From 243c9c75cc4807d13cb167db0c816002d10b01ec Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 27 Feb 2025 05:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-02-27T05:00:20.020894+00:00 --- CVE-2021/CVE-2021-471xx/CVE-2021-47109.json | 144 +++++++++- CVE-2021/CVE-2021-471xx/CVE-2021-47111.json | 122 +++++++- CVE-2021/CVE-2021-471xx/CVE-2021-47117.json | 201 +++++++++++-- CVE-2021/CVE-2021-471xx/CVE-2021-47118.json | 202 ++++++++++++-- CVE-2021/CVE-2021-471xx/CVE-2021-47131.json | 117 +++++++- CVE-2021/CVE-2021-471xx/CVE-2021-47134.json | 117 +++++++- CVE-2021/CVE-2021-471xx/CVE-2021-47135.json | 100 ++++++- CVE-2023/CVE-2023-514xx/CVE-2023-51407.json | 52 +++- CVE-2023/CVE-2023-514xx/CVE-2023-51486.json | 52 +++- CVE-2023/CVE-2023-514xx/CVE-2023-51487.json | 52 +++- CVE-2023/CVE-2023-514xx/CVE-2023-51489.json | 52 +++- CVE-2023/CVE-2023-514xx/CVE-2023-51491.json | 52 +++- CVE-2023/CVE-2023-515xx/CVE-2023-51510.json | 52 +++- CVE-2023/CVE-2023-515xx/CVE-2023-51512.json | 64 ++++- CVE-2023/CVE-2023-526xx/CVE-2023-52612.json | 207 ++++++++++++-- CVE-2024/CVE-2024-04xx/CVE-2024-0440.json | 63 ++++- CVE-2024/CVE-2024-04xx/CVE-2024-0455.json | 63 ++++- CVE-2024/CVE-2024-07xx/CVE-2024-0780.json | 71 ++++- CVE-2024/CVE-2024-07xx/CVE-2024-0798.json | 73 ++++- CVE-2024/CVE-2024-124xx/CVE-2024-12463.json | 54 +++- CVE-2024/CVE-2024-125xx/CVE-2024-12526.json | 32 ++- CVE-2024/CVE-2024-14xx/CVE-2024-1436.json | 42 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1622.json | 117 +++++++- CVE-2024/CVE-2024-22xx/CVE-2024-2247.json | 52 +++- CVE-2024/CVE-2024-266xx/CVE-2024-26629.json | 151 +++++++++- CVE-2024/CVE-2024-290xx/CVE-2024-29099.json | 52 +++- CVE-2024/CVE-2024-291xx/CVE-2024-29127.json | 52 +++- CVE-2024/CVE-2024-291xx/CVE-2024-29128.json | 52 +++- CVE-2024/CVE-2024-495xx/CVE-2024-49570.json | 29 ++ CVE-2024/CVE-2024-525xx/CVE-2024-52557.json | 25 ++ CVE-2024/CVE-2024-525xx/CVE-2024-52559.json | 29 ++ CVE-2024/CVE-2024-525xx/CVE-2024-52560.json | 25 ++ CVE-2024/CVE-2024-544xx/CVE-2024-54456.json | 33 +++ CVE-2024/CVE-2024-544xx/CVE-2024-54458.json | 37 +++ CVE-2024/CVE-2024-578xx/CVE-2024-57834.json | 37 +++ CVE-2024/CVE-2024-578xx/CVE-2024-57852.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58001.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58002.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58003.json | 33 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58004.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58005.json | 33 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58006.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58007.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58008.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58009.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58010.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58011.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58012.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58013.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58014.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58015.json | 25 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58016.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58017.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58018.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58019.json | 29 ++ CVE-2024/CVE-2024-580xx/CVE-2024-58020.json | 37 +++ CVE-2024/CVE-2024-580xx/CVE-2024-58021.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21732.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21733.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21734.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21735.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21736.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21737.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21738.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21739.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21740.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21741.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21742.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21743.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21744.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21745.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21746.json | 25 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21747.json | 25 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21748.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21749.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21750.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21751.json | 25 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21752.json | 25 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21753.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21754.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21755.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21756.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21757.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21758.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21759.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21760.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21761.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21762.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21763.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21764.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21765.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21766.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21767.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21768.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21769.json | 25 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21770.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21771.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21772.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21773.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21774.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21775.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21776.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21777.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21778.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21779.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21780.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21781.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21782.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21783.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21784.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21785.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21786.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21787.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21788.json | 29 ++ CVE-2025/CVE-2025-217xx/CVE-2025-21789.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21790.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21791.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21792.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21793.json | 33 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21794.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21795.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21796.json | 37 +++ CVE-2025/CVE-2025-217xx/CVE-2025-21797.json | 25 ++ README.md | 101 ++++--- _state.csv | 295 +++++++++++++------- 125 files changed, 5652 insertions(+), 355 deletions(-) create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49570.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52557.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52559.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52560.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54456.json create mode 100644 CVE-2024/CVE-2024-544xx/CVE-2024-54458.json create mode 100644 CVE-2024/CVE-2024-578xx/CVE-2024-57834.json create mode 100644 CVE-2024/CVE-2024-578xx/CVE-2024-57852.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58001.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58002.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58003.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58004.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58005.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58006.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58007.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58008.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58009.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58010.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58011.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58012.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58013.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58014.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58015.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58016.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58017.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58018.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58019.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58020.json create mode 100644 CVE-2024/CVE-2024-580xx/CVE-2024-58021.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21732.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21733.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21734.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21735.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21736.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21737.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21738.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21739.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21740.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21741.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21742.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21743.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21744.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21745.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21746.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21747.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21748.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21749.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21750.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21751.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21752.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21753.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21754.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21755.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21756.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21757.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21758.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21759.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21760.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21761.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21762.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21763.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21764.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21765.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21766.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21767.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21768.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21769.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21770.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21771.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21772.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21773.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21774.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21775.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21776.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21777.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21778.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21779.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21780.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21781.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21782.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21783.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21784.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21785.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21786.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21787.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21788.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21789.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21790.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21791.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21792.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21793.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21794.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21795.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21796.json create mode 100644 CVE-2025/CVE-2025-217xx/CVE-2025-21797.json diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47109.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47109.json index 69447e42313..166376e38d4 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47109.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47109.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47109", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:06.457", - "lastModified": "2024-11-21T06:35:24.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vecino: permite forzar las entradas NUD_NOARP. Las interfaces GCed IFF_POINTOPOINT utilizan entradas NUD_NOARP para IPv6. Es posible llenar la tabla de vecinos con suficientes entradas para que despu\u00e9s de eso se desborde de conexiones v\u00e1lidas. Este comportamiento es m\u00e1s frecuente despu\u00e9s de aplicar el commit 58956317c8de (\"vecino: mejorar la recolecci\u00f3n de basura\"), ya que evita la eliminaci\u00f3n de entradas que no son NUD_FAILED, a menos que tengan m\u00e1s de 5 a\u00f1os de antig\u00fcedad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.4.125", + "matchCriteriaId": "727FEE94-99C9-47A3-A4EA-1E491FF6C861" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "B2136BD5-4F86-40C8-96C8-5C90A015490C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", + "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", + "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47111.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47111.json index b3b758e8c84..84dd0bc1ce0 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47111.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47111.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47111", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:06.577", - "lastModified": "2024-11-21T06:35:25.200", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,135 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen-netback: toma una referencia al hilo de la tarea RX. Haga esto para evitar que la tarea se libere si el hilo regresa (que puede ser activado por el frontend) antes de que llamada a kthread_stop realizada como parte del desmontaje del backend. No tomar la referencia conducir\u00e1 a un use-after-free en ese escenario. Esta referencia se tom\u00f3 antes, pero se elimin\u00f3 como parte de la revisi\u00f3n realizada en 2ac061ce97f4. Vuelva a introducir la toma de referencia y agregue esta vez un comentario explicando por qu\u00e9 es necesario. Este es XSA-374/CVE-2021-28691." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "B2136BD5-4F86-40C8-96C8-5C90A015490C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", + "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/107866a8eb0b664675a260f1ba0655010fac1e08", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b53db8c4c14b4e7256f058d202908b54a7b85b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/caec9bcaeb1a5f03f2d406305355c853af10c13e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/107866a8eb0b664675a260f1ba0655010fac1e08", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b53db8c4c14b4e7256f058d202908b54a7b85b4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/caec9bcaeb1a5f03f2d406305355c853af10c13e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47117.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47117.json index 4a1653cd1e2..db58401e32f 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47117.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47117.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47117", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:06.887", - "lastModified": "2024-11-21T06:35:25.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,234 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ext4: corrigi\u00f3 el error en ext4_es_cache_extent ya que ext4_split_extent_at fall\u00f3. Obtuvimos el seguimiento de bug_on cuando ejecutamos fsstress con la inyecci\u00f3n de error de IO: [130747.323114] ERROR del kernel en fs/ext4/extents_status.c:762. [130747.323117] Error interno: Vaya - ERROR: 0 [#1] SMP ...... [130747.334329] Rastreo de llamadas: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x 64/0xe8 [ext4] [130747.335368] text4_find_extent+0x300/0x330 [ext4] [130747.335759] text4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] text4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54 /0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [13 0747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110 ] ksys_read+0x74/0xf0 La modificaci\u00f3n de este parche se realiza seg\u00fan la sugerencia de Jan Kara en: https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ \"Ya veo. Ahora Entiendo su parche. Honestamente, viendo lo fr\u00e1gil que es intentar arreglar el \u00e1rbol de extensi\u00f3n despu\u00e9s de que la divisi\u00f3n fall\u00f3 en el medio, probablemente ir\u00eda a\u00fan m\u00e1s lejos y me asegurar\u00eda de arreglar el \u00e1rbol correctamente en el caso de ENOSPC y EDQUOT (esos son f\u00e1cilmente activables por el usuario). ). Cualquier otra cosa indica un problema de hardware o corrupci\u00f3n de fs, por lo que prefiero dejar el \u00e1rbol de extensiones como est\u00e1 y no intentar arreglarlo (lo que tambi\u00e9n significa que no crearemos extensiones superpuestas)\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.4.272", + "matchCriteriaId": "99854A18-73AB-4333-A59F-D4905B9A977B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.272", + "matchCriteriaId": "8FEC5189-264E-4620-BD41-8B5E44F20D80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.236", + "matchCriteriaId": "32BD3098-E25B-4893-87B7-49DAAD61B503" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.194", + "matchCriteriaId": "219AB3A3-BDC8-47F5-A638-4A3D5D451EC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.125", + "matchCriteriaId": "552FBD6A-793D-4EE1-9D44-69978256AA46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "B2136BD5-4F86-40C8-96C8-5C90A015490C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/082cd4ec240b8734a82a89ffb890216ac98fec68", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48105dc98c9ca35af418746277b087cb2bc6df7c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/569496aa3776eea1ff0d49d0174ac1b7e861e107", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b3a9a2be59478b013a430ac57b0f3d65471b071", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/920697b004e49cb026e2e15fe91be065bf0741b7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d3b668b96ad3192c0581a248ae2f596cd054792a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d8116743ef5432336289256b2f7c117299213eb9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e33bafad30d34cfa5e9787cb099cab05e2677fcb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/082cd4ec240b8734a82a89ffb890216ac98fec68", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48105dc98c9ca35af418746277b087cb2bc6df7c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/569496aa3776eea1ff0d49d0174ac1b7e861e107", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5b3a9a2be59478b013a430ac57b0f3d65471b071", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/920697b004e49cb026e2e15fe91be065bf0741b7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d3b668b96ad3192c0581a248ae2f596cd054792a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d8116743ef5432336289256b2f7c117299213eb9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e33bafad30d34cfa5e9787cb099cab05e2677fcb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47118.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47118.json index 09a60e1d582..ff349e8238c 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47118.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47118.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47118", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:06.943", - "lastModified": "2024-11-21T06:35:25.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,235 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pid: toma una referencia al inicializar `cad_pid` Durante el arranque, kernel_init_freeable() inicializa `cad_pid` en la estructura pid de la tarea de inicio. M\u00e1s adelante, podemos cambiar `cad_pid` mediante un sysctl, y cuando esto suceda, proc_do_cad_pid() incrementar\u00e1 el recuento en el nuevo pid mediante get_pid(), y disminuir\u00e1 el recuento en el pid antiguo mediante put_pid(). Como nunca llamamos a get_pid() cuando inicializamos `cad_pid`, disminuimos una referencia que nunca incrementamos, por lo que podemos liberar la estructura pid de la tarea de inicio antes. Como puede haber referencias pendientes a la estructura pid, m\u00e1s adelante podemos encontrarnos con un use-after-free (por ejemplo, al entregar se\u00f1ales). Esto se detect\u00f3 al fusionar v5.13-rc3 con Syzkaller, pero parece haber existido desde la conversi\u00f3n de `cad_pid` a struct pid en el commit 9ec52099e4b8 (\"[PATCH] reemplaza cad_pid por una estructura pid\") del pre-KASAN edad de piedra de v2.6.19. Solucione este problema obteniendo una referencia a la estructura pid de la tarea de inicio cuando la asignamos a `cad_pid`. S\u00edmbolo completo de KASAN a continuaci\u00f3n. ==================================================== ================ ERROR: KASAN: use-after-free en ns_of_pid include/linux/pid.h:153 [en l\u00ednea] ERROR: KASAN: use-after-free en task_active_pid_ns +0xc0/0xc8 kernel/pid.c:509 Lectura de tama\u00f1o 4 en addr ffff23794dda0004 por tarea syz-executor.0/273 CPU: 1 PID: 273 Comm: syz-executor.0 No contaminado 5.12.0-00001-g9aef892b2d15 # 1 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: ns_of_pid include/linux/pid.h:153 [en l\u00ednea] task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 do_notify_parent+0x308/0xe60 kernel/signal.c :1950 exit_notify kernel/exit.c:682 [en l\u00ednea] do_exit+0x2334/0x2bd0 kernel/exit.c:845 do_group_exit+0x108/0x2c8 kernel/exit.c:922 get_signal+0x4e4/0x2a88 kernel/signal.c:2781 do_signal arch/arm64/kernel/signal.c:882 [en l\u00ednea] do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936 work_pending+0xc/0x2dc Asignado por tarea 0: slab_post_alloc_hook+0x50/0x5c0 mm/slab.h :516 slab_alloc_node mm/slub.c:2907 [en l\u00ednea] slab_alloc mm/slub.c:2915 [en l\u00ednea] kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920 alloc_pid+0xdc/0xc00 kernel/pid.c:180 copy_process+ 0x2794/0x5e18 kernel/fork.c:2129 kernel_clone+0x194/0x13c8 kernel/fork.c:2500 kernel_thread+0xd4/0x110 kernel/fork.c:2552 rest_init+0x44/0x4a0 init/main.c:687 arch_call_rest_init+0x1c/ 0x28 start_kernel+0x520/0x554 init/main.c:1064 0x0 Liberado por la tarea 270: slab_free_hook mm/slub.c:1562 [en l\u00ednea] slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600 slab_free mm/slub.c:3161 [en l\u00ednea] kmem_cache_free+0x224/0x8e0 mm/slub.c:3177 put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114 put_pid+0x30/0x48 kernel/pid.c:109 proc_do_cad_pid+0x190/0x1b0 kernel/ sysctl.c:1401 proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591 proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617 call_write_iter include/linux/fs.h:1977 [en l\u00ednea] new_sync_write+0x3ac/ 0x510 fs/read_write.c:518 vfs_write fs/read_write.c:605 [en l\u00ednea] vfs_write+0x9c4/0x1018 fs/read_write.c:585 ksys_write+0x124/0x240 fs/read_write.c:658 __do_sys_write fs/read_write.c: 670 [en l\u00ednea] __se_sys_write fs/read_write.c:667 [en l\u00ednea] __arm64_sys_write+0x78/0xb0 fs/read_write.c:667 __invoke_syscall arch/arm64/kernel/syscall.c:37 [en l\u00ednea] invoke_syscall arch/arm64/kernel/syscall .c:49 [en l\u00ednea] el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168 el0_svc+0x28/0x38 arch/ arm64/kernel/entry-common.c:416 el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432 el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701 La direcci\u00f3n del error pertenece a el objeto en ffff23794dda0000 que pertenece al pid de cach\u00e9 de tama\u00f1o 224.---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.19", + "versionEndExcluding": "4.4.272", + "matchCriteriaId": "29036811-1F9B-4A08-8FE1-0E5D46AB14FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.272", + "matchCriteriaId": "8FEC5189-264E-4620-BD41-8B5E44F20D80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.236", + "matchCriteriaId": "32BD3098-E25B-4893-87B7-49DAAD61B503" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.194", + "matchCriteriaId": "219AB3A3-BDC8-47F5-A638-4A3D5D451EC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.125", + "matchCriteriaId": "552FBD6A-793D-4EE1-9D44-69978256AA46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "B2136BD5-4F86-40C8-96C8-5C90A015490C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2cd6eedfa6344f5ef5c3dac3aee57a39b5b46dff", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4dbd8808a591b49b717862e6e0081bcf14a87788", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7178be006d495ffb741c329012da289b62dddfe6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/764c2e892d1fe895392aff62fb353fdce43bb529", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b8ff869f20152fbe66b6c2e2715d26a2f9897cca", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d106f05432e60f9f62d456ef017687f5c73cb414", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f86c80515a8a3703e0ca2e56deb50fc2879c5ea4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47131.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47131.json index 9728d87fe69..da186f1bdd8 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47131.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47131.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47131", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:07.623", - "lastModified": "2024-11-21T06:35:27.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/tls: corrige el use-after-free despu\u00e9s de que el dispositivo TLS se cae y se enciende. Cuando un netdev con descarga TLS activa se cae, se llama a tls_device_down para detener la descarga y derribarlo. el contexto TLS. Sin embargo, el socket permanece activo y todav\u00eda apunta al contexto TLS, que ahora est\u00e1 desasignado. Si se activa un netdev, mientras la conexi\u00f3n a\u00fan est\u00e1 activa, y el flujo de datos se reanuda despu\u00e9s de varias retransmisiones TCP, se producir\u00e1 un use-after-free del contexto TLS. Esta commit soluciona este error manteniendo vivo el contexto hasta su destrucci\u00f3n normal e implementa las alternativas necesarias para que la conexi\u00f3n pueda reanudarse en modo kTLS de software (no descargado). En el lado TX, tls_sw_fallback se utiliza para cifrar todos los paquetes. El lado RX ya tiene todos los respaldos necesarios, porque se admite la recepci\u00f3n de paquetes no descifrados. Lo que se necesita en el lado RX es bloquear las solicitudes de resincronizaci\u00f3n, que normalmente se producen despu\u00e9s de recibir paquetes no descifrados. Se implementa la sincronizaci\u00f3n necesaria para un desmontaje elegante: primero se implementan los respaldos, luego se liberan los recursos del controlador (antes era posible tener un tls_dev_resync despu\u00e9s de tls_dev_del). Se agrega una nueva bandera llamada TLS_RX_DEV_DEGRADED para indicar el modo de reserva. Se utiliza para omitir completamente la l\u00f3gica de resincronizaci\u00f3n RX, ya que se vuelve in\u00fatil y algunos objetos pueden liberarse (por ejemplo, resync_async, que el controlador asigna y libera)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.18", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "5E740E65-EFC6-4B2C-83BD-8FD2AABBE031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0f1e6fe66977a864fe850522316f713d7b926fd9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1d4184f128dede82a59a841658ed40d4e6d3aa2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f1e6fe66977a864fe850522316f713d7b926fd9", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f1d4184f128dede82a59a841658ed40d4e6d3aa2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47134.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47134.json index f404ed59d99..661ab160c96 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47134.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47134.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47134", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:07.780", - "lastModified": "2024-11-21T06:35:27.983", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: efi/fdt: corrige el p\u00e1nico cuando no se encuentra un fdt v\u00e1lido. setup_arch() invocar\u00eda efi_init()->efi_get_fdt_params(). Si no se encuentra un fdt v\u00e1lido, inicial_boot_params ser\u00e1 nulo. Por lo tanto, deber\u00edamos detener el procesamiento adicional de fdt aqu\u00ed. Encontr\u00e9 este problema en risc-v." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndExcluding": "5.10.43", + "matchCriteriaId": "32652207-93DC-4F63-B95C-958CCBD05D49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "27384800-AB48-4C08-891E-34B66F5FC4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5148066edbdc89c6fe5bc419c31a5c22e5f83bdb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/668a84c1bfb2b3fd5a10847825a854d63fac7baa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8a7e8b4e5631a03ea2fee27957857a56612108ca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5148066edbdc89c6fe5bc419c31a5c22e5f83bdb", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/668a84c1bfb2b3fd5a10847825a854d63fac7baa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8a7e8b4e5631a03ea2fee27957857a56612108ca", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47135.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47135.json index bc96451e980..ef7e111663c 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47135.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47135.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47135", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:07.823", - "lastModified": "2024-11-21T06:35:28.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:09.380", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -15,23 +15,109 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mt76: mt7921: solucione un posible problema de AOOB en mt7921_mcu_tx_rate_report. Corrija un posible acceso fuera de los l\u00edmites a la matriz en mt7921_mcu_tx_rate_report. Eliminar variables innecesarias en mt7921_mcu_tx_rate_report" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.10", + "matchCriteriaId": "C68A4290-9FFF-4037-9467-4FF878E3085F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6919e8a24e70b6ba148fe07f44f835bcdd1a8d02", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d874e6c06952382897d35bf4094193cd44ae91bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6919e8a24e70b6ba148fe07f44f835bcdd1a8d02", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d874e6c06952382897d35bf4094193cd44ae91bd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51407.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51407.json index 89f3507bee9..9842609f935 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51407.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51407.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51407", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T01:15:48.523", - "lastModified": "2024-11-21T08:38:02.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rocketelements:split_test_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.7.0", + "matchCriteriaId": "078FFD71-E9F2-4796-91DA-214C59BBAFB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/split-test-for-elementor/wordpress-split-test-for-elementor-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/split-test-for-elementor/wordpress-split-test-for-elementor-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51486.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51486.json index cc96d7e88e1..dc12a4b02f9 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51486.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51486.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51486", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T02:15:07.623", - "lastModified": "2024-11-21T08:38:13.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.102", + "matchCriteriaId": "FDD62B61-EE3F-4B29-9B09-40B04A22895D" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-create-invoices-packing-slips-and-more-plugin-1-2-101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-create-invoices-packing-slips-and-more-plugin-1-2-101-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51487.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51487.json index bd0e95567cb..73a63dadd72 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51487.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51487.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51487", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T02:15:07.817", - "lastModified": "2024-11-21T08:38:13.590", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ari-soft:ari_stream_quiz:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "47F6D770-B088-42E8-8B81-AFE07ACE0D7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-wordpress-quizzes-builder-plugin-1-2-32-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-wordpress-quizzes-builder-plugin-1-2-32-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51489.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51489.json index 069b4ed6720..f0d5d2bb516 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51489.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51489.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51489", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T01:15:49.300", - "lastModified": "2024-11-21T08:38:13.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:automattic:crowdsignal_dashboard:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "CE621B8C-4EBA-4CED-900F-B5449F0D2EBE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51491.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51491.json index a03c4d33554..ffe8a40caf0 100644 --- a/CVE-2023/CVE-2023-514xx/CVE-2023-51491.json +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51491.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51491", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T01:15:49.537", - "lastModified": "2024-11-21T08:38:14.113", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:depicter:depicter:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0.7", + "matchCriteriaId": "295D2F63-9B11-44A3-B062-2925C0732B17" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/depicter/wordpress-depicter-slider-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/depicter/wordpress-depicter-slider-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51510.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51510.json index a7328442ddb..6e34791ca0e 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51510.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51510.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51510", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T01:15:49.747", - "lastModified": "2024-11-21T08:38:16.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlasgondal:export_all_urls:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "EAC08E3D-18AE-4BC3-8339-B4AB0005DFE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/export-media-urls/wordpress-export-media-urls-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/export-media-urls/wordpress-export-media-urls-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51512.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51512.json index c417e16ce45..1a71bc0d412 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51512.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51512.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51512", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-16T01:15:49.950", - "lastModified": "2024-11-21T08:38:16.923", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:24:36.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,17 +36,73 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woobewoo:product_table:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.8.7", + "matchCriteriaId": "8BBBF2D6-08B0-466C-BAE8-A8A4B0EE1276" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-product-tables/wordpress-product-table-by-wbw-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/woo-product-tables/wordpress-product-table-by-wbw-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52612.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52612.json index 4f033f8e8b2..1ad51a8887d 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52612.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52612.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52612", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-18T11:15:08.317", - "lastModified": "2024-11-21T08:40:11.830", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:20:23.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,79 +15,244 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: scomp - corrige el desbordamiento del b\u00fafer req->dst. El tama\u00f1o del b\u00fafer req->dst debe verificarse antes de copiar desde scomp_scratch->dst para evitar el problema de desbordamiento del b\u00fafer req->dst. ." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.19.306", + "matchCriteriaId": "9E6972CF-7270-4681-AC42-1BC6AAEB7CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.268", + "matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.209", + "matchCriteriaId": "74979A03-4B10-4815-AE3E-C8C0D2FDAA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.148", + "matchCriteriaId": "2ED0CDB9-61B0-408E-B2A8-5199107F7868" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.75", + "matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.14", + "matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.2", + "matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1142d65c5b881590962ad763f94505b6dd67d2fe", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4518dc468cdd796757190515a9be7408adc8911e", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4df0c942d04a67df174195ad8082f6e30e7f71a5", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/71c6670f9f032ec67d8f4e3f8db4646bf5a62883", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/744e1885922a9943458954cfea917b31064b4131", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7d9e5bed036a7f9e2062a137e97e3c1e77fb8759", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a5f2f91b3fd7387e5102060809316a0f8f0bc625", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0e3f4a18784182cfe34e20c00eca11e78d53e76", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0440.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0440.json index 64e09e7eb27..b13390ab79b 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0440.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0440.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0440", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-26T16:27:50.697", - "lastModified": "2024-11-21T08:46:35.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:05:58.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,22 +73,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E68D44-CB47-4530-9D0C-C006AB67B185" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0455.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0455.json index d61c5cef017..280e7e7c429 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0455.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0455.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0455", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-26T16:27:50.937", - "lastModified": "2024-11-21T08:46:37.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:05:58.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,22 +73,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E68D44-CB47-4530-9D0C-C006AB67B185" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0780.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0780.json index c1b4da42056..8e9893a9985 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0780.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0780.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0780", "sourceIdentifier": "contact@wpscan.com", "published": "2024-03-18T19:15:06.437", - "lastModified": "2024-11-21T08:47:21.347", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:34:34.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,76 @@ "value": "El complemento Enjoy Social Feed plugin for WordPress website de WordPress hasta 6.2.2 no tiene autorizaci\u00f3n para restablecer su base de datos, lo que permite que cualquier usuario autenticado, como un suscriptor, realice dicha acci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "6.2.2", + "matchCriteriaId": "4032E768-CD09-4AF3-B232-9F4B3095DBAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json index d775995c00b..cae63264375 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0798", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-26T16:27:51.563", - "lastModified": "2024-11-21T08:47:23.800", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:05:58.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -49,24 +71,63 @@ "value": "CWE-272" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64E68D44-CB47-4530-9D0C-C006AB67B185" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-124xx/CVE-2024-12463.json b/CVE-2024/CVE-2024-124xx/CVE-2024-12463.json index b965dd45141..bc25d8d2000 100644 --- a/CVE-2024/CVE-2024-124xx/CVE-2024-12463.json +++ b/CVE-2024/CVE-2024-124xx/CVE-2024-12463.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12463", "sourceIdentifier": "security@wordfence.com", "published": "2024-12-12T05:15:13.197", - "lastModified": "2024-12-12T05:15:13.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T02:45:31.280", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arena.im:arena.im:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.3.0", + "matchCriteriaId": "005E8ADF-0EBD-4898-914D-AC667FB75DEE" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/arena-liveblog-and-chat-tool/trunk/albfre.php#L216", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/729492e8-5625-444f-84ed-36b72cebc722?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-125xx/CVE-2024-12526.json b/CVE-2024/CVE-2024-125xx/CVE-2024-12526.json index 90cc25eae6d..711cb650d4e 100644 --- a/CVE-2024/CVE-2024-125xx/CVE-2024-12526.json +++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12526.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12526", "sourceIdentifier": "security@wordfence.com", "published": "2024-12-12T05:15:13.577", - "lastModified": "2024-12-12T05:15:13.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T02:45:31.280", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:arena.im:arena.im:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.3.0", + "matchCriteriaId": "005E8ADF-0EBD-4898-914D-AC667FB75DEE" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/arena-liveblog-and-chat-tool/trunk/albfre.php#L125", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9173644-f0b2-4de3-8e58-fd556d8e38cd?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1436.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1436.json index 34060de06b9..8b0cce8b691 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1436.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1436.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1436", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-26T16:27:52.123", - "lastModified": "2024-11-21T08:50:34.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:05:58.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,50 @@ "value": "CWE-200" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiloke:myshopkit:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.9", + "matchCriteriaId": "A91C1BCE-AEFA-4DF3-A834-510A1F5234E4" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/myshopkit-popup-smartbar-slidein/wordpress-woocommerce-myshopkit-plugin-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/myshopkit-popup-smartbar-slidein/wordpress-woocommerce-myshopkit-plugin-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1622.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1622.json index e5967074312..fe961ec99a8 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1622.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1622.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1622", "sourceIdentifier": "sep@nlnetlabs.nl", "published": "2024-02-26T16:27:52.387", - "lastModified": "2024-11-21T08:50:56.633", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:05:58.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -49,40 +69,117 @@ "value": "CWE-253" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nlnetlabs:routinator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.13.2", + "matchCriteriaId": "68B8FBA1-FBA2-4A41-AB57-E2880A02879E" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", + "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/", - "source": "sep@nlnetlabs.nl" + "source": "sep@nlnetlabs.nl", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/", - "source": "sep@nlnetlabs.nl" + "source": "sep@nlnetlabs.nl", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/", - "source": "sep@nlnetlabs.nl" + "source": "sep@nlnetlabs.nl", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", - "source": "sep@nlnetlabs.nl" + "source": "sep@nlnetlabs.nl", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2247.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2247.json index 18500cf6b20..c0767f74f4b 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2247.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2247.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2247", "sourceIdentifier": "reefs@jfrog.com", "published": "2024-03-13T14:15:07.870", - "lastModified": "2024-11-21T09:09:20.660", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:06:17.427", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", + "versionEndIncluding": "7.77.7", + "matchCriteriaId": "80C6229B-F723-492B-AB65-C13A22DB660A" + } + ] + } + ] + } + ], "references": [ { "url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories", - "source": "reefs@jfrog.com" + "source": "reefs@jfrog.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26629.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26629.json index 57f7e67d6c9..91712daef3b 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26629.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26629.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26629", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-13T14:15:07.717", - "lastModified": "2024-11-21T09:02:43.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:06:17.427", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,55 +15,176 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: arreglar RELEASE_LOCKOWNER La prueba en so_count en nfsd4_release_lockowner() no tiene sentido y es da\u00f1ina. Vuelva a usar check_for_locks(), cambi\u00e1ndolo para no dormir. Primero: da\u00f1ino. Como se documenta en el comentario de kdoc para nfsd4_release_lockowner(), la prueba en so_count puede devolver transitoriamente un falso positivo, lo que resulta en una devoluci\u00f3n de NFS4ERR_LOCKS_HELD cuando en realidad no se mantienen bloqueos. Esto es claramente una violaci\u00f3n del protocolo y con el cliente NFS de Linux puede provocar un comportamiento incorrecto. Si se env\u00eda RELEASE_LOCKOWNER mientras alg\u00fan otro subproceso todav\u00eda est\u00e1 procesando una solicitud de LOCK que fall\u00f3 porque, en el momento en que se recibi\u00f3 esa solicitud, el propietario determinado ten\u00eda un bloqueo en conflicto, entonces el subproceso nfsd que procesa esa solicitud de LOCK puede contener una referencia (conflock) a el propietario del bloqueo que hace que nfsd4_release_lockowner() devuelva un error incorrecto. El cliente NFS de Linux ignora ese error NFS4ERR_LOCKS_HELD porque nunca env\u00eda NFS4_RELEASE_LOCKOWNER sin liberar primero ning\u00fan bloqueo, por lo que sabe que el error es imposible. Se supone que el propietario de la cerradura fue liberado, por lo que puede utilizar el mismo identificador de propietario de la cerradura en alguna solicitud de bloqueo posterior. Cuando reutiliza un identificador de propietario de bloqueo para el cual fall\u00f3 una RELEASE anterior, naturalmente usar\u00e1 un lock_seqid de cero. Sin embargo, el servidor, que no liber\u00f3 al propietario del bloqueo, esperar\u00e1 un lock_seqid mayor y, por lo tanto, responder\u00e1 con NFS4ERR_BAD_SEQID. Claramente es perjudicial permitir un falso positivo, lo que permite la prueba so_count. La prueba es una tonter\u00eda porque... bueno... no significa nada. so_count es la suma de tres recuentos diferentes. 1/ el conjunto de estados enumerados en so_stateids 2/ el conjunto de bloqueos vfs activos propiedad de cualquiera de esos estados 3/ varios recuentos transitorios, como bloqueos en conflicto. Cuando se prueba con '2', queda claro que una de ellas es la referencia transitoria obtenida por find_lockowner_str_locked(). No est\u00e1 claro cu\u00e1l se espera que sea el otro. En la pr\u00e1ctica, el recuento suele ser 2 porque hay precisamente un estado en so_stateids. Si hubiera m\u00e1s, esto fracasar\u00eda. En mis pruebas veo dos circunstancias en las que se llama a RELEASE_LOCKOWNER. En un caso, se llama a CLOSE antes de RELEASE_LOCKOWNER. Eso da como resultado que se eliminen todos los estados de bloqueo y, por lo tanto, se descarte el propietario de la cerradura (se elimina cuando no hay m\u00e1s referencias, lo que generalmente sucede cuando se descarta el estado de bloqueo). Cuando nfsd4_release_lockowner() descubre que el propietario del bloqueo no existe, devuelve \u00e9xito. El otro caso muestra un so_count de '2' y precisamente un estado listado en so_stateid. Parece que el cliente Linux utiliza un propietario de bloqueo independiente para cada archivo, lo que da como resultado un estado de bloqueo por propietario de bloqueo, por lo que esta prueba en '2' es segura. Para otro cliente puede que no sea seguro. Entonces, este parche cambia check_for_locks() para usar el (nuevo) find_any_file_locked() para que no tome una referencia en nfs4_file y as\u00ed nunca llame a nfsd_file_put(), y por lo tanto nunca duerma. Con esta verificaci\u00f3n, es seguro restaurar el uso de check_for_locks() en lugar de probar so_count con el misterioso '2'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.19", + "versionEndExcluding": "6.1.79", + "matchCriteriaId": "D4F308D1-9732-4D2D-80D8-C7B7A308571D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.15", + "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.7.3", + "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29099.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29099.json index 66e4daf34fd..4f2eb0978e0 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29099.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29099.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29099", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T16:15:11.703", - "lastModified": "2024-11-21T09:07:33.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:34:34.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:evergreencontentposter:evergreen_content_poster:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.4.2", + "matchCriteriaId": "1EDF74A3-7C22-432C-B69C-9FFAEF65D88E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29127.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29127.json index af62f24b2cb..5783ce40102 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29127.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29127.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29127", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:07.750", - "lastModified": "2024-11-21T09:07:36.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:34:34.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.9.21", + "matchCriteriaId": "F905C4E1-9643-4A85-B1D8-E6FFBCB03344" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29128.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29128.json index 2566353ca2f..dc364f6e97b 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29128.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29128.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29128", "sourceIdentifier": "audit@patchstack.com", "published": "2024-03-19T14:15:08.010", - "lastModified": "2024-11-21T09:07:37.043", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-02-27T03:34:34.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.8.7", + "matchCriteriaId": "00068F78-E905-4A92-8286-F98BDBD96103" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-mailer-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-mailer-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49570.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49570.json new file mode 100644 index 00000000000..5eb659ef13b --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49570.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-49570", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.267", + "lastModified": "2025-02-27T03:15:10.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/tracing: Fix a potential TP_printk UAF\n\nThe commit\nafd2627f727b (\"tracing: Check \"%s\" dereference via the field and not the TP_printk format\")\nexposes potential UAFs in the xe_bo_move trace event.\n\nFix those by avoiding dereferencing the\nxe_mem_type_to_name[] array at TP_printk time.\n\nSince some code refactoring has taken place, explicit backporting may\nbe needed for kernels older than 6.10." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/07089083a526ea19daa72a1edf9d6e209615b77c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62cd174616ae3bf8a6cf468718f1ae74e5a07727", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9402da34611e1039ecccba3c1481c4866f7ca64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52557.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52557.json new file mode 100644 index 00000000000..daef5dcbd6d --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52557.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-52557", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.373", + "lastModified": "2025-02-27T03:15:10.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()\n\nThis patch fixes a potential integer overflow in the zynqmp_dp_rate_get()\n\nThe issue comes up when the expression\ndrm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit\nNow the constant is a compatible 64-bit type.\n\nResolves coverity issues: CID 1636340 and CID 1635811" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/325d889c5403ba20a24097f64c32d27ab993c2c3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67a615c5cb6dc33ed35492dc0d67e496cbe8de68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52559.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52559.json new file mode 100644 index 00000000000..44b765f9e2c --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52559.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-52559", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.477", + "lastModified": "2025-02-27T03:15:10.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit->cmd[i].size\" and \"submit->cmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2f1845e46c41ed500789d53dc45b383b7745c96c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3a47f4b439beb98e955d501c609dfd12b7836d61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e43a0f1327a1ee70754f8a0de6e0262cfa3e0b87", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52560.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52560.json new file mode 100644 index 00000000000..e0bece52aa4 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52560.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-52560", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.573", + "lastModified": "2025-02-27T03:15:10.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()\n\nExtended the `mi_enum_attr()` function interface with an additional\nparameter, `struct ntfs_inode *ni`, to allow marking the inode\nas bad as soon as an error is detected." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54456.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54456.json new file mode 100644 index 00000000000..04d0dd3dd90 --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54456.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-54456", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.667", + "lastModified": "2025-02-27T03:15:10.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()\n\nname is char[64] where the size of clnt->cl_program->name remains\nunknown. Invoking strcat() directly will also lead to potential buffer\noverflow. Change them to strscpy() and strncat() to fix potential\nissues." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49fd4e34751e90e6df009b70cd0659dc839e7ca8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd8830779b77f4d1206d28d02ad56a03fc0e78f7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8e0eb5601d4a6c74c336e3710afe3a0348c469d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-544xx/CVE-2024-54458.json b/CVE-2024/CVE-2024-544xx/CVE-2024-54458.json new file mode 100644 index 00000000000..a7db642082e --- /dev/null +++ b/CVE-2024/CVE-2024-544xx/CVE-2024-54458.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-54458", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.770", + "lastModified": "2025-02-27T03:15:10.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e95c798d8a7f70965f0f88d4657b682ff0ec75f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f782d4741bf558def60df192b858b0efc6a5f0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88a01e9c9ad40c075756ba93b47984461d4ff15d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9193bdc170cc23fe98aca71d1a63c0bf6e1e853b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json new file mode 100644 index 00000000000..6a57e4cedd4 --- /dev/null +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57834.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-57834", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.870", + "lastModified": "2025-02-27T03:15:10.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb->mux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1221989555db711578a327a9367f1be46500cb48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c5601b99d79d196fe4a37159e3dfb38e778ea18", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86307e443c5844f38e1b98e2c51a4195c55576cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/904a8323cc8afa7eb9ce3e67303a2b3f2f787306", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95432a37778c9c5dd105b7b9f19e9695c9e166cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-578xx/CVE-2024-57852.json b/CVE-2024/CVE-2024-578xx/CVE-2024-57852.json new file mode 100644 index 00000000000..6103e22de37 --- /dev/null +++ b/CVE-2024/CVE-2024-578xx/CVE-2024-57852.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57852", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:10.977", + "lastModified": "2025-02-27T03:15:10.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: smc: Handle missing SCM device\n\nCommit ca61d6836e6f (\"firmware: qcom: scm: fix a NULL-pointer\ndereference\") makes it explicit that qcom_scm_get_tzmem_pool() can\nreturn NULL, therefore its users should handle this." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/57a811c0886f3f3677bb4619502b35b5bb917f2e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b0da391f8e7cc58c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58001.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58001.json new file mode 100644 index 00000000000..23440ee345f --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58001.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58001", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.080", + "lastModified": "2025-02-27T03:15:11.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I've redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same. It's not a bad way to do it;\nhis patch had some bugs and my patches had some bugs. Hopefully all our\nbugs were different from each other. And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can't read the buffer, be sure to unlock the page before returning." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b4c2094da6d84e69b843dd3317902e977bf64bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/52a326f93ceb9348264fddf7bab6e345db69e08c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5e3b3ec7c3cb5ba5629a766e4f0926db72cf0a1f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e143eb4ab83c24e7ad3e3d8e7daa241d9c38377", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b6833b38984d1e9f20dd80f9ec9050c10d687f30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json new file mode 100644 index 00000000000..94c9f8f550f --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58002.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58002", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.180", + "lastModified": "2025-02-27T03:15:11.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/221cd51efe4565501a3dbf04cc011b537dcce7fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/438bda062b2c40ddd7df23b932e29ffe0a448cac", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9edc7d25f7e49c33a1ce7a5ffadea2222065516c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58003.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58003.json new file mode 100644 index 00000000000..d046f3e07b5 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58003.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-58003", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.277", + "lastModified": "2025-02-27T03:15:11.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ds90ub9x3: Fix extra fwnode_handle_put()\n\nThe ub913 and ub953 drivers call fwnode_handle_put(priv->sd.fwnode) as\npart of their remove process, and if the driver is removed multiple\ntimes, eventually leads to put \"overflow\", possibly causing memory\ncorruption or crash.\n\nThe fwnode_handle_put() is a leftover from commit 905f88ccebb1 (\"media:\ni2c: ds90ub9x3: Fix sub-device matching\"), which changed the code\nrelated to the sd.fwnode, but missed removing these fwnode_handle_put()\ncalls." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/474d7baf91d37bc411fa60de5bbf03c9dd82e18a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/60b45ece41c5632a3a3274115a401cb244180646", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/70743d6a8b256225675711e7983825f1be86062d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f4e4373322f8d4c19721831f7fb989e52d30dab0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58004.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58004.json new file mode 100644 index 00000000000..b0ea0e76733 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58004.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58004", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.380", + "lastModified": "2025-02-27T03:15:11.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: remove cpu latency qos request on error\n\nFix cpu latency qos list corruption like below. It happens when\nwe do not remove cpu latency request on error path and free\ncorresponding memory.\n\n[ 30.634378] l7 kernel: list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001. (prev=ffff8e9e877e20a8).\n[ 30.634388] l7 kernel: WARNING: CPU: 2 PID: 2008 at lib/list_debug.c:32 __list_add_valid_or_report+0x83/0xa0\n\n[ 30.634640] l7 kernel: Call Trace:\n[ 30.634650] l7 kernel: \n[ 30.634659] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0\n[ 30.634669] l7 kernel: ? __warn.cold+0x93/0xf6\n[ 30.634678] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0\n[ 30.634690] l7 kernel: ? report_bug+0xff/0x140\n[ 30.634702] l7 kernel: ? handle_bug+0x58/0x90\n[ 30.634712] l7 kernel: ? exc_invalid_op+0x17/0x70\n[ 30.634723] l7 kernel: ? asm_exc_invalid_op+0x1a/0x20\n[ 30.634733] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0\n[ 30.634742] l7 kernel: plist_add+0xdd/0x140\n[ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0\n[ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0\n[ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1496ec94bd38bdb25ca13b1dd4f8e7a6176ea89d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95275736185ecb71dc97a71d8d9d19e4ffb0a9eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/facb541ff0805314e0b56e508f7d3cbd07af513c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json new file mode 100644 index 00000000000..56cc6502b50 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58005.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-58005", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.480", + "lastModified": "2025-02-27T03:15:11.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 <0f> 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the 'order' parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/422d7f4e8d817be467986589c7968d3ea402f7da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c8bfe643bbd00b04ee8f9545ef33bf6a68c38db", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/50365a6304a57266e8f4d3078060743c3b7a1e0d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a3a860bc0fd6c07332e4911cf9a238d20de90173", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58006.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58006.json new file mode 100644 index 00000000000..9dfeed08481 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58006.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58006", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.583", + "lastModified": "2025-02-27T03:15:11.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR's PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3229c15d6267de8e704b4085df8a82a5af2d63eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3708acbd5f169ebafe1faa519cb28adc56295546", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b5cacfd067060c75088363ed3e19779078be2755", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58007.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58007.json new file mode 100644 index 00000000000..a867937ee02 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58007.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58007", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.680", + "lastModified": "2025-02-27T03:15:11.680", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It's always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it's\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a92feddae0634a0b87c04b19d343f6af97af700", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/22cf4fae6660b6e1a583a41cbf84e3046ca9ccd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/407c928305c1a37232a63811c400ef616f85ccbc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47470acd719d45c4c8c418c07962f74cc995652b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c88b3a3fae4d60641c3a45be66269d00eff33cd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58008.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58008.json new file mode 100644 index 00000000000..4ce40ff77c3 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58008.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58008", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.780", + "lastModified": "2025-02-27T03:15:11.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y\n\nWith vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted\nkeys can crash during en- and decryption of the blob encryption key via\nthe DCP crypto driver. This is caused by improperly using sg_init_one()\nwith vmalloc'd stack buffers (plain_key_blob).\n\nFix this by always using kmalloc() for buffers we give to the DCP crypto\ndriver." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3192f1c54dddb9b5820bf5e8677809949d8e9c66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3355594de46fb1cba663f12b9644b664b8a609f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58009.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58009.json new file mode 100644 index 00000000000..e272db1c9dc --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58009.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58009", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.880", + "lastModified": "2025-02-27T03:15:11.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json new file mode 100644 index 00000000000..6ee00785527 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58010.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58010", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:11.980", + "lastModified": "2025-02-27T03:15:11.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix integer overflow bug on 32 bit systems\n\nMost of these sizes and counts are capped at 256MB so the math doesn't\nresult in an integer overflow. The \"relocs\" count needs to be checked\nas well. Otherwise on 32bit systems the calculation of \"full_data\"\ncould be wrong.\n\n\tfull_data = data_len + relocs * sizeof(unsigned long);" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json new file mode 100644 index 00000000000..ce95f059c53 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58011.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58011", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.087", + "lastModified": "2025-02-27T03:15:12.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a30353beca2693d30bde477024d755ffecea514", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a808ecf878ad646ebc9c83d9fc4ce72fd9c49d3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f9c7cc44758f4930b41285a6d54afa8cbd9762b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json new file mode 100644 index 00000000000..a54131bc701 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58012.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58012", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.187", + "lastModified": "2025-02-27T03:15:12.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58013.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58013.json new file mode 100644 index 00000000000..2319b4a638d --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58013.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58013", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.287", + "lastModified": "2025-02-27T03:15:12.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f3d05aacbfcf3584bbd9caaee34cb02508dab68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26fbd3494a7dd26269cb0817c289267dbcfdec06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4ebbcb9bc794e5be647ee28fdf14eb1ae0659405", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebb90f23f0ac21044aacf4c61cc5d7841fe99987", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58014.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58014.json new file mode 100644 index 00000000000..cc1a70b1bcf --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58014.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58014", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.390", + "lastModified": "2025-02-27T03:15:12.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN()\ninstead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/093286c33409bf38896f2dab0c0bb6ca388afb33", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3f4a0948c3524ae50f166dbc6572a3296b014e62", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6f6e293246dc1f5b2b6b3d0f2d757598489cda79", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c27ce584d274f6ad3cba2294497de824a3c66646", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58015.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58015.json new file mode 100644 index 00000000000..641a9b367d2 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58015.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-58015", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.493", + "lastModified": "2025-02-27T03:15:12.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix for out-of bound access error\n\nSelfgen stats are placed in a buffer using print_array_to_buf_index() function.\nArray length parameter passed to the function is too big, resulting in possible\nout-of bound memory error.\nDecreasing buffer size by one fixes faulty upper bound of passed array.\n\nDiscovered in coverity scan, CID 1600742 and CID 1600758" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/eb8c0534713865d190856f10bfc97cf0b88475b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58016.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58016.json new file mode 100644 index 00000000000..edf1d169405 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58016.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58016", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.590", + "lastModified": "2025-02-27T03:15:12.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsafesetid: check size of policy writes\n\nsyzbot attempts to write a buffer with a large size to a sysfs entry\nwith writes handled by handle_policy_update(), triggering a warning\nin kmalloc.\n\nCheck the size specified for write buffers before allocating.\n\n[PM: subject tweak]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/36b385d0f2b4c0bf41d491e19075ecd990d2bf94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/96fae5bd1589731592d30b3953a90a77ef3928a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0dec65f88c8d9290dfa1d2ca1e897abe54c5881", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c71d35676d46090c891b6419f253fb92a1a9f4eb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f09ff307c7299392f1c88f763299e24bc99811c7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json new file mode 100644 index 00000000000..7b6db56672d --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58017.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58017", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.690", + "lastModified": "2025-02-27T03:15:12.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 << 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d6f83df8ff2d5de84b50377e4f0d45e25311c7a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/404e5fd918a0b14abec06c7eca128f04c9b98e41", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4a2c4e7265b8eed83c25d86d702cea06493cab18", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4acf6bab775dbd22a9a799030a808a7305e01d63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58018.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58018.json new file mode 100644 index 00000000000..7ca27efd49e --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58018.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58018", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.797", + "lastModified": "2025-02-27T03:15:12.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff <0f> 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01ed662bdd6fce4f59c1804b334610d710d79fa0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/56e6c7f6d2a6b4e0aae0528c502e56825bb40598", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6b6b75728c86f60c1fc596f0d4542427d0e6065b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58019.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58019.json new file mode 100644 index 00000000000..2ee8b0111c4 --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58019.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58019", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.897", + "lastModified": "2025-02-27T03:15:12.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 <8b> 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5185e63b45ea39339ed83f269e2ddfafb07e70d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67c9cf82f50236d9c000333b26b4f95eb2c3e1b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8d9beb4aebc02c4bd09e1d39c9c5f1c68c786dbc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json new file mode 100644 index 00000000000..878513b30ef --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58020.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-58020", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:12.997", + "lastModified": "2025-02-27T03:15:12.997", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4e7113f591163d99adc7cbcd7295030c8c5d3fc7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62f8bf06262b6fc55c58f4c5256140f1382f3b01", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/97c09cc2e72769edb6994b531edcfa313b96bade", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b8e2220d3a052a690b1d1b23019673e612494c5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa879ef6d3acf96fa2c7122d0632061d4ea58d48", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json new file mode 100644 index 00000000000..48a9ccb21da --- /dev/null +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58021.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-58021", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:13.110", + "lastModified": "2025-02-27T03:15:13.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: winwing: Add NULL check in winwing_init_led()\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in winwing_init_led() is not checked.\nAdd NULL check in winwing_init_led(), to handle kernel NULL\npointer dereference error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4001f6f79183b8868d80dd2036dfb4ea3d325e8f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/45ab5166a82d038c898985b0ad43ead69c1f9573", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b99dbdee8a89c44d03ae9830ab19f31e124a3f32", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21732.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21732.json new file mode 100644 index 00000000000..e73247b702c --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21732.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21732", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:13.820", + "lastModified": "2025-02-27T03:15:13.820", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware's perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp->umem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp->umem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp->private which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5297f5ddffef47b94172ab0d3d62270002a3dcc1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/abb604a1a9c87255c7a6f3b784410a9707baf467", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b13d32786acabf70a7b04ed24b7468fc3c82977c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21733.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21733.json new file mode 100644 index 00000000000..32a9e1fc3ad --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21733.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21733", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:13.923", + "lastModified": "2025-02-27T03:15:13.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options\n ~# echo timerlat > /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options\n ~# echo nop > /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD > /sys/kernel/tracing/osnoise/options\n ~# echo timerlat > /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff <0f> 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/b45707c3c0671d9c49fa7b94c197a508aa55d16f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e3ff4245928f948f3eb2e852aa350b870421c358", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e482cecd2305be1e3e6a8ee70c9b86c511484f7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee8c4c39a8f97467d63adfe03bcd45139d8c8b53", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21734.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21734.json new file mode 100644 index 00000000000..8a53320f2f3 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21734.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21734", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.030", + "lastModified": "2025-02-27T03:15:14.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/24a79c6bc8de763f7c50f4f84f8b0c183bc25a51", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0464bad0e85fcd5d47e4297d1e410097c979e55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3f7161123fcbdc64e90119ccce292d8b66281c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c56ba3ea8e3c9a69a992aad18f7a65e43e51d623", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e966eae72762ecfdbdb82627e2cda48845b9dd66", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json new file mode 100644 index 00000000000..704b7273208 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21735.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21735", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.130", + "lastModified": "2025-02-27T03:15:14.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it's more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/110b43ef05342d5a11284cc8b21582b698b4ef1c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/172cdfc3a5ea20289c58fb73dadc6fd4a8784a4e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2ae4bade5a64d126bd18eb66bd419005c5550218", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/59c7ed20217c0939862fbf8145bc49d5b3a13f4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5a461c315e5ff92657f84d8ba50caa5abf5c22a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json new file mode 100644 index 00000000000..a76dd5088a3 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21736.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21736", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.230", + "lastModified": "2025-02-27T03:15:14.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/250423300b4b0335918be187ef3cade248c06e6a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6438ef381c183444f7f9d1de18f22661cba1e946", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b9495a9109abc31d3170f7aad7d48aa64610a1a2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2bd0f1ab47822fe5bd699c8458b896c4b2edea1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3d80f34f58445355fa27b9579a449fb186aa64e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json new file mode 100644 index 00000000000..bfa4549a325 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21737.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21737", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.327", + "lastModified": "2025-02-27T03:15:14.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leak in ceph_mds_auth_match()\n\nWe now free the temporary target path substring allocation on every\npossible branch, instead of omitting the default branch. In some\ncases, a memory leak occured, which could rapidly crash the system\n(depending on how many file accesses were attempted).\n\nThis was detected in production because it caused a continuous memory\ngrowth, eventually triggering kernel OOM and completely hard-locking\nthe kernel.\n\nRelevant kmemleak stacktrace:\n\n unreferenced object 0xffff888131e69900 (size 128):\n comm \"git\", pid 66104, jiffies 4295435999\n hex dump (first 32 bytes):\n 76 6f 6c 75 6d 65 73 2f 63 6f 6e 74 61 69 6e 65 volumes/containe\n 72 73 2f 67 69 74 65 61 2f 67 69 74 65 61 2f 67 rs/gitea/gitea/g\n backtrace (crc 2f3bb450):\n [] __kmalloc_noprof+0x359/0x510\n [] ceph_mds_check_access+0x5bf/0x14e0 [ceph]\n [] ceph_open+0x312/0xd80 [ceph]\n [] do_dentry_open+0x456/0x1120\n [] vfs_open+0x79/0x360\n [] path_openat+0x1de5/0x4390\n [] do_filp_open+0x19c/0x3c0\n [] do_sys_openat2+0x141/0x180\n [] __x64_sys_open+0xe5/0x1a0\n [] do_syscall_64+0xb7/0x210\n [] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIt can be triggered by mouting a subdirectory of a CephFS filesystem,\nand then trying to access files on this subdirectory with an auth token\nusing a path-scoped capability:\n\n $ ceph auth get client.services\n [client.services]\n key = REDACTED\n caps mds = \"allow rw fsname=cephfs path=/volumes/\"\n caps mon = \"allow r fsname=cephfs\"\n caps osd = \"allow rw tag cephfs data=cephfs\"\n\n $ cat /proc/self/mounts\n services@[REDACTED].cephfs=/volumes/containers /ceph/containers ceph rw,noatime,name=services,secret=,ms_mode=prefer-crc,mount_timeout=300,acl,mon_addr=[REDACTED]:3300,recover_session=clean 0 0\n\n $ seq 1 1000000 | xargs -P32 --replace={} touch /ceph/containers/file-{} && \\\n seq 1 1000000 | xargs -P32 --replace={} cat /ceph/containers/file-{}\n\n[ idryomov: combine if statements, rename rc to path_matched and make\n it a bool, formatting ]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/146109fe936ac07f8f60cd6267543688985b96bc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b6086c5efe5c7bd6e0eb440d96c26ca0d20d9d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3b7d93db450e9d8ead80d75e2a303248f1528c35", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21738.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21738.json new file mode 100644 index 00000000000..b0c7eea8632 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21738.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21738", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.427", + "lastModified": "2025-02-27T03:15:14.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a17a9944b8d89ef03946121241870ac53ddaf45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0dd5aade301a10f4b329fa7454fdcc2518741902", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6e74e53b34b6dec5a50e1404e2680852ec6768d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8f8cf87059ed1905c2a5c72f8b39a4f57b11b4c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5e6e3000309359eae2a17117aa6e3c44897bf6c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21739.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21739.json new file mode 100644 index 00000000000..134beaa2c52 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21739.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21739", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.530", + "lastModified": "2025-02-27T03:15:14.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba's\ndata structure 'struct ufs_hba::crypto_profile'. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released 'struct ufs_hba::crypto_profile'. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they've been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it's not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json new file mode 100644 index 00000000000..67f4d0bf103 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21740.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21740", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.630", + "lastModified": "2025-02-27T03:15:14.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking\n\nWhen waking a VM's NX huge page recovery thread, ensure the thread is\nactually alive before trying to wake it. Now that the thread is spawned\non-demand during KVM_RUN, a VM without a recovery thread is reachable via\nthe related module params.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vhost_task_wake+0x5/0x10\n Call Trace:\n \n set_nx_huge_pages+0xcc/0x1e0 [kvm]\n param_attr_store+0x8a/0xd0\n module_attr_store+0x1a/0x30\n kernfs_fop_write_iter+0x12f/0x1e0\n vfs_write+0x233/0x3e0\n ksys_write+0x60/0xd0\n do_syscall_64+0x5b/0x160\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f3b52710104\n \n Modules linked in: kvm_intel kvm\n CR2: 0000000000000040" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b3928b7c896e5a9fb6b1373924adafe8e01a0c6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/43fb96ae78551d7bfa4ecca956b258f085d67c40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/974f85f1f7eb7dc7fce0988046e06eeccab576a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json new file mode 100644 index 00000000000..f168faaf2e9 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21741.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21741", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.730", + "lastModified": "2025-02-27T03:15:14.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/22475242ddb70e35c9148234be9a3aa9fb8efff9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5835bf66c50ac2b85ed28b282c2456c3516ef0a6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/971b8c572559e52d32a2b82f2d9e0685439a0117", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee591f2b281721171896117f9946fced31441418", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json new file mode 100644 index 00000000000..f197ce7a938 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21742.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21742", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.830", + "lastModified": "2025-02-27T03:15:14.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2b619445dcb6dab97d8ed033fb57225aca1288c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86586dcb75cb8fd062a518aca8ee667938b91efb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fb062178e1ce180e2cfdc9abc83a1b9fea381ca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf1ac7f7cf601ac31d1580559c002b5e37b733b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21743.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21743.json new file mode 100644 index 00000000000..217ac98cd7c --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21743.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21743", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:14.933", + "lastModified": "2025-02-27T03:15:14.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex < urb->actual_length." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/18bf6f5cce3172cb303c3f0551aa9443d5ed74f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c219427ed296f94bb4b91d08626776dc7719ee27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d677e7dd59ad6837496f5a02d8e5d39824278dfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d824a964185910e317287f034c0a439c08b4fe49", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21744.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21744.json new file mode 100644 index 00000000000..dd48d9dd37d --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21744.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21744", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.037", + "lastModified": "2025-02-27T03:15:15.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp->ndev->stats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3877fc67bd3d5566cc12763bce39710ceb74a97d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4e51d6d093e763348916e69d06d87e0a5593661b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/68abd0c4ebf24cd499841a488b97a6873d5efabb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a2beefc4fa49ebc22e664dc6b39dbd054f8488f9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fbbfef2a5b858eab55741a58b2ac9a0cc8d53c58", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21745.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21745.json new file mode 100644 index 00000000000..02115375ad7 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21745.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21745", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.137", + "lastModified": "2025-02-27T03:15:15.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class's subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class's devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class's subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2ce09aabe009453d641a2ceb79e6461a2d4f3876", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/431b6ef2714be4d5babb802114987541a88b43b0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67c7f213e052b1aa6caba4a7e25e303bc6997126", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/993121481b5a87829f1e8163f47158b72679f309", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1248436cbef1f924c04255367ff4845ccd9025e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21746.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21746.json new file mode 100644 index 00000000000..eb36fc3ad61 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21746.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21746", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.243", + "lastModified": "2025-02-27T03:15:15.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: synaptics - fix crash when enabling pass-through port\n\nWhen enabling a pass-through port an interrupt might come before psmouse\ndriver binds to the pass-through port. However synaptics sub-driver\ntries to access psmouse instance presumably associated with the\npass-through port to figure out if only 1 byte of response or entire\nprotocol packet needs to be forwarded to the pass-through port and may\ncrash if psmouse instance has not been attached to the port yet.\n\nFix the crash by introducing open() and close() methods for the port and\ncheck if the port is open before trying to access psmouse instance.\nBecause psmouse calls serio_open() only after attaching psmouse instance\nto serio port instance this prevents the potential crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/08bd5b7c9a2401faabdaa1472d45c7de0755fd7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/87da1ea93ec9f9f0004e5b12e78789bc94e360bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21747.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21747.json new file mode 100644 index 00000000000..fc8b40165a8 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21747.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21747", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.337", + "lastModified": "2025-02-27T03:15:15.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ast: astdp: Fix timeout for enabling video signal\n\nThe ASTDP transmitter sometimes takes up to 1 second for enabling the\nvideo signal, while the timeout is only 200 msec. This results in a\nkernel error message. Increase the timeout to 1 second. An example\nof the error message is shown below.\n\n[ 697.084433] ------------[ cut here ]------------\n[ 697.091115] ast 0000:02:00.0: [drm] drm_WARN_ON(!__ast_dp_wait_enable(ast, enabled))\n[ 697.091233] WARNING: CPU: 1 PID: 160 at drivers/gpu/drm/ast/ast_dp.c:232 ast_dp_set_enable+0x123/0x140 [ast]\n[...]\n[ 697.272469] RIP: 0010:ast_dp_set_enable+0x123/0x140 [ast]\n[...]\n[ 697.415283] Call Trace:\n[ 697.420727] \n[ 697.425908] ? show_trace_log_lvl+0x196/0x2c0\n[ 697.433304] ? show_trace_log_lvl+0x196/0x2c0\n[ 697.440693] ? drm_atomic_helper_commit_modeset_enables+0x30a/0x470\n[ 697.450115] ? ast_dp_set_enable+0x123/0x140 [ast]\n[ 697.458059] ? __warn.cold+0xaf/0xca\n[ 697.464713] ? ast_dp_set_enable+0x123/0x140 [ast]\n[ 697.472633] ? report_bug+0x134/0x1d0\n[ 697.479544] ? handle_bug+0x58/0x90\n[ 697.486127] ? exc_invalid_op+0x13/0x40\n[ 697.492975] ? asm_exc_invalid_op+0x16/0x20\n[ 697.500224] ? preempt_count_sub+0x14/0xc0\n[ 697.507473] ? ast_dp_set_enable+0x123/0x140 [ast]\n[ 697.515377] ? ast_dp_set_enable+0x123/0x140 [ast]\n[ 697.523227] drm_atomic_helper_commit_modeset_enables+0x30a/0x470\n[ 697.532388] drm_atomic_helper_commit_tail+0x58/0x90\n[ 697.540400] ast_mode_config_helper_atomic_commit_tail+0x30/0x40 [ast]\n[ 697.550009] commit_tail+0xfe/0x1d0\n[ 697.556547] drm_atomic_helper_commit+0x198/0x1c0\n\nThis is a cosmetical problem. Enabling the video signal still works\neven with the error message. The problem has always been present, but\nonly recent versions of the ast driver warn about missing the timeout." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/589839379031cce220c9cab9f27cb5477195067e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fd39c41bcd82d5ebaaebadb944eab5598c668a90", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21748.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21748.json new file mode 100644 index 00000000000..fd9b67afcd4 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21748.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21748", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.440", + "lastModified": "2025-02-27T03:15:15.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix integer overflows on 32 bit systems\n\nOn 32bit systems the addition operations in ipc_msg_alloc() can\npotentially overflow leading to memory corruption.\nAdd bounds checking using KSMBD_IPC_MAX_PAYLOAD to avoid overflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/760568c1f62ea874e8fb492f9cfa4f47b4b8391e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/82f59d64e6297f270311b16b5dcf65be406d1ea3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aab98e2dbd648510f8f51b83fbf4721206ccae45", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b4b902737746c490258de5cb55cab39e79927a67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ecb9947fa7c99a77b04d43404c6988a0d326e4a0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21749.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21749.json new file mode 100644 index 00000000000..570bda39355 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21749.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21749", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.543", + "lastModified": "2025-02-27T03:15:15.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c04b0ab3a647e76d0e752b013de8e404abafc63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/667f61b3498df751c8b3f0be1637e7226cbe3ed0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/970cd2ed26cdab2b0f15b6d90d7eaa36538244a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1300691aed9ee852b0a9192e29e2bdc2411a7e6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e0384efd45f615603e6869205b72040c209e69cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21750.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21750.json new file mode 100644 index 00000000000..3afc0cbe112 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21750.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21750", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.647", + "lastModified": "2025-02-27T03:15:15.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn't exist and 'tmp' remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/082d9e263af8de68f0c34f67b251818205160f6e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ef2ea1429684d5cef207519bdf6ce45e50e8ac5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c9480e9f2d10135476101619bcbd1c49c15d595f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21751.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21751.json new file mode 100644 index 00000000000..e7b8deef366 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21751.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21751", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.760", + "lastModified": "2025-02-27T03:15:15.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we're dealing here with FW error. We can't overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21752.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21752.json new file mode 100644 index 00000000000..b9a23e520fd --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21752.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21752", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.853", + "lastModified": "2025-02-27T03:15:15.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents\n\nDon't use btrfs_set_item_key_safe() to modify the keys in the RAID\nstripe-tree, as this can lead to corruption of the tree, which is caught\nby the checks in btrfs_set_item_key_safe():\n\n BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12\n BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030\n [ snip ]\n item 105 key (354549760 230 20480) itemoff 14587 itemsize 16\n stride 0 devid 5 physical 67502080\n item 106 key (354631680 230 4096) itemoff 14571 itemsize 16\n stride 0 devid 1 physical 88559616\n item 107 key (354631680 230 32768) itemoff 14555 itemsize 16\n stride 0 devid 1 physical 88555520\n item 108 key (354717696 230 28672) itemoff 14539 itemsize 16\n stride 0 devid 2 physical 67604480\n [ snip ]\n BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2602!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270\n Code: \n RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287\n RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff\n RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500\n R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000\n R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58\n FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0\n Call Trace:\n \n ? __die_body.cold+0x14/0x1a\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? exc_invalid_op+0x50/0x70\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? asm_exc_invalid_op+0x1a/0x20\n ? btrfs_set_item_key_safe+0xf7/0x270\n btrfs_partially_delete_raid_extent+0xc4/0xe0\n btrfs_delete_raid_extent+0x227/0x240\n __btrfs_free_extent.isra.0+0x57f/0x9c0\n ? exc_coproc_segment_overrun+0x40/0x40\n __btrfs_run_delayed_refs+0x2fa/0xe80\n btrfs_run_delayed_refs+0x81/0xe0\n btrfs_commit_transaction+0x2dd/0xbe0\n ? preempt_count_add+0x52/0xb0\n btrfs_sync_file+0x375/0x4c0\n do_fsync+0x39/0x70\n __x64_sys_fsync+0x13/0x20\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f7d7550ef90\n Code: \n RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90\n RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004\n RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c\n R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c\n R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8\n \n\nWhile the root cause of the tree order corruption isn't clear, using\nbtrfs_duplicate_item() to copy the item and then adjusting both the key\nand the per-device physical addresses is a safe way to counter this\nproblem." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc14ba10781bd2629835696b7cc1febf914768e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21753.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21753.json new file mode 100644 index 00000000000..ae0c1d3452b --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21753.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21753", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:15.950", + "lastModified": "2025-02-27T03:15:15.950", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it's aborted,\nwe read its 'aborted' field after unlocking fs_info->trans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its 'aborted' field, leading to a use-after-free.\n\nFix this by reading the 'aborted' field while holding fs_info->trans_lock\nsince any freeing task must first acquire that lock and set\nfs_info->running_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6ba4663ada6c6315af23a6669d386146634808ec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86d71a026a7f63da905db9add845c8ee88801eca", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8f5cff471039caa2b088060c074c2bf2081bcb01", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ce628048390dad80320d5a1f74de6ca1e1be91e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e2f0943cf37305dbdeaf9846e3c941451bcdef63", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21754.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21754.json new file mode 100644 index 00000000000..76403344e39 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21754.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21754", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.050", + "lastModified": "2025-02-27T03:15:16.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn't cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags & ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d85f5c2dd91df6b5da454406756f463ba923b69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0ff88c2a742a7cbaa4d08507d864737d099b435a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ea8db4216d1029527ab4666f730650419451e32", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/927b930f117bbae730a853c1dc43da8afe8380fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21755.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21755.json new file mode 100644 index 00000000000..615d461b35f --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21755.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21755", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.150", + "lastModified": "2025-02-27T03:15:16.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Orphan socket after transport release\n\nDuring socket release, sock_orphan() is called without considering that it\nsets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a\nnull pointer dereferenced in virtio_transport_wait_close().\n\nOrphan the socket only after transport release.\n\nPartially reverts the 'Fixes:' commit.\n\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n lock_acquire+0x19e/0x500\n _raw_spin_lock_irqsave+0x47/0x70\n add_wait_queue+0x46/0x230\n virtio_transport_release+0x4e7/0x7f0\n __vsock_release+0xfd/0x490\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x35e/0xa90\n __x64_sys_close+0x78/0xd0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3a866f8376f0a5c848dcb59cd26df845fffbe6d8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/78dafe1cf3afa02ed71084b350713b07e72a18fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94d81870eec7ad2dd7af80bffd314ded26caea1a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3b8e9d3414b2eb083d8293be25a949fe480897b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21756.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21756.json new file mode 100644 index 00000000000..17ab1550018 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21756.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21756", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.250", + "lastModified": "2025-02-27T03:15:16.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport->release() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(&vsk->bound_table); // nop\n sock_put(&vsk->sk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f43540166128951cc1be7ab1ce6b7f05c670d8b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/645ce25aa0e67895b11d89f27bb86c9d444c40f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b1afd40321f1c243cffbcf40ea7ca41aca87fa5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcdd2242c0231032fc84e1404315c245ae56322a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21757.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21757.json new file mode 100644 index 00000000000..c6acafcf53d --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21757.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21757", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.353", + "lastModified": "2025-02-27T03:15:16.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels\n\ndst_cache_get() gives us a reference, we need to release it.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2248b8145053eb2ae35ca4cf694b885a086719bb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c71a192976ded2f2f416d03c4f595cdd4478b825", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d90f8f930c3053bb11f5def9aff5310a70429260", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21758.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21758.json new file mode 100644 index 00000000000..e66027cd998 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21758.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21758", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.450", + "lastModified": "2025-02-27T03:15:16.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: add RCU protection to mld_newpack()\n\nmld_newpack() can be called without RTNL or RCU being held.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net->ipv6.igmp_sk\nsocket under RCU protection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1b91c597b0214b1b462eb627ec02658c944623f2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25195f9d5ffcc8079ad743a50c0409dbdc48d98a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a527750d877fd334de87eef81f1cb5f0f0ca3373", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d60d493b0e65647e0335e6a7c4547abcea7df8e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8af3632a7f2da83e27b083f787bced1faba00b1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21759.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21759.json new file mode 100644 index 00000000000..b684eb6b988 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21759.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21759", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.550", + "lastModified": "2025-02-27T03:15:16.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net->ipv6.igmp_sk\nsocket under RCU protection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21760.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21760.json new file mode 100644 index 00000000000..dbe34d03d77 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21760.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21760", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.653", + "lastModified": "2025-02-27T03:15:16.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/04e05112f10354ffc3bb6cc796d553bab161594c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/789230e5a8c1097301afc802e242c79bc8835c67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9319d800b5701e7f5e3fa71a5b7c4831fc20d6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae38982f521621c216fc2f5182cd091f4734641d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ed6ae1f325d3c43966ec1b62ac1459e2b8e45640", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21761.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21761.json new file mode 100644 index 00000000000..f9a156d5f6a --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21761.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21761", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.757", + "lastModified": "2025-02-27T03:15:16.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5828937742af74666192835d657095d95c53dbd0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e01abc34e87abd091e619161a20f54ed4e3e2da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8ec57509c36c8b9a23e50b7858dda0c520a2d074", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90b2f49a502fa71090d9f4fe29a2f51fe5dff76d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a849a10de5e04d798f7f286a2f1ca174719a617a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21762.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21762.json new file mode 100644 index 00000000000..2b768ebeef7 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21762.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21762", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.857", + "lastModified": "2025-02-27T03:15:16.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/01d1b5c9abcaff29a43f1d17a19c33eec92c7dbe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c331718d3389b6c5f6855078ab7171849e016bd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a42b69f692165ec39db42d595f4f65a4c8f42e44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e9f4dee534eb1b225b0a120395ad9bc2afe164d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f189654459423d4d48bef2d120b4bfba559e6039", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21763.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21763.json new file mode 100644 index 00000000000..d5b4e1aba50 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21763.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21763", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:16.960", + "lastModified": "2025-02-27T03:15:16.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cbb2aa90cd3fba15ad7efb5cdda28f3d1082379", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/559307d25235e24b5424778c7332451b6c741159", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/784eb2376270e086f7db136d154b8404edacf97b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/becbd5850c03ed33b232083dd66c6e38c0c0e569", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cdd5c2a12ddad8a77ce1838ff9f29aa587de82df", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21764.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21764.json new file mode 100644 index 00000000000..6174b9566c3 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21764.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21764", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.063", + "lastModified": "2025-02-27T03:15:17.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c2d705f5adf5d860aaef90cb4211c0fde2ba66d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/628e6d18930bbd21f2d4562228afe27694f66da9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9e0ec817eb41a55327a46cd3ce331a9868d60304", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bbec88e4108e8d6fb468d3817fa652140a44ff28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cd1065f92eb7ff21b9ba5308a86f33d1670bf926", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21765.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21765.json new file mode 100644 index 00000000000..821be777701 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21765.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21765", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.173", + "lastModified": "2025-02-27T03:15:17.173", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c8ffcd248da34fc41e52a46e51505900115fc2a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4176a68b0db8fc74ac14fcd00ba8231371051dc2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/550ed693f47370502a71b85382e7f9e6417300b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/713a40c892f40300d63691d9f85b2a23b48fe1e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/84212387caadb211cd9dadd6fd5563bd37dc1f5e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21766.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21766.json new file mode 100644 index 00000000000..4c1c3da1882 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21766.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21766", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.273", + "lastModified": "2025-02-27T03:15:17.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/139512191bd06f1b496117c76372b2ce372c9a41", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4583748b65dee4d61bd50a2214715b4237bc152a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9b1766d1ff5fe496aabe9fc5f4e34e53f35c11c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a39f61d212d822b3062d7f70fa0588e50e55664e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea07480b23225942208f1b754fea1e7ec486d37e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21767.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21767.json new file mode 100644 index 00000000000..4fe414bc2c0 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21767.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21767", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.383", + "lastModified": "2025-02-27T03:15:17.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6bb05a33337b2c842373857b63de5c9bf1ae2a09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fbe79994c95106e04", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe150690fb9d0bac8cc459", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21768.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21768.json new file mode 100644 index 00000000000..619790984d6 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21768.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21768", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.480", + "lastModified": "2025-02-27T03:15:17.480", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I'm not sure if rpl and seg6\ncan actually hit this, but in principle I don't see why not." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c0f200c7d06fedddde82209c099014d63f4a6c0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5ab11a4e219e93b8b31a27f8ec98d42afadd8b7a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92191dd1073088753821b862b791dcc83e558e07", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21769.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21769.json new file mode 100644 index 00000000000..546e715a637 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21769.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21769", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.580", + "lastModified": "2025-02-27T03:15:17.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: vmclock: Add .owner to vmclock_miscdev_fops\n\nWithout the .owner field, the module can be unloaded while /dev/vmclock0\nis open, leading to an oops." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3b5709225b43ee33e1026dd1fc0949a7f19b5289", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b07b040257c1b658ef3eca86e4b6ae02d65069c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21770.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21770.json new file mode 100644 index 00000000000..343caf716db --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21770.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21770", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.677", + "lastModified": "2025-02-27T03:15:17.677", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix potential memory leak in iopf_queue_remove_device()\n\nThe iopf_queue_remove_device() helper removes a device from the per-iommu\niopf queue when PRI is disabled on the device. It responds to all\noutstanding iopf's with an IOMMU_PAGE_RESP_INVALID code and detaches the\ndevice from the queue.\n\nHowever, it fails to release the group structure that represents a group\nof iopf's awaiting for a response after responding to the hardware. This\ncan cause a memory leak if iopf_queue_remove_device() is called with\npending iopf's.\n\nFix it by calling iopf_free_group() after the iopf group is responded." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/90d5429cd2921ca2714684ed525898d431bb9283", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9759ae2cee7cd42b95f1c48aa3749bd02b5ddb08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/db60d2d896a17decd58d143eef92cf22eb0a0176", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21771.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21771.json new file mode 100644 index 00000000000..8bb0a3eb468 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21771.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21771", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.767", + "lastModified": "2025-02-27T03:15:17.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix incorrect autogroup migration detection\n\nscx_move_task() is called from sched_move_task() and tells the BPF scheduler\nthat cgroup migration is being committed. sched_move_task() is used by both\ncgroup and autogroup migrations and scx_move_task() tried to filter out\nautogroup migrations by testing the destination cgroup and PF_EXITING but\nthis is not enough. In fact, without explicitly tagging the thread which is\ndoing the cgroup migration, there is no good way to tell apart\nscx_move_task() invocations for racing migration to the root cgroup and an\nautogroup migration.\n\nThis led to scx_move_task() incorrectly ignoring a migration from non-root\ncgroup to an autogroup of the root cgroup triggering the following warning:\n\n WARNING: CPU: 7 PID: 1 at kernel/sched/ext.c:3725 scx_cgroup_can_attach+0x196/0x340\n ...\n Call Trace:\n \n cgroup_migrate_execute+0x5b1/0x700\n cgroup_attach_task+0x296/0x400\n __cgroup_procs_write+0x128/0x140\n cgroup_procs_write+0x17/0x30\n kernfs_fop_write_iter+0x141/0x1f0\n vfs_write+0x31d/0x4a0\n __x64_sys_write+0x72/0xf0\n do_syscall_64+0x82/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it by adding an argument to sched_move_task() that indicates whether the\nmoving is for a cgroup or autogroup migration. After the change,\nscx_move_task() is called only for cgroup migrations and renamed to\nscx_cgroup_move_task()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/75bf2f80c046d2ec5a07455891ea0a9fb6d8b5f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6f3e7d564b2309e1f17e709a70eca78d7ca2bb8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d8b510d0ddc65d8a71e0f9a3acc9ed5f010fc514", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21772.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21772.json new file mode 100644 index 00000000000..9162c3aaab6 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21772.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21772", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.867", + "lastModified": "2025-02-27T03:15:17.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21773.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21773.json new file mode 100644 index 00000000000..4ac58d197e1 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21773.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21773", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:17.970", + "lastModified": "2025-02-27T03:15:17.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev->serial\n\nThe driver assumed that es58x_dev->udev->serial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev->udev->serial before accessing it." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1590667a60753ee5a54871f2840ceefd4a7831fa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5059ea98d7bc133903d3e47ab36df6ed11d0c95f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/722e8e1219c8b6ac2865011fe339315d6a8d0721", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1ad2109ce41c9e3912dadd07ad8a9c640064ffb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21774.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21774.json new file mode 100644 index 00000000000..9e64bed81d5 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21774.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21774", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.070", + "lastModified": "2025-02-27T03:15:18.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated\n\nFix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() to\nbail out if skb cannot be allocated." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/118fb35681bd2c0d2afa22f7be0ef94bb4d06849", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/946750e7865df2e70045071051abf768785dd570", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7f0adfe64de08803990dc4cbecd2849c04e314a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21775.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21775.json new file mode 100644 index 00000000000..33c8ecf94ad --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21775.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21775", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.167", + "lastModified": "2025-02-27T03:15:18.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/84b9ac59978a6a4e0812d1c938fad97306272cef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9bd24927e3eeb85642c7baa3b28be8bea6c2a078", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0e592dd46a0a952b41c3bf6c963afdd6a42b526", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e505b83b9ee6aa0ae2f4395f573a66579ae403fb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7e2e2318b1f085044126ba553a4e619842fc36d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21776.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21776.json new file mode 100644 index 00000000000..5b6ba1b63a7 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21776.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21776", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.263", + "lastModified": "2025-02-27T03:15:18.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2240fed37afbcdb5e8b627bc7ad986891100e05d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5b9778e1fe715700993ce436c152dc3b7df0b490", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/62d8f4c5454dd39aded4f343720d1c5a1803cfef", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c3720b04df84b5459050ae4e03ec7d545652f897", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e905a0fca7bff0855d312c16f71e60e1773b393e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21777.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21777.json new file mode 100644 index 00000000000..3d9d3faba44 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21777.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21777", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.377", + "lastModified": "2025-02-27T03:15:18.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Validate the persistent meta data subbuf array\n\nThe meta data for a mapped ring buffer contains an array of indexes of all\nthe subbuffers. The first entry is the reader page, and the rest of the\nentries lay out the order of the subbuffers in how the ring buffer link\nlist is to be created.\n\nThe validator currently makes sure that all the entries are within the\nrange of 0 and nr_subbufs. But it does not check if there are any\nduplicates.\n\nWhile working on the ring buffer, I corrupted this array, where I added\nduplicates. The validator did not catch it and created the ring buffer\nlink list on top of it. Luckily, the corruption was only that the reader\npage was also in the writer path and only presented corrupted data but did\nnot crash the kernel. But if there were duplicates in the writer side,\nthen it could corrupt the ring buffer link list and cause a crash.\n\nCreate a bitmask array with the size of the number of subbuffers. Then\nclear it. When walking through the subbuf array checking to see if the\nentries are within the range, test if its bit is already set in the\nsubbuf_mask. If it is, then there is duplicates and fail the validation.\nIf not, set the corresponding bit and continue." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0d547a6f5e8fad26ebc12f501d7d19fccdbad6bf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3ec743d558f111d8999aea24577ba66c65ee2eeb", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f5b95f1fa2ef3a03f49eeec658ba97e721412b32", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21778.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21778.json new file mode 100644 index 00000000000..cb12782618f --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21778.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21778", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.533", + "lastModified": "2025-02-27T03:15:18.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not allow mmap() of persistent ring buffer\n\nWhen trying to mmap a trace instance buffer that is attached to\nreserve_mem, it would crash:\n\n BUG: unable to handle page fault for address: ffffe97bd00025c8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 2862f3067 P4D 2862f3067 PUD 0\n Oops: Oops: 0000 [#1] PREEMPT_RT SMP PTI\n CPU: 4 UID: 0 PID: 981 Comm: mmap-rb Not tainted 6.14.0-rc2-test-00003-g7f1a5e3fbf9e-dirty #233\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:validate_page_before_insert+0x5/0xb0\n Code: e2 01 89 d0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <48> 8b 46 08 a8 01 75 67 66 90 48 89 f0 8b 50 34 85 d2 74 76 48 89\n RSP: 0018:ffffb148c2f3f968 EFLAGS: 00010246\n RAX: ffff9fa5d3322000 RBX: ffff9fa5ccff9c08 RCX: 00000000b879ed29\n RDX: ffffe97bd00025c0 RSI: ffffe97bd00025c0 RDI: ffff9fa5ccff9c08\n RBP: ffffb148c2f3f9f0 R08: 0000000000000004 R09: 0000000000000004\n R10: 0000000000000000 R11: 0000000000000200 R12: 0000000000000000\n R13: 00007f16a18d5000 R14: ffff9fa5c48db6a8 R15: 0000000000000000\n FS: 00007f16a1b54740(0000) GS:ffff9fa73df00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffe97bd00025c8 CR3: 00000001048c6006 CR4: 0000000000172ef0\n Call Trace:\n \n ? __die_body.cold+0x19/0x1f\n ? __die+0x2e/0x40\n ? page_fault_oops+0x157/0x2b0\n ? search_module_extables+0x53/0x80\n ? validate_page_before_insert+0x5/0xb0\n ? kernelmode_fixup_or_oops.isra.0+0x5f/0x70\n ? __bad_area_nosemaphore+0x16e/0x1b0\n ? bad_area_nosemaphore+0x16/0x20\n ? do_kern_addr_fault+0x77/0x90\n ? exc_page_fault+0x22b/0x230\n ? asm_exc_page_fault+0x2b/0x30\n ? validate_page_before_insert+0x5/0xb0\n ? vm_insert_pages+0x151/0x400\n __rb_map_vma+0x21f/0x3f0\n ring_buffer_map+0x21b/0x2f0\n tracing_buffers_mmap+0x70/0xd0\n __mmap_region+0x6f0/0xbd0\n mmap_region+0x7f/0x130\n do_mmap+0x475/0x610\n vm_mmap_pgoff+0xf2/0x1d0\n ksys_mmap_pgoff+0x166/0x200\n __x64_sys_mmap+0x37/0x50\n x64_sys_call+0x1670/0x1d70\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reason was that the code that maps the ring buffer pages to user space\nhas:\n\n\tpage = virt_to_page((void *)cpu_buffer->subbuf_ids[s]);\n\nAnd uses that in:\n\n\tvm_insert_pages(vma, vma->vm_start, pages, &nr_pages);\n\nBut virt_to_page() does not work with vmap()'d memory which is what the\npersistent ring buffer has. It is rather trivial to allow this, but for\nnow just disable mmap() of instances that have their ring buffer from the\nreserve_mem option.\n\nIf an mmap() is performed on a persistent buffer it will return -ENODEV\njust like it would if the .mmap field wasn't defined in the\nfile_operations structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/129fe718819cc5e24ea2f489db9ccd4371f0c6f6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf5aa560e5c7628b57c928741d7e6a9a0f6f0e67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e8dff5f73912513fc9b52ab992d861517c9a9975", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21779.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21779.json new file mode 100644 index 00000000000..52a5042d8ce --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21779.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21779", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.690", + "lastModified": "2025-02-27T03:15:18.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel\n\nAdvertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don't rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan't be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5393cf22312418262679eaadb130d608c75fe690", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/874ff13c73c45ecb38cb82191e8c1d523f0dc81b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8de7f100bb5989d9c3627d3a223ee1c863f3b69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aca8be4403fb90db7adaf63830e27ebe787a76e8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca29f58ca374c40a0e69c5306fc5c940a0069074", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21780.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21780.json new file mode 100644 index 00000000000..f5038ff7a6e --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21780.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21780", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.827", + "lastModified": "2025-02-27T03:15:18.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21781.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21781.json new file mode 100644 index 00000000000..b3df0ec2809 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21781.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21781", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:18.947", + "lastModified": "2025-02-27T03:15:18.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn't a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh->bat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/072b2787321903287a126c148e8db87dd7ef96fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2c3fb7df4cc6d043f70d4a8a10f8b915bbfb75e7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/522b1596ea19e327853804da2de60aeb9c5d6f42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7eb5dd201695645af071592a50026eb780081a72", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ccb7276a6d26d6f8416e315b43b45e15ee7f29e2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21782.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21782.json new file mode 100644 index 00000000000..3b2ada72678 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21782.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21782", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.050", + "lastModified": "2025-02-27T03:15:19.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro's suggestion and made this patch." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21783.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21783.json new file mode 100644 index 00000000000..475ae045724 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21783.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21783", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.150", + "lastModified": "2025-02-27T03:15:19.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: Fix crash on error in gpiochip_get_ngpios()\n\nThe gpiochip_get_ngpios() uses chip_*() macros to print messages.\nHowever these macros rely on gpiodev to be initialised and set,\nwhich is not the case when called via bgpio_init(). In such a case\nthe printing messages will crash on NULL pointer dereference.\nReplace chip_*() macros by the respective dev_*() ones to avoid\nsuch crash." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/189fb76215e479c10731baabb50f1a352d2078f5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4d9b2b62e1136d10f661ec4c0c268140b6f74f4f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b4aebeecbbd5b5fe73e35fad3f62ed21aa7ef44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a7052afa9eae2239e25943baa8817a6a56e8aa68", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21784.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21784.json new file mode 100644 index 00000000000..bb623f413fa --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21784.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21784", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.247", + "lastModified": "2025-02-27T03:15:19.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f40a7ff39d9f1d283d5aa9b13e2fb16200aff5f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a0a455b4bc7483ad60e8b8a50330c1e05bb7bfcf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d1d10bd595539ed82ab59b60249f9bdf0994f678", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7eb84384335e2abf960c94ec0f8c5b835283777", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21785.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21785.json new file mode 100644 index 00000000000..1571fddde8b --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21785.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21785", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.350", + "lastModified": "2025-02-27T03:15:19.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21786.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21786.json new file mode 100644 index 00000000000..020e5631da0 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21786.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21786", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.450", + "lastModified": "2025-02-27T03:15:19.450", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Put the pwq after detaching the rescuer from the pool\n\nThe commit 68f83057b913(\"workqueue: Reap workers via kthread_stop() and\nremove detach_completion\") adds code to reap the normal workers but\nmistakenly does not handle the rescuer and also removes the code waiting\nfor the rescuer in put_unbound_pool(), which caused a use-after-free bug\nreported by Cheung Wall.\n\nTo avoid the use-after-free bug, the pool\u2019s reference must be held until\nthe detachment is complete. Therefore, move the code that puts the pwq\nafter detaching the rescuer from the pool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/835b69c868f53f959d4986bbecd561ba6f38e492", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e76946110137703c16423baf6ee177b751a34b7e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21787.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21787.json new file mode 100644 index 00000000000..5581b6ddf80 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21787.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21787", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.553", + "lastModified": "2025-02-27T03:15:19.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: better TEAM_OPTION_TYPE_STRING validation\n\nsyzbot reported following splat [1]\n\nMake sure user-provided data contains one nul byte.\n\n[1]\n BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]\n BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714\n string_nocheck lib/vsprintf.c:633 [inline]\n string+0x3ec/0x5f0 lib/vsprintf.c:714\n vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843\n __request_module+0x252/0x9f0 kernel/module/kmod.c:149\n team_mode_get drivers/net/team/team_core.c:480 [inline]\n team_change_mode drivers/net/team/team_core.c:607 [inline]\n team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401\n team_option_set drivers/net/team/team_core.c:375 [inline]\n team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:733\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2573\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627\n __sys_sendmsg net/socket.c:2659 [inline]\n __do_sys_sendmsg net/socket.c:2664 [inline]\n __se_sys_sendmsg net/socket.c:2662 [inline]\n __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662\n x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4236bf4716589558cc0f3c3612642b2c2141b04e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4512482e4805dd30bc77dec511f2a2edba5cb868", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5bef3ac184b5626ea62385d6b82a1992b89d7940", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8401cade1918281177974b32c925afdce750d292", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d071a91fa614ecdf760c29f61f6a7bfb7df796d6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21788.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21788.json new file mode 100644 index 00000000000..677abca75d7 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21788.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21788", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.663", + "lastModified": "2025-02-27T03:15:19.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases\n\nIf the XDP program doesn't result in XDP_PASS then we leak the\nmemory allocated by am65_cpsw_build_skb().\n\nIt is pointless to allocate SKB memory before running the XDP\nprogram as we would be wasting CPU cycles for cases other than XDP_PASS.\nMove the SKB allocation after evaluating the XDP program result.\n\nThis fixes the memleak. A performance boost is seen for XDP_DROP test.\n\nXDP_DROP test:\nBefore: 460256 rx/s 0 err/s\nAfter: 784130 rx/s 0 err/s" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1bba1d042107167164a0ae3a843fdf650ab005d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5db843258de1e4e6b1ef1cbd1797923c9e3de548", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc11f049612b9d926aca2e55f8dc9d82850d0da3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21789.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21789.json new file mode 100644 index 00000000000..381f9a7ded1 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21789.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21789", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.763", + "lastModified": "2025-02-27T03:15:19.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: csum: Fix OoB access in IP checksum code for negative lengths\n\nCommit 69e3a6aa6be2 (\"LoongArch: Add checksum optimization for 64-bit\nsystem\") would cause an undefined shift and an out-of-bounds read.\n\nCommit 8bd795fedb84 (\"arm64: csum: Fix OoB access in IP checksum code\nfor negative lengths\") fixes the same issue on ARM64." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6287f1a8c16138c2ec750953e35039634018c84a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/964a8895704a22efc06a2a3276b624a5ae985a06", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f15a8df542c0f08732a67d1a14ee7c22948fb97", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d6508ffff32b44b6d0de06704034e4eef1c307a7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21790.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21790.json new file mode 100644 index 00000000000..93861e2b784 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21790.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21790", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.870", + "lastModified": "2025-02-27T03:15:19.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3215f5aafc49aaa993991633833854694e73b439", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5805402dcc56241987bca674a1b4da79a249bab7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79aea5e55156c87dc570e43fcd8bba01b9d6ab3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a303649b99b64858d62ce7428125d8e71675d2b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e860f847787fbbf0d8dacd638c019c7c3d4a9bd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21791.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21791.json new file mode 100644 index 00000000000..7afbc5be628 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21791.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21791", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:19.970", + "lastModified": "2025-02-27T03:15:19.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21792.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21792.json new file mode 100644 index 00000000000..e9bdc70212c --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21792.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21792", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.080", + "lastModified": "2025-02-27T03:15:20.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/470bda72fda0fcf54300466d70ce2de62f7835d2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/90056ece99966182dc0e367f3fd2afab46ada847", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/94a0de224ed52eb2ecd4f4cb1b937b674c9fb955", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b58f7ca86a7b8e480c06e30c5163c5d2f4e24023", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bca0902e61731a75fc4860c8720168d9f1bae3b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21793.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21793.json new file mode 100644 index 00000000000..6dbeb9fd79d --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21793.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21793", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.190", + "lastModified": "2025-02-27T03:15:20.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu's warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3588b1c0fde2f58d166e3f94a5a58d64b893526c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4df6f005bef04a3dd16c028124a1b5684db3922b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7434135553bc03809a55803ee6a8dcaae6240d55", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/966328191b4c389c0f2159fa242915f51cbc1679", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21794.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21794.json new file mode 100644 index 00000000000..81f4a51e154 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21794.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21794", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.293", + "lastModified": "2025-02-27T03:15:20.293", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0b43d98ff29be3144e86294486b1373b5df74c0e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/436f48c864186e9413d1b7c6e91767cc9e1a65b8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/73e36a699b9f46322ffb81f072a24e64f728dba7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cdd9a1ea23ff1a272547217100663e8de4eada40", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3ce05283f6cb6e19c220f5382def43dc5bd56b9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21795.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21795.json new file mode 100644 index 00000000000..706d7c02d1b --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21795.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21795", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.390", + "lastModified": "2025-02-27T03:15:20.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/036ac2778f7b28885814c6fbc07e156ad1624d03", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/23ad7797c74cd8f7f90617f1e59a8703e2b43908", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/38d345f612503b850c2973e5a879f88e441b34d7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cedfbb92cf97a6bff3d25633001d9c44442ee854", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e88d2451cd42e025465d6b51fd716a47b0b3800d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21796.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21796.json new file mode 100644 index 00000000000..eca74abbfa3 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21796.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2025-21796", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.497", + "lastModified": "2025-02-27T03:15:20.497", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff <0f> 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1fd94884174bd20beb1773990fd3b1aa877688d9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2e59b2b68782519560b3d6a41dd66a3d01a01cd3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/55d947315fb5f67a35e4e1d3e01bb886b9c6decf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7faf14a7b0366f153284db0ad3347c457ea70136", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f8d871523142f7895f250a856f8c4a4181614510", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-217xx/CVE-2025-21797.json b/CVE-2025/CVE-2025-217xx/CVE-2025-21797.json new file mode 100644 index 00000000000..3e46d256865 --- /dev/null +++ b/CVE-2025/CVE-2025-217xx/CVE-2025-21797.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21797", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-02-27T03:15:20.607", + "lastModified": "2025-02-27T03:15:20.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: corsair-void: Add missing delayed work cancel for headset status\n\nThe cancel_delayed_work_sync() call was missed, causing a use-after-free\nin corsair_void_remove()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2dcb56a0a4da6946f6c18288da595c13e0d2af86", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/48e487b002891eb0aeaec704c9bed51f028deff1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index de7589939a6..2cf68cf675f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-27T03:00:20.119429+00:00 +2025-02-27T05:00:20.020894+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-27T02:45:31.280000+00:00 +2025-02-27T03:34:34.637000+00:00 ``` ### Last Data Feed Release @@ -33,60 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -283243 +283338 ``` ### CVEs added in the last Commit -Recently added CVEs: `56` +Recently added CVEs: `95` -- [CVE-2025-21707](CVE-2025/CVE-2025-217xx/CVE-2025-21707.json) (`2025-02-27T02:15:14.347`) -- [CVE-2025-21708](CVE-2025/CVE-2025-217xx/CVE-2025-21708.json) (`2025-02-27T02:15:14.447`) -- [CVE-2025-21709](CVE-2025/CVE-2025-217xx/CVE-2025-21709.json) (`2025-02-27T02:15:14.560`) -- [CVE-2025-21710](CVE-2025/CVE-2025-217xx/CVE-2025-21710.json) (`2025-02-27T02:15:14.657`) -- [CVE-2025-21711](CVE-2025/CVE-2025-217xx/CVE-2025-21711.json) (`2025-02-27T02:15:14.760`) -- [CVE-2025-21712](CVE-2025/CVE-2025-217xx/CVE-2025-21712.json) (`2025-02-27T02:15:14.863`) -- [CVE-2025-21713](CVE-2025/CVE-2025-217xx/CVE-2025-21713.json) (`2025-02-27T02:15:14.960`) -- [CVE-2025-21714](CVE-2025/CVE-2025-217xx/CVE-2025-21714.json) (`2025-02-27T02:15:15.050`) -- [CVE-2025-21715](CVE-2025/CVE-2025-217xx/CVE-2025-21715.json) (`2025-02-27T02:15:15.167`) -- [CVE-2025-21716](CVE-2025/CVE-2025-217xx/CVE-2025-21716.json) (`2025-02-27T02:15:15.273`) -- [CVE-2025-21717](CVE-2025/CVE-2025-217xx/CVE-2025-21717.json) (`2025-02-27T02:15:15.373`) -- [CVE-2025-21718](CVE-2025/CVE-2025-217xx/CVE-2025-21718.json) (`2025-02-27T02:15:15.473`) -- [CVE-2025-21719](CVE-2025/CVE-2025-217xx/CVE-2025-21719.json) (`2025-02-27T02:15:15.580`) -- [CVE-2025-21720](CVE-2025/CVE-2025-217xx/CVE-2025-21720.json) (`2025-02-27T02:15:15.683`) -- [CVE-2025-21721](CVE-2025/CVE-2025-217xx/CVE-2025-21721.json) (`2025-02-27T02:15:15.787`) -- [CVE-2025-21722](CVE-2025/CVE-2025-217xx/CVE-2025-21722.json) (`2025-02-27T02:15:15.883`) -- [CVE-2025-21723](CVE-2025/CVE-2025-217xx/CVE-2025-21723.json) (`2025-02-27T02:15:15.993`) -- [CVE-2025-21724](CVE-2025/CVE-2025-217xx/CVE-2025-21724.json) (`2025-02-27T02:15:16.113`) -- [CVE-2025-21725](CVE-2025/CVE-2025-217xx/CVE-2025-21725.json) (`2025-02-27T02:15:16.220`) -- [CVE-2025-21726](CVE-2025/CVE-2025-217xx/CVE-2025-21726.json) (`2025-02-27T02:15:16.323`) -- [CVE-2025-21727](CVE-2025/CVE-2025-217xx/CVE-2025-21727.json) (`2025-02-27T02:15:16.423`) -- [CVE-2025-21728](CVE-2025/CVE-2025-217xx/CVE-2025-21728.json) (`2025-02-27T02:15:16.530`) -- [CVE-2025-21729](CVE-2025/CVE-2025-217xx/CVE-2025-21729.json) (`2025-02-27T02:15:16.637`) -- [CVE-2025-21730](CVE-2025/CVE-2025-217xx/CVE-2025-21730.json) (`2025-02-27T02:15:16.733`) -- [CVE-2025-21731](CVE-2025/CVE-2025-217xx/CVE-2025-21731.json) (`2025-02-27T02:15:16.833`) +- [CVE-2025-21773](CVE-2025/CVE-2025-217xx/CVE-2025-21773.json) (`2025-02-27T03:15:17.970`) +- [CVE-2025-21774](CVE-2025/CVE-2025-217xx/CVE-2025-21774.json) (`2025-02-27T03:15:18.070`) +- [CVE-2025-21775](CVE-2025/CVE-2025-217xx/CVE-2025-21775.json) (`2025-02-27T03:15:18.167`) +- [CVE-2025-21776](CVE-2025/CVE-2025-217xx/CVE-2025-21776.json) (`2025-02-27T03:15:18.263`) +- [CVE-2025-21777](CVE-2025/CVE-2025-217xx/CVE-2025-21777.json) (`2025-02-27T03:15:18.377`) +- [CVE-2025-21778](CVE-2025/CVE-2025-217xx/CVE-2025-21778.json) (`2025-02-27T03:15:18.533`) +- [CVE-2025-21779](CVE-2025/CVE-2025-217xx/CVE-2025-21779.json) (`2025-02-27T03:15:18.690`) +- [CVE-2025-21780](CVE-2025/CVE-2025-217xx/CVE-2025-21780.json) (`2025-02-27T03:15:18.827`) +- [CVE-2025-21781](CVE-2025/CVE-2025-217xx/CVE-2025-21781.json) (`2025-02-27T03:15:18.947`) +- [CVE-2025-21782](CVE-2025/CVE-2025-217xx/CVE-2025-21782.json) (`2025-02-27T03:15:19.050`) +- [CVE-2025-21783](CVE-2025/CVE-2025-217xx/CVE-2025-21783.json) (`2025-02-27T03:15:19.150`) +- [CVE-2025-21784](CVE-2025/CVE-2025-217xx/CVE-2025-21784.json) (`2025-02-27T03:15:19.247`) +- [CVE-2025-21785](CVE-2025/CVE-2025-217xx/CVE-2025-21785.json) (`2025-02-27T03:15:19.350`) +- [CVE-2025-21786](CVE-2025/CVE-2025-217xx/CVE-2025-21786.json) (`2025-02-27T03:15:19.450`) +- [CVE-2025-21787](CVE-2025/CVE-2025-217xx/CVE-2025-21787.json) (`2025-02-27T03:15:19.553`) +- [CVE-2025-21788](CVE-2025/CVE-2025-217xx/CVE-2025-21788.json) (`2025-02-27T03:15:19.663`) +- [CVE-2025-21789](CVE-2025/CVE-2025-217xx/CVE-2025-21789.json) (`2025-02-27T03:15:19.763`) +- [CVE-2025-21790](CVE-2025/CVE-2025-217xx/CVE-2025-21790.json) (`2025-02-27T03:15:19.870`) +- [CVE-2025-21791](CVE-2025/CVE-2025-217xx/CVE-2025-21791.json) (`2025-02-27T03:15:19.970`) +- [CVE-2025-21792](CVE-2025/CVE-2025-217xx/CVE-2025-21792.json) (`2025-02-27T03:15:20.080`) +- [CVE-2025-21793](CVE-2025/CVE-2025-217xx/CVE-2025-21793.json) (`2025-02-27T03:15:20.190`) +- [CVE-2025-21794](CVE-2025/CVE-2025-217xx/CVE-2025-21794.json) (`2025-02-27T03:15:20.293`) +- [CVE-2025-21795](CVE-2025/CVE-2025-217xx/CVE-2025-21795.json) (`2025-02-27T03:15:20.390`) +- [CVE-2025-21796](CVE-2025/CVE-2025-217xx/CVE-2025-21796.json) (`2025-02-27T03:15:20.497`) +- [CVE-2025-21797](CVE-2025/CVE-2025-217xx/CVE-2025-21797.json) (`2025-02-27T03:15:20.607`) ### CVEs modified in the last Commit -Recently modified CVEs: `16` +Recently modified CVEs: `28` -- [CVE-2022-24682](CVE-2022/CVE-2022-246xx/CVE-2022-24682.json) (`2025-02-27T02:00:01.920`) -- [CVE-2022-49140](CVE-2022/CVE-2022-491xx/CVE-2022-49140.json) (`2025-02-27T02:15:09.193`) -- [CVE-2023-34192](CVE-2023/CVE-2023-341xx/CVE-2023-34192.json) (`2025-02-27T02:00:01.920`) -- [CVE-2023-37967](CVE-2023/CVE-2023-379xx/CVE-2023-37967.json) (`2025-02-27T02:45:31.280`) -- [CVE-2023-41875](CVE-2023/CVE-2023-418xx/CVE-2023-41875.json) (`2025-02-27T02:45:31.280`) -- [CVE-2024-11218](CVE-2024/CVE-2024-112xx/CVE-2024-11218.json) (`2025-02-27T01:15:09.973`) -- [CVE-2024-12201](CVE-2024/CVE-2024-122xx/CVE-2024-12201.json) (`2025-02-27T02:45:31.280`) -- [CVE-2024-49035](CVE-2024/CVE-2024-490xx/CVE-2024-49035.json) (`2025-02-27T02:00:01.920`) -- [CVE-2025-0340](CVE-2025/CVE-2025-03xx/CVE-2025-0340.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0346](CVE-2025/CVE-2025-03xx/CVE-2025-0346.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0347](CVE-2025/CVE-2025-03xx/CVE-2025-0347.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0484](CVE-2025/CVE-2025-04xx/CVE-2025-0484.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0485](CVE-2025/CVE-2025-04xx/CVE-2025-0485.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0486](CVE-2025/CVE-2025-04xx/CVE-2025-0486.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0487](CVE-2025/CVE-2025-04xx/CVE-2025-0487.json) (`2025-02-27T02:05:55.703`) -- [CVE-2025-0491](CVE-2025/CVE-2025-04xx/CVE-2025-0491.json) (`2025-02-27T02:05:55.703`) +- [CVE-2021-47118](CVE-2021/CVE-2021-471xx/CVE-2021-47118.json) (`2025-02-27T03:20:09.380`) +- [CVE-2021-47131](CVE-2021/CVE-2021-471xx/CVE-2021-47131.json) (`2025-02-27T03:20:09.380`) +- [CVE-2021-47134](CVE-2021/CVE-2021-471xx/CVE-2021-47134.json) (`2025-02-27T03:20:09.380`) +- [CVE-2021-47135](CVE-2021/CVE-2021-471xx/CVE-2021-47135.json) (`2025-02-27T03:20:09.380`) +- [CVE-2023-51407](CVE-2023/CVE-2023-514xx/CVE-2023-51407.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51486](CVE-2023/CVE-2023-514xx/CVE-2023-51486.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51487](CVE-2023/CVE-2023-514xx/CVE-2023-51487.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51489](CVE-2023/CVE-2023-514xx/CVE-2023-51489.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51491](CVE-2023/CVE-2023-514xx/CVE-2023-51491.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51510](CVE-2023/CVE-2023-515xx/CVE-2023-51510.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-51512](CVE-2023/CVE-2023-515xx/CVE-2023-51512.json) (`2025-02-27T03:24:36.033`) +- [CVE-2023-52612](CVE-2023/CVE-2023-526xx/CVE-2023-52612.json) (`2025-02-27T03:20:23.277`) +- [CVE-2024-0440](CVE-2024/CVE-2024-04xx/CVE-2024-0440.json) (`2025-02-27T03:05:58.637`) +- [CVE-2024-0455](CVE-2024/CVE-2024-04xx/CVE-2024-0455.json) (`2025-02-27T03:05:58.637`) +- [CVE-2024-0780](CVE-2024/CVE-2024-07xx/CVE-2024-0780.json) (`2025-02-27T03:34:34.637`) +- [CVE-2024-0798](CVE-2024/CVE-2024-07xx/CVE-2024-0798.json) (`2025-02-27T03:05:58.637`) +- [CVE-2024-12463](CVE-2024/CVE-2024-124xx/CVE-2024-12463.json) (`2025-02-27T02:45:31.280`) +- [CVE-2024-12526](CVE-2024/CVE-2024-125xx/CVE-2024-12526.json) (`2025-02-27T02:45:31.280`) +- [CVE-2024-1436](CVE-2024/CVE-2024-14xx/CVE-2024-1436.json) (`2025-02-27T03:05:58.637`) +- [CVE-2024-1622](CVE-2024/CVE-2024-16xx/CVE-2024-1622.json) (`2025-02-27T03:05:58.637`) +- [CVE-2024-2247](CVE-2024/CVE-2024-22xx/CVE-2024-2247.json) (`2025-02-27T03:06:17.427`) +- [CVE-2024-26629](CVE-2024/CVE-2024-266xx/CVE-2024-26629.json) (`2025-02-27T03:06:17.427`) +- [CVE-2024-29099](CVE-2024/CVE-2024-290xx/CVE-2024-29099.json) (`2025-02-27T03:34:34.637`) +- [CVE-2024-29127](CVE-2024/CVE-2024-291xx/CVE-2024-29127.json) (`2025-02-27T03:34:34.637`) +- [CVE-2024-29128](CVE-2024/CVE-2024-291xx/CVE-2024-29128.json) (`2025-02-27T03:34:34.637`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8e61c6b51e1..75ef3e36b29 100644 --- a/_state.csv +++ b/_state.csv @@ -187353,16 +187353,16 @@ CVE-2021-47105,0,0,6c2e1e087ef8084e592aef079392544772701e88eb5da4c918983c4e61d3c CVE-2021-47106,0,0,36872d996acf50e93b5beb0c0e62bad3a44984c6d13b840a64e985a80d23d84e,2025-01-14T17:26:11.537000 CVE-2021-47107,0,0,6baa66a4a489c4baf75a24eff36b122896511cb47e8ac7b563b62629a78034f6,2025-02-14T15:22:22.510000 CVE-2021-47108,0,0,c23d21093fa3a1351345df0e77e2a410b9bd2af3a158493fefa58626321a1a7f,2025-01-07T20:14:35.703000 -CVE-2021-47109,0,0,d0d4755876ffc6bcaecd2654bbd49d22799ea5ef8fd867c14e00689af63486ed,2024-11-21T06:35:24.957000 +CVE-2021-47109,0,1,b6b27be535ae41ece418a6b71fa6b4ad57d9fb20952700f2acce7cc9142c8214,2025-02-27T03:20:09.380000 CVE-2021-47110,0,0,50cf5c09f89aeaf543ffa132567ade0b5308efed772ea95eb1751760f1f935bc,2024-11-21T06:35:25.077000 -CVE-2021-47111,0,0,6be0860ee1b01c3b774e4d6d191b57114cbf9a3d1a31a3499b909d6e18b8c18b,2024-11-21T06:35:25.200000 +CVE-2021-47111,0,1,fe565b240d5291397ff98bc0c56b338be948a34e109eff0db51ab3e30aa44fda,2025-02-27T03:20:09.380000 CVE-2021-47112,0,0,a20d2120af9da235238188b5d7e07b790c472dc4c22aa4ca421dcc709b8baf75,2024-11-21T06:35:25.327000 CVE-2021-47113,0,0,8eb9b5c0c20b4352e5ba37957059faa6001d1826ad53979e0c54dacb851c9cdc,2024-11-21T06:35:25.433000 CVE-2021-47114,0,0,33f28c6c40c74c3c7483c305faed69fe78c39ec42681673db72acad0bd83dcfc,2024-11-21T06:35:25.530000 CVE-2021-47115,0,0,f255399fb89ea4ffe6096e6f82439a37de26ac16dd3a923a8b2fb3dcb7c27662,2024-03-18T11:15:07.400000 CVE-2021-47116,0,0,02298962ea00799ddb41fef923f3717f23807aae52ca815ef460897f366279e2,2025-01-07T17:31:32.993000 -CVE-2021-47117,0,0,a04d2591f281ce8189779baa7d93e422e256c484f6928d79376ceabdb3bbf036,2024-11-21T06:35:25.837000 -CVE-2021-47118,0,0,a74ccc8e27562236d9f0d8db75bc9977352bf9b063dead58a99c5d6db09e87ee,2024-11-21T06:35:25.993000 +CVE-2021-47117,0,1,7553a22b9686d65aea947ab79b71e41c9502b81dea591828fbd9a469c67f83ff,2025-02-27T03:20:09.380000 +CVE-2021-47118,0,1,cff72d1c76df150315afdea2c933a665aafc151060b4c8bcdc738bdbd49d2cd6,2025-02-27T03:20:09.380000 CVE-2021-47119,0,0,b8835ce6595fabe87b0a3dc81d3bad5d613873557aa970029021aba98ef9bc09,2025-01-07T17:31:16.383000 CVE-2021-47120,0,0,a8931334cd0ba99593e580c28269f1e44ba4714794111d8fb18c2df3029c4179,2025-01-07T18:00:30.300000 CVE-2021-47121,0,0,1b44ddf91b918ac9517f5d49bf9f6811990d7b57b41644e2f05a7bc400f7096c,2025-01-07T17:30:59.237000 @@ -187375,11 +187375,11 @@ CVE-2021-47127,0,0,ebe5d9e2681d9a417cb235248fa90255c41e030db394f5c355acffab8c09f CVE-2021-47128,0,0,3bf0caf472cd33c2c78f624a75fddcb54739c3103c173247a946c5b0e9fab2b3,2024-11-21T06:35:27.207000 CVE-2021-47129,0,0,69c32b331e531916dec780cadef5b1969a6b4b250ad407ca601f9c56fe9fdd5f,2024-11-21T06:35:27.327000 CVE-2021-47130,0,0,0c6e373f71f6e4d31bb75bdedeae36ea7a6002724cf26356c64b760e5f4aed81,2024-11-21T06:35:27.503000 -CVE-2021-47131,0,0,797f90ad2985dacfb646e40c6d2e54538bf86bd86566ff6be1720ffc9753ac35,2024-11-21T06:35:27.670000 +CVE-2021-47131,0,1,21e033ede1423f39480129f7824860f6d4b614d7dee738f72e37e36bfac5b74c,2025-02-27T03:20:09.380000 CVE-2021-47132,0,0,a189ce5bc29dc71d7470bdb0eb1fc36ac5e1855eba76f2d2c0adac9549011726,2024-11-21T06:35:27.780000 CVE-2021-47133,0,0,15f5446e43fa356d120f2d868f662208753386cbd9bfc3e70c007ae433610c0f,2025-01-07T17:30:18.143000 -CVE-2021-47134,0,0,df7541358336990901f42cc28f8edafd799f673c4c0478847c59e3e1584455c8,2024-11-21T06:35:27.983000 -CVE-2021-47135,0,0,cda9eb900b9488f1dcc0b5669f6061ff518909364b49a074fa354e5374568a58,2024-11-21T06:35:28.083000 +CVE-2021-47134,0,1,32ab8576f780417d0dc91ebb7484332da0d608846e5e5884d89658b04892b244,2025-02-27T03:20:09.380000 +CVE-2021-47135,0,1,36155d67c38a0c077939c5895a2728ed0966818ad51f31d3c50be5fcafa344cc,2025-02-27T03:20:09.380000 CVE-2021-47136,0,0,f2f4ee2108d0e723eee0be602a357e029fb60164467baf3750e548396a0fd511,2024-11-21T06:35:28.190000 CVE-2021-47137,0,0,8dbf908df69b757e32ba3c531007c8adca8165d545b380f5377fe6b184dd264d,2024-11-21T06:35:28.317000 CVE-2021-47138,0,0,6c8c0f5b22ac8d3f7fe50b996f063af62c0fa9ca4ccfd871f306e97dfefb9e8f,2024-11-21T06:35:28.500000 @@ -194159,7 +194159,7 @@ CVE-2022-24679,0,0,249b2c761c4c76113344b88e5ea9c4bc085bbbc002ba2eb0b3347ac9a72f7 CVE-2022-2468,0,0,e81e142ac71cf372cca807f427f3a26185bb1718b2143ba02ee2a3ca1d345497,2024-11-21T07:01:03.110000 CVE-2022-24680,0,0,c58e7fc7cebfed1eafe5a4fe066109bbc6bc096cb1a79e425fe2f5d46563f10a,2024-11-21T06:50:51.573000 CVE-2022-24681,0,0,27f6bf946f98201bb07ac17e2d1a23698876807cb9c0eceec121f3219d357821,2024-11-21T06:50:51.707000 -CVE-2022-24682,0,1,22c9fa088190985388749a1da8c627dfc2dfe6d682c735ae3fea85226b5951d7,2025-02-27T02:00:01.920000 +CVE-2022-24682,0,0,22c9fa088190985388749a1da8c627dfc2dfe6d682c735ae3fea85226b5951d7,2025-02-27T02:00:01.920000 CVE-2022-24683,0,0,ef4d435ae4186887af4a2b9d28b0d623ada678af639dc6512b8913085eca46d2,2024-11-21T06:50:52.120000 CVE-2022-24684,0,0,f2dde9f506819062f97e9b67253d8742037a0ec7f4e1005aa0f28ec5f363ea07,2024-11-21T06:50:52.277000 CVE-2022-24685,0,0,55fb81f48a436537bc7563c3bdda05f5db1a3a3908e3bf64e484d33a2ed48237,2024-11-21T06:50:52.413000 @@ -213264,7 +213264,7 @@ CVE-2022-49137,0,0,5b1746b2ec50f0dc2ec6bf0272d0a3183c707ace26571c91a8fa2971e0704 CVE-2022-49138,0,0,8437106ee0a6fabf2a2246cb985b009354cf0467f29aadb6b0d556c8df8dbb11,2025-02-26T07:00:51.047000 CVE-2022-49139,0,0,67a318aa5642355e534ed7df583fdf13225b0e9fcaad79c9392e0a29c74de0b2,2025-02-26T07:00:51.133000 CVE-2022-4914,0,0,b1a3bfb604bc94d6f8d72a9a472ff2a255c53e356f5955922fa3b7d4adc587ee,2024-11-21T07:36:14.103000 -CVE-2022-49140,0,1,f4d1e91386090c2e01112e4e4121046421d90ff161aba63bd8c46b345861e54b,2025-02-27T02:15:09.193000 +CVE-2022-49140,0,0,f4d1e91386090c2e01112e4e4121046421d90ff161aba63bd8c46b345861e54b,2025-02-27T02:15:09.193000 CVE-2022-49141,0,0,d0eefd0b54c73da52b26ce590001b5b1e0afb1fe0c4545a1cc3004d4ba1bab75,2025-02-26T07:00:51.327000 CVE-2022-49142,0,0,66c078d32fa681151a9e26bff1b4bbb2ac446fbd0aee2986a1cf80baa1672489,2025-02-26T07:00:51.420000 CVE-2022-49143,0,0,715c3e9e10466e960c8f40210c1260495316f9d05ddb956ea2e6e6f055457d25,2025-02-26T15:15:15.857000 @@ -227456,7 +227456,7 @@ CVE-2023-34187,0,0,e39c35f0acec0e3289c801cedde27704e32b7fc40943aee9626533ee9c30b CVE-2023-34188,0,0,7be73ea83cc4ddbb5dc0108971f2be63ace20410512b5554871f577f0f232511,2024-12-02T15:15:08.200000 CVE-2023-34189,0,0,d6ad5f296df91f0114d60cd15059ae984d1803b57558b7a9cf6db063968348f1,2025-02-13T17:16:34.990000 CVE-2023-3419,0,0,df7622509fc0fb525cb2b82180f57ee07af06f367b6c89769e8b9596f2dc8ee2,2024-08-19T12:59:59.177000 -CVE-2023-34192,0,1,8e068b263c612b1cfb21e8e741bf1c7c4a21d6b7a2cbdefe2e15a248cfc85c32,2025-02-27T02:00:01.920000 +CVE-2023-34192,0,0,8e068b263c612b1cfb21e8e741bf1c7c4a21d6b7a2cbdefe2e15a248cfc85c32,2025-02-27T02:00:01.920000 CVE-2023-34193,0,0,14e3f411d4a04e2c3cad259bb032e95a5c614ee3e39b67e63aaa5e15e2e15102,2024-11-21T08:06:44.767000 CVE-2023-34194,0,0,b7871e681e01ec42198e77eda731a4939d1c785c4b2346293df4e2f9dcc0ede3,2024-11-21T08:06:44.923000 CVE-2023-34195,0,0,1ba4f9585565b817e14ad2c1e757fdd42c04587c2c99d95ce7977396ce5dfaa6,2024-11-21T08:06:45.087000 @@ -230191,7 +230191,7 @@ CVE-2023-37963,0,0,8640e73e4fbfaebd60183d9ceae73cc2ae73452339d7e4288266b28d7a6c1 CVE-2023-37964,0,0,fbac6e6e841a3b8792037f80b7df9c3864818b4f674e8a9f142075c9e19137e5,2024-11-21T08:12:34.440000 CVE-2023-37965,0,0,40f7ba0d07250c68a41fd15518d29449b313ca1da295f5e632c14e7452c06501,2024-11-21T08:12:34.983000 CVE-2023-37966,0,0,110e5dddd36697f826cdcf8ec94c0278d1aba088a2e59b331e29fd7fa1820232,2024-11-21T08:12:35.767000 -CVE-2023-37967,0,1,749a53b8e8b650d5afecedf9bf61c51c7931cb0541b3964eb2f1bb0408152180,2025-02-27T02:45:31.280000 +CVE-2023-37967,0,0,749a53b8e8b650d5afecedf9bf61c51c7931cb0541b3964eb2f1bb0408152180,2025-02-27T02:45:31.280000 CVE-2023-37968,0,0,7688888015f720e95b0ea0029d5198ed5801d4579487c3ffa15da44e29d09ff4,2024-11-21T08:12:36.363000 CVE-2023-37969,0,0,1629c30e70d653f666cc863c5fa9fde9461a9cbd98a5447bfc6345b779780354,2024-12-13T15:15:18.310000 CVE-2023-3797,0,0,93d083fab8394ad0e38ca462f044be199a4436c809bca32f3ed7c5e298d25ddf,2024-11-21T08:18:05.233000 @@ -233405,7 +233405,7 @@ CVE-2023-41871,0,0,140c4125c9356f39c51a3a662b1c8d8951e897550c2da6de3c8350d1ac640 CVE-2023-41872,0,0,807c48b0f5308a6e2b2ab30c31dd453572bffdf523a0de5c946533d02f11cb65,2024-11-21T08:21:49.673000 CVE-2023-41873,0,0,fe4cb11d4a0cd1acf00055a23ee552a503909082ac4850679205fa78d6a570e5,2024-12-13T15:15:25.807000 CVE-2023-41874,0,0,a273518103b67315483aec10e4142508e72449f6d8f6ebe80921f7b6ecf22161,2024-11-21T08:21:49.820000 -CVE-2023-41875,0,1,694a392eb81c715ec01e8b6b2609d74a440267f1f84b67786442217fb5faaadf,2025-02-27T02:45:31.280000 +CVE-2023-41875,0,0,694a392eb81c715ec01e8b6b2609d74a440267f1f84b67786442217fb5faaadf,2025-02-27T02:45:31.280000 CVE-2023-41876,0,0,c65a67afd85426602e7ce8d50691736379577812fe96ecc473c7a63fea44bdeb,2024-11-21T08:21:49.953000 CVE-2023-41877,0,0,05182afcf80722c5de0a5cdefd2d1d6589a76671002a6dde20b43c88da286b35,2024-12-18T22:01:15.063000 CVE-2023-41878,0,0,69f5df70c8cf256edf441a21003ad975c00708528a81d027d3cbb62167be0250,2024-11-21T08:21:50.207000 @@ -240128,7 +240128,7 @@ CVE-2023-51403,0,0,04608ca52d9e5e64118048988c85ff04bc17887f14b23d69f06b05d23935b CVE-2023-51404,0,0,15c701a057f40dca60ffe36e511d3b8551ca13a40ca42c735cbd7bed7f98aff5,2024-11-21T08:38:02.443000 CVE-2023-51405,0,0,16b1f0289bec9526131c89a14a0a2e0273a6016f6fa8c34c9393ecc5901b5819,2024-11-21T08:38:02.597000 CVE-2023-51406,0,0,4c46add111b8f29e7264975661197582d14d2829e85eb7ca707de7439cae69a8,2024-11-21T08:38:02.733000 -CVE-2023-51407,0,0,d2c0daff8f822ecb30cd1a6e22d92e044f9a853274244eb03b312ac55c1844b0,2024-11-21T08:38:02.883000 +CVE-2023-51407,0,1,d430d4515f08c6854855d890c8b6dfd65abc58e981220c4ebab6f4d97413dee5,2025-02-27T03:24:36.033000 CVE-2023-51408,0,0,607add0970381eca751c9e3cc19850d2192da7bdc676cef9ca4b61bd01424698,2024-11-21T08:38:03.027000 CVE-2023-51409,0,0,7314ab2e56e1e495880ee2e7baefbb54d1dfc54a41552c8a77b4b4b6d9eb5ad1,2024-11-21T08:38:03.200000 CVE-2023-5141,0,0,8a8f4aa44abb772350191ec0669f68b87f92aee5e05fef39e08d7ed28974e9fc,2024-11-21T08:41:08.730000 @@ -240213,13 +240213,13 @@ CVE-2023-51482,0,0,12b36da84c6cf3f708aea45fbe29700349a83c26c96bc1434ad06e8f9b279 CVE-2023-51483,0,0,45bfe3b3a00a8d6999f00eec00849725dc434824939a1b0939de2e3db4003bfe,2024-11-21T08:38:13.117000 CVE-2023-51484,0,0,94ebc92d848abc91ac49cfda086ae86f7476dde2c1fd6e38bc7c83a8e3b04f17,2024-11-21T08:38:13.233000 CVE-2023-51485,0,0,e11a0e52a85ef1f22d9dd035111143ba8d7908529eab9997225c8ed951a4475d,2024-11-21T08:38:13.347000 -CVE-2023-51486,0,0,50103122bde8f89ef3db9d816ca0cc03004d6816bb2e2774daf2bb643e4ead27,2024-11-21T08:38:13.473000 -CVE-2023-51487,0,0,6f4818149891741276fefe592e0c0cf05eeba4dbea8e8ed85578bb3cd98c37f5,2024-11-21T08:38:13.590000 +CVE-2023-51486,0,1,d32f9062d2667e33f6dbdd7e5d6d48c7e140099723c93fee2ac1ab884fd092c5,2025-02-27T03:24:36.033000 +CVE-2023-51487,0,1,0bcda4d8b9829b45fe0cf2f31911fd278abc425b09c189b074d352c58b9e0844,2025-02-27T03:24:36.033000 CVE-2023-51488,0,0,064ce2155faec6aed65fb319ec3f4b30cfe2dc52690bf718b0795c428007c59b,2024-11-21T08:38:13.710000 -CVE-2023-51489,0,0,9275b16eaf303c7b8db918a8ba39c5f57a770ddeb8ddca4382f34d2c1ec94c61,2024-11-21T08:38:13.860000 +CVE-2023-51489,0,1,982bdbec8a34ee24b5e8ce4beca4456bb4c67d9a6ad3c7e5b26a380ebc20b930,2025-02-27T03:24:36.033000 CVE-2023-5149,0,0,d99fc69d305738a9c8b8cefc06f1a6086946f714cd906288c254343467e734bb,2024-11-21T08:41:09.863000 CVE-2023-51490,0,0,b03cd67dc4a9f23c1555eb30ebababb3c54d08c6ed049f33864fb440a8522f86,2024-11-21T08:38:13.983000 -CVE-2023-51491,0,0,8018ad7657fba4925be62841c9f32e2228bd28798f6cdc19ec71abda1f6b5817,2024-11-21T08:38:14.113000 +CVE-2023-51491,0,1,d5226cf25101549e8f2d85ba22127ee3aaf41db232805f259968e6d78e805b29,2025-02-27T03:24:36.033000 CVE-2023-51492,0,0,25ed6a71aa037b5e9f85184bb37b67e10ee509bc31696781e699c4763184a610,2024-11-21T08:38:14.273000 CVE-2023-51493,0,0,cf5b433e7b1cde2531fe0f36c04215df670e37d11343fe993e0b7a99900d93c9,2024-11-21T08:38:14.423000 CVE-2023-51494,0,0,5867f2cdcaef42348048df4791df8d102cc29314845ecaadf99a8897bf2ed29e,2024-11-21T08:38:14.557000 @@ -240240,9 +240240,9 @@ CVE-2023-51507,0,0,9f4ce719194e50bbfedc0b62dfc084a460a8571a4272e8d711cdd954ab40c CVE-2023-51508,0,0,a1c83b0bb39aaff5b985cebbbf0f854a0f62ed7ffb1079cd2361cd180b397b6b,2024-11-21T08:38:16.383000 CVE-2023-51509,0,0,5141cc1874d879c09bc6c5ae29f17b7cc3618a3dd55ae068dff761ececd3f235,2024-11-21T08:38:16.530000 CVE-2023-5151,0,0,08d96cd770bf1b04c30c98efb5eed61debed8b417449bf44e4a7ebc9a6835ec0,2024-11-21T08:41:10.143000 -CVE-2023-51510,0,0,0446b078d6542dd4227a450c09c62d478a1a351fcdbba82fbc8e61a489969219,2024-11-21T08:38:16.670000 +CVE-2023-51510,0,1,712c928dab66c438ef372acf6bdb096bd47638c890e5047299143bada89617f9,2025-02-27T03:24:36.033000 CVE-2023-51511,0,0,b8b42a5c93bd31ce99b938638f406c54fdb8da2fd3b6905d9b4fec0e7ee2e7a8,2024-11-21T08:38:16.797000 -CVE-2023-51512,0,0,d04f73c0ef9ba3717399b73f121753042b181f5281cd063be9a9b55f69b3fb52,2024-11-21T08:38:16.923000 +CVE-2023-51512,0,1,3ffe46037d2759016fc60df007fcfb3e5660be4e480910443f43adca1c621857,2025-02-27T03:24:36.033000 CVE-2023-51514,0,0,fd045876a5b64b601897d61b4879de0ef70ace44f02a5bb84fff6e9509399735,2024-11-21T08:38:17.033000 CVE-2023-51515,0,0,cf6f4fc5368cadc9aabbda6e25adff7a88b955bad0dfc9c1844c5fb48208e5cc,2024-11-21T08:38:17.167000 CVE-2023-51516,0,0,5219084a60784cb1f5db9bb6a050f6beb01036a8946611649b82e32d0942d453,2024-11-21T08:38:17.277000 @@ -241143,7 +241143,7 @@ CVE-2023-52609,0,0,68b6c722db826f8d3e573655c486ba16421d86e9e7c0510f6dc3171cefc3e CVE-2023-5261,0,0,12a347f49e473c2171e63989f079cf4aa858b311ce4aa7919b57ad843edc6646,2024-11-21T08:41:23.970000 CVE-2023-52610,0,0,42e4932933a1b2b44e26dd827e869b81fe3fa11f7d288d5d9be953648fafefe9,2024-11-21T08:40:11.557000 CVE-2023-52611,0,0,5950f9de28ca701a6d877ef416e5b0da9f8ec02d7c89b8bab6bf8cc7164deff5,2024-11-21T08:40:11.703000 -CVE-2023-52612,0,0,32cb547a0f929bc68ad44e4729704c0a03d6e0d678532d539cb7f82c708e819f,2024-11-21T08:40:11.830000 +CVE-2023-52612,0,1,d6d47cff640a52161b4f9351b162fb8859b2930a7044931b4890a50707eb6b85,2025-02-27T03:20:23.277000 CVE-2023-52613,0,0,96325267c27d73302c8edfb72e5ff60c5b387d18ebd2882583f0fdf9459cad86,2024-11-21T08:40:11.967000 CVE-2023-52614,0,0,52c94d505914b26a7b25e71d5a23d26488e4516b2dcce84229cb69170bc5bf85,2024-12-12T15:20:02.283000 CVE-2023-52615,0,0,d8d6425893b09196f356165ccca56dc5d14626c565c3defa9edaa655ca205929,2024-12-12T15:20:12.140000 @@ -243721,7 +243721,7 @@ CVE-2024-0436,0,0,93179bf49191fe2e74fd10468594231656b25598868faf48ef1f2db03d99b0 CVE-2024-0437,0,0,b3dbadc4bf51769a17424af985e0a0105b8dbb7d07004337c8d5eaa5c305f6a5,2024-11-21T08:46:35.363000 CVE-2024-0438,0,0,d8d9eff4f5112adcfa9d0d912a225f89819e081a28cbd99d4ee09d61949b8798,2024-12-27T15:51:18.320000 CVE-2024-0439,0,0,01a9023bc79401248bf263081929d866c325402fc40001a5a2486055884e0bdc,2024-11-21T08:46:35.647000 -CVE-2024-0440,0,0,9b41d4c42ff0b29e0c33a27150bc353ca04590e3373335ebb1c4da265e318a35,2024-11-21T08:46:35.767000 +CVE-2024-0440,0,1,79883e8abf0927f3dab22bcc81d2fdb5811dde868a5099857df4744fa7c9a846,2025-02-27T03:05:58.637000 CVE-2024-0442,0,0,a6239013b3d196de812ef3ebaec20392f9372df08b18b54d31ea395e6a22bac4,2025-01-08T18:48:34.583000 CVE-2024-0443,0,0,aeba6274837992658e2c4b7edb27871e8468430250a040ff0202a08869d47769,2024-11-21T08:46:36.010000 CVE-2024-0444,0,0,e6663164bed0caa54a1cce1846baba77384cf71afcffd2a64cf92ab0d873e3d8,2024-12-27T18:57:15.007000 @@ -243735,7 +243735,7 @@ CVE-2024-0451,0,0,5ae993f8fa6f67f9d1878c2219b82442c9f9c27de5c52f54d2bec468f56d2b CVE-2024-0452,0,0,e6fa2ac1a01ec8b171e192e303abcab51e8cb5be7741930dcf71a5f39de8743b,2024-11-21T08:46:37.307000 CVE-2024-0453,0,0,cb29bae96de293f9058e2ad1381f3b6599078d20a39ddec9cb675998842e15ac,2024-11-21T08:46:37.420000 CVE-2024-0454,0,0,0a9e6f8ea8f588e0f2e8019cb672ee2823c1fa51ac906e28d695c00f51869d8b,2024-11-21T08:46:37.533000 -CVE-2024-0455,0,0,ceeb947994dbc835a5b6d0ec1817caff4bf566e2964a94755321dc8913e4d41a,2024-11-21T08:46:37.683000 +CVE-2024-0455,0,1,4195dfaba7f6ec79a80e730649f856c37b5fd3115e37493ee604c7dee73f2a4d,2025-02-27T03:05:58.637000 CVE-2024-0456,0,0,820acf523e975f8caab226cf4895317aa22dc7a1838c7f0964c5377844e9fb8d,2024-11-21T08:46:37.807000 CVE-2024-0459,0,0,c4f0f7f1722569c5f84ea97edc6a9bc0064842840fa2ab9ecde7d5def0d92fd4,2024-11-21T08:46:37.947000 CVE-2024-0460,0,0,ced12e102a6814b0c744bfe04beb17c7825ff50c3f7a2282431097e15f18379d,2024-11-21T08:46:38.090000 @@ -244045,7 +244045,7 @@ CVE-2024-0775,0,0,063b80b5a2abaacfae5a63096254b2df932380f66d79f884af68cc6de5841e CVE-2024-0776,0,0,660ca2bed686505040aaa48f7a31622ffc5f009822f652d4187784ead0c18fc1,2024-11-21T08:47:20.897000 CVE-2024-0778,0,0,30eb49cd347c88e24c9885e6c35305e853f72c6dfad099f02fdfd7ae4b2787ef,2024-11-21T08:47:21.023000 CVE-2024-0779,0,0,f188a8894694bd3b5f6773d3c930bb2504be9ccad5e3d62a76da03db11e2b04c,2024-11-21T08:47:21.167000 -CVE-2024-0780,0,0,4a53fbe1d88ef977a8f9a1a47516e8200fb81b258fb612881219fa427765e79c,2024-11-21T08:47:21.347000 +CVE-2024-0780,0,1,a5cded99bbe2b1585e95f82a5ed1f10b729c0f846ee1a2f998acbc33bcaa94d6,2025-02-27T03:34:34.637000 CVE-2024-0781,0,0,ec090e8623d296c426d777bf73f740f5b568bca8b89430b58cfac07f155ae93f,2024-11-21T08:47:21.450000 CVE-2024-0782,0,0,eb6ac71f02c8da50317a6f42c46be6a4eacf5fb7f1e59204a81a77d1a930b344,2024-11-21T08:47:21.583000 CVE-2024-0783,0,0,f432304ebb5247948a87f0c9215ae72b366fdccf88db2255ad7b614eec70942e,2024-11-21T08:47:21.730000 @@ -244062,7 +244062,7 @@ CVE-2024-0794,0,0,18f798efc59f934bba3cf36f2d7f72c5a3048eda2b00aded39f663641c84ce CVE-2024-0795,0,0,302be25990a4b50df56d03c5f622452d4de374b3d6aa16e00526f305cc17a11d,2025-01-21T15:06:36.627000 CVE-2024-0796,0,0,fb5b6fcdae6c1288ed0d974c241f7ca22235c3905b71d838ba31adfa087aefa5,2024-11-21T08:47:23.550000 CVE-2024-0797,0,0,21f2183bcf8e361dbe507a69353302d2e961ba174109bad4b51254b867fcaf52,2024-11-21T08:47:23.677000 -CVE-2024-0798,0,0,73a170b0cb1088cd0c9a51533a66eb37de679e26fbc3e0496cbfd2cf43ed7f3f,2024-11-21T08:47:23.800000 +CVE-2024-0798,0,1,e50b6317a7de2369532e5eaacccde4a8353f0863db35e525c3fc4b6103b0ffac,2025-02-27T03:05:58.637000 CVE-2024-0799,0,0,5d38ab4199885c9a2b86f640800e785c1906a8da37d06e92eabaf08ea1583b56,2024-11-21T08:47:23.920000 CVE-2024-0800,0,0,80bdfbaf8f34aa1a1b5f331ae563cf0f9eed5975473deee7bed6d198fee3ee56,2024-11-21T08:47:24.047000 CVE-2024-0801,0,0,c663ae6507980481308dc27521b1543c3dd4ea5322926a8515b0cc34eb05b626,2024-11-21T08:47:24.170000 @@ -245326,7 +245326,7 @@ CVE-2024-11213,0,0,733d387bcd2a89a3baf6e6af87e9925096408112067fd16bf967badff3e2e CVE-2024-11214,0,0,8f15fb853ae573991dd8377f3fdb07743acb2a14953115059875124aefd71a4f,2024-11-19T15:38:59.060000 CVE-2024-11215,0,0,649934bde3315408f935571e43aced9541face2e1cac41750a3378db1c35aaf3,2024-11-15T13:58:08.913000 CVE-2024-11217,0,0,cb24a1bdb987ee2ebd888113abdd2cecfb9cb2fe9a3dca74044179030beb620c,2024-11-18T17:11:56.587000 -CVE-2024-11218,0,1,9ac76d9d61a4ef840b6c8840a9b1b938296f834307a6e41f9f25c52e559234b0,2025-02-27T01:15:09.973000 +CVE-2024-11218,0,0,9ac76d9d61a4ef840b6c8840a9b1b938296f834307a6e41f9f25c52e559234b0,2025-02-27T01:15:09.973000 CVE-2024-11219,0,0,e0425cf1f1ca40cc6d95ef04e03e17b5776d09d72a88fcf5abbcb2ac00f59570,2024-11-27T06:15:18.110000 CVE-2024-1122,0,0,4a647161edb6d6dbac08921722ee9f0f3f3f764af2a44d6cd56ac17a7d3d92e5,2024-11-21T08:49:50.943000 CVE-2024-11220,0,0,2bacf5e02725323b27ba9cab9bc5f331ae5ef28bd238022ab9e1ae19b09e4fbc,2025-01-23T16:54:24.970000 @@ -246263,7 +246263,7 @@ CVE-2024-12198,0,0,c209536c0ad6829b7f8711360506c4544aa031e11b77e25c1551e1f35b2f0 CVE-2024-12199,0,0,7276b0adf8d6dd5f8bc47ae2cf0e61c646ca073d344509518492123f3f4bee27,2025-02-10T21:15:16.790000 CVE-2024-1220,0,0,dd35669530564213445da6ce579d1cbca94a1ed2a780bca1044c3c832b131c07,2025-02-25T17:42:20.793000 CVE-2024-12200,0,0,a2d36fea75da3540291d32887ee3f0f0c7c9ba903745e53085e37563f10b96e6,2025-02-10T21:15:16.880000 -CVE-2024-12201,0,1,959e06a9a36a119c26515d53c30f3df9520512fa9f4b92daec3a5d4316162ed0,2025-02-27T02:45:31.280000 +CVE-2024-12201,0,0,959e06a9a36a119c26515d53c30f3df9520512fa9f4b92daec3a5d4316162ed0,2025-02-27T02:45:31.280000 CVE-2024-12202,0,0,f8e879b581e6948b8611c91e34e77898ab31ee3bd4fed08e5a23f457acda7001,2025-01-07T08:15:25.090000 CVE-2024-12203,0,0,071877eff24cde372305d0756ca5c641682cded9e0285349acc0f650dba1e42d,2025-01-17T07:15:25.990000 CVE-2024-12204,0,0,8869bb642f03c4aa3a02796800d2990e817fabee5feb10cf5da5780c611929a6,2025-01-11T03:15:20.997000 @@ -246503,7 +246503,7 @@ CVE-2024-12459,0,0,83621c8a2cdeade953c2057764b3830fb57d2e52944bed7c2b576b695b57b CVE-2024-1246,0,0,1f374a88e5f240286cc1247b0f1cf35c16b35bebd909ebb6b31cd5f41f473567,2024-11-21T08:50:08.877000 CVE-2024-12461,0,0,f7bab5c2b1e2764e06dde5d0575615b7d6c222c7cf9c0439423d8ffeaa327299,2024-12-12T04:15:07.820000 CVE-2024-12462,0,0,cab939d75095835b9cd7c3974182ba9f75ca922feb4b5a49ec456a8c518ba71b,2025-01-07T05:15:19.640000 -CVE-2024-12463,0,0,bf2ad951357546047d42b0aefb8a66347583691f5449e603983c94f9bac4eadf,2024-12-12T05:15:13.197000 +CVE-2024-12463,0,1,a9c1dda3e8213598a6c7ff5fed690f173bebe26549f8b94df4160272e828b175,2025-02-27T02:45:31.280000 CVE-2024-12464,0,0,ffa0068749df08a838ed800b533933f2488b98e069e2e1b69fda93eb15a6a6a0,2025-01-07T06:15:16.823000 CVE-2024-12465,0,0,71cf8d099f9bc4306dd9d21cf13805ebee4cfad62908f99a6e3f6ef7ca285117,2024-12-13T09:15:09.060000 CVE-2024-12466,0,0,369177d07ca1cb0a3b591825919acf924d5b626f9b08c6179162f7635f26fea9,2025-01-17T07:15:26.203000 @@ -246570,7 +246570,7 @@ CVE-2024-12522,0,0,9a29eaa26b8e72f060e0541b1bd56e919175e1dea7b36022bab30609cf3ac CVE-2024-12523,0,0,185a41d328f0e130d8ed17ada12f64a855433449910369cbbb025fff8ce0f4d8,2024-12-14T05:15:11.640000 CVE-2024-12524,0,0,872d50ee592086b62712ad11fcac01017f02cae2a37a1857d75b736f2a220d93,2025-01-30T11:15:10.840000 CVE-2024-12525,0,0,2c42baf29c519a4ae8a9d35fe807a994e1b47214d101f54cce57a3cae21be29b,2025-02-24T17:11:30.987000 -CVE-2024-12526,0,0,b192d6e45212a3c6d09a8a6cd2198d071bb3ba4da94a4e2bf151be7ad2c18324,2024-12-12T05:15:13.577000 +CVE-2024-12526,0,1,34648d51d7d24aa3ac730cacf6d28efc419fc69732c1696d6ee557cc33d398ca,2025-02-27T02:45:31.280000 CVE-2024-12527,0,0,a734fa6fae374e1f78bf0ed5836acb2d88c39ac4a4907ac1228b4122e65ad067,2025-01-11T08:15:25.913000 CVE-2024-12528,0,0,f4af9cf65ffcc6bdde0559258762f791c056b91239412bbfffbf03d13aedbfde,2025-01-07T04:15:08.543000 CVE-2024-12529,0,0,c0a2490d2000b1b21f26fd41b92b9a7ec26eb3de5cfae86c46ddfc21d025bec1,2025-01-25T08:15:07.973000 @@ -247734,7 +247734,7 @@ CVE-2024-1432,0,0,7035f463555ee4e0684bc896c4ea5cdcaa9577bdd0b576d53cf315b6b4fcec CVE-2024-1433,0,0,87f22d20b32269d8237d95a25fad63601c11890ef469b28ff99ec357c5b21268,2024-11-21T08:50:34.517000 CVE-2024-1434,0,0,6c256aedc953cbae46b436e6867f072ada5c183069c4b47f15c47c560c53cb78,2025-02-26T15:14:55.753000 CVE-2024-1435,0,0,93eda4017b5bbeeef93f0a6c3906353c3cc57a8a15895e85bcf660eb75036070,2024-11-21T08:50:34.857000 -CVE-2024-1436,0,0,b0cc5deef073446d32a792e36ef1d3820e908e22e5e7e846f72f35e6da786833,2024-11-21T08:50:34.987000 +CVE-2024-1436,0,1,14b3a24961eb40085fef36f9c497d02c55cd4a2fe9da01bc57f1a2204e2f19e2,2025-02-27T03:05:58.637000 CVE-2024-1437,0,0,3f211f1ce4978a0f5730793f4fbb8f74f79e4434958ab2a294e730a837bf6bc4,2024-11-21T08:50:35.123000 CVE-2024-1438,0,0,fb430c357e1d68126b60f1d8048d93feaf0a298b7940bd08e7f1ba2d2923a492,2024-11-21T08:50:35.250000 CVE-2024-1439,0,0,f018ca5c79044eb8d371c019838f427bc56a525451022c350168bc4b20b8a53d,2024-11-21T08:50:35.387000 @@ -247900,7 +247900,7 @@ CVE-2024-1610,0,0,3395aeec098b15202f15c9d83d1e9e546a94e8222dead3cf9d2515a39c6bfe CVE-2024-1618,0,0,f900010f21bb70b6581fb91ea7ff15d09cd9f4b411eb32fa913b01f49c3af689,2024-11-21T08:50:56.193000 CVE-2024-1619,0,0,27a596ddc3250c410382bc7e145fedcd4a2e3395b97151f21ca063be3207db40,2024-11-21T08:50:56.330000 CVE-2024-1621,0,0,212b3fca00d5946f120096ca5a7a0afc1b2cac9a26b845aa6388948724d52915,2024-09-17T14:12:41.620000 -CVE-2024-1622,0,0,641704d79708c5027cc525cdcdef74d012d3f37e9becbffc2cb36bf8a804f978,2024-11-21T08:50:56.633000 +CVE-2024-1622,0,1,6230709226e22321ed94885d3b77124257bb246922a7e40fbe69d0e730121d80,2025-02-27T03:05:58.637000 CVE-2024-1623,0,0,11acc09d0781037d56051debbc6de791211a8b87ba326c3093f5bc85aad229af,2025-01-23T18:10:39.310000 CVE-2024-1624,0,0,b1f0918bec96549f8bbfed4a1ac0caeb704927103c0fd16a821022d931105e93,2024-11-21T08:50:56.927000 CVE-2024-1625,0,0,36cda0a7b3481cf41435ed5b0227a3fcad5024561ee555ea020abf68435e7cfb,2025-01-30T13:15:09.420000 @@ -250495,7 +250495,7 @@ CVE-2024-22460,0,0,a0dca458e2319ad1179283387dbd83d19bf91f59744e3f8faeea551670c38 CVE-2024-22461,0,0,3c292b06768bb8dfee695cfb6152f392d17d70fccec1b3d719c25e798f5f4072,2025-02-04T15:52:29.483000 CVE-2024-22463,0,0,d7d862658e3c45f198827763f0f948786983de80b86774f7ea7e7d6abb7a0b97,2025-01-08T15:46:14.627000 CVE-2024-22464,0,0,89df0e10ef44510a8e5904e121c14fc7d7fe04dd8b75af148ba79e6d8aedebac,2024-11-21T08:56:20.280000 -CVE-2024-2247,0,0,0ca7d7b7e23609e28e1499a00333ba2939a4606a46ffba5afb79df586f8f7777,2024-11-21T09:09:20.660000 +CVE-2024-2247,0,1,451a0dfa7678f4077a3e6cd6ad8e998550ebb48408cea8296a1f3320020b49d1,2025-02-27T03:06:17.427000 CVE-2024-22472,0,0,cee1f8bd8d53e1f58b74d1b8778f6d5e5846827b53d5cb2194a2b8f2a34bd2ce,2024-11-21T08:56:20.427000 CVE-2024-22473,0,0,4dee5095e8e11f9692d626fb0e99aba9ecf1bf87d14f8fa1c7018112ef2c5654,2025-02-12T16:52:42.397000 CVE-2024-22475,0,0,b9326cef104e527ebece5a44b8410430ec6ba360374b1b63130781d3fcf25c66,2024-11-21T08:56:20.717000 @@ -253384,7 +253384,7 @@ CVE-2024-26625,0,0,4ef7613269bfa498d42e416f035cc6661e69596240803b3ec29e423a27739 CVE-2024-26626,0,0,c637241eede756972b018a0fcc06f149dac17cabb0f560373fa5e5595e3e8ad3,2024-12-12T17:26:08.137000 CVE-2024-26627,0,0,9f12c31c6ce3575af57af9fa35a77bbd2153ed3ef1d5ea2659ac8c0a7eace89d,2024-11-21T09:02:43.143000 CVE-2024-26628,0,0,da7f47400f41cb31ecd3afb43bae4a639d3d68eda0a5da59e7d46fbaf261a8b7,2024-03-20T17:15:07.367000 -CVE-2024-26629,0,0,19536d7bbbd7c1bf3ecba57696678d466723221ca6896ee35f4cfae3203690d1,2024-11-21T09:02:43.343000 +CVE-2024-26629,0,1,2a7ecd77e86c42f4a70a3376c42e7624451573e296d28b71c04baf0cc1ec5186,2025-02-27T03:06:17.427000 CVE-2024-2663,0,0,c22f0e7b5ed31e3585ae04604569739fcb5bd35aa21e256ad3298c060be80007,2024-11-21T09:10:14.400000 CVE-2024-26630,0,0,adde7411c6c89a1ccc138c9f1404cb16baf029b425dd47ea72b82cb8b0a9fe04,2024-11-21T09:02:43.470000 CVE-2024-26631,0,0,eb4c850fd5a6959a2922e5f8e3fdc1bab0839dca96694a777740412e05e949ce,2024-11-21T09:02:43.580000 @@ -255409,7 +255409,7 @@ CVE-2024-29095,0,0,bc68d7d511c064daeca312e23d9fa85cc3b1af81e10c43ec8c37fbebd13dd CVE-2024-29096,0,0,0f05aed7fbf07e2ca613ec714bfe361251e56d0925a32953b73520f084b9cd70,2024-11-21T09:07:32.723000 CVE-2024-29097,0,0,875b77e2230e2e26de4a929ee2fe27956bef590824050f669e1da3fc89b9acf2,2024-11-21T09:07:32.847000 CVE-2024-29098,0,0,9b1008b83cbe94703d043bfdf5904f8bef4f3123ac6a8137d811039c2b1c46f9,2024-11-21T09:07:32.980000 -CVE-2024-29099,0,0,57f43cd8f74c6e6cf95b7da1e8708cfbdd3bc617c2558dc4505d3cb2cde59023,2024-11-21T09:07:33.100000 +CVE-2024-29099,0,1,d5c2f846c503a26886a80677efb9d84262b8523e90e9885a7f27a80c911a19dc,2025-02-27T03:34:34.637000 CVE-2024-2910,0,0,bbc5651269bc757d63b4a047fd6f50531f9ae2606d9c89885eef5674cb9b94c0,2024-11-21T09:10:48.977000 CVE-2024-29100,0,0,4b4ea50e8b1a5f3add3c62cc09873ccb1c0bad3dcfd266a73de4fe697a412abf,2024-11-21T09:07:33.233000 CVE-2024-29101,0,0,3e1f7a72e6c54872472cb6493d5562d1ab4eb10c553370d58053a928dd03f787,2025-01-27T16:21:01.500000 @@ -255440,8 +255440,8 @@ CVE-2024-29123,0,0,54ee05eccc59cfeabfe16ca536d017e4d29e9b88c542e6dcef31079ca5cc5 CVE-2024-29124,0,0,434c0bf19aeb54ab832948977c5c2ef563f396c419fd18df8528a851b7966f0d,2024-11-21T09:07:36.537000 CVE-2024-29125,0,0,7689e22e88613c4397974a0cea7f1ab3b1b6cf1c69ade865576f7ba8b9493f28,2024-11-21T09:07:36.660000 CVE-2024-29126,0,0,f1add0c484e17b0d8750215465498a50e794bfedde92c9ce2e40aac39643c679,2024-11-21T09:07:36.787000 -CVE-2024-29127,0,0,b848b675a56090d592e7bbc8858153b852882c1c55a2d73958d70f78a168c48c,2024-11-21T09:07:36.920000 -CVE-2024-29128,0,0,1fee5bcbd86fe4f86cd9e7c8c9606be3b908374a57b43b2ff18f0f4d640f254b,2024-11-21T09:07:37.043000 +CVE-2024-29127,0,1,96d63140d4c423574f4f5103134e9062b3f6fbc23e869505dacee2dd9bacba08,2025-02-27T03:34:34.637000 +CVE-2024-29128,0,1,e41c78fb7a808d21c59cee1fb3402ac3948a60eaa08e2bca261680a0438cbd6b,2025-02-27T03:34:34.637000 CVE-2024-29129,0,0,739d5267e1c2b9428a1b775a27df9111be59167050bf55f589baea8cc5ec0a64,2024-11-21T09:07:37.160000 CVE-2024-2913,0,0,bdee00fa9056fa8a0ad1417004d7f8c2e104929c730aae671329cfb89a446ed2,2024-11-21T09:10:49.413000 CVE-2024-29130,0,0,12a31ca0a96887a182d62012a0630532795ce4eca880f64a223c900ec53ddce5,2025-02-25T15:30:29.553000 @@ -270281,7 +270281,7 @@ CVE-2024-49030,0,0,2e9bdd41be8c6b131482b7fa5c2474f60463f96e2e4a1f61a7a2417bc008e CVE-2024-49031,0,0,b6bd610cb414001b2fe0908269ea9d036981a0042f84e32fcc97364c22e45e62,2024-11-18T20:31:54.983000 CVE-2024-49032,0,0,2e3ed76a18e7e440c4779b1b39efc25e7929e757a805c700d9f6cf42038a1a1e,2024-11-18T20:31:05.720000 CVE-2024-49033,0,0,0b8161312cdfc9b642b95e25fdd7fb28f8da9471a1a685f531281e8315cca116,2024-11-16T00:05:44.867000 -CVE-2024-49035,0,1,65a68685dbb085e8942742cdab357583ccbd5968657a7e67635c1806450b2485,2025-02-27T02:00:01.920000 +CVE-2024-49035,0,0,65a68685dbb085e8942742cdab357583ccbd5968657a7e67635c1806450b2485,2025-02-27T02:00:01.920000 CVE-2024-49038,0,0,d7a15f7e2834f2c99d9ad1382c64bc8e2c381b3cbf5c082ae56b6893e8174a0d,2025-01-09T19:30:34.403000 CVE-2024-49039,0,0,6122ccc781020872525f82a586569b8a8504ad241937f05f0ad5693192a0209d,2024-11-14T15:20:51.670000 CVE-2024-4904,0,0,8f1d8ea4c71693b63388d0102ac60b48cb8ea1f86873e76d3239d3cadf4cec58,2024-11-21T09:43:50.007000 @@ -270679,6 +270679,7 @@ CVE-2024-49560,0,0,3f26500c4dded44eae4dc46589e64362e416f55913f19fef12f4ea5a50ab2 CVE-2024-49568,0,0,2424937b6c632a3bb8bbe23f1d59070173b0b27451c699774823ff5adcd561d7,2025-01-11T13:15:23.637000 CVE-2024-49569,0,0,b1379fd025e32fab88c21975ab9b6f766098726076e1ee1ddc484d172b3d093a,2025-01-11T13:15:23.840000 CVE-2024-4957,0,0,faf1bb90e1dc631958a9f6c5494539e38e22b9c3203a1f9393f289eefc9d7e39,2024-11-21T09:43:56.650000 +CVE-2024-49570,1,1,c4c86c08f53f35b33bb42b64b900f3d6ff0fd563da687282a65884c9a6fa3933,2025-02-27T03:15:10.267000 CVE-2024-49571,0,0,48d41a1ed34da6a8d207508416dbadcc69c521f2274992ee3d4ce336a0c1087e,2025-01-11T13:15:24.027000 CVE-2024-49573,0,0,bd822bfcb04a1a23a0356060b4b02e8952dd69548a8ed6c8619ad13c8392c259,2025-01-11T13:15:24.223000 CVE-2024-49574,0,0,285edf65c7736387bb1f5e69a3d9da68a65cb104e57ac1234838e33c6baad7dd,2024-11-20T16:32:37.770000 @@ -272949,8 +272950,11 @@ CVE-2024-52552,0,0,bc0159e371132975473cc81aa904379bb4cfab199a9e5a229563c4c9ecb5e CVE-2024-52553,0,0,af509be1bcf65a5a333897272b35220fe44b3f8ab3b2aae24b5d0ab116a46c57,2024-11-15T14:00:09.720000 CVE-2024-52554,0,0,6c54306f2e6d9fb6f74be49581a8d7a732bed7e140bab05d7cfce43a22fc305b,2024-11-15T13:58:08.913000 CVE-2024-52555,0,0,0e7650262da77965578e51615ed2e240e4965fb0467279926cec95693ddd0fcd,2025-01-31T14:37:51.653000 +CVE-2024-52557,1,1,ae48eb61b089aed52fa7fc65aa860d697df20451b58d606dded631522ecb778c,2025-02-27T03:15:10.373000 CVE-2024-52558,0,0,fa32c6dd3f7f7069c5222cac92732c751cdcd8c311d81175627dacc022aec1da,2024-12-06T18:15:26.007000 +CVE-2024-52559,1,1,5ed9bae35bea9c5d1b3ad59f75164c59eac9f89c5fdcec306aabd851b9cae929,2025-02-27T03:15:10.477000 CVE-2024-5256,0,0,351ec0133ebd6057956e3a32f156ca3c6d3a5e82f4f6d83d2ed56c2cf43e8b33,2024-11-21T09:47:17.300000 +CVE-2024-52560,1,1,c9377755687e3f124f4fb8ae71bf4f5bf247464d322cf8d0c6998968d4e49ff5,2025-02-27T03:15:10.573000 CVE-2024-52564,0,0,082fb97e963e24eeaf48108489383b26257575861650145a72a41c8a27e90eeb,2024-12-05T10:31:40.663000 CVE-2024-52565,0,0,97f8f2c81ad42b840354e2e75069a2d0df255983efbe774e990dd03bec78965e,2024-12-10T14:30:45.133000 CVE-2024-52566,0,0,c4c9bf54d37d799c8d6d34b627c26824799d5ce2b7a19502a8d327e7883bf926,2024-12-10T14:30:45.280000 @@ -274301,7 +274305,9 @@ CVE-2024-54452,0,0,30db43977a4bb0060f4301184eef5e7e4316f5a66e91aba57b8474d2cdaf0 CVE-2024-54453,0,0,4b38818ec57830d6d15331deb8fc6306f0e91d48c89fb133c6569d5b7d3ea04e,2024-12-31T19:15:47.147000 CVE-2024-54454,0,0,d67e1bf29a3aaa483b825ac163d62022e2785b5de9b64863f3bc27235cd67fc7,2024-12-31T19:15:47.310000 CVE-2024-54455,0,0,20565313a23365c4c17140fe19943535439cfbd982b6e19cd3463b943b5d9db9,2025-01-11T13:15:26.970000 +CVE-2024-54456,1,1,28dd9591dea6ab614e4970f03407badae263baf62853d971ba3cb4d7ede26fae,2025-02-27T03:15:10.667000 CVE-2024-54457,0,0,da0353a7ec7d859fd477580e7c54e31a24aeea86ab2c2ac2e00b7a1eda59c2cf,2024-12-18T07:15:08.377000 +CVE-2024-54458,1,1,20dd934e7098c2ef9d7ec5f7ddf60a170c203065e87ab50ebc569c5ccc69bd58,2025-02-27T03:15:10.770000 CVE-2024-54460,0,0,46a2824e2a284b445162d596321895979fee49d319c455c9a3391c11ac25744d,2025-01-16T15:15:42.083000 CVE-2024-54461,0,0,a18c4495fe08936148cc1903452fcd50e5f604d768b2f0428be9a05087d45a0b,2025-01-29T12:15:28.437000 CVE-2024-54462,0,0,2f90ca1ad44c149203a354a165acc297b755622fe323a9b60f945492974c33e2,2025-01-29T12:15:28.627000 @@ -275960,6 +275966,7 @@ CVE-2024-5782,0,0,3007fa9c37260ea7caeb87e42b238e099fb02a0dcdaea4137ab796f4ff5698 CVE-2024-57822,0,0,43973cb11c0d7745a76972fd2125c40dd56918f079243999a6a248fd7bb74d81,2025-01-10T15:15:16.337000 CVE-2024-57823,0,0,5ca581226a27965f69cc1b47d8d6ed60ad65266a2e4a0de113585f678075fc75,2025-01-10T14:15:29.583000 CVE-2024-5783,0,0,457a67b18c53addb8fb271e75294a5e3a7e25c57923089dcfbdfc7dbab590f38,2024-06-12T08:15:51.480000 +CVE-2024-57834,1,1,2e62a6002ef1e97da43aa163a7a4234e3c75f4f2ccc29bd7fa50a4d54cf61d05,2025-02-27T03:15:10.870000 CVE-2024-57838,0,0,7205305ae1088ef41361b6511691e021bab207c0c324bab7b09b17a8c1a06218,2025-01-11T14:15:25.940000 CVE-2024-57839,0,0,5656e2417e5685f2e1ff410b1767104ed6341a8132fd402fbef4fd6f8615e85a,2025-01-11T15:15:07.050000 CVE-2024-5784,0,0,f27ecf8abffd9e6c282a3d3ca16cce2ce0cb1c19ecd7f5c543f166278a4d8c33,2024-09-03T14:48:19.570000 @@ -275969,6 +275976,7 @@ CVE-2024-57844,0,0,ba7a9af927cdccfb32d77efd3b08b23135ba420a4b94376a9ac04ef40ed20 CVE-2024-57849,0,0,6c1a4f1831f5a2a9c9af19f1c5a93dad2a70d3fd672b039b5a9c54549819e120,2025-01-11T15:15:07.290000 CVE-2024-5785,0,0,0e9b551c455c61638ce3e7d2f5874ca2c1cf14d589c0a4025501beedb178de88,2024-11-21T09:48:19.780000 CVE-2024-57850,0,0,47b5473b2f10d731d0387dd9768f510a3a9dbe99cecf1312c304ff971055ab13,2025-01-11T15:15:07.423000 +CVE-2024-57852,1,1,7ae65fc54bf6e909decefcd8a3f264640306271fca244e5f288814ec8e2578a2,2025-02-27T03:15:10.977000 CVE-2024-57857,0,0,3f0cabf5d6ee223bacca9cfe8ea4c67c059ddcf7e3b9854317117b67ecec7803,2025-02-13T14:16:17.620000 CVE-2024-5786,0,0,8f234ab6daf42312db402cec6a9780e6a0a03ed9070824749daf6f62affc4884,2024-11-21T09:48:19.897000 CVE-2024-5787,0,0,1d58b2484cfc2497ce3be8bc315153e4937b24852bc87d95aee088e2aedc7438,2024-11-21T09:48:20.010000 @@ -276059,7 +276067,7 @@ CVE-2024-5795,0,0,8c27870eb8f46b4876cdd6a9335698b3a6adeccd1af066b5f5391281ef70b3 CVE-2024-57950,0,0,4de3196a05a324d80ab81777eda50b90c773f35aad875db623dc77da16531c37,2025-02-21T16:50:43.010000 CVE-2024-57951,0,0,f76b42abdfb86704a9c0f0688028e52627d4292026dcbe9e66fcb6fdcc25a743,2025-02-14T15:57:18.047000 CVE-2024-57952,0,0,4a13802904b48d770e3732d2a4be26769b2ca0854368681c7bafc9fb5cc58fc2,2025-02-14T15:52:04.957000 -CVE-2024-57953,1,1,369ba1078414b70425929f17c36cb30d6c1bfa755c40a7521a7688d4fca05f9b,2025-02-27T02:15:10.393000 +CVE-2024-57953,0,0,369ba1078414b70425929f17c36cb30d6c1bfa755c40a7521a7688d4fca05f9b,2025-02-27T02:15:10.393000 CVE-2024-57954,0,0,9470f77aeb1fbbfe941de0105e102e20083ecada6b6ee53e11c0487d84f43bb0,2025-02-06T13:15:39.467000 CVE-2024-57955,0,0,6d252a9b6de2efee165d1985f096541c7d0571a6e67aa34bfe5bd14090450593,2025-02-06T13:15:39.590000 CVE-2024-57956,0,0,d4e87fa2428da403c60e267f832e99b114c1b9bf9958784b42db3295433520a0,2025-02-06T13:15:39.723000 @@ -276079,39 +276087,60 @@ CVE-2024-57968,0,0,df2d26687f6eb03cc4ebdae430a2d63e09872c2f76ae608d0c55e2648f4f6 CVE-2024-57969,0,0,a9f30e64734dd187869aecfededf6452ff3f08b206a82e6a9bc1f372cfee58f7,2025-02-14T07:15:32.340000 CVE-2024-57970,0,0,f1d0dec9bb100b8fe9d61ebb8638b3be011d2a215ab10879b323d77b83371cb3,2025-02-18T17:15:19.130000 CVE-2024-57971,0,0,d445cf82813dc3c30cc2cbfb34aaec152222acdda2dfd902956bb2171f3be668,2025-02-16T04:15:23.077000 -CVE-2024-57973,1,1,880ae8920cff383c83382a12f0aed951c431326b6251c9eee5046fcc771c1ad8,2025-02-27T02:15:10.490000 -CVE-2024-57974,1,1,9283c31329c8c79a7c2d7ba850e2fae6c4866efb0bc89895bb99f52893ea9871,2025-02-27T02:15:10.590000 -CVE-2024-57975,1,1,cb69d9a311887f4b534587384c990ff308b1380cbfc2d7252bdcecd7dbc0f8f1,2025-02-27T02:15:10.687000 -CVE-2024-57976,1,1,7f09566c0feeca43e88331a7b08960623ddee4f005b52f57b309033e09c409f6,2025-02-27T02:15:10.790000 -CVE-2024-57977,1,1,4f237dafd1e6ace4e31e2e5c82f0ec86aff38bde08d8f751a737bee240393643,2025-02-27T02:15:10.890000 -CVE-2024-57978,1,1,e8ec9a121960a685f9c435a7ce1a5bc00fc9f8a0953711b3760133a98ea218ac,2025-02-27T02:15:10.990000 -CVE-2024-57979,1,1,022cf17af330e8a9f7ce941e4c03648881e6a5a964e2654b247615aeae7964b8,2025-02-27T02:15:11.087000 +CVE-2024-57973,0,0,880ae8920cff383c83382a12f0aed951c431326b6251c9eee5046fcc771c1ad8,2025-02-27T02:15:10.490000 +CVE-2024-57974,0,0,9283c31329c8c79a7c2d7ba850e2fae6c4866efb0bc89895bb99f52893ea9871,2025-02-27T02:15:10.590000 +CVE-2024-57975,0,0,cb69d9a311887f4b534587384c990ff308b1380cbfc2d7252bdcecd7dbc0f8f1,2025-02-27T02:15:10.687000 +CVE-2024-57976,0,0,7f09566c0feeca43e88331a7b08960623ddee4f005b52f57b309033e09c409f6,2025-02-27T02:15:10.790000 +CVE-2024-57977,0,0,4f237dafd1e6ace4e31e2e5c82f0ec86aff38bde08d8f751a737bee240393643,2025-02-27T02:15:10.890000 +CVE-2024-57978,0,0,e8ec9a121960a685f9c435a7ce1a5bc00fc9f8a0953711b3760133a98ea218ac,2025-02-27T02:15:10.990000 +CVE-2024-57979,0,0,022cf17af330e8a9f7ce941e4c03648881e6a5a964e2654b247615aeae7964b8,2025-02-27T02:15:11.087000 CVE-2024-5798,0,0,1cf6b5fddcb53bc6e432a6a3428f56651407d96c3d029c184944ae69fb8dd23b,2024-11-21T09:48:21.013000 -CVE-2024-57980,1,1,89bfd9a25c4e9369350a4449c15f56c4d731c340746fe511daefbde4562cc736,2025-02-27T02:15:11.190000 -CVE-2024-57981,1,1,c7b9798745dab28cf705a3d517fab8fa7ef55021d1e9921a8c24bc879e7d3409,2025-02-27T02:15:11.293000 -CVE-2024-57982,1,1,2e14c424f43f3ef2e56bbd7c634847aebbc48a76817fb36f29f428a529741e04,2025-02-27T02:15:11.397000 -CVE-2024-57983,1,1,10bc3b141784d98884249c034f6788adfb8039accce5c7b05571610ccaa93db2,2025-02-27T02:15:11.503000 -CVE-2024-57984,1,1,0d0acf1c941beafc3be55315db379c8264412cbb0125b55d182f6e60a0f2380a,2025-02-27T02:15:11.603000 -CVE-2024-57985,1,1,4aec490eb67ded35d6be2f91681087c27ad005d40c184e16475fdf18b5f3187e,2025-02-27T02:15:11.703000 -CVE-2024-57986,1,1,3a9db4363951f761b5787db5bb2ba75d22743103ba97176a9748f6a0ec3c52f3,2025-02-27T02:15:12.597000 -CVE-2024-57987,1,1,7e3a43f71100acdb8df43f94b6ed6efa305c6d10cee9361a42e6abdb9ad4d818,2025-02-27T02:15:12.700000 -CVE-2024-57988,1,1,9f49af5b0390e6a1c4ad9da2683dcf8828e5f7a3ce9b318b7698c322438554bd,2025-02-27T02:15:12.800000 -CVE-2024-57989,1,1,14319d41e4f74af2ad4511910c80696522d8dd2cf07ed040790faef7b0642923,2025-02-27T02:15:12.907000 +CVE-2024-57980,0,0,89bfd9a25c4e9369350a4449c15f56c4d731c340746fe511daefbde4562cc736,2025-02-27T02:15:11.190000 +CVE-2024-57981,0,0,c7b9798745dab28cf705a3d517fab8fa7ef55021d1e9921a8c24bc879e7d3409,2025-02-27T02:15:11.293000 +CVE-2024-57982,0,0,2e14c424f43f3ef2e56bbd7c634847aebbc48a76817fb36f29f428a529741e04,2025-02-27T02:15:11.397000 +CVE-2024-57983,0,0,10bc3b141784d98884249c034f6788adfb8039accce5c7b05571610ccaa93db2,2025-02-27T02:15:11.503000 +CVE-2024-57984,0,0,0d0acf1c941beafc3be55315db379c8264412cbb0125b55d182f6e60a0f2380a,2025-02-27T02:15:11.603000 +CVE-2024-57985,0,0,4aec490eb67ded35d6be2f91681087c27ad005d40c184e16475fdf18b5f3187e,2025-02-27T02:15:11.703000 +CVE-2024-57986,0,0,3a9db4363951f761b5787db5bb2ba75d22743103ba97176a9748f6a0ec3c52f3,2025-02-27T02:15:12.597000 +CVE-2024-57987,0,0,7e3a43f71100acdb8df43f94b6ed6efa305c6d10cee9361a42e6abdb9ad4d818,2025-02-27T02:15:12.700000 +CVE-2024-57988,0,0,9f49af5b0390e6a1c4ad9da2683dcf8828e5f7a3ce9b318b7698c322438554bd,2025-02-27T02:15:12.800000 +CVE-2024-57989,0,0,14319d41e4f74af2ad4511910c80696522d8dd2cf07ed040790faef7b0642923,2025-02-27T02:15:12.907000 CVE-2024-5799,0,0,23def4a6c23961b05e747f80024dd1bb17c6a1bb6930d36587790a1981c0653f,2024-09-26T20:39:09.127000 -CVE-2024-57990,1,1,0fd3af89a00689d9907a6ddf72fad51f7466f154b68068695805ccc03e443d68,2025-02-27T02:15:13.010000 -CVE-2024-57991,1,1,8cd8771b4346d54d31480c0a9ccf9823ff7563724d304e4326cfd5a2a57f132c,2025-02-27T02:15:13.110000 -CVE-2024-57992,1,1,d3a891084c0cccb5272bfed0bf0056cbfa502ed70d14e9b09706337910189b39,2025-02-27T02:15:13.210000 -CVE-2024-57993,1,1,357d6d68cfdb672c2047de3b030247eb0d83aca07ec2026a3c593d192b72d286,2025-02-27T02:15:13.310000 -CVE-2024-57994,1,1,607cade3aa23465968a76c8087d953620e080c41943ea1786ef20819a9894e3d,2025-02-27T02:15:13.417000 -CVE-2024-57995,1,1,4d851c790cedea9c206b7ac43c19a205248007bc96db9b90d95e0babdd06769b,2025-02-27T02:15:13.517000 -CVE-2024-57996,1,1,c28169eaa3246aac8aa6bb91f466267f7fa1dc29bd6975316df37ac0cfd66e41,2025-02-27T02:15:13.620000 -CVE-2024-57997,1,1,977e4294388c7c88bf62c6c5066598d378f77b0e24709fb6afc6710d676c1b99,2025-02-27T02:15:13.720000 -CVE-2024-57998,1,1,1a28339868d39381cc3ac975ae3631ea9fcbc162059b4a2d1aec44cd8099e0d3,2025-02-27T02:15:13.820000 -CVE-2024-57999,1,1,48c9ed92d08de2fcae4026c9ef9257a4176bfcbb954c4a8c091b9b36e1a3e1bc,2025-02-27T02:15:13.930000 +CVE-2024-57990,0,0,0fd3af89a00689d9907a6ddf72fad51f7466f154b68068695805ccc03e443d68,2025-02-27T02:15:13.010000 +CVE-2024-57991,0,0,8cd8771b4346d54d31480c0a9ccf9823ff7563724d304e4326cfd5a2a57f132c,2025-02-27T02:15:13.110000 +CVE-2024-57992,0,0,d3a891084c0cccb5272bfed0bf0056cbfa502ed70d14e9b09706337910189b39,2025-02-27T02:15:13.210000 +CVE-2024-57993,0,0,357d6d68cfdb672c2047de3b030247eb0d83aca07ec2026a3c593d192b72d286,2025-02-27T02:15:13.310000 +CVE-2024-57994,0,0,607cade3aa23465968a76c8087d953620e080c41943ea1786ef20819a9894e3d,2025-02-27T02:15:13.417000 +CVE-2024-57995,0,0,4d851c790cedea9c206b7ac43c19a205248007bc96db9b90d95e0babdd06769b,2025-02-27T02:15:13.517000 +CVE-2024-57996,0,0,c28169eaa3246aac8aa6bb91f466267f7fa1dc29bd6975316df37ac0cfd66e41,2025-02-27T02:15:13.620000 +CVE-2024-57997,0,0,977e4294388c7c88bf62c6c5066598d378f77b0e24709fb6afc6710d676c1b99,2025-02-27T02:15:13.720000 +CVE-2024-57998,0,0,1a28339868d39381cc3ac975ae3631ea9fcbc162059b4a2d1aec44cd8099e0d3,2025-02-27T02:15:13.820000 +CVE-2024-57999,0,0,48c9ed92d08de2fcae4026c9ef9257a4176bfcbb954c4a8c091b9b36e1a3e1bc,2025-02-27T02:15:13.930000 CVE-2024-5800,0,0,0f1ba4e6921bceda8aa9f69d4954ff1ca271a0069f260f484c22f7b777658fee,2024-08-12T13:41:36.517000 -CVE-2024-58000,1,1,e6779467396c4c7b4b8a6e267dadc7356f5669ed597352b30c7f4e3a2fade9bc,2025-02-27T02:15:14.033000 +CVE-2024-58000,0,0,e6779467396c4c7b4b8a6e267dadc7356f5669ed597352b30c7f4e3a2fade9bc,2025-02-27T02:15:14.033000 +CVE-2024-58001,1,1,1ca7135605c27baa2ff41ca14b97a1158622dc893de3d0edc4ce91d0223c6eba,2025-02-27T03:15:11.080000 +CVE-2024-58002,1,1,9b6e05376a084e6321ba036d58b5e3e0abde23ab3d03d974972d25a2d54b8e0a,2025-02-27T03:15:11.180000 +CVE-2024-58003,1,1,46450a09a6f54addf43be0c82d79310bab68cc144d2932a834ba9b37fe69f0c4,2025-02-27T03:15:11.277000 +CVE-2024-58004,1,1,8b7c12b136527252508ad830ab80dd313ff57c70923621f086f1770af781b569,2025-02-27T03:15:11.380000 +CVE-2024-58005,1,1,2b8445c1f31120a62745ed9659109edc5b61c3c950d5ba8ee2d0774104a846c8,2025-02-27T03:15:11.480000 +CVE-2024-58006,1,1,024b6aa5d1b4712e9f04175ea273408a0726a1c1c0c5a3cfd9dc5b4bfbf6263b,2025-02-27T03:15:11.583000 +CVE-2024-58007,1,1,ac81c658bac418768ba463169374158a5d41336587d24024739fb187ba62ab60,2025-02-27T03:15:11.680000 +CVE-2024-58008,1,1,ba8e82bab2f918986151a12b564bd00b9387771427f5181cfa78f3a8dd3398c1,2025-02-27T03:15:11.780000 +CVE-2024-58009,1,1,6045eb366ba11585a9f8a9bc0a4a13b2059efd8a73a7e34b41e41f13ad45e9e4,2025-02-27T03:15:11.880000 CVE-2024-5801,0,0,ace405e884a9b10c90424a8616f2e997f5e542ee3fc4b4005c40daf60288c7aa,2024-08-12T13:41:36.517000 +CVE-2024-58010,1,1,6fe67fc54ca0e02fda8bfa1c1f66b40e1f82d863957f4db32d14c651ed965858,2025-02-27T03:15:11.980000 +CVE-2024-58011,1,1,52bc2bc0188306bdc0ad801b888c5c8acdeedd6c99efdbf0b56fbcf6619c1858,2025-02-27T03:15:12.087000 +CVE-2024-58012,1,1,1ab0878fa52bef2ad9c2c1e3527a1b4b8c0e5c3a1a3f40e85a1bca1f263c363e,2025-02-27T03:15:12.187000 +CVE-2024-58013,1,1,5241d42a4cb52b444564f25304ad0a6c81242e3315773195ccbabd5f55e3343d,2025-02-27T03:15:12.287000 +CVE-2024-58014,1,1,d27b68acb4c4852bdac35460ec636c8171f5191380154270a5ebd83bccff2934,2025-02-27T03:15:12.390000 +CVE-2024-58015,1,1,988340c469050c1d35eacbab4d63bcec71afc482cb8cc81ec7454aeeee25f240,2025-02-27T03:15:12.493000 +CVE-2024-58016,1,1,8b371b29c890fc323c4d6f2604423eaeb7ea14f3f888339c37b7e744e0261912,2025-02-27T03:15:12.590000 +CVE-2024-58017,1,1,bdc3c4a8727ecd1ae6c2fb5507353ebb409ef700eb9118f76a66b8c6124bf49a,2025-02-27T03:15:12.690000 +CVE-2024-58018,1,1,ecdfeeb7c3a3046f88467a4adfcbe28527645b849445d6d007bd88f869e12210,2025-02-27T03:15:12.797000 +CVE-2024-58019,1,1,904f7e6de053926a7a7857ae1d944b0d99c93c5b21a2e4b8c6e5f5c7d2783122,2025-02-27T03:15:12.897000 CVE-2024-5802,0,0,19fff604014c9cef9e0f8bc6a62b84f7523f1797653eafe6700c36b3d03bd7a8,2024-11-21T09:48:21.447000 +CVE-2024-58020,1,1,4a110a80daea948a17db5525c61cf06f99a7fb31b4bb1b32bbb55e99b10c4eff,2025-02-27T03:15:12.997000 +CVE-2024-58021,1,1,db91dc296face0f431063f73829fc75c2d514198b5509c869ecf3fd68c1b0266,2025-02-27T03:15:13.110000 CVE-2024-5803,0,0,9f82593b4c57457c96daef99978d68eaca19c8db6ce80dfb437501b3b95974d3,2024-10-04T13:50:43.727000 CVE-2024-5804,0,0,2f00fd3e9947e9e26596c3d44370745abf63c8732a08c44c5ab0acfd9a8ea957,2024-11-21T09:48:21.677000 CVE-2024-5805,0,0,fce2cd9169116102e5375089f5975fe2795253d6c4b763ab35cc7d32ac26b7a6,2024-11-21T09:48:21.803000 @@ -279912,14 +279941,14 @@ CVE-2025-0334,0,0,e3a8c3debfd678ee7c1344f925152dfd8cfa42591be5b844f5f2a9504bc9f6 CVE-2025-0335,0,0,a820ae7664e775c81fe19f53df9d4791a28a75fe2030b6cfa258200fda95c505,2025-02-26T18:25:29.120000 CVE-2025-0336,0,0,bb91510d2532c90139ca8ff5b2380505f670c1f4f46badd5231ee12701d6289e,2025-01-09T07:15:27.860000 CVE-2025-0339,0,0,ebb4065aac85a3a21e829aecc65d9cc87d522576682ca67360f25223e12e55b8,2025-01-09T07:15:28.080000 -CVE-2025-0340,0,1,d2643790c5408b8656f83d48122b2edd0443b492b102add5cec114f36ec3d251,2025-02-27T02:05:55.703000 +CVE-2025-0340,0,0,d2643790c5408b8656f83d48122b2edd0443b492b102add5cec114f36ec3d251,2025-02-27T02:05:55.703000 CVE-2025-0341,0,0,34691be6c91dee5a7eddd15393d10444959b571a53ae5dc2cf37690cab93d762,2025-01-09T08:15:30.060000 CVE-2025-0342,0,0,c0ced5aaf34287279d842270e764809b2ee2324b19427e671c3863b96f97c211,2025-01-09T08:15:30.310000 CVE-2025-0343,0,0,2f07750fbab5848d7fd769193ff51e5044832fbe65109094687a56b43364aa58,2025-02-18T22:15:16.350000 CVE-2025-0344,0,0,01437ae923f1cc2bbba7f217401e4d3cbf96038b1beb917f0e2b7fe28b7c2e1b,2025-01-09T08:15:30.517000 CVE-2025-0345,0,0,c3d5fb4ce1a2ffd9e41165f9ffe772836159a0e2b94ea1d233a347865b0f3929,2025-01-09T09:15:09.220000 -CVE-2025-0346,0,1,784962397b9f922e5eb47e0f60b46c47f1349646424ee2278ecbe0e3b77a240f,2025-02-27T02:05:55.703000 -CVE-2025-0347,0,1,6673240c782ee6585e0b98006b3eaddd70b95ff8f7b53165bb334c59c3c173da,2025-02-27T02:05:55.703000 +CVE-2025-0346,0,0,784962397b9f922e5eb47e0f60b46c47f1349646424ee2278ecbe0e3b77a240f,2025-02-27T02:05:55.703000 +CVE-2025-0347,0,0,6673240c782ee6585e0b98006b3eaddd70b95ff8f7b53165bb334c59c3c173da,2025-02-27T02:05:55.703000 CVE-2025-0348,0,0,caf29c7d10aa1d0bc868897d1f5fe71d1c997b913af05adf015858af50a20840,2025-01-09T10:15:07.700000 CVE-2025-0349,0,0,5c5bde0373ec0c26c713a0d565cd6e4461e0dfe3c3d54fa435cc26640f811d63,2025-01-09T11:15:16.547000 CVE-2025-0350,0,0,568075e13fb305f34efa279da3968d622f1d523cffbec586aa7d1232c4534cda,2025-02-04T20:36:53.180000 @@ -280014,14 +280043,14 @@ CVE-2025-0480,0,0,0cb09a8f6ce0b89170992f0c154f24058b4f34598442baf21a60641247a527 CVE-2025-0481,0,0,ea23d14dcc3acce7aaf6b481730febc16b60b2cfb742b3ce32274b3236e29b50,2025-01-15T19:15:26.807000 CVE-2025-0482,0,0,51755e11e1fe85bcdf8c3ef7c747a7a90c189e81d239d3c797b168fc9a111599,2025-01-15T21:15:14.653000 CVE-2025-0483,0,0,121ceb10d05ea57965d73fd7de54dea21193e629abb8500fadaeee53de942954,2025-01-15T20:15:29.040000 -CVE-2025-0484,0,1,0d4cfbba75514de2a940ca5195f4e778aa45d770e8b8dc84a452911b7aa02aa3,2025-02-27T02:05:55.703000 -CVE-2025-0485,0,1,ca00576a8605efcd82e042affbb262db5aee5a50a96ebcd968b1ee1636e2870e,2025-02-27T02:05:55.703000 -CVE-2025-0486,0,1,d3c7ddbd90f3357aafd4cac2a6d778e82d619abe913355ddfc9b81c408ded37b,2025-02-27T02:05:55.703000 -CVE-2025-0487,0,1,d74f4f2ec665e6d16f6688fa685495ccaff2b4badbf714c50413fa6da32bbb57,2025-02-27T02:05:55.703000 +CVE-2025-0484,0,0,0d4cfbba75514de2a940ca5195f4e778aa45d770e8b8dc84a452911b7aa02aa3,2025-02-27T02:05:55.703000 +CVE-2025-0485,0,0,ca00576a8605efcd82e042affbb262db5aee5a50a96ebcd968b1ee1636e2870e,2025-02-27T02:05:55.703000 +CVE-2025-0486,0,0,d3c7ddbd90f3357aafd4cac2a6d778e82d619abe913355ddfc9b81c408ded37b,2025-02-27T02:05:55.703000 +CVE-2025-0487,0,0,d74f4f2ec665e6d16f6688fa685495ccaff2b4badbf714c50413fa6da32bbb57,2025-02-27T02:05:55.703000 CVE-2025-0488,0,0,5a2c8f931caf677c96dc18607ae260506970639c6e34580d9069775d9be6fc5b,2025-01-16T16:15:35.347000 CVE-2025-0489,0,0,a24dc8200140f72a873da603310104369ecbf6fd64e7830d413cb9f47b4c7d0e,2025-01-16T16:15:35.517000 CVE-2025-0490,0,0,1f384416061d2dbf3f188e10aae42ad077e67eabf02b270fb3286b559e5f665e,2025-01-16T16:15:35.653000 -CVE-2025-0491,0,1,db7460efe8773a30e31154f690c4035cc221eca4a30c0345fe13a452219fac74,2025-02-27T02:05:55.703000 +CVE-2025-0491,0,0,db7460efe8773a30e31154f690c4035cc221eca4a30c0345fe13a452219fac74,2025-02-27T02:05:55.703000 CVE-2025-0492,0,0,84421fce7cc144b94f0258c9d48e69eeae8d312d182afca6c8016ab8e7304bc8,2025-01-15T22:15:27.157000 CVE-2025-0493,0,0,fdfc8e0b7f438cb924061cba763cc9775cadf54d53fcaa6b7c0c5eccbf337244,2025-01-31T05:15:10.087000 CVE-2025-0497,0,0,423124bf24ced39e339476c6d2a6bb1ae8c797c5f19787cb8347a4dcc77d9d50,2025-01-30T18:15:32.493000 @@ -281169,33 +281198,99 @@ CVE-2025-21701,0,0,d7c054d565dcf2a6e8d7012de1892a0a2fe63adaff9755c9d55124b93699e CVE-2025-21702,0,0,d363aa73cef2e84d05fef6ef479e127c11617ea6c3706bfabd35a9d26103dec7,2025-02-18T15:15:18.530000 CVE-2025-21703,0,0,1b70a75eeb992a0cedbee9d2af799a85c7fa5ad6d64038ed6ea31d816ef224ad,2025-02-21T14:15:56.627000 CVE-2025-21704,0,0,e026f221b6ea2c6334913aa4f1134eade120f5fc4a007942f64f63ed42e111bc,2025-02-22T10:15:11.263000 -CVE-2025-21705,1,1,e763dc3bbbddb79ca04930f2e0555ec05c607b76ed8b758791fda650b4ef0f37,2025-02-27T02:15:14.137000 -CVE-2025-21706,1,1,fca488390cd1f26af589db050591e9cbb7b4ff638b3ce6b3941e62e0820edc92,2025-02-27T02:15:14.237000 -CVE-2025-21707,1,1,b983d689f8c97cae3f310afab7c8f735aaa1f84fa22939e9b55e87011c94bb62,2025-02-27T02:15:14.347000 -CVE-2025-21708,1,1,d933c334c327268dfe94797007314260d74aab59fc77728e72b8d8b7e7bbbd63,2025-02-27T02:15:14.447000 -CVE-2025-21709,1,1,566fb484d81c3d6984d7001ae650972c150e021d1439e30cdbdee6e879e9cae0,2025-02-27T02:15:14.560000 -CVE-2025-21710,1,1,caac5a8cd4f59a38798bb65050c056c6ac14dc33ba2554c9f9132c182247504c,2025-02-27T02:15:14.657000 -CVE-2025-21711,1,1,1ad137bce1c83de2777c91aff300be1d715180746549ec95097915a0e6f83f97,2025-02-27T02:15:14.760000 -CVE-2025-21712,1,1,8c926eda33cada82fee3f8d26c054cba500718472d3a633e09eaf38efd4e00f0,2025-02-27T02:15:14.863000 -CVE-2025-21713,1,1,c0471bfe099bcdf2eb9fbfdd85133612e7add0d99f327db2a3131e92e92f3a86,2025-02-27T02:15:14.960000 -CVE-2025-21714,1,1,0443c9d2a524f4163004ed6af8df0ace54b54c7c2169bb90bedac2c54123834a,2025-02-27T02:15:15.050000 -CVE-2025-21715,1,1,ab25a9824a2d6ca4a0cf91a33e78b3602f2fce2d0cd3fcd6725106a8eba7d908,2025-02-27T02:15:15.167000 -CVE-2025-21716,1,1,9d695cb97deae26f96dea1b483a17bd9606280eb538b110a06de98a3a595d664,2025-02-27T02:15:15.273000 -CVE-2025-21717,1,1,7ca6cd69efbb56fd36ed628b74ce2e13274561c37d021271d3bfd71e8ee64ffb,2025-02-27T02:15:15.373000 -CVE-2025-21718,1,1,5fb025932012588e486a67bbb8003b6c391d3e39000a93f80ecbca817adbd3c0,2025-02-27T02:15:15.473000 -CVE-2025-21719,1,1,157d53c5a8fa7b32509ec25adac9f4941a4f315dbe964473d128ebd5d2106061,2025-02-27T02:15:15.580000 -CVE-2025-21720,1,1,c2a7c6189229fd84b828b80d035a48cf5be9b44c4fdaaa3cb13d86df8037388f,2025-02-27T02:15:15.683000 -CVE-2025-21721,1,1,231bc7f36f4032e5c345e09bb6f199b9529768cc539fa62f152f8658cb5cdb67,2025-02-27T02:15:15.787000 -CVE-2025-21722,1,1,4ff28cbb7db6f566613f999667bae8e043c8ef362dbc89d551947bea584f4f92,2025-02-27T02:15:15.883000 -CVE-2025-21723,1,1,dae0449f384656e24d333a5692bdb0c67d65760a84aa08200fd65093c57cece1,2025-02-27T02:15:15.993000 -CVE-2025-21724,1,1,87af61e9bb904173709cf188d0701c3b5e1fc2fa500e06d42307eb73dd3567c4,2025-02-27T02:15:16.113000 -CVE-2025-21725,1,1,aae1864f5be60c901a7f7d2bc22c2f019bb064536a9e56b914fa827f03e149bd,2025-02-27T02:15:16.220000 -CVE-2025-21726,1,1,683e04635d2f1a0d17a5997ef539a73974209f0c4fabc1bc6ea17768e5f8e1fd,2025-02-27T02:15:16.323000 -CVE-2025-21727,1,1,36b78115401c5d590b58c95fb2ca439f5aced39f4ca4f156fb63e20884607ba7,2025-02-27T02:15:16.423000 -CVE-2025-21728,1,1,1da8388633c1d6e4ff31a488f8976f3bd0c289e0e8b6558f7e896f3d2f296913,2025-02-27T02:15:16.530000 -CVE-2025-21729,1,1,15271fcf2780e48fa4335cd669681068060c3cab565250e43e1ec0da75e25990,2025-02-27T02:15:16.637000 -CVE-2025-21730,1,1,5992631d1f378725d3194b05000263ee4d8ee1acbc0c181e9f0cdc98f263b07c,2025-02-27T02:15:16.733000 -CVE-2025-21731,1,1,4db768d62c6a8d4585e87f6709f6812c9209d6aa5d879ef951bcc2b04154993d,2025-02-27T02:15:16.833000 +CVE-2025-21705,0,0,e763dc3bbbddb79ca04930f2e0555ec05c607b76ed8b758791fda650b4ef0f37,2025-02-27T02:15:14.137000 +CVE-2025-21706,0,0,fca488390cd1f26af589db050591e9cbb7b4ff638b3ce6b3941e62e0820edc92,2025-02-27T02:15:14.237000 +CVE-2025-21707,0,0,b983d689f8c97cae3f310afab7c8f735aaa1f84fa22939e9b55e87011c94bb62,2025-02-27T02:15:14.347000 +CVE-2025-21708,0,0,d933c334c327268dfe94797007314260d74aab59fc77728e72b8d8b7e7bbbd63,2025-02-27T02:15:14.447000 +CVE-2025-21709,0,0,566fb484d81c3d6984d7001ae650972c150e021d1439e30cdbdee6e879e9cae0,2025-02-27T02:15:14.560000 +CVE-2025-21710,0,0,caac5a8cd4f59a38798bb65050c056c6ac14dc33ba2554c9f9132c182247504c,2025-02-27T02:15:14.657000 +CVE-2025-21711,0,0,1ad137bce1c83de2777c91aff300be1d715180746549ec95097915a0e6f83f97,2025-02-27T02:15:14.760000 +CVE-2025-21712,0,0,8c926eda33cada82fee3f8d26c054cba500718472d3a633e09eaf38efd4e00f0,2025-02-27T02:15:14.863000 +CVE-2025-21713,0,0,c0471bfe099bcdf2eb9fbfdd85133612e7add0d99f327db2a3131e92e92f3a86,2025-02-27T02:15:14.960000 +CVE-2025-21714,0,0,0443c9d2a524f4163004ed6af8df0ace54b54c7c2169bb90bedac2c54123834a,2025-02-27T02:15:15.050000 +CVE-2025-21715,0,0,ab25a9824a2d6ca4a0cf91a33e78b3602f2fce2d0cd3fcd6725106a8eba7d908,2025-02-27T02:15:15.167000 +CVE-2025-21716,0,0,9d695cb97deae26f96dea1b483a17bd9606280eb538b110a06de98a3a595d664,2025-02-27T02:15:15.273000 +CVE-2025-21717,0,0,7ca6cd69efbb56fd36ed628b74ce2e13274561c37d021271d3bfd71e8ee64ffb,2025-02-27T02:15:15.373000 +CVE-2025-21718,0,0,5fb025932012588e486a67bbb8003b6c391d3e39000a93f80ecbca817adbd3c0,2025-02-27T02:15:15.473000 +CVE-2025-21719,0,0,157d53c5a8fa7b32509ec25adac9f4941a4f315dbe964473d128ebd5d2106061,2025-02-27T02:15:15.580000 +CVE-2025-21720,0,0,c2a7c6189229fd84b828b80d035a48cf5be9b44c4fdaaa3cb13d86df8037388f,2025-02-27T02:15:15.683000 +CVE-2025-21721,0,0,231bc7f36f4032e5c345e09bb6f199b9529768cc539fa62f152f8658cb5cdb67,2025-02-27T02:15:15.787000 +CVE-2025-21722,0,0,4ff28cbb7db6f566613f999667bae8e043c8ef362dbc89d551947bea584f4f92,2025-02-27T02:15:15.883000 +CVE-2025-21723,0,0,dae0449f384656e24d333a5692bdb0c67d65760a84aa08200fd65093c57cece1,2025-02-27T02:15:15.993000 +CVE-2025-21724,0,0,87af61e9bb904173709cf188d0701c3b5e1fc2fa500e06d42307eb73dd3567c4,2025-02-27T02:15:16.113000 +CVE-2025-21725,0,0,aae1864f5be60c901a7f7d2bc22c2f019bb064536a9e56b914fa827f03e149bd,2025-02-27T02:15:16.220000 +CVE-2025-21726,0,0,683e04635d2f1a0d17a5997ef539a73974209f0c4fabc1bc6ea17768e5f8e1fd,2025-02-27T02:15:16.323000 +CVE-2025-21727,0,0,36b78115401c5d590b58c95fb2ca439f5aced39f4ca4f156fb63e20884607ba7,2025-02-27T02:15:16.423000 +CVE-2025-21728,0,0,1da8388633c1d6e4ff31a488f8976f3bd0c289e0e8b6558f7e896f3d2f296913,2025-02-27T02:15:16.530000 +CVE-2025-21729,0,0,15271fcf2780e48fa4335cd669681068060c3cab565250e43e1ec0da75e25990,2025-02-27T02:15:16.637000 +CVE-2025-21730,0,0,5992631d1f378725d3194b05000263ee4d8ee1acbc0c181e9f0cdc98f263b07c,2025-02-27T02:15:16.733000 +CVE-2025-21731,0,0,4db768d62c6a8d4585e87f6709f6812c9209d6aa5d879ef951bcc2b04154993d,2025-02-27T02:15:16.833000 +CVE-2025-21732,1,1,6dcd6bd9bfefa340e9cba5991b851ac5f328d81b5e5d7dbae57af4ec34d1a9a4,2025-02-27T03:15:13.820000 +CVE-2025-21733,1,1,8ed0d54b34f8a3602de8d6eb2336e24416c84513634f3455543ee5fbc64f822d,2025-02-27T03:15:13.923000 +CVE-2025-21734,1,1,48ee60a79ac18d73e2e9a39f6ecee6b3c36e0f82b224a8177acf8c7eeeb90b78,2025-02-27T03:15:14.030000 +CVE-2025-21735,1,1,8992d2ee08af6de91513a5707b684275b3dd935f25284d100c64c9dd89d5323c,2025-02-27T03:15:14.130000 +CVE-2025-21736,1,1,93956cc846e95f47c14d6218d4851de997b7b0c8df949cea2cf32d735d479f55,2025-02-27T03:15:14.230000 +CVE-2025-21737,1,1,c596c94e0cef54faf6fd7d3ebadf75ef6818d7455874f0c6a5132d57b0f7bd01,2025-02-27T03:15:14.327000 +CVE-2025-21738,1,1,9dbfc481ed055656bdca0ab52ba4cae87e8b2c9da89042a2552623f1a61977b4,2025-02-27T03:15:14.427000 +CVE-2025-21739,1,1,ea45bb6167636519ff185da6b8c047f095b4bacbdf87d270e6e1bf485567f231,2025-02-27T03:15:14.530000 +CVE-2025-21740,1,1,bc64fb406f292ac6b189fad1761465403d12972b8ed6fb681b752717e4753813,2025-02-27T03:15:14.630000 +CVE-2025-21741,1,1,629c7cbcbd6f85b9ee2a4c7bf55b82d7ea60c63601fc12c63869f1e280a20745,2025-02-27T03:15:14.730000 +CVE-2025-21742,1,1,51c376b8442050e3ecce4cd435613cc2fa3091d1d17189e7df759dc221b5a6de,2025-02-27T03:15:14.830000 +CVE-2025-21743,1,1,67d0f2265465e77221734c331d253f7fc354211b176cc2dca3ec8c8422af76a2,2025-02-27T03:15:14.933000 +CVE-2025-21744,1,1,47422ad751d060765f01a5efc42c50639eae4ea758b465c4063846c39e11c32c,2025-02-27T03:15:15.037000 +CVE-2025-21745,1,1,be9c70871a86f55f03e75d0139a528ae87f70bff7945ffa31b101fe624299975,2025-02-27T03:15:15.137000 +CVE-2025-21746,1,1,2aa41a8980071b0567544aaf47daa564939c3b305a89838fed4c4b5cc9a687a9,2025-02-27T03:15:15.243000 +CVE-2025-21747,1,1,b4c7b8e9bbe08c3621e3d19d7432493cfeaae5b0fc274069a49e2619d118b55b,2025-02-27T03:15:15.337000 +CVE-2025-21748,1,1,3c89dfc075db5c3cfdcdd002206c2f3c37c4cb82a3a4b4823a2372ec53398649,2025-02-27T03:15:15.440000 +CVE-2025-21749,1,1,a7a8fa1c39a893df0dbcfcec02a053688ff8871d74d4e9c34c4774d7189b8c61,2025-02-27T03:15:15.543000 +CVE-2025-21750,1,1,4cf8ca959c174b12cd52a6ff02ecc17bc8dec4e236cf714a8c19d31b325047c1,2025-02-27T03:15:15.647000 +CVE-2025-21751,1,1,5afe9d8caab0abababa4d1c9d5355075fc9d247d0ef686921d41baf954bec76a,2025-02-27T03:15:15.760000 +CVE-2025-21752,1,1,6530d50c3281b73cb46447eb8d41cd293c5d945b6bff17d84d65e6b1472c9793,2025-02-27T03:15:15.853000 +CVE-2025-21753,1,1,29b12a1983ac3745f76a130756507ca8859ab50f2463f5dbf6c088e576ce480e,2025-02-27T03:15:15.950000 +CVE-2025-21754,1,1,1a8b7112bb5b3b6fd0926576bf3c4ee21bc88ec8d673e4bd95aa7a05addc423e,2025-02-27T03:15:16.050000 +CVE-2025-21755,1,1,409a0cbcf238c1c3ea6643dea30d72c2db000f676aee71bfcf910b93a011dfdc,2025-02-27T03:15:16.150000 +CVE-2025-21756,1,1,53b4c7a5eb9f6dd16c6e387d0ceef610bef1a9d91b29e929487dc2a9284c6498,2025-02-27T03:15:16.250000 +CVE-2025-21757,1,1,38e86c3caa030988c0231a12bf7643d7816857332d199b87d5f593aaf5156bce,2025-02-27T03:15:16.353000 +CVE-2025-21758,1,1,7ac672abae0649b7ee445870615f924bfd19c9c113b2d802b6c89e708349141c,2025-02-27T03:15:16.450000 +CVE-2025-21759,1,1,89dccc7c9917cd6878f015204f2c82ed8328ca19797bc1c58b5ccc3bb818f31b,2025-02-27T03:15:16.550000 +CVE-2025-21760,1,1,f4b6fa991eed6636ff4b2934fb8c957ed5d7e8bc3d13c7acb9964d27d84232d4,2025-02-27T03:15:16.653000 +CVE-2025-21761,1,1,1ab9f2376ccef6fe50de80d5bb896835c91bd1b6e2d8c318da9187489f4bcc5f,2025-02-27T03:15:16.757000 +CVE-2025-21762,1,1,5f0d3ae79cf403ed16db29e3b76a367a370aeaf086c206bfdf922c82e3993582,2025-02-27T03:15:16.857000 +CVE-2025-21763,1,1,c77c2f6f520fdee28fceeaa223bca296f117f4861182d2d595d4bbd477fabb1a,2025-02-27T03:15:16.960000 +CVE-2025-21764,1,1,54b6bff232c9f4892be3d7ab7bf09afe68b038151128d086a90a714e7a890b08,2025-02-27T03:15:17.063000 +CVE-2025-21765,1,1,84b514415b470ade0ac2ac2cf96329afd183e8547ad9084584dcc30336bb1e05,2025-02-27T03:15:17.173000 +CVE-2025-21766,1,1,51d0c18c995c25a898c111f5fc9f288f82964675b2a236afa313542efb05e7df,2025-02-27T03:15:17.273000 +CVE-2025-21767,1,1,5829e76bd69ea8d88fb4093af1e8a32fe79ae2d05e4dc4f3e61a6718f572504e,2025-02-27T03:15:17.383000 +CVE-2025-21768,1,1,ff17549a8daa014f9975c5ca16b9eafd7e2d126a430e531c07600db58b7e8e0b,2025-02-27T03:15:17.480000 +CVE-2025-21769,1,1,03597b5da8c55abf8fbfc4a0785879c95c161cf81911c83bbb60647015a77a69,2025-02-27T03:15:17.580000 +CVE-2025-21770,1,1,7cf862933df3a304c78cf47c6b788b264c81b3f9c4c4aabb3382e2e2836d3491,2025-02-27T03:15:17.677000 +CVE-2025-21771,1,1,3f4dc4ad76e7227b222083f8abd7222a36b37d0955077c58b5a7964287fd81c9,2025-02-27T03:15:17.767000 +CVE-2025-21772,1,1,9fb4f22cecc4447f095faadf56ee8f2c258e02717ca5524ce1523c971ce5fa64,2025-02-27T03:15:17.867000 +CVE-2025-21773,1,1,53c57332bf8a5e02b86cc98e64314841dc1997e470a043569a60149bd0365ea1,2025-02-27T03:15:17.970000 +CVE-2025-21774,1,1,88142de2bba8c43cf0a87d9d372d2605e6c38ee0c22eceb5bf070ed22cdc53a6,2025-02-27T03:15:18.070000 +CVE-2025-21775,1,1,279b18736ca0ef8e7519125219d754d85a7bc653ae8a07d619932d1a68eb6a9a,2025-02-27T03:15:18.167000 +CVE-2025-21776,1,1,67e532d2b9a554b966e19e430741080d567e3a227c26b689662fd299ef594bbd,2025-02-27T03:15:18.263000 +CVE-2025-21777,1,1,ea40a92bc8c41059837149d35d4c05bf75b7708c3abbb9a0d62ed84d92ba749c,2025-02-27T03:15:18.377000 +CVE-2025-21778,1,1,817367634ddfad5c5b007b052957a1789928cdf44e12589440817eea480c8114,2025-02-27T03:15:18.533000 +CVE-2025-21779,1,1,436c61919bead71a58528fa7e2aba2ecddf5ff2e6c5c6df70b59011cfa0fd3aa,2025-02-27T03:15:18.690000 +CVE-2025-21780,1,1,c095db610ef4058565759002ca1cb8ee240632910c7fbf288aaa57eddebe0fee,2025-02-27T03:15:18.827000 +CVE-2025-21781,1,1,40432221f01914dc1bb331356903c8336678a24da17951f4c89ef617919afa0b,2025-02-27T03:15:18.947000 +CVE-2025-21782,1,1,afde209e3b6d07b40a6f602e22e0618e943b87c35f7672b8ea9b5e80c13be071,2025-02-27T03:15:19.050000 +CVE-2025-21783,1,1,c2e84128aecc9231e1e01efa3fbb42716de07cc4ba861abcd948cbd45d4ef5d2,2025-02-27T03:15:19.150000 +CVE-2025-21784,1,1,ddb3534249589ded30f2d3dd4794cbc7aa7f4571853ac9bec3787267d12dcb91,2025-02-27T03:15:19.247000 +CVE-2025-21785,1,1,2ce172bae5986be8c51dcd93d766a0b84101dbea5fb329c6cedc99c9ec0a2793,2025-02-27T03:15:19.350000 +CVE-2025-21786,1,1,17aeb849e3abe3744007b606fe811b05bd5f034c58fe37713a9e1ca3dffabc6f,2025-02-27T03:15:19.450000 +CVE-2025-21787,1,1,4b0f5665e4061ae1813cc5be8bedea1e929a49ca585be9c89665348d0010f7d8,2025-02-27T03:15:19.553000 +CVE-2025-21788,1,1,e83634564fe764318d8301bd02b72bec6115392300efccbc618c7969cf8752b1,2025-02-27T03:15:19.663000 +CVE-2025-21789,1,1,8984c1c7e35774969c10262cd58ba7b60b21ea235fc528225fd992da17139f95,2025-02-27T03:15:19.763000 +CVE-2025-21790,1,1,510c000393047837010aedd86501648d1ed04a9ff80380f472de2ee8f205d2d3,2025-02-27T03:15:19.870000 +CVE-2025-21791,1,1,d0ce5deb62058ec9827f403b3801e68e59b72a6d105f46af45392e94ebd37d12,2025-02-27T03:15:19.970000 +CVE-2025-21792,1,1,d7d67d6a4ab826bfac90bf76e6d97dbaccdc4f0d6081f0b21f695f464875df43,2025-02-27T03:15:20.080000 +CVE-2025-21793,1,1,453d78f6521e190278dbaba81bbaa8323401129fea331a0de5aaad11ddb4d45f,2025-02-27T03:15:20.190000 +CVE-2025-21794,1,1,9832c619a82f18d28f0a7e86bf0adac27a16a7b0cc9157ba0d29a36711cac0c0,2025-02-27T03:15:20.293000 +CVE-2025-21795,1,1,39bd1fd575ef715615bcf04cfa21fd5bc633989225e9cc19b52ab20b759ec599,2025-02-27T03:15:20.390000 +CVE-2025-21796,1,1,906147b9546ec325d4468243ded0128d003c7fcbe134204719880aac8c51524a,2025-02-27T03:15:20.497000 +CVE-2025-21797,1,1,4b41e92e5965f1c2445d1b5b13db4387e46c769e89caf1a237e699357d28ecd2,2025-02-27T03:15:20.607000 CVE-2025-22129,0,0,d84466451eb5813ecdb45d579943a91ad86a0d891b836c8fd8053b0ece067119,2025-02-04T19:15:33.360000 CVE-2025-22130,0,0,a71c51c8237898c4394724aa5ef423b90094196082b564075e1f1cf6c2992343,2025-01-08T16:15:38.543000 CVE-2025-22131,0,0,69440877e24142b0c883a083dd220512bc0b0c9b1551c23031d4be6598836d66,2025-01-20T16:15:27.880000