admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-06T09:04:25.950539+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-06 09:04:29 +00:00
parent e566ff15cd
commit 200e9515da
32 changed files with 1273 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2023/CVE-2023-525xx/CVE-2023-52583.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52583",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:06.553",
"lastModified": "2024-03-06T07:15:06.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let's just remove it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-525xx/CVE-2023-52584.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52584",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.227",
"lastModified": "2024-03-06T07:15:07.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: mediatek: Fix UAF on device remove\n\nThe pmif driver data that contains the clocks is allocated along with\nspmi_controller.\nOn device remove, spmi_controller will be freed first, and then devres\n, including the clocks, will be cleanup.\nThis leads to UAF because putting the clocks will access the clocks in\nthe pmif driver data, which is already freed along with spmi_controller.\n\nThis can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and\nbuilding the kernel with KASAN.\n\nFix the UAF issue by using unmanaged clk_bulk_get() and putting the\nclocks before freeing spmi_controller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-525xx/CVE-2023-52585.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52585",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.290",
"lastModified": "2024-03-06T07:15:07.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-525xx/CVE-2023-52586.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52586",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.443",
"lastModified": "2024-03-06T07:15:07.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add mutex lock in control vblank irq\n\nAdd a mutex lock to control vblank irq to synchronize vblank\nenable/disable operations happening from different threads to prevent\nrace conditions while registering/unregistering the vblank irq callback.\n\nv4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a\n parameter of dpu_encoder_phys.\n -Switch from atomic refcnt to a simple int counter as mutex has\n now been added\nv3: Mistakenly did not change wording in last version. It is done now.\nv2: Slightly changed wording of commit message\n\nPatchwork: https://patchwork.freedesktop.org/patch/571854/"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14f109bf74dd67e1d0469fed859c8e506b0df53f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/45284ff733e4caf6c118aae5131eb7e7cf3eea5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-525xx/CVE-2023-52587.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52587",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.633",
"lastModified": "2024-03-06T07:15:07.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/ipoib: Fix mcast list locking\n\nReleasing the `priv->lock` while iterating the `priv->multicast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\n\n Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)\n -----------------------------------+-----------------------------------\n ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)\n spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)\n list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev)\n &priv->multicast_list, list) |\n ipoib_mcast_join(dev, mcast) |\n spin_unlock_irq(&priv->lock) |\n | spin_lock_irqsave(&priv->lock, flags)\n | list_for_each_entry_safe(mcast, tmcast,\n | &priv->multicast_list, list)\n | list_del(&mcast->list);\n | list_add_tail(&mcast->list, &remove_list)\n | spin_unlock_irqrestore(&priv->lock, flags)\n spin_lock_irq(&priv->lock) |\n | ipoib_mcast_remove_list(&remove_list)\n (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,\n `priv->multicast_list` and we keep | remove_list, list)\n spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done)\n the other thread which is blocked |\n and the list is still valid on |\n it's stack.)\n\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\n\ncrash> bc 31\nPID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: \"kworker/u72:2\"\n--\n [exception RIP: ipoib_mcast_join_task+0x1b1]\n RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002\n RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000\n work (&priv->mcast_task{,.work})\n RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000\n &mcast->list\n RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000\n R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00\n mcast\n R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8\n dev priv (&priv->lock) &priv->multicast_list (aka head)\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n--- <NMI exception stack> ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\n\ncrash> rx ff646f199a8c7e68\nff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work\n\ncrash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\n\ncrash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>,\n mcast_mutex.owner.counter = 0xff1c69998efec000\n\ncrash> b 8\nPID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: \"kworker/u72:0\"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-525xx/CVE-2023-52588.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52588",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:07.820",
"lastModified": "2024-03-06T07:15:07.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to tag gcing flag on page during block migration\n\nIt needs to add missing gcing flag on page during block migration,\nin order to garantee migrated data be persisted during checkpoint,\notherwise out-of-order persistency between data and node may cause\ndata corruption after SPOR.\n\nSimilar issue was fixed by commit 2d1fe8a86bf5 (\"f2fs: fix to tag\ngcing flag on page during file defragment\")."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/417b8a91f4e8831cadaf85c3f15c6991c1f54dde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4961acdd65c956e97c1a000c82d91a8c1cdbe44b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c972c89457511007dfc933814c06786905e515c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ea0f29d9fd84905051be020c0df7d557e286136",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8094c0f1aae329b1c60a275a780d6c2c9ff7aa3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-525xx/CVE-2023-52589.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52589",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:08.053",
"lastModified": "2024-03-06T07:15:08.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ disable race issue\n\nIn rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the\ninterrupts and then apparently assumes that the interrupt handler won't\nbe running, and proceeds in the stop procedure. This is not the case, as\nthe interrupt handler can already be running, which would lead to the\nISP being disabled while the interrupt handler handling a captured\nframe.\n\nThis brings up two issues: 1) the ISP could be powered off while the\ninterrupt handler is still running and accessing registers, leading to\nboard lockup, and 2) the interrupt handler code and the code that\ndisables the streaming might do things that conflict.\n\nIt is not clear to me if 2) causes a real issue, but 1) can be seen with\na suitable delay (or printk in my case) in the interrupt handler,\nleading to board lockup."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7bb1a2822aa2c2de4e09bf7c56dd93bd532f1fa7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/870565f063a58576e8a4529f122cac4325c6b395",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf808f58681cab64c81cd814551814fd34e540fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fab483438342984f2a315fe13c882a80f0f7e545",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-525xx/CVE-2023-52590.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52590",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:08.297",
"lastModified": "2024-03-06T07:15:08.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d618d19b29c2943527e3a43da0a35aea91062fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-525xx/CVE-2023-52591.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52591",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:08.510",
"lastModified": "2024-03-06T07:15:08.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c04c162f82ac403917780eb6d1654694455d4e7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-525xx/CVE-2023-52592.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52592",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:08.733",
"lastModified": "2024-03-06T07:15:08.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos\n\nAn issue occurred while reading an ELF file in libbpf.c during fuzzing:\n\n\tProgram received signal SIGSEGV, Segmentation fault.\n\t0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206\n\t4206 in libbpf.c\n\t(gdb) bt\n\t#0 0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206\n\t#1 0x000000000094f9d6 in bpf_object.collect_relos () at libbpf.c:6706\n\t#2 0x000000000092bef3 in bpf_object_open () at libbpf.c:7437\n\t#3 0x000000000092c046 in bpf_object.open_mem () at libbpf.c:7497\n\t#4 0x0000000000924afa in LLVMFuzzerTestOneInput () at fuzz/bpf-object-fuzzer.c:16\n\t#5 0x000000000060be11 in testblitz_engine::fuzzer::Fuzzer::run_one ()\n\t#6 0x000000000087ad92 in tracing::span::Span::in_scope ()\n\t#7 0x00000000006078aa in testblitz_engine::fuzzer::util::walkdir ()\n\t#8 0x00000000005f3217 in testblitz_engine::entrypoint::main::{{closure}} ()\n\t#9 0x00000000005f2601 in main ()\n\t(gdb)\n\nscn_data was null at this code(tools/lib/bpf/src/libbpf.c):\n\n\tif (rel->r_offset % BPF_INSN_SZ || rel->r_offset >= scn_data->d_size) {\n\nThe scn_data is derived from the code above:\n\n\tscn = elf_sec_by_idx(obj, sec_idx);\n\tscn_data = elf_sec_data(obj, scn);\n\n\trelo_sec_name = elf_sec_str(obj, shdr->sh_name);\n\tsec_name = elf_sec_name(obj, scn);\n\tif (!relo_sec_name || !sec_name)// don't check whether scn_data is NULL\n\t\treturn -EINVAL;\n\nIn certain special scenarios, such as reading a malformed ELF file,\nit is possible that scn_data may be a null pointer"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12473265f50c1e27b0dfd9735738ac418c4bfcce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f3e436832e86b826a6450eb8d1aaa51205a758e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90dbf4535668042fac0d7201ce9e2c8c770c578a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab26541270c722eedf8eefd62797c3ce3d18a91b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc3a5534e2a8855427403113cbeb54af5837bbe0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-525xx/CVE-2023-52593.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52593",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:08.940",
"lastModified": "2024-03-06T07:15:08.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()\n\nSince 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()'\nshould check the return value before examining skb data. So convert\nthe latter to return an appropriate error code and propagate it to\nreturn from 'wfx_start_ap()' as well. Compile tested only."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3739121443f5114c6bcf6d841a5124deb006b878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/574dcd3126aa2eed75437137843f254b1190dd03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ab224744a47363f74ea29c6894c405e3bcf5132",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-525xx/CVE-2023-52594.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52594",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:09.200",
"lastModified": "2024-03-06T07:15:09.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs->cnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs->txstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type '__wmi_event_txstatus [12]'\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2023/CVE-2023-525xx/CVE-2023-52595.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-52595",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:09.453",
"lastModified": "2024-03-06T07:15:09.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: restart beacon queue when hardware reset\n\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don't manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-525xx/CVE-2023-52596.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52596",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:09.657",
"lastModified": "2024-03-06T07:15:09.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix out of bounds access for empty sysctl registers\n\nWhen registering tables to the sysctl subsystem there is a check to see\nif header is a permanently empty directory (used for mounts). This check\nevaluates the first element of the ctl_table. This results in an out of\nbounds evaluation when registering empty directories.\n\nThe function register_sysctl_mount_point now passes a ctl_table of size\n1 instead of size 0. It now relies solely on the type to identify\na permanently empty register.\n\nMake sure that the ctl_table has at least one element before testing for\npermanent emptiness."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15893975e9e382f8294ea8d926f08dc2d8d39ede",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ae7081bc10123b187e36a4f3a8e53768de31489",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/315552310c7de92baea4e570967066569937a843",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-525xx/CVE-2023-52597.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52597",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:09.827",
"lastModified": "2024-03-06T07:15:09.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-525xx/CVE-2023-52598.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52598",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:09.990",
"lastModified": "2024-03-06T07:15:09.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ptrace: handle setting of fpc register correctly\n\nIf the content of the floating point control (fpc) register of a traced\nprocess is modified with the ptrace interface the new value is tested for\nvalidity by temporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the tracing process:\nif an interrupt happens while the value is temporarily loaded into the\nfpc register, and within interrupt context floating point or vector\nregisters are used, the current fp/vx registers are saved with\nsave_fpu_regs() assuming they belong to user space and will be loaded into\nfp/vx registers when returning to user space.\n\ntest_fp_ctl() restores the original user space fpc register value, however\nit will be discarded, when returning to user space.\n\nIn result the tracer will incorrectly continue to run with the value that\nwas supposed to be used for the traced process.\n\nFix this by saving fpu register contents with save_fpu_regs() before using\ntest_fp_ctl()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-525xx/CVE-2023-52599.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52599",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.210",
"lastModified": "2024-03-06T07:15:10.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diNewExt\n\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type 'struct iagctl[128]'\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\n\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\n\n\nModified the test from agno > MAXAG to agno >= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52600.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52600",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.497",
"lastModified": "2024-03-06T07:15:10.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52601.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52601",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.680",
"lastModified": "2024-03-06T07:15:10.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbAdjTree\n\nCurrently there is a bound check missing in the dbAdjTree while\naccessing the dmt_stree. To add the required check added the bool is_ctl\nwhich is required to determine the size as suggest in the following\ncommit.\nhttps://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52602.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52602",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.883",
"lastModified": "2024-03-06T07:15:10.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds Read in dtSearch\n\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\n\nDave:\nSet return code to -EIO"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52603.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52603",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.120",
"lastModified": "2024-03-06T07:15:11.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUBSAN: array-index-out-of-bounds in dtSplitRoot\n\nSyzkaller reported the following issue:\n\noop0: detected capacity change from 0 to 32768\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type 'struct dtslot [128]'\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n </TASK>\n\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\n\nThe patch is tested via syzbot."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52604.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52604",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.347",
"lastModified": "2024-03-06T07:15:11.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]')\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n </TASK>\n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n </TASK>\nKernel Offset: disabled\nRebooting in 86400 seconds..\n\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\n\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama's patch at use WARN_ON_ONCE for lack of a cleaner option.\n\nThe patch is tested via syzbot."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52605.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52605",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.560",
"lastModified": "2024-03-06T07:15:11.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: extlog: fix NULL pointer dereference check\n\nThe gcc plugin -fanalyzer [1] tries to detect various\npatterns of incorrect behaviour. The tool reports:\n\ndrivers/acpi/acpi_extlog.c: In function \u2018extlog_exit\u2019:\ndrivers/acpi/acpi_extlog.c:307:12: warning: check of \u2018extlog_l1_addr\u2019 for NULL after already dereferencing it [-Wanalyzer-deref-before-check]\n |\n | 306 | ((struct extlog_l1_head *)extlog_l1_addr)->flags &= ~FLAG_OS_OPTIN;\n | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~\n | | |\n | | (1) pointer \u2018extlog_l1_addr\u2019 is dereferenced here\n | 307 | if (extlog_l1_addr)\n | | ~\n | | |\n | | (2) pointer \u2018extlog_l1_addr\u2019 is checked for NULL here but it was already dereferenced at (1)\n |\n\nFix the NULL pointer dereference check in extlog_exit()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/33650372e3ead97c5ab3b84d9ad97737bc5e00c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5457b0cbaa0238fc56b855c4ef2c0b9cc9c559ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72d9b9747e78979510e9aafdd32eb99c7aa30dd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/77846571b3ba6a6125a20ad109bb8514ba884cf9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b17a71435e7e153e949df018244a98b4ede04069",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7b33627be0626b16ca321b982d6a2261ef7f703",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2049af7ddbc361702c3e1f09bd6c5e9488454ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f066171de33d71ff0f7c46bd17636a5a26db3fb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52606.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52606",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.750",
"lastModified": "2024-03-06T07:15:11.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52607.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52607",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.970",
"lastModified": "2024-03-06T07:15:11.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-266xx/CVE-2024-26623.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-26623",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.173",
"lastModified": "2024-03-06T07:15:12.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: Prevent race issues involving the adminq\n\nThere are multiple paths that can result in using the pdsc's\nadminq.\n\n[1] pdsc_adminq_isr and the resulting work from queue_work(),\n i.e. pdsc_work_thread()->pdsc_process_adminq()\n\n[2] pdsc_adminq_post()\n\nWhen the device goes through reset via PCIe reset and/or\na fw_down/fw_up cycle due to bad PCIe state or bad device\nstate the adminq is destroyed and recreated.\n\nA NULL pointer dereference can happen if [1] or [2] happens\nafter the adminq is already destroyed.\n\nIn order to fix this, add some further state checks and\nimplement reference counting for adminq uses. Reference\ncounting was used because multiple threads can attempt to\naccess the adminq at the same time via [1] or [2]. Additionally,\nmultiple clients (i.e. pds-vfio-pci) can be using [2]\nat the same time.\n\nThe adminq_refcnt is initialized to 1 when the adminq has been\nallocated and is ready to use. Users/clients of the adminq\n(i.e. [1] and [2]) will increment the refcnt when they are using\nthe adminq. When the driver goes into a fw_down cycle it will\nset the PDSC_S_FW_DEAD bit and then wait for the adminq_refcnt\nto hit 1. Setting the PDSC_S_FW_DEAD before waiting will prevent\nany further adminq_refcnt increments. Waiting for the\nadminq_refcnt to hit 1 allows for any current users of the adminq\nto finish before the driver frees the adminq. Once the\nadminq_refcnt hits 1 the driver clears the refcnt to signify that\nthe adminq is deleted and cannot be used. On the fw_up cycle the\ndriver will once again initialize the adminq_refcnt to 1 allowing\nthe adminq to be used again."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/22cd6046eb2148b18990257505834dd45c672a1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5939feb63ea1f011027576c64b68b681cbad31ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e82a8745b951b1e794cc780d46f3fbee5e93447",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-266xx/CVE-2024-26624.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-26624",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.360",
"lastModified": "2024-03-06T07:15:12.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: fix lockdep positive in sk_diag_dump_icons()\n\nsyzbot reported a lockdep splat [1].\n\nBlamed commit hinted about the possible lockdep\nviolation, and code used unix_state_lock_nested()\nin an attempt to silence lockdep.\n\nIt is not sufficient, because unix_state_lock_nested()\nis already used from unix_state_double_lock().\n\nWe need to use a separate subclass.\n\nThis patch adds a distinct enumeration to make things\nmore explicit.\n\nAlso use swap() in unix_state_double_lock() as a clean up.\n\nv2: add a missing inline keyword to unix_state_lock_nested()\n\n[1]\nWARNING: possible circular locking dependency detected\n6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted\n\nsyz-executor.1/2542 is trying to acquire lock:\n ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n\nbut task is already holding lock:\n ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&u->lock/1){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378\n sk_diag_dump_icons net/unix/diag.c:87 [inline]\n sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157\n sk_diag_dump net/unix/diag.c:196 [inline]\n unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220\n netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319\n sock_diag_rcv_msg+0xe3/0x400\n netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_write_iter+0x39a/0x520 net/socket.c:1160\n call_write_iter include/linux/fs.h:2085 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa74/0xca0 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\n-> #0 (rlock-AF_UNIX){+.+.}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863\n unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x592/0x890 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724\n __do_sys_sendmmsg net/socket.c:2753 [inline]\n __se_sys_sendmmsg net/socket.c:2750 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e7f3e0381c002cb2abde42f09ad511991a8ebaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/875f31aaa67e306098befa5e798a049075910fa7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2104f43876408b164be5fd58f9b6a3a73b77746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b169ffde733c5adf01788ae091c377f0eca44806",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2d272a9a1e8f22ba584589219f6fe1886a3595f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8f6b3b864cb876e9ee21666a391c9ee290682ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f199018dc762dfa501f6d96a424468a0f3c10d9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-266xx/CVE-2024-26625.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-26625",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.587",
"lastModified": "2024-03-06T07:15:12.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: call sock_orphan() at release time\n\nsyzbot reported an interesting trace [1] caused by a stale sk->sk_wq\npointer in a closed llc socket.\n\nIn commit ff7b11aa481f (\"net: socket: set sock->sk to NULL after\ncalling proto_ops::release()\") Eric Biggers hinted that some protocols\nare missing a sock_orphan(), we need to perform a full audit.\n\nIn net-next, I plan to clear sock->sk from sock_orphan() and\namend Eric patch to add a warning.\n\n[1]\n BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]\n BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]\n BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\nRead of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27\n\nCPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n list_empty include/linux/list.h:373 [inline]\n waitqueue_active include/linux/wait.h:127 [inline]\n sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\n skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080\n skb_release_all net/core/skbuff.c:1092 [inline]\n napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404\n e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970\n e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]\n e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801\n __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x956/0xe90 net/core/dev.c:6778\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x31/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n </TASK>\n\nAllocated by task 5167:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3019 [inline]\n sock_alloc_inode+0x25/0x1c0 net/socket.c:308\n alloc_inode+0x5d/0x220 fs/inode.c:260\n new_inode_pseudo+0x16/0x80 fs/inode.c:1005\n sock_alloc+0x40/0x270 net/socket.c:634\n __sock_create+0xbc/0x800 net/socket.c:1535\n sock_create net/socket.c:1622 [inline]\n __sys_socket_create net/socket.c:1659 [inline]\n __sys_socket+0x14c/0x260 net/socket.c:1706\n __do_sys_socket net/socket.c:1720 [inline]\n __se_sys_socket net/socket.c:1718 [inline]\n __x64_sys_socket+0x72/0xb0 net/socket.c:1718\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFreed by task 0:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\n poison_slab_object mm/kasan/common.c:241 [inline]\n __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2121 [inlin\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-266xx/CVE-2024-26626.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-26626",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.810",
"lastModified": "2024-03-06T07:15:12.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: fix kernel panic when forwarding mcast packets\n\nThe stacktrace was:\n[ 86.305548] BUG: kernel NULL pointer dereference, address: 0000000000000092\n[ 86.306815] #PF: supervisor read access in kernel mode\n[ 86.307717] #PF: error_code(0x0000) - not-present page\n[ 86.308624] PGD 0 P4D 0\n[ 86.309091] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1\n[ 86.311027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 04/01/2014\n[ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985)\n[ 86.313399] Code: f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49 8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff ff 49 83 47 38 01 45 85 e4 0f\n[ 86.316565] RSP: 0018:ffffad21c0583ae0 EFLAGS: 00010246\n[ 86.317497] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 86.318596] RDX: ffff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 86.319627] RBP: ffffad21c0583b30 R08: 0000000000000000 R09: 0000000000000000\n[ 86.320650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001\n[ 86.321672] R13: ffff9559c093a000 R14: ffff9559cc00b800 R15: ffff9559c09c1d80\n[ 86.322873] FS: 00007f85db661980(0000) GS:ffff955a79d00000(0000) knlGS:0000000000000000\n[ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 86.325314] CR2: 0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0\n[ 86.326589] Call Trace:\n[ 86.327036] <TASK>\n[ 86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479)\n[ 86.328049] ? __die (/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434)\n[ 86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707)\n[ 86.329107] ? do_user_addr_fault (/build/work/knet/arch/x86/mm/fault.c:1264)\n[ 86.329756] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.330350] ? __irq_work_queue_local (/build/work/knet/kernel/irq_work.c:111 (discriminator 1))\n[ 86.331013] ? exc_page_fault (/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515 /build/work/knet/arch/x86/mm/fault.c:1563)\n[ 86.331702] ? asm_exc_page_fault (/build/work/knet/./arch/x86/include/asm/idtentry.h:570)\n[ 86.332468] ? ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985)\n[ 86.333183] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.333920] ipmr_mfc_add (/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet/net/ipv4/ipmr.c:1009 /build/work/knet/net/ipv4/ipmr.c:1273)\n[ 86.334583] ? __pfx_ipmr_hash_cmp (/build/work/knet/net/ipv4/ipmr.c:363)\n[ 86.335357] ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470)\n[ 86.336135] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.336854] ? ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470)\n[ 86.337679] do_ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:944)\n[ 86.338408] ? __pfx_unix_stream_read_actor (/build/work/knet/net/unix/af_unix.c:2862)\n[ 86.339232] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.339809] ? aa_sk_perm (/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181)\n[ 86.340342] ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:1415)\n[ 86.340859] raw_setsockopt (/build/work/knet/net/ipv4/raw.c:836)\n[ 86.341408] ? security_socket_setsockopt (/build/work/knet/security/security.c:4561 (discriminator 13))\n[ 86.342116] sock_common_setsockopt (/build/work/knet/net/core/sock.c:3716)\n[ 86.342747] do_sock_setsockopt (/build/work/knet/net/socket.c:2313)\n[ 86.343363] __sys_setsockopt (/build/work/knet/./include/linux/file.h:32 /build/work/kn\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-266xx/CVE-2024-26627.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-26627",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.973",
"lastModified": "2024-03-06T07:15:12.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-266xx/CVE-2024-26628.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-26628",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:13.173",
"lastModified": "2024-03-06T07:15:13.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-fkuehlin #276 Not tainted\n------------------------------------------------------\nkworker/8:2/2676 is trying to acquire lock:\nffff9435aae95c88 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}, at: __flush_work+0x52/0x550\n\nbut task is already holding lock:\nffff9435cd8e1720 (&svms->lock){+.+.}-{3:3}, at: svm_range_deferred_list_work+0xe8/0x340 [amdgpu]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (&svms->lock){+.+.}-{3:3}:\n __mutex_lock+0x97/0xd30\n kfd_ioctl_alloc_memory_of_gpu+0x6d/0x3c0 [amdgpu]\n kfd_ioctl+0x1b2/0x5d0 [amdgpu]\n __x64_sys_ioctl+0x86/0xc0\n do_syscall_64+0x39/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n-> #1 (&mm->mmap_lock){++++}-{3:3}:\n down_read+0x42/0x160\n svm_range_evict_svm_bo_worker+0x8b/0x340 [amdgpu]\n process_one_work+0x27a/0x540\n worker_thread+0x53/0x3e0\n kthread+0xeb/0x120\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x11/0x20\n\n-> #0 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}:\n __lock_acquire+0x1426/0x2200\n lock_acquire+0xc1/0x2b0\n __flush_work+0x80/0x550\n __cancel_work_timer+0x109/0x190\n svm_range_bo_release+0xdc/0x1c0 [amdgpu]\n svm_range_free+0x175/0x180 [amdgpu]\n svm_range_deferred_list_work+0x15d/0x340 [amdgpu]\n process_one_work+0x27a/0x540\n worker_thread+0x53/0x3e0\n kthread+0xeb/0x120\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x11/0x20\n\nother info that might help us debug this:\n\nChain exists of:\n (work_completion)(&svm_bo->eviction_work) --> &mm->mmap_lock --> &svms->lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&svms->lock);\n lock(&mm->mmap_lock);\n lock(&svms->lock);\n lock((work_completion)(&svm_bo->eviction_work));\n\nI believe this cannot really lead to a deadlock in practice, because\nsvm_range_evict_svm_bo_worker only takes the mmap_read_lock if the BO\nrefcount is non-0. That means it's impossible that svm_range_bo_release\nis running concurrently. However, there is no good way to annotate this.\n\nTo avoid the problem, take a BO reference in\nsvm_range_schedule_evict_svm_bo instead of in the worker. That way it's\nimpossible for a BO to get freed while eviction work is pending and the\ncancel_work_sync call in svm_range_bo_release can be eliminated.\n\nv2: Use svm_bo_ref_unless_zero and explained why that's safe. Also\nremoved redundant checks that are already done in\namdkfd_fence_enable_signaling."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/28d2d623d2fbddcca5c24600474e92f16ebb3a05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/47bf0f83fc86df1bf42b385a91aadb910137c5c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a70663ba02bd4e19aea8d70c979eb3bd03d839d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b25d397162b0316ceda40afaa63ee0c4a97d28b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb96e492d72d143d57db2d2bc143a1cee8741807",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-03-06T07:00:32.685166+00:00 2024-03-06T09:04:25.950539+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-03-06T06:15:50.467000+00:00 2024-03-06T07:15:13.173000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,16 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
240627 240658
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `31`
* [CVE-2024-1760](CVE-2024/CVE-2024-17xx/CVE-2024-1760.json) (`2024-03-06T06:15:49.903`) * [CVE-2023-52589](CVE-2023/CVE-2023-525xx/CVE-2023-52589.json) (`2024-03-06T07:15:08.053`)
* [CVE-2024-1771](CVE-2024/CVE-2024-17xx/CVE-2024-1771.json) (`2024-03-06T06:15:50.293`) * [CVE-2023-52590](CVE-2023/CVE-2023-525xx/CVE-2023-52590.json) (`2024-03-06T07:15:08.297`)
* [CVE-2024-1989](CVE-2024/CVE-2024-19xx/CVE-2024-1989.json) (`2024-03-06T06:15:50.467`) * [CVE-2023-52591](CVE-2023/CVE-2023-525xx/CVE-2023-52591.json) (`2024-03-06T07:15:08.510`)
* [CVE-2023-52592](CVE-2023/CVE-2023-525xx/CVE-2023-52592.json) (`2024-03-06T07:15:08.733`)
* [CVE-2023-52593](CVE-2023/CVE-2023-525xx/CVE-2023-52593.json) (`2024-03-06T07:15:08.940`)
* [CVE-2023-52594](CVE-2023/CVE-2023-525xx/CVE-2023-52594.json) (`2024-03-06T07:15:09.200`)
* [CVE-2023-52595](CVE-2023/CVE-2023-525xx/CVE-2023-52595.json) (`2024-03-06T07:15:09.453`)
* [CVE-2023-52596](CVE-2023/CVE-2023-525xx/CVE-2023-52596.json) (`2024-03-06T07:15:09.657`)
* [CVE-2023-52597](CVE-2023/CVE-2023-525xx/CVE-2023-52597.json) (`2024-03-06T07:15:09.827`)
* [CVE-2023-52598](CVE-2023/CVE-2023-525xx/CVE-2023-52598.json) (`2024-03-06T07:15:09.990`)
* [CVE-2023-52599](CVE-2023/CVE-2023-525xx/CVE-2023-52599.json) (`2024-03-06T07:15:10.210`)
* [CVE-2023-52600](CVE-2023/CVE-2023-526xx/CVE-2023-52600.json) (`2024-03-06T07:15:10.497`)
* [CVE-2023-52601](CVE-2023/CVE-2023-526xx/CVE-2023-52601.json) (`2024-03-06T07:15:10.680`)
* [CVE-2023-52602](CVE-2023/CVE-2023-526xx/CVE-2023-52602.json) (`2024-03-06T07:15:10.883`)
* [CVE-2023-52603](CVE-2023/CVE-2023-526xx/CVE-2023-52603.json) (`2024-03-06T07:15:11.120`)
* [CVE-2023-52604](CVE-2023/CVE-2023-526xx/CVE-2023-52604.json) (`2024-03-06T07:15:11.347`)
* [CVE-2023-52605](CVE-2023/CVE-2023-526xx/CVE-2023-52605.json) (`2024-03-06T07:15:11.560`)
* [CVE-2023-52606](CVE-2023/CVE-2023-526xx/CVE-2023-52606.json) (`2024-03-06T07:15:11.750`)
* [CVE-2023-52607](CVE-2023/CVE-2023-526xx/CVE-2023-52607.json) (`2024-03-06T07:15:11.970`)
* [CVE-2024-26623](CVE-2024/CVE-2024-266xx/CVE-2024-26623.json) (`2024-03-06T07:15:12.173`)
* [CVE-2024-26624](CVE-2024/CVE-2024-266xx/CVE-2024-26624.json) (`2024-03-06T07:15:12.360`)
* [CVE-2024-26625](CVE-2024/CVE-2024-266xx/CVE-2024-26625.json) (`2024-03-06T07:15:12.587`)
* [CVE-2024-26626](CVE-2024/CVE-2024-266xx/CVE-2024-26626.json) (`2024-03-06T07:15:12.810`)
* [CVE-2024-26627](CVE-2024/CVE-2024-266xx/CVE-2024-26627.json) (`2024-03-06T07:15:12.973`)
* [CVE-2024-26628](CVE-2024/CVE-2024-266xx/CVE-2024-26628.json) (`2024-03-06T07:15:13.173`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit