 __cpuhp_setup_state+0xf4/0x288 iucv_init+0xf4/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1 __kmem_cache_free+0x308/0x358 iucv_init+0x92/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0| Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000 Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................ Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................ Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........ Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Rastreo de llamadas: [&lt;000000032aa034ec&gt;] dump_stack_lvl+0xac/0x100 [&lt;0000000329f5a6cc&gt;] check_bytes_and_report+0x104/0x140 [&lt;0000000329f5aa78&gt;] check_object+0x370/0x3c0 [&lt;0000000329f5ede6&gt;] free_debug_processing+0x15e/0x348 [&lt;0000000329f5f06a&gt;] free_to_partial_list+0x9a/0x2f0 [&lt;0000000329f5f4a4&gt;] __slab_free+0x1e4/0x3a8 [&lt;0000000329f61768&gt;] __kmem_cache_free+0x308/0x358 [&lt;000000032a91465c&gt;] iucv_cpu_dead+0x6c/0x88 [&lt;0000000329c2fc66&gt;] cpuhp_invoke_callback+0x156/0x2f0 [&lt;000000032aa062da&gt;] _cpu_down.constprop.0+0x22a/0x5e0 [&lt;0000000329c3243e&gt;] cpu_device_down+0x4e/0x78 [&lt;000000032a61dee0&gt;] device_offline+0xc8/0x118 [&lt;000000032a61e048&gt;] online_store+0x60/0xe0 [&lt;000000032a08b6b0&gt;] kernfs_fop_write_iter+0x150/0x1e8 [&lt;0000000329fab65c&gt;] vfs_write+0x174/0x360 [&lt;0000000329fab9fc&gt;] ksys_write+0x74/0x100 [&lt;000000032aa03a5a&gt;] __do_syscall+0x1da/0x208 [&lt;000000032aa177b2&gt;] system_call+0x82/0xb0 INFORMACI\u00d3N: LockDep est\u00e1 desactivado. CORRECCI\u00d3N dma-kmalloc-64: Restaurando la zona roja de kmalloc 0x0000000000400564-0x0000000000400567=0xcc CORRECCI\u00d3N dma-kmalloc-64: Objeto en 0x0000000000400540 no liberado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53109.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53109",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.823",
"lastModified": "2025-05-02T16:15:29.823",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev->needed_headroom\n\nIP tunnels can apparently update dev->needed_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/i\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tunnels: annotate, los accesos sin bloqueo a los t\u00faneles IP dev-&gt;needed_headroom aparentemente pueden actualizar dev-&gt;needed_headroom en su ruta de transmisi\u00f3n. Este parche soluciona la transmisi\u00f3n de tres t\u00faneles y tambi\u00e9n los ayudantes principales LL_RESERVED_SPACE() y LL_RESERVED_SPACE_EXTRA(). Es posible que se requieran m\u00e1s cambios para completar la soluci\u00f3n. ERROR: KCSAN: ejecuci\u00f3n de datos en ip_tunnel_xmit / ip_tunnel_xmit le\u00eddo a 0xffff88815b9da0ec de 2 bytes por la tarea 888 en la CPU 1: ip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/i ---truncado---"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53110.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53110",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:29.930",
"lastModified": "2025-05-02T16:15:29.930",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn->sndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn->sndbuf_desc->len);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn->sndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: correcci\u00f3n de sndbuf_desc NULL en smc_cdc_tx_handler(). Al realizar una prueba de estr\u00e9s en SMC-R con el controlador rmmod mlx5_ib durante la prueba wrk/nginx, se observ\u00f3 la probabilidad de generar un p\u00e1nico al terminar todos los grupos de enlaces. Este problema se debe a la competencia entre smc_smcr_terminate_all() y smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn-&gt;sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_abort smc_cdc_get_slot_and_msg_send __softirqentry_text_start smc_wr_tx_process_cqe smc_cdc_tx_handler READ(conn-&gt;sndbuf_desc-&gt;len); /* p\u00e1nico debido a NULL sndbuf_desc */ conn-&gt;sndbuf_desc = xxx; Este parche intenta solucionar el problema verificando siempre sndbuf_desc antes de enviar cualquier mensaje de cdc, para asegurarse de que no se vea ning\u00fan puntero nulo durante el procesamiento de cqe."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53111.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53111",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.027",
"lastModified": "2025-05-02T16:15:30.027",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:45.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Fix use-after-free issues\n\ndo_req_filebacked() calls blk_mq_complete_request() synchronously or\nasynchronously when using asynchronous I/O unless memory allocation fails.\nHence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor\n'rq' after do_req_filebacked() finished unless we are sure that the request\nhas not yet been completed. This patch fixes the following kernel crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000054\nCall trace:\n css_put.42938+0x1c/0x1ac\n loop_process_work+0xc8c/0xfd4\n loop_rootcg_workfn+0x24/0x34\n process_one_work+0x244/0x558\n worker_thread+0x400/0x8fc\n kthread+0x16c/0x1e0\n ret_from_fork+0x10/0x20"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: loop: Se corrigen los problemas de use after free. do_req_filebacked() llama a blk_mq_complete_request() de forma s\u00edncrona o as\u00edncrona al usar E/S as\u00edncrona, a menos que falle la asignaci\u00f3n de memoria. Por lo tanto, se debe modificar loop_handle_cmd() para que no desreferencia \u00abcmd\u00bb ni \u00abrq\u00bb tras la finalizaci\u00f3n de do_req_filebacked(), a menos que estemos seguros de que la solicitud a\u00fan no se ha completado. Este parche corrige el siguiente fallo del kernel: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000054 Seguimiento de llamadas: css_put.42938+0x1c/0x1ac loop_process_work+0xc8c/0xfd4 loop_rootcg_workfn+0x24/0x34 process_one_work+0x244/0x558worker_thread+0x400/0x8fckthread+0x16c/0x1e0ret_from_fork+0x10/0x20"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53112.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53112",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.140",
"lastModified": "2025-05-02T16:15:30.140",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don't try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n index 6 is out of range for type 'u16 [6]'\n CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n Call Trace:\n <TASK>\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x3a\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\n gen11_compute_sseu_info+0x121/0x130 [i915]\n intel_sseu_info_init+0x15d/0x2b0 [i915]\n intel_gt_init_mmio+0x23/0x40 [i915]\n i915_driver_mmio_probe+0x129/0x400 [i915]\n ? intel_gt_probe_all+0x91/0x2e0 [i915]\n i915_driver_probe+0xe1/0x3f0 [i915]\n ? drm_privacy_screen_get+0x16d/0x190 [drm]\n ? acpi_dev_found+0x64/0x80\n i915_pci_probe+0xac/0x1b0 [i915]\n ...\n\nAccording to the definition of sseu_dev_info, eu_mask->hsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt->i915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access Parece que el commit bc3c5e0809ae (\"drm/i915/sseu: No intente almacenar la m\u00e1scara EU internamente en formato UAPI\") expuso un posible acceso fuera de los l\u00edmites, informado por UBSAN de la siguiente manera en una computadora port\u00e1til con una tarjeta i915 gen 11: UBSAN: array-index-out-of-bounds en drivers/gpu/drm/i915/gt/intel_sseu.c:65:27 el \u00edndice 6 est\u00e1 fuera de rango para el tipo 'u16 [6]' CPU: 2 PID: 165 Comm: systemd-udevd No contaminado 6.2.0-9-generic #9-Ubuntu Nombre del hardware: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 22/03/2022 Seguimiento de llamadas: show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x3a __ubsan_handle_out_of_bounds.cold+0x42/0x47 gen11_compute_sseu_info+0x121/0x130 [i915] intel_sseu_info_init+0x15d/0x2b0 [i915] intel_gt_init_mmio+0x23/0x40 [i915] i915_driver_mmio_probe+0x129/0x400 [i915] ? intel_gt_probe_all+0x91/0x2e0 [i915] i915_driver_probe+0xe1/0x3f0 [i915] ? drm_privacy_screen_get+0x16d/0x190 [drm] ? acpi_dev_found+0x64/0x80 i915_pci_probe+0xac/0x1b0 [i915] ... Seg\u00fan la definici\u00f3n de sseu_dev_info, eu_mask-&gt;hsw est\u00e1 limitado a un m\u00e1ximo de GEN_MAX_SS_PER_HSW_SLICE (6) subsecciones, pero gen11_sseu_info_init() puede establecer potencialmente 8 subsecciones, en el caso de !IS_JSL_EHL(gt-&gt;i915). Para solucionar esto, reserve hasta 8 espacios para max_subslices en la estructura eu_mask. (Seleccionado de la confirmaci\u00f3n 3cba09a6ac86ea1d456909626eb2685596c07822)"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53113",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.407",
"lastModified": "2025-05-02T16:15:30.407",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NULL-ptr deref in offchan check\n\nIf, e.g. in AP mode, the link was already created by userspace\nbut not activated yet, it has a chandef but the chandef isn't\nvalid and has no channel. Check for this and ignore this link."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: se corrige la deref NULL-ptr en la comprobaci\u00f3n offchan. Si, por ejemplo, en modo AP, el enlace ya fue creado por el espacio de usuario, pero a\u00fan no se activ\u00f3, tiene una definici\u00f3n de canal (chandef), pero esta no es v\u00e1lida y no tiene canal. Verifique esto e ignore este enlace."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53114.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53114",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.493",
"lastModified": "2025-05-02T16:15:30.493",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during reboot when adapter is in recovery mode\n\nIf the driver detects during probe that firmware is in recovery\nmode then i40e_init_recovery_mode() is called and the rest of\nprobe function is skipped including pci_set_drvdata(). Subsequent\ni40e_shutdown() called during shutdown/reboot dereferences NULL\npointer as pci_get_drvdata() returns NULL.\n\nTo fix call pci_set_drvdata() also during entering to recovery mode.\n\nReproducer:\n1) Lets have i40e NIC with firmware in recovery mode\n2) Run reboot\n\nResult:\n[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver\n[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.\n[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.\n[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0\n[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.\n[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0\n...\n[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2\n[ 156.318330] #PF: supervisor write access in kernel mode\n[ 156.323546] #PF: error_code(0x0002) - not-present page\n[ 156.328679] PGD 0 P4D 0\n[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1\n[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022\n[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]\n[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00\n[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282\n[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001\n[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000\n[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40\n[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000\n[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000\n[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000\n[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0\n[ 156.438944] PKRU: 55555554\n[ 156.441647] Call Trace:\n[ 156.444096] <TASK>\n[ 156.446199] pci_device_shutdown+0x38/0x60\n[ 156.450297] device_shutdown+0x163/0x210\n[ 156.454215] kernel_restart+0x12/0x70\n[ 156.457872] __do_sys_reboot+0x1ab/0x230\n[ 156.461789] ? vfs_writev+0xa6/0x1a0\n[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10\n[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0\n[ 156.475034] do_syscall_64+0x3e/0x90\n[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 156.483658] RIP: 0033:0x7fe7bff37ab7"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: Se soluciona el fallo del kernel durante el reinicio cuando el adaptador est\u00e1 en modo de recuperaci\u00f3n Si el controlador detecta durante el sondeo que el firmware est\u00e1 en modo de recuperaci\u00f3n, se llama a i40e_init_recovery_mode() y se omite el resto de la funci\u00f3n del sondeo, incluido pci_set_drvdata(). La llamada posterior a i40e_shutdown() durante el apagado/reinicio desreferencia el puntero NULL, ya que pci_get_drvdata() devuelve NULL. Para solucionarlo, llame tambi\u00e9n a pci_set_drvdata() durante el ingreso al modo de recuperaci\u00f3n. Reproductor: 1) Tengamos la NIC i40e con el firmware en modo de recuperaci\u00f3n 2) Ejecute el reinicio Resultado: [ 139.084698] i40e: Controlador de red Intel(R) Ethernet Connection XL710 [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Se detect\u00f3 el modo de recuperaci\u00f3n de firmware. Funcionalidad limitada. [ 139.116439] i40e 0000:02:00.0: Consulte la Gu\u00eda del usuario de adaptadores y dispositivos Intel(R) Ethernet para obtener m\u00e1s informaci\u00f3n sobre el modo de recuperaci\u00f3n de firmware. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renombrado de eth0 [ 139.223292] i40e 0000:02:00.1: Se detect\u00f3 modo de recuperaci\u00f3n de firmware. Funcionalidad limitada. [ 139.231292] i40e 0000:02:00.1: Consulte la Gu\u00eda del usuario de adaptadores y dispositivos Intel(R) Ethernet para obtener m\u00e1s informaci\u00f3n sobre el modo de recuperaci\u00f3n de firmware. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renombrado de eth0 ... [ 156.311376] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 00000000000006c2 [ 156.318330] #PF: acceso de escritura del supervisor en modo kernel [ 156.323546] #PF: error_code(0x0002) - no presente p\u00e1gina [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: GE 6.2.0+ #1 [ 156.343126] Nombre del hardware: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7 "
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53115.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53115",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.590",
"lastModified": "2025-05-02T16:15:30.590",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon't allocate memory again when IOC is being reinitialized."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: corrige fugas de memoria en mpi3mr_init_ioc() No vuelva a asignar memoria cuando se reinicialice IOC."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53116.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53116",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.680",
"lastModified": "2025-05-02T16:15:30.680",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target ->queue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: evitar posible UAF en nvmet_req_complete(). La implementaci\u00f3n de la operaci\u00f3n nvme target -&gt;queue_response() puede liberar la solicitud pasada como argumento. Esta implementaci\u00f3n podr\u00eda provocar un use after free del puntero de solicitud al llamar a percpu_ref_put() en nvmet_req_complete(). Para evitar este problema, utilice una variable local para guardar el puntero sq antes de llamar a __nvmet_req_complete(), evitando as\u00ed la desreferenciaci\u00f3n del puntero req despu\u00e9s de esa llamada."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53117.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53117",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.783",
"lastModified": "2025-05-02T16:15:30.783",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: prevent out-of-bounds array speculation when closing a file descriptor\n\nGoogle-Bug-Id: 114199369"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: evitar la especulaci\u00f3n de matrices fuera de los l\u00edmites al cerrar un descriptor de archivo Google-Bug-Id: 114199369"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53118.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53118",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.880",
"lastModified": "2025-05-02T16:15:30.880",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Se corrige una regresi\u00f3n de eliminaci\u00f3n del directorio del host procfs. scsi_proc_hostdir_rm() disminuye un contador de referencias y, por lo tanto, solo debe llamarse una vez por cada host eliminado. Este cambio no requiere modificar scsi_add_host_with_dma(), ya que scsi_add_host_with_dma() devolver\u00e1 0 (\u00e9xito) si se llama a scsi_proc_host_add()."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53119.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53119",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:30.980",
"lastModified": "2025-05-02T16:15:30.980",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized 'phy' field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n <IRQ>\n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: pn533: inicializar correctamente la estructura pn533_out_arg. La estructura pn533_out_arg, utilizada como contexto temporal para out_urb, no se inicializa correctamente. Su campo \"phy\" no inicializado puede desreferenciarse en casos de error dentro de la funci\u00f3n de devoluci\u00f3n de llamada pn533_out_complete(). Provoca el siguiente error: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 No contaminado 6.2.0-rc3-next-20230110-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Rastreo de llamadas: __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Inicializa el campo con el pn533_usb_phy utilizado actualmente. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53120.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53120",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:31.083",
"lastModified": "2025-05-02T16:15:31.083",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix config page DMA memory leak\n\nA fix for:\n\nDMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Se corrige la p\u00e9rdida de memoria DMA en la p\u00e1gina de configuraci\u00f3n. Una soluci\u00f3n para: DMA-API: pci 0000:83:00.0: el controlador del dispositivo tiene asignaciones DMA pendientes mientras se libera del dispositivo [count=1]"
}
],
"metrics": {},

8
CVE-2023/CVE-2023-531xx/CVE-2023-53121.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-53121",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-05-02T16:15:31.173",
"lastModified": "2025-05-02T16:15:31.173",
"vulnStatus": "Received",
"lastModified": "2025-05-05T20:54:19.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: tcp_make_synack() can be called from process context\n\ntcp_rtx_synack() now could be called in process context as explained in\n0a375c822497 (\"tcp: tcp_rtx_synack() can be called from process\ncontext\").\n\ntcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU\nvariables with preemption enabled. This causes the following BUG:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464\n caller is tcp_make_synack+0x841/0xac0\n Call Trace:\n <TASK>\n dump_stack_lvl+0x10d/0x1a0\n check_preemption_disabled+0x104/0x110\n tcp_make_synack+0x841/0xac0\n tcp_v6_send_synack+0x5c/0x450\n tcp_rtx_synack+0xeb/0x1f0\n inet_rtx_syn_ack+0x34/0x60\n tcp_check_req+0x3af/0x9e0\n tcp_rcv_state_process+0x59b/0x2030\n tcp_v6_do_rcv+0x5f5/0x700\n release_sock+0x3a/0xf0\n tcp_sendmsg+0x33/0x40\n ____sys_sendmsg+0x2f2/0x490\n __sys_sendmsg+0x184/0x230\n do_syscall_64+0x3d/0x90\n\nAvoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use\nTCP_INC_STATS() which is safe to be called from context switch."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: tcp_make_synack() se puede llamar desde el contexto del proceso. tcp_rtx_synack() ahora se puede llamar en el contexto del proceso como se explica en 0a375c822497 (\"tcp: tcp_rtx_synack() se puede llamar desde el contexto del proceso\"). tcp_rtx_synack() podr\u00eda llamar a tcp_make_synack(), que tocar\u00e1 las variables por CPU con la preempci\u00f3n habilitada. Esto provoca el siguiente ERROR: ERROR: uso de __this_cpu_add() en c\u00f3digo preemptible [00000000]: El llamador de ThriftIO1/5464 es tcp_make_synack+0x841/0xac0 Rastreo de llamadas: dump_stack_lvl+0x10d/0x1a0 check_preemption_disabled+0x104/0x110 tcp_make_synack+0x841/0xac0 tcp_v6_send_synack+0x5c/0x450 tcp_rtx_synack+0xeb/0x1f0 inet_rtx_syn_ack+0x34/0x60 tcp_check_req+0x3af/0x9e0 tcp_rcv_state_process+0x59b/0x2030 tcp_v6_do_rcv+0x5f5/0x700 release_sock+0x3a/0xf0 tcp_sendmsg+0x33/0x40 ____sys_sendmsg+0x2f2/0x490 __sys_sendmsg+0x184/0x230 do_syscall_64+0x3d/0x90 Evite llamar a __TCP_INC_STATS(), ya que afectar\u00e1 las variables por CPU. Use TCP_INC_STATS(), que se puede llamar de forma segura desde un cambio de contexto."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More