diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57904.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57904.json new file mode 100644 index 00000000000..64d272073bf --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57904.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57904", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:23.970", + "lastModified": "2025-01-19T12:15:23.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91: call input_free_device() on allocated iio_dev\n\nCurrent implementation of at91_ts_register() calls input_free_deivce()\non st->ts_input, however, the err label can be reached before the\nallocated iio_dev is stored to st->ts_input. Thus call\ninput_free_device() on input instead of st->ts_input." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/09e067e3c83e0695d338e8a26916e3c2bc44be02", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25ef52f1c15db67d890b80203a911b9a57b0bf71", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d115b7f3ddc03b38bb7e8754601556fe9b4fc034", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de6a73bad1743e9e81ea5a24c178c67429ff510b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57905.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57905.json new file mode 100644 index 00000000000..3d5da36b1ac --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57905.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57905", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:24.710", + "lastModified": "2025-01-19T12:15:24.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads1119: fix information leak in triggered buffer\n\nThe 'scan' local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the sample (unsigned int)\nand the timestamp. This hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2f1687cca911a2f294313c762e0646cd9e7be8cc", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75f339d3ecd38cb1ce05357d647189d4a7f7ed08", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57906.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57906.json new file mode 100644 index 00000000000..927205bd0b5 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57906.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57906", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:24.800", + "lastModified": "2025-01-19T12:15:24.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads8688: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2a7377ccfd940cd6e9201756aff1e7852c266e69", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/455df95eb8f24a37abc549d6738fc8ee07eb623b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/485570ed82b7a6bb109fa1d0a79998e21f7f4c73", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ebe2672bc42a0dfe31bb539f8ce79d024aa7e46d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57907.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57907.json new file mode 100644 index 00000000000..dd6e9160f7a --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57907.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57907", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:24.897", + "lastModified": "2025-01-19T12:15:24.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: rockchip_saradc: fix information leak in triggered buffer\n\nThe 'data' local struct is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/38724591364e1e3b278b4053f102b49ea06ee17c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5a95fbbecec7a34bbad5dcc3156700b8711d53c4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8193941bc4fe7247ff13233f328aea709f574554", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57908.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57908.json new file mode 100644 index 00000000000..ba8a5aa11db --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57908.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57908", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:24.990", + "lastModified": "2025-01-19T12:15:24.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: kmx61: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/565814cbbaa674d2901428796801de49a611e59d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6985ba4467e4b15b809043fa7740d1fb23a1897b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6ae053113f6a226a2303caa4936a4c37f3bfff7b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cde312e257b59ecaa0fad3af9ec7e2370bb24639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57909.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57909.json new file mode 100644 index 00000000000..efdf2ef28e9 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57909.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57909", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.083", + "lastModified": "2025-01-19T12:15:25.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: bh1745: fix information leak in triggered buffer\n\nThe 'scan' local struct is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/1cca2a666e099aa018e5ab385f0a6e01a3053629", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json new file mode 100644 index 00000000000..caa938385e9 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57910.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57910", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.187", + "lastModified": "2025-01-19T12:15:25.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json new file mode 100644 index 00000000000..cfe908a9d91 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57911.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57911", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.277", + "lastModified": "2025-01-19T12:15:25.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer\n\nThe 'data' array is allocated via kmalloc() and it is used to push data\nto user space from a triggered buffer, but it does not set values for\ninactive channels, as it only uses iio_for_each_active_channel()\nto assign new values.\n\nUse kzalloc for the memory allocation to avoid pushing uninitialized\ninformation to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57912.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57912.json new file mode 100644 index 00000000000..42a7257771c --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57912.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57912", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.380", + "lastModified": "2025-01-19T12:15:25.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: zpa2326: fix information leak in triggered buffer\n\nThe 'sample' local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the temperature and the\ntimestamp (u32 pressure, u16 temperature, GAP, u64 timestamp).\nThis hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57913.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57913.json new file mode 100644 index 00000000000..2fe86559f2b --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57913.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57913", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.477", + "lastModified": "2025-01-19T12:15:25.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd 2. UDC write via configfs\n =================\t =====================\n\n->usb_ffs_open_thread() ->UDC write\n ->open_functionfs() ->configfs_write_iter()\n ->adb_open() ->gadget_dev_desc_UDC_store()\n ->adb_write() ->usb_gadget_register_driver_owner\n ->driver_register()\n->StartMonitor() ->bus_add_driver()\n ->adb_read() ->gadget_bind_driver()\n ->configfs_composite_bind()\n ->usb_add_function()\n->open_functionfs() ->ffs_func_bind()\n ->adb_open() ->functionfs_bind()\n state !=FFS_ACTIVE>\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[ 14.542395] Call trace:\n[ 14.542464] ffs_func_bind+0x1c8/0x14a8\n[ 14.542468] usb_add_function+0xcc/0x1f0\n[ 14.542473] configfs_composite_bind+0x468/0x588\n[ 14.542478] gadget_bind_driver+0x108/0x27c\n[ 14.542483] really_probe+0x190/0x374\n[ 14.542488] __driver_probe_device+0xa0/0x12c\n[ 14.542492] driver_probe_device+0x3c/0x220\n[ 14.542498] __driver_attach+0x11c/0x1fc\n[ 14.542502] bus_for_each_dev+0x104/0x160\n[ 14.542506] driver_attach+0x24/0x34\n[ 14.542510] bus_add_driver+0x154/0x270\n[ 14.542514] driver_register+0x68/0x104\n[ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4\n[ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144\n[ 14.542526] configfs_write_iter+0xf0/0x138" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57914.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57914.json new file mode 100644 index 00000000000..3244febcd1b --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57914.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57914", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.573", + "lastModified": "2025-01-19T12:15:25.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpci: fix NULL pointer issue on shared irq case\n\nThe tcpci_irq() may meet below NULL pointer dereference issue:\n\n[ 2.641851] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n[ 2.641951] status 0x1, 0x37f\n[ 2.650659] Mem abort info:\n[ 2.656490] ESR = 0x0000000096000004\n[ 2.660230] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2.665532] SET = 0, FnV = 0\n[ 2.668579] EA = 0, S1PTW = 0\n[ 2.671715] FSC = 0x04: level 0 translation fault\n[ 2.676584] Data abort info:\n[ 2.679459] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 2.684936] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 2.689980] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 2.695284] [0000000000000010] user address but active_mm is swapper\n[ 2.701632] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 2.707883] Modules linked in:\n[ 2.710936] CPU: 1 UID: 0 PID: 87 Comm: irq/111-2-0051 Not tainted 6.12.0-rc6-06316-g7f63786ad3d1-dirty #4\n[ 2.720570] Hardware name: NXP i.MX93 11X11 EVK board (DT)\n[ 2.726040] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2.732989] pc : tcpci_irq+0x38/0x318\n[ 2.736647] lr : _tcpci_irq+0x14/0x20\n[ 2.740295] sp : ffff80008324bd30\n[ 2.743597] x29: ffff80008324bd70 x28: ffff800080107894 x27: ffff800082198f70\n[ 2.750721] x26: ffff0000050e6680 x25: ffff000004d172ac x24: ffff0000050f0000\n[ 2.757845] x23: ffff000004d17200 x22: 0000000000000001 x21: ffff0000050f0000\n[ 2.764969] x20: ffff000004d17200 x19: 0000000000000000 x18: 0000000000000001\n[ 2.772093] x17: 0000000000000000 x16: ffff80008183d8a0 x15: ffff00007fbab040\n[ 2.779217] x14: ffff00007fb918c0 x13: 0000000000000000 x12: 000000000000017a\n[ 2.786341] x11: 0000000000000001 x10: 0000000000000a90 x9 : ffff80008324bd00\n[ 2.793465] x8 : ffff0000050f0af0 x7 : ffff00007fbaa840 x6 : 0000000000000031\n[ 2.800589] x5 : 000000000000017a x4 : 0000000000000002 x3 : 0000000000000002\n[ 2.807713] x2 : ffff80008324bd3a x1 : 0000000000000010 x0 : 0000000000000000\n[ 2.814838] Call trace:\n[ 2.817273] tcpci_irq+0x38/0x318\n[ 2.820583] _tcpci_irq+0x14/0x20\n[ 2.823885] irq_thread_fn+0x2c/0xa8\n[ 2.827456] irq_thread+0x16c/0x2f4\n[ 2.830940] kthread+0x110/0x114\n[ 2.834164] ret_from_fork+0x10/0x20\n[ 2.837738] Code: f9426420 f9001fe0 d2800000 52800201 (f9400a60)\n\nThis may happen on shared irq case. Such as two Type-C ports share one\nirq. After the first port finished tcpci_register_port(), it may trigger\ninterrupt. However, if the interrupt comes by chance the 2nd port finishes\ndevm_request_threaded_irq(), the 2nd port interrupt handler will run at\nfirst. Then the above issue happens due to tcpci is still a NULL pointer\nin tcpci_irq() when dereference to regmap.\n\n devm_request_threaded_irq()\n\t\t\t\t<-- port1 irq comes\n disable_irq(client->irq);\n tcpci_register_port()\n\nThis will restore the logic to the state before commit (77e85107a771 \"usb:\ntypec: tcpci: support edge irq\").\n\nHowever, moving tcpci_register_port() earlier creates a problem when use\nedge irq because tcpci_init() will be called before\ndevm_request_threaded_irq(). The tcpci_init() writes the ALERT_MASK to\nthe hardware to tell it to start generating interrupts but we're not ready\nto deal with them yet, then the ALERT events may be missed and ALERT line\nwill not recover to high level forever. To avoid the issue, this will also\nset ALERT_MASK register after devm_request_threaded_irq() return." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/8586d6ea623e48b2bd38304bbc52b0b8228816ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/862a9c0f68487fd6ced15622d9cdcec48f8b5aaa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57915.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57915.json new file mode 100644 index 00000000000..cd0cac61278 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57915.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57915", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.673", + "lastModified": "2025-01-19T12:15:25.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\n\nConsidering that in some extreme cases, when performing the\nunbinding operation, gserial_disconnect has cleared gser->ioport,\nwhich triggers gadget reconfiguration, and then calls gs_read_complete,\nresulting in access to a null pointer. Therefore, ep is disabled before\ngserial_disconnect sets port to null to prevent this from happening.\n\nCall trace:\n gs_read_complete+0x58/0x240\n usb_gadget_giveback_request+0x40/0x160\n dwc3_remove_requests+0x170/0x484\n dwc3_ep0_out_start+0xb0/0x1d4\n __dwc3_gadget_start+0x25c/0x720\n kretprobe_trampoline.cfi_jt+0x0/0x8\n kretprobe_trampoline.cfi_jt+0x0/0x8\n udc_bind_to_driver+0x1d8/0x300\n usb_gadget_probe_driver+0xa8/0x1dc\n gadget_dev_desc_UDC_store+0x13c/0x188\n configfs_write_iter+0x160/0x1f4\n vfs_write+0x2d0/0x40c\n ksys_write+0x7c/0xf0\n __arm64_sys_write+0x20/0x30\n invoke_syscall+0x60/0x150\n el0_svc_common+0x8c/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0c50f00cc29948184af05bda31392fff5821f4f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/13014969cbf07f18d62ceea40bd8ca8ec9d36cec", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3d730e8758c75b68a0152ee1ac48a270ea6725b4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8e122d780a0f19aefd700dbd0b0e3ed3af0ae97f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57916.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57916.json new file mode 100644 index 00000000000..526399da1db --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57916.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57916", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.763", + "lastModified": "2025-01-19T12:15:25.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling\n\nResolve kernel panic caused by improper handling of IRQs while\naccessing GPIO values. This is done by replacing generic_handle_irq with\nhandle_nested_irq." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/194f9f94a5169547d682e9bbcc5ae6d18a564735", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25692750c0259c5b65afec467d97201a485e8a00", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/47d3749ec0cb56b7b98917c190a8c10cb54216fd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/79aef6187e16b2d32307c8ff610e9e04f7f86e1f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57917.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57917.json new file mode 100644 index 00000000000..4d200001639 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57917.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57917", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.860", + "lastModified": "2025-01-19T12:15:25.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntopology: Keep the cpumask unchanged when printing cpumap\n\nDuring fuzz testing, the following warning was discovered:\n\n different return values (15 and 11) from vsnprintf(\"%*pbl\n \", ...)\n\n test:keyward is WARNING in kvasprintf\n WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130\n Call Trace:\n kvasprintf+0x121/0x130\n kasprintf+0xa6/0xe0\n bitmap_print_to_buf+0x89/0x100\n core_siblings_list_read+0x7e/0xb0\n kernfs_file_read_iter+0x15b/0x270\n new_sync_read+0x153/0x260\n vfs_read+0x215/0x290\n ksys_read+0xb9/0x160\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe call trace shows that kvasprintf() reported this warning during the\nprinting of core_siblings_list. kvasprintf() has several steps:\n\n (1) First, calculate the length of the resulting formatted string.\n\n (2) Allocate a buffer based on the returned length.\n\n (3) Then, perform the actual string formatting.\n\n (4) Check whether the lengths of the formatted strings returned in\n steps (1) and (2) are consistent.\n\nIf the core_cpumask is modified between steps (1) and (3), the lengths\nobtained in these two steps may not match. Indeed our test includes cpu\nhotplugging, which should modify core_cpumask while printing.\n\nTo fix this issue, cache the cpumask into a temporary variable before\ncalling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged\nduring the printing process." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/360596e7fe319a5db1b5fb34a3952862ae53c924", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b02cf1d27e460ab2b3e1c8c9ce472d562cad2e8d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ca47e933a900492d89dcf5db18a99c28bd4a742d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cbd399f78e23ad4492c174fc5e6b3676dba74a52", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57918.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57918.json new file mode 100644 index 00000000000..b86c553566d --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57918.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57918", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:25.960", + "lastModified": "2025-01-19T12:15:25.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix page fault due to max surface definition mismatch\n\nDC driver is using two different values to define the maximum number of\nsurfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as\nthe unique definition for surface updates across DC.\n\nIt fixes page fault faced by Cosmic users on AMD display versions that\nsupport two overlay planes, since the introduction of cursor overlay\nmode.\n\n[Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b\n[ +0.000015] #PF: supervisor read access in kernel mode\n[ +0.000006] #PF: error_code(0x0000) - not-present page\n[ +0.000005] PGD 0 P4D 0\n[ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300\n[ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024\n[ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper]\n[ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b\n[ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206\n[ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070\n[ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000\n[ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000\n[ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000\n[ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000\n[ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000\n[ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0\n[ +0.000005] Call Trace:\n[ +0.000011] \n[ +0.000010] ? __die_body.cold+0x19/0x27\n[ +0.000012] ? page_fault_oops+0x15a/0x2d0\n[ +0.000014] ? exc_page_fault+0x7e/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu]\n[ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu]\n[ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu]\n[ +0.000450] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu]\n[ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu]\n[ +0.000464] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? sort+0x31/0x50\n[ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu]\n[ +0.000508] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu]\n[ +0.000377] ? srso_return_thunk+0x5/0x5f\n[ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm]\n[ +0.000058] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_default_wait+0x8c/0x260\n[ +0.000010] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? wait_for_completion_timeout+0x13b/0x170\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? dma_fence_wait_timeout+0x108/0x140\n[ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper]\n[ +0.000024] ? process_one_work+0x177/0x330\n[ +0.000008] ? worker_thread+0x266/0x3a0\n[ +0.000006] ? __pfx_worker_thread+0x10/0x10\n[ +0.000004] ? kthread+0xd2/0x100\n[ +0.000006] ? __pfx_kthread+0x10/0x10\n[ +0.000006] ? ret_from_fork+0x34/0x50\n[ +0.000004] ? __pfx_kthread+0x10/0x10\n[ +0.000005] ? ret_from_fork_asm+0x1a/0x30\n[ +0.000011] \n\n(cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/37b8de96ae48c7bb1a17cd5585195c43fcacbe94", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7de8d5c90be9ad9f6575e818a674801db2ada794", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57919.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57919.json new file mode 100644 index 00000000000..683de3e3cd2 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57919.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57919", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.053", + "lastModified": "2025-01-19T12:15:26.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix divide error in DM plane scale calcs\n\ndm_get_plane_scale doesn't take into account plane scaled size equal to\nzero, leading to a kernel oops due to division by zero. Fix by setting\nout-scale size as zero when the dst size is zero, similar to what is\ndone by drm_calc_scale(). This issue started with the introduction of\ncursor ovelay mode that uses this function to assess cursor mode changes\nvia dm_crtc_get_cursor_mode() before checking plane state.\n\n[Dec17 17:14] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000018] CPU: 5 PID: 1660 Comm: surface-DP-1 Not tainted 6.10.0+ #231\n[ +0.000007] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024\n[ +0.000004] RIP: 0010:dm_get_plane_scale+0x3f/0x60 [amdgpu]\n[ +0.000553] Code: 44 0f b7 41 3a 44 0f b7 49 3e 83 e0 0f 48 0f a3 c2 73 21 69 41 28 e8 03 00 00 31 d2 41 f7 f1 31 d2 89 06 69 41 2c e8 03 00 00 <41> f7 f0 89 07 e9 d7 d8 7e e9 44 89 c8 45 89 c1 41 89 c0 eb d4 66\n[ +0.000005] RSP: 0018:ffffa8df0de6b8a0 EFLAGS: 00010246\n[ +0.000006] RAX: 00000000000003e8 RBX: ffff9ac65c1f6e00 RCX: ffff9ac65d055500\n[ +0.000003] RDX: 0000000000000000 RSI: ffffa8df0de6b8b0 RDI: ffffa8df0de6b8b4\n[ +0.000004] RBP: ffff9ac64e7a5800 R08: 0000000000000000 R09: 0000000000000a00\n[ +0.000003] R10: 00000000000000ff R11: 0000000000000054 R12: ffff9ac6d0700010\n[ +0.000003] R13: ffff9ac65d054f00 R14: ffff9ac65d055500 R15: ffff9ac64e7a60a0\n[ +0.000004] FS: 00007f869ea00640(0000) GS:ffff9ac970080000(0000) knlGS:0000000000000000\n[ +0.000004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000003] CR2: 000055ca701becd0 CR3: 000000010e7f2000 CR4: 0000000000350ef0\n[ +0.000004] Call Trace:\n[ +0.000007] \n[ +0.000006] ? __die_body.cold+0x19/0x27\n[ +0.000009] ? die+0x2e/0x50\n[ +0.000007] ? do_trap+0xca/0x110\n[ +0.000007] ? do_error_trap+0x6a/0x90\n[ +0.000006] ? dm_get_plane_scale+0x3f/0x60 [amdgpu]\n[ +0.000504] ? exc_divide_error+0x38/0x50\n[ +0.000005] ? dm_get_plane_scale+0x3f/0x60 [amdgpu]\n[ +0.000488] ? asm_exc_divide_error+0x1a/0x20\n[ +0.000011] ? dm_get_plane_scale+0x3f/0x60 [amdgpu]\n[ +0.000593] dm_crtc_get_cursor_mode+0x33f/0x430 [amdgpu]\n[ +0.000562] amdgpu_dm_atomic_check+0x2ef/0x1770 [amdgpu]\n[ +0.000501] drm_atomic_check_only+0x5e1/0xa30 [drm]\n[ +0.000047] drm_mode_atomic_ioctl+0x832/0xcb0 [drm]\n[ +0.000050] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm]\n[ +0.000047] drm_ioctl_kernel+0xb3/0x100 [drm]\n[ +0.000062] drm_ioctl+0x27a/0x4f0 [drm]\n[ +0.000049] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm]\n[ +0.000055] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu]\n[ +0.000360] __x64_sys_ioctl+0x97/0xd0\n[ +0.000010] do_syscall_64+0x82/0x190\n[ +0.000008] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm]\n[ +0.000044] ? srso_return_thunk+0x5/0x5f\n[ +0.000006] ? drm_ioctl_kernel+0xb3/0x100 [drm]\n[ +0.000040] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? __check_object_size+0x50/0x220\n[ +0.000007] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? drm_ioctl+0x2a4/0x4f0 [drm]\n[ +0.000039] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm]\n[ +0.000043] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? __pm_runtime_suspend+0x69/0xc0\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? amdgpu_drm_ioctl+0x71/0x90 [amdgpu]\n[ +0.000366] ? srso_return_thunk+0x5/0x5f\n[ +0.000006] ? syscall_exit_to_user_mode+0x77/0x210\n[ +0.000007] ? srso_return_thunk+0x5/0x5f\n[ +0.000005] ? do_syscall_64+0x8e/0x190\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000006] ? do_syscall_64+0x8e/0x190\n[ +0.000006] ? srso_return_thunk+0x5/0x5f\n[ +0.000007] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000008] RIP: 0033:0x55bb7cd962bc\n[ +0.000007] Code: 4c 89 6c 24 18 4c 89 64 24 20 4c 89 74 24 28 0f 57 c0 0f 11 44 24 30 89 c7 48 8d 54 24 08 b8 10 00 00 00 be bc 64\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5225fd2a26211d012533acf98a6ad3f983885817", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c2eaa73bd542b0168a0519e4a1c6e94bc121ec3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57920.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57920.json new file mode 100644 index 00000000000..71d615ae3c2 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57920.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57920", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.150", + "lastModified": "2025-01-19T12:15:26.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: wq_release signals dma_fence only when available\n\nkfd_process_wq_release() signals eviction fence by\ndma_fence_signal() which wanrs if dma_fence\nis NULL.\n\nkfd_process->ef is initialized by kfd_process_device_init_vm()\nthrough ioctl. That means the fence is NULL for a new\ncreated kfd_process, and close a kfd_process right\nafter open it will trigger the warning.\n\nThis commit conditionally signals the eviction fence\nin kfd_process_wq_release() only when it is available.\n\n[ 503.660882] WARNING: CPU: 0 PID: 9 at drivers/dma-buf/dma-fence.c:467 dma_fence_signal+0x74/0xa0\n[ 503.782940] Workqueue: kfd_process_wq kfd_process_wq_release [amdgpu]\n[ 503.789640] RIP: 0010:dma_fence_signal+0x74/0xa0\n[ 503.877620] Call Trace:\n[ 503.880066] \n[ 503.882168] ? __warn+0xcd/0x260\n[ 503.885407] ? dma_fence_signal+0x74/0xa0\n[ 503.889416] ? report_bug+0x288/0x2d0\n[ 503.893089] ? handle_bug+0x53/0xa0\n[ 503.896587] ? exc_invalid_op+0x14/0x50\n[ 503.900424] ? asm_exc_invalid_op+0x16/0x20\n[ 503.904616] ? dma_fence_signal+0x74/0xa0\n[ 503.908626] kfd_process_wq_release+0x6b/0x370 [amdgpu]\n[ 503.914081] process_one_work+0x654/0x10a0\n[ 503.918186] worker_thread+0x6c3/0xe70\n[ 503.921943] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 503.926735] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 503.931527] ? __kthread_parkme+0x82/0x140\n[ 503.935631] ? __pfx_worker_thread+0x10/0x10\n[ 503.939904] kthread+0x2a8/0x380\n[ 503.943132] ? __pfx_kthread+0x10/0x10\n[ 503.946882] ret_from_fork+0x2d/0x70\n[ 503.950458] ? __pfx_kthread+0x10/0x10\n[ 503.954210] ret_from_fork_asm+0x1a/0x30\n[ 503.958142] \n[ 503.960328] ---[ end trace 0000000000000000 ]---\n\n(cherry picked from commit 2774ef7625adb5fb9e9265c26a59dca7b8fd171e)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a993d319aebb7cce8a10c6e685344b7c2ad5c4c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c8243def299793ac6c85fdc1086089c800c1051a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57921.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57921.json new file mode 100644 index 00000000000..607c2bfd3e0 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57921.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57921", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.247", + "lastModified": "2025-01-19T12:15:26.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add a lock when accessing the buddy trim function\n\nWhen running YouTube videos and Steam games simultaneously,\nthe tester found a system hang / race condition issue with\nthe multi-display configuration setting. Adding a lock to\nthe buddy allocator's trim function would be the solution.\n\n\n[ 7197.250436] general protection fault, probably for non-canonical address 0xdead000000000108\n[ 7197.250447] RIP: 0010:__alloc_range+0x8b/0x340 [amddrm_buddy]\n[ 7197.250470] Call Trace:\n[ 7197.250472] \n[ 7197.250475] ? show_regs+0x6d/0x80\n[ 7197.250481] ? die_addr+0x37/0xa0\n[ 7197.250483] ? exc_general_protection+0x1db/0x480\n[ 7197.250488] ? drm_suballoc_new+0x13c/0x93d [drm_suballoc_helper]\n[ 7197.250493] ? asm_exc_general_protection+0x27/0x30\n[ 7197.250498] ? __alloc_range+0x8b/0x340 [amddrm_buddy]\n[ 7197.250501] ? __alloc_range+0x109/0x340 [amddrm_buddy]\n[ 7197.250506] amddrm_buddy_block_trim+0x1b5/0x260 [amddrm_buddy]\n[ 7197.250511] amdgpu_vram_mgr_new+0x4f5/0x590 [amdgpu]\n[ 7197.250682] amdttm_resource_alloc+0x46/0xb0 [amdttm]\n[ 7197.250689] ttm_bo_alloc_resource+0xe4/0x370 [amdttm]\n[ 7197.250696] amdttm_bo_validate+0x9d/0x180 [amdttm]\n[ 7197.250701] amdgpu_bo_pin+0x15a/0x2f0 [amdgpu]\n[ 7197.250831] amdgpu_dm_plane_helper_prepare_fb+0xb2/0x360 [amdgpu]\n[ 7197.251025] ? try_wait_for_completion+0x59/0x70\n[ 7197.251030] drm_atomic_helper_prepare_planes.part.0+0x2f/0x1e0\n[ 7197.251035] drm_atomic_helper_prepare_planes+0x5d/0x70\n[ 7197.251037] drm_atomic_helper_commit+0x84/0x160\n[ 7197.251040] drm_atomic_nonblocking_commit+0x59/0x70\n[ 7197.251043] drm_mode_atomic_ioctl+0x720/0x850\n[ 7197.251047] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n[ 7197.251049] drm_ioctl_kernel+0xb9/0x120\n[ 7197.251053] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 7197.251056] drm_ioctl+0x2d4/0x550\n[ 7197.251058] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n[ 7197.251063] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu]\n[ 7197.251186] __x64_sys_ioctl+0xa0/0xf0\n[ 7197.251190] x64_sys_call+0x143b/0x25c0\n[ 7197.251193] do_syscall_64+0x7f/0x180\n[ 7197.251197] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 7197.251199] ? amdgpu_display_user_framebuffer_create+0x215/0x320 [amdgpu]\n[ 7197.251329] ? drm_internal_framebuffer_create+0xb7/0x1a0\n[ 7197.251332] ? srso_alias_return_thunk+0x5/0xfbef5\n\n(cherry picked from commit 3318ba94e56b9183d0304577c74b33b6b01ce516)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/758e3c3054b65336cf0c5f240221f63b4fb98478", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/75c8b703e5bded1e33b08fb09b829e7c2c1ed50a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57922.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57922.json new file mode 100644 index 00000000000..a58cde2c309 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57922.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57922", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.337", + "lastModified": "2025-01-19T12:15:26.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add check for granularity in dml ceil/floor helpers\n\n[Why]\nWrapper functions for dcn_bw_ceil2() and dcn_bw_floor2()\nshould check for granularity is non zero to avoid assert and\ndivide-by-zero error in dcn_bw_ functions.\n\n[How]\nAdd check for granularity 0.\n\n(cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0881fbc4fd62e00a2b8e102725f76d10351b2ea8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f0dd09ed3001725ffd8cdc2868e71df585392fe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ae9ab63a268be99a27a4720ca24f6be801744fee", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f3d1e4062ef251fa55ccfeca1e54a98b6818b3a1", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57923.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57923.json new file mode 100644 index 00000000000..684cd053ed3 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57923.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57923", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.433", + "lastModified": "2025-01-19T12:15:26.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zlib: fix avail_in bytes for s390 zlib HW compression path\n\nSince the input data length passed to zlib_compress_folios() can be\narbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may\ncause read-in bytes to exceed the input range. Currently this triggers\nan assert in btrfs_compress_folios() on the debug kernel (see below).\nFix strm.avail_in calculation for S390 hardware acceleration path.\n\n assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/compression.c:1041!\n monitor event: 0040 ilc:2 [#1] PREEMPT SMP\n CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1\n Hardware name: IBM 3931 A01 703 (z/VM 7.4.0)\n Workqueue: btrfs-delalloc btrfs_work_helper\n Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000\n 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c\n 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001\n 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58\n Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310\n 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8\n #0000021761df6534: af000000 mc 0,0\n >0000021761df6538: 0707 bcr 0,%r7\n 0000021761df653a: 0707 bcr 0,%r7\n 0000021761df653c: 0707 bcr 0,%r7\n 0000021761df653e: 0707 bcr 0,%r7\n 0000021761df6540: c004004bb7ec brcl 0,000002176276d518\n Call Trace:\n [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0\n ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0)\n [<0000021761d97788>] compress_file_range+0x3b8/0x6d0\n [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160\n [<0000021761645760>] process_one_work+0x2b0/0x5d0\n [<000002176164637e>] worker_thread+0x20e/0x3e0\n [<000002176165221a>] kthread+0x15a/0x170\n [<00000217615b859c>] __ret_from_fork+0x3c/0x60\n [<00000217626e72d2>] ret_from_fork+0xa/0x38\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [<0000021761597924>] _printk+0x4c/0x58\n Kernel panic - not syncing: Fatal exception: panic_on_oops" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0ee4736c003daded513de0ff112d4a1e9c85bbab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/25adbb08aeadcff883ab801df99fd20fefbb6ca4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57924.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57924.json new file mode 100644 index 00000000000..3df529b5285 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57924.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57924", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.530", + "lastModified": "2025-01-19T12:15:26.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem >encode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when ->encode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of ->encode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels < v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels < v6.6." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/974e3fe0ac61de85015bbe5a4990cf4127b304b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57925.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57925.json new file mode 100644 index 00000000000..12de589cc76 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57925.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57925", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.617", + "lastModified": "2025-01-19T12:15:26.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix a missing return value check bug\n\nIn the smb2_send_interim_resp(), if ksmbd_alloc_work_struct()\nfails to allocate a node, it returns a NULL pointer to the\nin_work pointer. This can lead to an illegal memory write of\nin_work->response_buf when allocate_interim_rsp_buf() attempts\nto perform a kzalloc() on it.\n\nTo address this issue, incorporating a check for the return\nvalue of ksmbd_alloc_work_struct() ensures that the function\nreturns immediately upon allocation failure, thereby preventing\nthe aforementioned illegal memory access." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/271ae0edbfc942795c162e6cf20d2bc02bd7fde4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/2976e91a3e569cf2c92c9f71512c0ab1312fe965", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ee7e40f7fb17f08a8cbae50553e5c2e10ae32fce", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57926.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57926.json new file mode 100644 index 00000000000..ccf24d94482 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57926.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57926", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.713", + "lastModified": "2025-01-19T12:15:26.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err\n\nThe pointer need to be set to NULL, otherwise KASAN complains about\nuse-after-free. Because in mtk_drm_bind, all private's drm are set\nas follows.\n\nprivate->all_drm_private[i]->drm = drm;\n\nAnd drm will be released by drm_dev_put in case mtk_drm_kms_init returns\nfailure. However, the shutdown path still accesses the previous allocated\nmemory in drm_atomic_helper_shutdown.\n\n[ 84.874820] watchdog: watchdog0: watchdog did not stop!\n[ 86.512054] ==================================================================\n[ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1\n[ 86.515213]\n[ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55\n[ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022\n[ 86.517960] Call trace:\n[ 86.518333] show_stack+0x20/0x38 (C)\n[ 86.518891] dump_stack_lvl+0x90/0xd0\n[ 86.519443] print_report+0xf8/0x5b0\n[ 86.519985] kasan_report+0xb4/0x100\n[ 86.520526] __asan_report_load8_noabort+0x20/0x30\n[ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.521966] mtk_drm_shutdown+0x54/0x80\n[ 86.522546] platform_shutdown+0x64/0x90\n[ 86.523137] device_shutdown+0x260/0x5b8\n[ 86.523728] kernel_restart+0x78/0xf0\n[ 86.524282] __do_sys_reboot+0x258/0x2f0\n[ 86.524871] __arm64_sys_reboot+0x90/0xd8\n[ 86.525473] invoke_syscall+0x74/0x268\n[ 86.526041] el0_svc_common.constprop.0+0xb0/0x240\n[ 86.526751] do_el0_svc+0x4c/0x70\n[ 86.527251] el0_svc+0x4c/0xc0\n[ 86.527719] el0t_64_sync_handler+0x144/0x168\n[ 86.528367] el0t_64_sync+0x198/0x1a0\n[ 86.528920]\n[ 86.529157] The buggy address belongs to the physical page:\n[ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc\n[ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff)\n[ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000\n[ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000\n[ 86.534511] page dumped because: kasan: bad access detected\n[ 86.535323]\n[ 86.535559] Memory state around the buggy address:\n[ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.544733] ^\n[ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.563928] ==================================================================\n[ 86.571093] Disabling lock debugging due to kernel taint\n[ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b\n[ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f]\n..." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/078b2ff7da200b7532398e668eef723ad40fb516", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/36684e9d88a2e2401ae26715a2e217cb4295cea7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7083b93e9755d60f0c2bcaa9d064308108280534", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57927.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57927.json new file mode 100644 index 00000000000..5e17e6af7f9 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57927.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57927", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.810", + "lastModified": "2025-01-19T12:15:26.810", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix oops in nfs_netfs_init_request() when copying to cache\n\nWhen netfslib wants to copy some data that has just been read on behalf of\nnfs, it creates a new write request and calls nfs_netfs_init_request() to\ninitialise it, but with a NULL file pointer. This causes\nnfs_file_open_context() to oops - however, we don't actually need the nfs\ncontext as we're only going to write to the cache.\n\nFix this by just returning if we aren't given a file pointer and emit a\nwarning if the request was for something other than copy-to-cache.\n\nFurther, fix nfs_netfs_free_request() so that it doesn't try to free the\ncontext if the pointer is NULL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/13a07cc81e2d116cece727a83746c74b87a9d417", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/86ad1a58f6a9453f49e06ef957a40a8dac00a13f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57928.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57928.json new file mode 100644 index 00000000000..2cd44c9bd6c --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57928.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57928", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:26.903", + "lastModified": "2025-01-19T12:15:26.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix enomem handling in buffered reads\n\nIf netfs_read_to_pagecache() gets an error from either ->prepare_read() or\nfrom netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding,\ncancel the subrequest and break out of the issuing loop. Currently, it\nonly does this for two of the cases, but there are two more that aren't\nhandled.\n\nFix this by moving the handling to a common place and jumping to it from\nall four places. This is in preference to inserting a wrapper around\nnetfs_prepare_read_iterator() as proposed by Dmitry Antipov[1]." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/105549d09a539a876b7c3330ab52d8aceedad358", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/88ecdfea1b333de5c51442b45cd549eeadf01852", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-579xx/CVE-2024-57929.json b/CVE-2024/CVE-2024-579xx/CVE-2024-57929.json new file mode 100644 index 00000000000..009141a3242 --- /dev/null +++ b/CVE-2024/CVE-2024-579xx/CVE-2024-57929.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-57929", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T12:15:27.013", + "lastModified": "2025-01-19T12:15:27.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm array: fix releasing a faulty array block twice in dm_array_cursor_end\n\nWhen dm_bm_read_lock() fails due to locking or checksum errors, it\nreleases the faulty block implicitly while leaving an invalid output\npointer behind. The caller of dm_bm_read_lock() should not operate on\nthis invalid dm_block pointer, or it will lead to undefined result.\nFor example, the dm_array_cursor incorrectly caches the invalid pointer\non reading a faulty array block, causing a double release in\ndm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().\n\nReproduce steps:\n\n1. initialize a cache device\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc $262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. wipe the second array block offline\n\ndmsteup remove cache cmeta cdata corig\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n\n3. try reopen the cache device\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc $262144\"\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\nKernel logs:\n\n(snip)\ndevice-mapper: array: array_block_check failed: blocknr 0 != wanted 10\ndevice-mapper: block manager: array validator check failed for block 10\ndevice-mapper: array: get_ablock failed\ndevice-mapper: cache metadata: dm_array_cursor_next for mapping failed\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-bufio.c:638!\n\nFix by setting the cached block pointer to NULL on errors.\n\nIn addition to the reproducer described above, this fix can be\nverified using the \"array_cursor/damaged\" test in dm-unit:\n dm-unit run /pdata/array_cursor/damaged --kernel-dir " + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/017c4470bff53585370028fec9341247bad358ff", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6002bec5354f86d1a2df21468f68e3ec03ede9da", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e477021d252c007f0c6d45b5d13d341efed03979", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f2893c0804d86230ffb8f1c8703fdbb18648abc8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21631.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21631.json new file mode 100644 index 00000000000..0ff88d398ad --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21631.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21631", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:07.667", + "lastModified": "2025-01-19T11:15:07.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2550149fcdf2934155ff625d76ad4e3d4b25bbc6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bc2aeb35ff167e0c6b0cedf0c96a5c41e6cba1ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/be3eed59ac01f429ac10aaa46e26f653bcf581ab", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/fcede1f0a043ccefe9bc6ad57f12718e42f63f1d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21632.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21632.json new file mode 100644 index 00000000000..a48f9ab1dd4 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21632.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21632", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:08.650", + "lastModified": "2025-01-19T11:15:08.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure shadow stack is active before \"getting\" registers\n\nThe x86 shadow stack support has its own set of registers. Those registers\nare XSAVE-managed, but they are \"supervisor state components\" which means\nthat userspace can not touch them with XSAVE/XRSTOR. It also means that\nthey are not accessible from the existing ptrace ABI for XSAVE state.\nThus, there is a new ptrace get/set interface for it.\n\nThe regset code that ptrace uses provides an ->active() handler in\naddition to the get/set ones. For shadow stack this ->active() handler\nverifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the\nthread struct. The ->active() handler is checked from some call sites of\nthe regset get/set handlers, but not the ptrace ones. This was not\nunderstood when shadow stack support was put in place.\n\nAs a result, both the set/get handlers can be called with\nXFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to\nreturn NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an\nssp_active() check to avoid surprising the kernel with shadow stack\nbehavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That\ncheck just happened to avoid the warning.\n\nBut the ->get() side wasn't so lucky. It can be called with shadow stacks\ndisabled, triggering the warning in practice, as reported by Christina\nSchimpe:\n\nWARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0\n[...]\nCall Trace:\n\n? show_regs+0x6e/0x80\n? ssp_get+0x89/0xa0\n? __warn+0x91/0x150\n? ssp_get+0x89/0xa0\n? report_bug+0x19d/0x1b0\n? handle_bug+0x46/0x80\n? exc_invalid_op+0x1d/0x80\n? asm_exc_invalid_op+0x1f/0x30\n? __pfx_ssp_get+0x10/0x10\n? ssp_get+0x89/0xa0\n? ssp_get+0x52/0xa0\n__regset_get+0xad/0xf0\ncopy_regset_to_user+0x52/0xc0\nptrace_regset+0x119/0x140\nptrace_request+0x13c/0x850\n? wait_task_inactive+0x142/0x1d0\n? do_syscall_64+0x6d/0x90\narch_ptrace+0x102/0x300\n[...]\n\nEnsure that shadow stacks are active in a thread before looking them up\nin the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are\nset at the same time, the active check ensures that there will be\nsomething to find in the XSAVE buffer.\n\n[ dhansen: changelog/subject tweaks ]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0a3a872214188e4268d31581ed0cd44508e038cf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6bfe1fc22f462bec87422cdcbec4d7a2f43ff01d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a9d9c33132d49329ada647e4514d210d15e31d81", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21633.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21633.json new file mode 100644 index 00000000000..e937a37ce4c --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21633.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21633", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:08.773", + "lastModified": "2025-01-19T11:15:08.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: zero sqd->thread on tctx errors\n\nSyzkeller reports:\n\nBUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341\nRead of size 8 at addr ffff88803578c510 by task syz.2.3223/27552\n Call Trace:\n \n ...\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341\n thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639\n getrusage+0x1000/0x1340 kernel/sys.c:1863\n io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197\n seq_show+0x608/0x770 fs/proc/fd.c:68\n ...\n\nThat's due to sqd->task not being cleared properly in cases where\nSQPOLL task tctx setup fails, which can essentially only happen with\nfault injection to insert allocation errors." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4b7cfa8b6c28a9fa22b86894166a1a34f6d630ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aa7496d668c30ca7421b3bfdcd948ee861a13d17", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21634.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21634.json new file mode 100644 index 00000000000..1f65a503a70 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21634.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21634", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:08.890", + "lastModified": "2025-01-19T11:15:08.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: remove kernfs active break\n\nA warning was found:\n\nWARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828\nCPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G\nRIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0\nRSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202\nRAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000\nRDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04\nRBP: ffff888154738c04 R08: ffffffffaf27fa15 R09: ffffed102a8e7180\nR10: ffff888154738c07 R11: 0000000000000000 R12: ffff888154738c08\nR13: ffff888750f8c000 R14: ffff888750f8c0e8 R15: ffff888154738ca0\nFS: 00007f84cd0be740(0000) GS:ffff8887ddc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000555f9fbe00c8 CR3: 0000000153eec001 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n kernfs_drain+0x15e/0x2f0\n __kernfs_remove+0x165/0x300\n kernfs_remove_by_name_ns+0x7b/0xc0\n cgroup_rm_file+0x154/0x1c0\n cgroup_addrm_files+0x1c2/0x1f0\n css_clear_dir+0x77/0x110\n kill_css+0x4c/0x1b0\n cgroup_destroy_locked+0x194/0x380\n cgroup_rmdir+0x2a/0x140\n\nIt can be explained by:\nrmdir \t\t\t\techo 1 > cpuset.cpus\n\t\t\t\tkernfs_fop_write_iter // active=0\ncgroup_rm_file\nkernfs_remove_by_name_ns\tkernfs_get_active // active=1\n__kernfs_remove\t\t\t\t\t // active=0x80000002\nkernfs_drain\t\t\tcpuset_write_resmask\nwait_event\n//waiting (active == 0x80000001)\n\t\t\t\tkernfs_break_active_protection\n\t\t\t\t// active = 0x80000001\n// continue\n\t\t\t\tkernfs_unbreak_active_protection\n\t\t\t\t// active = 0x80000002\n...\nkernfs_should_drain_open_files\n// warning occurs\n\t\t\t\tkernfs_put_active\n\nThis warning is caused by 'kernfs_break_active_protection' when it is\nwriting to cpuset.cpus, and the cgroup is removed concurrently.\n\nThe commit 3a5a6d0c2b03 (\"cpuset: don't nest cgroup_mutex inside\nget_online_cpus()\") made cpuset_hotplug_workfn asynchronous, This change\ninvolves calling flush_work(), which can create a multiple processes\ncircular locking dependency that involve cgroup_mutex, potentially leading\nto a deadlock. To avoid deadlock. the commit 76bb5ab8f6e3 (\"cpuset: break\nkernfs active protection in cpuset_write_resmask()\") added\n'kernfs_break_active_protection' in the cpuset_write_resmask. This could\nlead to this warning.\n\nAfter the commit 2125c0034c5d (\"cgroup/cpuset: Make cpuset hotplug\nprocessing synchronous\"), the cpuset_write_resmask no longer needs to\nwait the hotplug to finish, which means that concurrent hotplug and cpuset\noperations are no longer possible. Therefore, the deadlock doesn't exist\nanymore and it does not have to 'break active protection' now. To fix this\nwarning, just remove kernfs_break_active_protection operation in the\n'cpuset_write_resmask'." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/11cb1d643a74665a4e14749414f48f82cbc15c64", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/3cb97a927fffe443e1e7e8eddbfebfdb062e86ed", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21635.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21635.json new file mode 100644 index 00000000000..1d3cbcfaade --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21635.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21635", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.000", + "lastModified": "2025-01-19T11:15:09.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table->data using\ncontainer_of(), then the 'net' one can be retrieved from the listen\nsocket (if available)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/de8d6de0ee27be4b2b1e5b06f04aeacbabbba492", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21636.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21636.json new file mode 100644 index 00000000000..202f0ed0c35 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21636.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21636", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.110", + "lastModified": "2025-01-19T11:15:09.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.probe_interval' is\nused." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/284a221f8fa503628432c7bb5108277c688c6ffa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/44ee8635922b6eb940faddb961a8347c6857d722", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6259d2484d0ceff42245d1f09cc8cb6ee72d847a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcf8c60074e81ed2ac2d35130917175a3949c917", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21637.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21637.json new file mode 100644 index 00000000000..715a8b9d17e --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21637.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21637", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.217", + "lastModified": "2025-01-19T11:15:09.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, but that would\nincrease the size of this fix, while 'sctp.ctl_sock' still needs to be\nretrieved from 'net' structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/55627918febdf9d71107a1e68d1528dc591c9a15", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5b77d73f3be5102720fb685b9e6900e3500e1096", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c10377bbc1972d858eaf0ab366a311b39f8ef1b6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e919197fb8616331f5dc81e4c3cc3d12769cb725", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21638.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21638.json new file mode 100644 index 00000000000..0f23a813e12 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21638.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21638", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.317", + "lastModified": "2025-01-19T11:15:09.317", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, but that would\nincrease the size of this fix, while 'sctp.ctl_sock' still needs to be\nretrieved from 'net' structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/15649fd5415eda664ef35780c2013adeb5d9c695", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1b67030d39f2b00f94ac1f0af11ba6657589e4d3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c184bc621e3cef03ac9ba81a50dda2dae6a21d36", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21639.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21639.json new file mode 100644 index 00000000000..a59f62c3a17 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21639.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21639", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.423", + "lastModified": "2025-01-19T11:15:09.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4059507e34aa5fe0fa9fd5b2b5f0c8b26ab2d482", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9fc17b76fc70763780aa78b38fcf4742384044a5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c87f1f6ade56c711f8736901e330685b453e420e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dc9d0e3cfd16f66fbf0862857c6b391c8613ca9f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21640.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21640.json new file mode 100644 index 00000000000..5e41b20696c --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21640.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21640", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.537", + "lastModified": "2025-01-19T11:15:09.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is\nused." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21641.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21641.json new file mode 100644 index 00000000000..1f3b3d711cc --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21641.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21641", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.643", + "lastModified": "2025-01-19T11:15:09.643", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: sysctl: blackhole timeout: avoid using current->nsproxy\n\nAs mentioned in the previous commit, using the 'net' structure via\n'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'pernet' structure can be obtained from the table->data using\ncontainer_of()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/4c74fbdc5ab95b13945be01e6065940b68222db7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/92cf7a51bdae24a32c592adcdd59a773ae149289", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21642.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21642.json new file mode 100644 index 00000000000..29adf261c7b --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21642.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21642", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.757", + "lastModified": "2025-01-19T11:15:09.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: sysctl: sched: avoid using current->nsproxy\n\nUsing the 'net' structure via 'current' is not recommended for different\nreasons.\n\nFirst, if the goal is to use it to read or write per-netns data, this is\ninconsistent with how the \"generic\" sysctl entries are doing: directly\nby only using pointers set to the table entry, e.g. table->data. Linked\nto that, the per-netns data should always be obtained from the table\nlinked to the netns it had been created for, which may not coincide with\nthe reader's or writer's netns.\n\nAnother reason is that access to current->nsproxy->netns can oops if\nattempted when current->nsproxy had been dropped when the current task\nis exiting. This is what syzbot found, when using acct(2):\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125\n Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00\n RSP: 0018:ffffc900034774e8 EFLAGS: 00010206\n\n RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620\n RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028\n RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040\n R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000\n R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000\n FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601\n __kernel_write_iter+0x318/0xa80 fs/read_write.c:612\n __kernel_write+0xf6/0x140 fs/read_write.c:632\n do_acct_process+0xcb0/0x14a0 kernel/acct.c:539\n acct_pin_kill+0x2d/0x100 kernel/acct.c:192\n pin_kill+0x194/0x7c0 fs/fs_pin.c:44\n mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81\n cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xad8/0x2d70 kernel/exit.c:938\n do_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n get_signal+0x2576/0x2610 kernel/signal.c:3017\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7fee3cb87a6a\n Code: Unable to access opcode bytes at 0x7fee3cb87a40.\n RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037\n RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a\n RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7\n R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500\n R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125\n Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/6035702381c35a8f16757332381e58b348a9eaf9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c0e394fd6b887e84da17e38aaa6c1c104f9c86c2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d38e26e36206ae3d544d496513212ae931d1da0a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21643.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21643.json new file mode 100644 index 00000000000..a07fa09a884 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21643.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21643", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.870", + "lastModified": "2025-01-19T11:15:09.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel async DIO\n\nNetfslib needs to be able to handle kernel-initiated asynchronous DIO that\nis supplied with a bio_vec[] array. Currently, because of the async flag,\nthis gets passed to netfs_extract_user_iter() which throws a warning and\nfails because it only handles IOVEC and UBUF iterators. This can be\ntriggered through a combination of cifs and a loopback blockdev with\nsomething like:\n\n mount //my/cifs/share /foo\n dd if=/dev/zero of=/foo/m0 bs=4K count=1K\n losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0\n echo hello >/dev/loop2046\n\nThis causes the following to appear in syslog:\n\n WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs]\n\nand the write to fail.\n\nFix this by removing the check in netfs_unbuffered_write_iter_locked() that\ncauses async kernel DIO writes to be handled as userspace writes. Note\nthat this change relies on the kernel caller maintaining the existence of\nthe bio_vec array (or kvec[] or folio_queue) until the op is complete." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3f6bc9e3ab9b127171d39f9ac6eca1abb693b731", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9f3a265836844eda30bf34c2584b8011fd4f0f49", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21644.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21644.json new file mode 100644 index 00000000000..abc4cb70030 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21644.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21644", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:09.977", + "lastModified": "2025-01-19T11:15:09.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix tlb invalidation when wedging\n\nIf GuC fails to load, the driver wedges, but in the process it tries to\ndo stuff that may not be initialized yet. This moves the\nxe_gt_tlb_invalidation_init() to be done earlier: as its own doc says,\nit's a software-only initialization and should had been named with the\n_early() suffix.\n\nMove it to be called by xe_gt_init_early(), so the locks and seqno are\ninitialized, avoiding a NULL ptr deref when wedging:\n\n\txe 0000:03:00.0: [drm] *ERROR* GT0: load failed: status: Reset = 0, BootROM = 0x50, UKernel = 0x00, MIA = 0x00, Auth = 0x01\n\txe 0000:03:00.0: [drm] *ERROR* GT0: firmware signature verification failed\n\txe 0000:03:00.0: [drm] *ERROR* CRITICAL: Xe has declared device 0000:03:00.0 as wedged.\n\t...\n\tBUG: kernel NULL pointer dereference, address: 0000000000000000\n\t#PF: supervisor read access in kernel mode\n\t#PF: error_code(0x0000) - not-present page\n\tPGD 0 P4D 0\n\tOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n\tCPU: 9 UID: 0 PID: 3908 Comm: modprobe Tainted: G U W 6.13.0-rc4-xe+ #3\n\tTainted: [U]=USER, [W]=WARN\n\tHardware name: Intel Corporation Alder Lake Client Platform/AlderLake-S ADP-S DDR5 UDIMM CRB, BIOS ADLSFWI1.R00.3275.A00.2207010640 07/01/2022\n\tRIP: 0010:xe_gt_tlb_invalidation_reset+0x75/0x110 [xe]\n\nThis can be easily triggered by poking the GuC binary to force a\nsignature failure. There will still be an extra message,\n\n\txe 0000:03:00.0: [drm] *ERROR* GT0: GuC mmio request 0x4100: no reply 0x4100\n\nbut that's better than a NULL ptr deref.\n\n(cherry picked from commit 5001ef3af8f2c972d6fd9c5221a8457556f8bea6)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/09b94ddc58c6640cbbc7775a61a5387b8be71488", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/9ab4981552930a9c45682d62424ba610edc3992d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21645.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21645.json new file mode 100644 index 00000000000..96d3781295c --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21645.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21645", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.090", + "lastModified": "2025-01-19T11:15:10.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it\n\nWakeup for IRQ1 should be disabled only in cases where i8042 had\nactually enabled it, otherwise \"wake_depth\" for this IRQ will try to\ndrop below zero and there will be an unpleasant WARN() logged:\n\nkernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug\nkernel: ------------[ cut here ]------------\nkernel: Unbalanced IRQ 1 wake disable\nkernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0\n\nThe PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops\nwhich sets amd_pmc_suspend_handler() to the .suspend, .freeze, and\n.poweroff handlers. i8042_pm_suspend(), however, is only set as\nthe .suspend handler.\n\nFix the issue by call PMC suspend handler only from the same set of\ndev_pm_ops handlers as i8042_pm_suspend(), which currently means just\nthe .suspend handler.\n\nTo reproduce this issue try hibernating (S4) the machine after a fresh boot\nwithout putting it into s2idle first.\n\n[ij: edited the commit message.]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5cc621085e2b7a9b1905a98f8e5a86bb4aea2016", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b25778c87a6bce40c31e92364f08aa6240309e25", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dd410d784402c5775f66faf8b624e85e41c38aaf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21646.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21646.json new file mode 100644 index 00000000000..cc69960a6f6 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21646.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21646", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.197", + "lastModified": "2025-01-19T11:15:10.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix the maximum cell name length\n\nThe kafs filesystem limits the maximum length of a cell to 256 bytes, but a\nproblem occurs if someone actually does that: kafs tries to create a\ndirectory under /proc/net/afs/ with the name of the cell, but that fails\nwith a warning:\n\n WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405\n\nbecause procfs limits the maximum filename length to 255.\n\nHowever, the DNS limits the maximum lookup length and, by extension, the\nmaximum cell name, to 255 less two (length count and trailing NUL).\n\nFix this by limiting the maximum acceptable cellname length to 253. This\nalso allows us to be sure we can create the \"/afs/./\" mountpoint too.\n\nFurther, split the YFS VL record cell name maximum to be the 256 allowed by\nthe protocol and ignore the record retrieved by YFSVL.GetCellName if it\nexceeds 253." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7673030efe0f8ca1056d3849d61784c6caa052af", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7922b1f058fe24a93730511dd0ae2e1630920096", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/aabe47cf5ac5e1db2ae0635f189d836f67024904", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21647.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21647.json new file mode 100644 index 00000000000..efc8a7aa984 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21647.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21647", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.307", + "lastModified": "2025-01-19T11:15:10.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow's quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it's not worth\ncomplicating the code to preserve the old behaviour." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/27202e2e8721c3b23831563c36ed5ac7818641ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/737d4d91d35b5f7fa5bb442651472277318b0bfd", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91bb18950b88f955838ec0c1d97f74d135756dc7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a777e06dfc72bed73c05dcb437d7c27ad5f90f3f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21648.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21648.json new file mode 100644 index 00000000000..6bf874f2310 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21648.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21648", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.410", + "lastModified": "2025-01-19T11:15:10.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n 0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/5552b4fd44be3393b930434a7845d8d95a2a3c33", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d5807dd1328bbc86e059c5de80d1bbee9d58ca3d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f559357d035877b9d0dcd273e0ff83e18e1d46aa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21649.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21649.json new file mode 100644 index 00000000000..17f39de1b27 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21649.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21649", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.517", + "lastModified": "2025-01-19T11:15:10.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is sent on HIP08 devices\n\nCurrently, HIP08 devices does not register the ptp devices, so the\nhdev->ptp is NULL. But the tx process would still try to set hardware time\nstamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.\n\n[ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge]\n[ 128.292938] sp : ffff800059b93140\n[ 128.297200] x29: ffff800059b93140 x28: 0000000000003280\n[ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080\n[ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001\n[ 128.315969] x23: 0000000000000000 x22: 0000000000000194\n[ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000\n[ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000\n[ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24\n[ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000\n[ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368\n[ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02\n[ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0\n[ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000\n[ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff\n[ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294\n[ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080\n[ 128.390626] Call trace:\n[ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3]\n[ 128.405468] xmit_one.constprop.0+0xc4/0x200\n[ 128.410600] dev_hard_start_xmit+0x54/0xf0\n[ 128.415556] sch_direct_xmit+0xe8/0x634\n[ 128.420246] __dev_queue_xmit+0x224/0xc70\n[ 128.425101] dev_queue_xmit+0x1c/0x40\n[ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch]\n[ 128.435409] do_output+0x60/0x17c [openvswitch]\n[ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch]\n[ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch]\n[ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch]\n[ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch]\n[ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch]\n[ 128.471460] xmit_one.constprop.0+0xc4/0x200\n[ 128.476561] dev_hard_start_xmit+0x54/0xf0\n[ 128.481489] __dev_queue_xmit+0x968/0xc70\n[ 128.486330] dev_queue_xmit+0x1c/0x40\n[ 128.490856] ip_finish_output2+0x250/0x570\n[ 128.495810] __ip_finish_output+0x170/0x1e0\n[ 128.500832] ip_finish_output+0x3c/0xf0\n[ 128.505504] ip_output+0xbc/0x160\n[ 128.509654] ip_send_skb+0x58/0xd4\n[ 128.513892] udp_send_skb+0x12c/0x354\n[ 128.518387] udp_sendmsg+0x7a8/0x9c0\n[ 128.522793] inet_sendmsg+0x4c/0x8c\n[ 128.527116] __sock_sendmsg+0x48/0x80\n[ 128.531609] __sys_sendto+0x124/0x164\n[ 128.536099] __arm64_sys_sendto+0x30/0x5c\n[ 128.540935] invoke_syscall+0x50/0x130\n[ 128.545508] el0_svc_common.constprop.0+0x10c/0x124\n[ 128.551205] do_el0_svc+0x34/0xdc\n[ 128.555347] el0_svc+0x20/0x30\n[ 128.559227] el0_sync_handler+0xb8/0xc0\n[ 128.563883] el0_sync+0x160/0x180" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/9741e72b2286de8b38de9db685588ac421a95c87", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f19ab3ef96d9626e5f1bdc56d3574c355e83d623", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21650.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21650.json new file mode 100644 index 00000000000..a96a24c9dee --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21650.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21650", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.630", + "lastModified": "2025-01-19T11:15:10.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue\n\nThe TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs\n1024-1279 are in different BAR space addresses. However,\nhclge_fetch_pf_reg does not distinguish the tqp space information when\nreading the tqp space information. When the number of TQPs is greater\nthan 1024, access bar space overwriting occurs.\nThe problem of different segments has been considered during the\ninitialization of tqp.io_base. Therefore, tqp.io_base is directly used\nwhen the queue is read in hclge_fetch_pf_reg.\n\nThe error message:\n\nUnable to handle kernel paging request at virtual address ffff800037200000\npc : hclge_fetch_pf_reg+0x138/0x250 [hclge]\nlr : hclge_get_regs+0x84/0x1d0 [hclge]\nCall trace:\n hclge_fetch_pf_reg+0x138/0x250 [hclge]\n hclge_get_regs+0x84/0x1d0 [hclge]\n hns3_get_regs+0x2c/0x50 [hns3]\n ethtool_get_regs+0xf4/0x270\n dev_ethtool+0x674/0x8a0\n dev_ioctl+0x270/0x36c\n sock_do_ioctl+0x110/0x2a0\n sock_ioctl+0x2ac/0x530\n __arm64_sys_ioctl+0xa8/0x100\n invoke_syscall+0x4c/0x124\n el0_svc_common.constprop.0+0x140/0x15c\n do_el0_svc+0x30/0xd0\n el0_svc+0x1c/0x2c\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x168/0x180" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0575baa733fc4219f230aef22d5bc35d922f1e9a", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7997ddd46c54408bcba5e37fe18b4d832e45d4d4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21651.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21651.json new file mode 100644 index 00000000000..b7163d47b27 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21651.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-21651", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.733", + "lastModified": "2025-01-19T11:15:10.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: don't auto enable misc vector\n\nCurrently, there is a time window between misc irq enabled\nand service task inited. If an interrupte is reported at\nthis time, it will cause warning like below:\n\n[ 16.324639] Call trace:\n[ 16.324641] __queue_delayed_work+0xb8/0xe0\n[ 16.324643] mod_delayed_work_on+0x78/0xd0\n[ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge]\n[ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge]\n[ 16.324666] __handle_irq_event_percpu+0x64/0x1e0\n[ 16.324667] handle_irq_event+0x80/0x170\n[ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc\n[ 16.324671] __handle_domain_irq+0x84/0xfc\n[ 16.324673] gic_handle_irq+0x88/0x2c0\n[ 16.324674] el1_irq+0xb8/0x140\n[ 16.324677] arch_cpu_idle+0x18/0x40\n[ 16.324679] default_idle_call+0x5c/0x1bc\n[ 16.324682] cpuidle_idle_call+0x18c/0x1c4\n[ 16.324684] do_idle+0x174/0x17c\n[ 16.324685] cpu_startup_entry+0x30/0x6c\n[ 16.324687] secondary_start_kernel+0x1a4/0x280\n[ 16.324688] ---[ end trace 6aa0bff672a964aa ]---\n\nSo don't auto enable misc vector when request irq.." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/98b1e3b27734139c76295754b6c317aa4df6d32e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/bcf430d3bb5525fc89a92a0c451c725ba1aa4306", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21652.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21652.json new file mode 100644 index 00000000000..2562e4b2ec0 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21652.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21652", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.830", + "lastModified": "2025-01-19T11:15:10.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Fix use-after-free in ipvlan_get_iflink().\n\nsyzbot presented an use-after-free report [0] regarding ipvlan and\nlinkwatch.\n\nipvlan does not hold a refcnt of the lower device unlike vlan and\nmacvlan.\n\nIf the linkwatch work is triggered for the ipvlan dev, the lower dev\nmight have already been freed, resulting in UAF of ipvlan->phy_dev in\nipvlan_get_iflink().\n\nWe can delay the lower dev unregistration like vlan and macvlan by\nholding the lower dev's refcnt in dev->netdev_ops->ndo_init() and\nreleasing it in dev->priv_destructor().\n\nJakub pointed out calling .ndo_XXX after unregister_netdevice() has\nreturned is error prone and suggested [1] addressing this UAF in the\ncore by taking commit 750e51603395 (\"net: avoid potential UAF in\ndefault_operstate()\") further.\n\nLet's assume unregistering devices DOWN and use RCU protection in\ndefault_operstate() not to race with the device unregistration.\n\n[0]:\nBUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353\nRead of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944\n\nCPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47\nHardware name: linux,dummy-virt (DT)\nWorkqueue: events_unbound linkwatch_event\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380\n ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353\n dev_get_iflink+0x7c/0xd8 net/core/dev.c:674\n default_operstate net/core/link_watch.c:45 [inline]\n rfc2863_policy+0x144/0x360 net/core/link_watch.c:72\n linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175\n __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239\n linkwatch_event+0x64/0xa8 net/core/link_watch.c:282\n process_one_work+0x700/0x1398 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391\n kthread+0x2b0/0x360 kernel/kthread.c:389\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862\n\nAllocated by task 9303:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4283 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650\n alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209\n rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771\n __rtnl_newlink net/core/rtnetlink.c:3896 [inline]\n rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg net/socket.c:726 [inline]\n __sys_sendto+0x2ec/0x438 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el\n---truncated---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/52a24538d569f48e79d1a169a5d359d384152950", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ba9f7c16ec879c83bb4f80406773a911aace8267", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cb358ff94154774d031159b018adf45e17673941", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21653.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21653.json new file mode 100644 index 00000000000..4133800aa48 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21653.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2025-21653", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:10.940", + "lastModified": "2025-01-19T11:15:10.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\n\nsyzbot found that TCA_FLOW_RSHIFT attribute was not validated.\nRight shitfing a 32bit integer is undefined for large shift values.\n\nUBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23\nshift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: ipv6_addrconf addrconf_dad_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\n flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329\n tc_classify include/net/tc_wrapper.h:197 [inline]\n __tcf_classify net/sched/cls_api.c:1771 [inline]\n tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867\n sfb_classify net/sched/sch_sfb.c:260 [inline]\n sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318\n dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793\n __dev_xmit_skb net/core/dev.c:3889 [inline]\n __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_hh_output include/net/neighbour.h:523 [inline]\n neigh_output include/net/neighbour.h:537 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82\n udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173\n geneve_xmit_skb drivers/net/geneve.c:916 [inline]\n geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606\n __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/2011749ca96460386844dfc7e0fde53ebee96f3c", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/6fde663f7321418996645ee602a473457640542f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a039e54397c6a75b713b9ce7894a62e06956aa92", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e54beb9aed2a90dddf4c5d68fcfc9a01f3e40a61", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-216xx/CVE-2025-21654.json b/CVE-2025/CVE-2025-216xx/CVE-2025-21654.json new file mode 100644 index 00000000000..af0ff2dbf30 --- /dev/null +++ b/CVE-2025/CVE-2025-216xx/CVE-2025-21654.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-21654", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2025-01-19T11:15:11.040", + "lastModified": "2025-01-19T11:15:11.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: support encoding fid from inode with no alias\n\nDmitry Safonov reported that a WARN_ON() assertion can be trigered by\nuserspace when calling inotify_show_fdinfo() for an overlayfs watched\ninode, whose dentry aliases were discarded with drop_caches.\n\nThe WARN_ON() assertion in inotify_show_fdinfo() was removed, because\nit is possible for encoding file handle to fail for other reason, but\nthe impact of failing to encode an overlayfs file handle goes beyond\nthis assertion.\n\nAs shown in the LTP test case mentioned in the link below, failure to\nencode an overlayfs file handle from a non-aliased inode also leads to\nfailure to report an fid with FAN_DELETE_SELF fanotify events.\n\nAs Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails\nif it cannot find an alias for the inode, but this failure can be fixed.\novl_encode_fh() seldom uses the alias and in the case of non-decodable\nfile handles, as is often the case with fanotify fid info,\novl_encode_fh() never needs to use the alias to encode a file handle.\n\nDefer finding an alias until it is actually needed so ovl_encode_fh()\nwill not fail in the common case of FAN_DELETE_SELF fanotify events." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3c7c90274ae339e1ad443c9be1c67a20b80b9c76", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a1a541fbfa7e97c1100144db34b57553d7164ce5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/c45beebfde34aa71afbc48b2c54cdda623515037", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 85c9a0a2b89..608fbf4ed0e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-19T09:00:19.788982+00:00 +2025-01-19T13:00:19.240800+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-19T08:15:06.637000+00:00 +2025-01-19T12:15:27.013000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278069 +278119 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `50` -- [CVE-2025-0566](CVE-2025/CVE-2025-05xx/CVE-2025-0566.json) (`2025-01-19T07:15:06.407`) -- [CVE-2025-0567](CVE-2025/CVE-2025-05xx/CVE-2025-0567.json) (`2025-01-19T08:15:06.637`) +- [CVE-2024-57929](CVE-2024/CVE-2024-579xx/CVE-2024-57929.json) (`2025-01-19T12:15:27.013`) +- [CVE-2025-21631](CVE-2025/CVE-2025-216xx/CVE-2025-21631.json) (`2025-01-19T11:15:07.667`) +- [CVE-2025-21632](CVE-2025/CVE-2025-216xx/CVE-2025-21632.json) (`2025-01-19T11:15:08.650`) +- [CVE-2025-21633](CVE-2025/CVE-2025-216xx/CVE-2025-21633.json) (`2025-01-19T11:15:08.773`) +- [CVE-2025-21634](CVE-2025/CVE-2025-216xx/CVE-2025-21634.json) (`2025-01-19T11:15:08.890`) +- [CVE-2025-21635](CVE-2025/CVE-2025-216xx/CVE-2025-21635.json) (`2025-01-19T11:15:09.000`) +- [CVE-2025-21636](CVE-2025/CVE-2025-216xx/CVE-2025-21636.json) (`2025-01-19T11:15:09.110`) +- [CVE-2025-21637](CVE-2025/CVE-2025-216xx/CVE-2025-21637.json) (`2025-01-19T11:15:09.217`) +- [CVE-2025-21638](CVE-2025/CVE-2025-216xx/CVE-2025-21638.json) (`2025-01-19T11:15:09.317`) +- [CVE-2025-21639](CVE-2025/CVE-2025-216xx/CVE-2025-21639.json) (`2025-01-19T11:15:09.423`) +- [CVE-2025-21640](CVE-2025/CVE-2025-216xx/CVE-2025-21640.json) (`2025-01-19T11:15:09.537`) +- [CVE-2025-21641](CVE-2025/CVE-2025-216xx/CVE-2025-21641.json) (`2025-01-19T11:15:09.643`) +- [CVE-2025-21642](CVE-2025/CVE-2025-216xx/CVE-2025-21642.json) (`2025-01-19T11:15:09.757`) +- [CVE-2025-21643](CVE-2025/CVE-2025-216xx/CVE-2025-21643.json) (`2025-01-19T11:15:09.870`) +- [CVE-2025-21644](CVE-2025/CVE-2025-216xx/CVE-2025-21644.json) (`2025-01-19T11:15:09.977`) +- [CVE-2025-21645](CVE-2025/CVE-2025-216xx/CVE-2025-21645.json) (`2025-01-19T11:15:10.090`) +- [CVE-2025-21646](CVE-2025/CVE-2025-216xx/CVE-2025-21646.json) (`2025-01-19T11:15:10.197`) +- [CVE-2025-21647](CVE-2025/CVE-2025-216xx/CVE-2025-21647.json) (`2025-01-19T11:15:10.307`) +- [CVE-2025-21648](CVE-2025/CVE-2025-216xx/CVE-2025-21648.json) (`2025-01-19T11:15:10.410`) +- [CVE-2025-21649](CVE-2025/CVE-2025-216xx/CVE-2025-21649.json) (`2025-01-19T11:15:10.517`) +- [CVE-2025-21650](CVE-2025/CVE-2025-216xx/CVE-2025-21650.json) (`2025-01-19T11:15:10.630`) +- [CVE-2025-21651](CVE-2025/CVE-2025-216xx/CVE-2025-21651.json) (`2025-01-19T11:15:10.733`) +- [CVE-2025-21652](CVE-2025/CVE-2025-216xx/CVE-2025-21652.json) (`2025-01-19T11:15:10.830`) +- [CVE-2025-21653](CVE-2025/CVE-2025-216xx/CVE-2025-21653.json) (`2025-01-19T11:15:10.940`) +- [CVE-2025-21654](CVE-2025/CVE-2025-216xx/CVE-2025-21654.json) (`2025-01-19T11:15:11.040`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7b7bff04a4b..b75f8d042b4 100644 --- a/_state.csv +++ b/_state.csv @@ -273481,8 +273481,34 @@ CVE-2024-57900,0,0,d42b41a2e22eafbffcec6705892bf184ffd6aad5ba8c783f63c792296570e CVE-2024-57901,0,0,012acb0ab56cc61cb0a7817e0eee65ff7532b8e18ae1a7773ea269400d6855e3,2025-01-15T13:15:14.747000 CVE-2024-57902,0,0,746e8d9a9ea49c354baeba85ccf563446e433549d54a4b087d31671d2185f287,2025-01-15T13:15:14.867000 CVE-2024-57903,0,0,50052b64b55d2c4762de701d92d82de00114bebd2de7c535247b43c4bcdb95f1,2025-01-15T13:15:14.973000 +CVE-2024-57904,1,1,77b38392321987158c08edfd8c9d606900440c07d6c6c6535c81041a4eea4234,2025-01-19T12:15:23.970000 +CVE-2024-57905,1,1,d3620fa4ac8a87306937d4e2b56bbe743d912dd8ed38df70240f222fe7e1af4d,2025-01-19T12:15:24.710000 +CVE-2024-57906,1,1,04d35f5a395c23c2bc9bec3121feed92ef0e29e3f2dbf4d110918970a390c544,2025-01-19T12:15:24.800000 +CVE-2024-57907,1,1,a36f07dfb7622be4744f48cb6f829c07ed1fe5e49b120eb69416d69ea9d95f7d,2025-01-19T12:15:24.897000 +CVE-2024-57908,1,1,9382ae6fc3fbed1c789fe9bb6890d69b329488a226e97440b67b8870a55ba388,2025-01-19T12:15:24.990000 +CVE-2024-57909,1,1,b43f2cab87455b830dceb0f50c529cc3c5110160cb6bbac92ceac57d733d961e,2025-01-19T12:15:25.083000 CVE-2024-5791,0,0,c186795f1b9cb5c37849e995a8b3a0b74da1832637d3182b3a656dc9e7491fd6,2024-11-21T09:48:20.453000 +CVE-2024-57910,1,1,fefb50f505a6c1a275efe19a497de97a2936660e3b32eda061fef18877a9c9ac,2025-01-19T12:15:25.187000 +CVE-2024-57911,1,1,846ff672368ee1dd20b3a159c24cf81946836b8c98233342862e48add5dc34fd,2025-01-19T12:15:25.277000 +CVE-2024-57912,1,1,eee96d8eda437d1ccd3de84d765dd884ec2b2c1ea30ecc21befa292277f33df1,2025-01-19T12:15:25.380000 +CVE-2024-57913,1,1,769ff86c9ff9a84f304d598c4d149b1462aec11c4d1038ca04fcf30a5e0f3870,2025-01-19T12:15:25.477000 +CVE-2024-57914,1,1,85e309e9145cbd38d9d57d9b153e28eefd4191aaba0014a07ff96267a7570432,2025-01-19T12:15:25.573000 +CVE-2024-57915,1,1,c89011de18ed0707e7e9142a06a4efbcba8afdd98099833640904e4ff4456fbb,2025-01-19T12:15:25.673000 +CVE-2024-57916,1,1,92a69385f522abe9ffb476a6cd9ec580ae292291f85ef182e3a11974f6bad4fe,2025-01-19T12:15:25.763000 +CVE-2024-57917,1,1,26d8a9e1817cec689d260456623f8dd2338159587db9094652b401f3872df275,2025-01-19T12:15:25.860000 +CVE-2024-57918,1,1,0985a80618e31599fb15475d9d6fcbf08982f010ca993923a4a3c2be7a7124fe,2025-01-19T12:15:25.960000 +CVE-2024-57919,1,1,6c664a0abb11c547897613b59be54e309293f4de68c85e30c22cd68a92f75561,2025-01-19T12:15:26.053000 CVE-2024-5792,0,0,50e11f463088247110774be144fbfaca02cb5ac823192aaf13a748fe05bdb47b,2024-11-21T09:48:20.570000 +CVE-2024-57920,1,1,0b1d753b41b42d4b7405fa6955cfedb7556de7795a451b4ecb45fc20a587a4d9,2025-01-19T12:15:26.150000 +CVE-2024-57921,1,1,085be1fe849a71114471074b7a1c7f64e3d24b19763a90adf9d093e5b757e1fb,2025-01-19T12:15:26.247000 +CVE-2024-57922,1,1,e4b5b8a7c8622cfa2b2064405571472da4384bcc0dc7f2a630fb85e36c6e4667,2025-01-19T12:15:26.337000 +CVE-2024-57923,1,1,7b7ee22817d1763e3292d38ec5528d3cd3eb5a6e45a05da3d445bd0755022bd5,2025-01-19T12:15:26.433000 +CVE-2024-57924,1,1,43ddce485108026047a86e223a23f56db0624ec2b72a4cd720d0e64c0b0c5bc5,2025-01-19T12:15:26.530000 +CVE-2024-57925,1,1,966950725bc2ff61ec0386e25aa3b2dabcee5eac28c5ead376c59bb9bcc8152f,2025-01-19T12:15:26.617000 +CVE-2024-57926,1,1,4eaac2edd5aec3c0ccd10f3a763ffe14a52a4e7f073846e72cc58f39987782ab,2025-01-19T12:15:26.713000 +CVE-2024-57927,1,1,0b956e6350555e8b5ea2acdf79ef7cfb9a66dd16a7df89342f758d8803aa3d26,2025-01-19T12:15:26.810000 +CVE-2024-57928,1,1,4412ceae5c4967ccbde2b773167aa35d2d70c86f93eb985ffd79716abee92366,2025-01-19T12:15:26.903000 +CVE-2024-57929,1,1,998c6814446dca86d10a4c87d5f49a55ef224c41c354b657152b370890f7274a,2025-01-19T12:15:27.013000 CVE-2024-5793,0,0,0b18df4d2dde9f10f63097b806cad3cc9d51ae7c2ac550a36fec1a23c0e391bb,2024-11-21T09:48:20.673000 CVE-2024-5795,0,0,8c27870eb8f46b4876cdd6a9335698b3a6adeccd1af066b5f5391281ef70b349,2024-11-21T09:48:20.780000 CVE-2024-5796,0,0,10c3848976491ca5eeb295d89b1679f80388276c56109509ef1777f493022afe,2024-11-21T09:48:20.910000 @@ -277286,8 +277312,8 @@ CVE-2025-0562,0,0,c526f2bbf0ee53dbd7b87b3a977b73812d0b8c8e2d0a2cc04f356d0f556898 CVE-2025-0563,0,0,c8aedbc0ad6c989f8bd21315356fde60bbf39135f127f9d691ff6d583ecc9784,2025-01-19T02:15:24.560000 CVE-2025-0564,0,0,83206ab7d4a6b165cdb38999cbacf04d2d848dbd063370cc5da16a0083e91bfd,2025-01-19T04:15:07.090000 CVE-2025-0565,0,0,9e441f2e362b4078450931d0ef12dd08184a10cee05c1fd1b5de39e0c8230d42,2025-01-19T06:15:06.820000 -CVE-2025-0566,1,1,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000 -CVE-2025-0567,1,1,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000 +CVE-2025-0566,0,0,29c988a17c3fb61aaa2263e5040acaf54697440fab1afb4ecce6f68279db4262,2025-01-19T07:15:06.407000 +CVE-2025-0567,0,0,12e8fb9b6df8c41abec3a05439a422290094ca4ba107624ce5bfa8b951012bc1,2025-01-19T08:15:06.637000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000 CVE-2025-20036,0,0,a1d7639f0e568c5953a2962f5a2be630b5737d729f8c4f565a3eec7e4bf19549,2025-01-15T17:15:18.950000 @@ -277512,6 +277538,30 @@ CVE-2025-21624,0,0,67d81661ccc165bcb7a2d55cd4301b8865debac4b78d0af97080ff58ad5f0 CVE-2025-21628,0,0,0075ad45f4e081e6b1d4b87e45ccf38954b3b032c76d5db5fcb797ed5fc6213f,2025-01-09T18:15:30.070000 CVE-2025-21629,0,0,5bd27bb9a82cb5a5f09a5986e4163e86befaea4298f9b54578a62350a29978a7,2025-01-15T13:15:15.220000 CVE-2025-21630,0,0,b687cde38a98e756a80e569a98743dbd03093e3308ce5058c13044fa43b51e41,2025-01-17T09:15:08 +CVE-2025-21631,1,1,205699d165c20178bcec1709e2a1aa657b8aaa8c3943c7263701d8491efa1d53,2025-01-19T11:15:07.667000 +CVE-2025-21632,1,1,4348553ed926767023b82306e7930ad4a22c009eec51e252ffe3f49ced112dfc,2025-01-19T11:15:08.650000 +CVE-2025-21633,1,1,7d17fca86dc2ed72902becb5ead587c9e01fb09fc2094f18996ab9eef5221464,2025-01-19T11:15:08.773000 +CVE-2025-21634,1,1,018d6cfde98ef1f7e21e6bd948a1dbf5265797c7bd275d512a1b9a036ec01752,2025-01-19T11:15:08.890000 +CVE-2025-21635,1,1,c8906577d74ba6ff40f2b077af59a1734822cd425c83ab357c7b284217ad8582,2025-01-19T11:15:09 +CVE-2025-21636,1,1,1a7977fb0d25a7913df0049737fa28f6e2a0d08e3a20bf24b2d35bfcde5d97ac,2025-01-19T11:15:09.110000 +CVE-2025-21637,1,1,2a0e866bd07db7d3f5712581283994acd012eadc8745c52906668239b803637a,2025-01-19T11:15:09.217000 +CVE-2025-21638,1,1,3706bfe0f1465fe8cb51afa10a7e9eac22041f1faacc7135eb7a2580f1ab3dfb,2025-01-19T11:15:09.317000 +CVE-2025-21639,1,1,4555481e507afcaf8586cbc2f231bf545496995cf6ff399a134c704e7d664cd4,2025-01-19T11:15:09.423000 +CVE-2025-21640,1,1,1ade360e72c2846616197e577d83cfaf4fa93efc0669057fa927ef551534d1b3,2025-01-19T11:15:09.537000 +CVE-2025-21641,1,1,48fc8ec203ac50c16a25607b807ca130d06fae93453c8f6ea6a8f4c6e2c9ef51,2025-01-19T11:15:09.643000 +CVE-2025-21642,1,1,fc867e04f7105fae8d2e25f95fe6ef51a7e7c045ddf1058542803462df5658d6,2025-01-19T11:15:09.757000 +CVE-2025-21643,1,1,dddaa2125205a131379cf404d1090c7426d201b078c7d7100ef59bfac232ae58,2025-01-19T11:15:09.870000 +CVE-2025-21644,1,1,71bccfa815e1640d41b4fc2ec009eca0da8e4c76933c10e944f11a0d0f8a62f6,2025-01-19T11:15:09.977000 +CVE-2025-21645,1,1,9609d82b860f7532ce2e28fdfd181e61ade69ef325649d7b7aa85aa9f04e8b42,2025-01-19T11:15:10.090000 +CVE-2025-21646,1,1,4441dd9f94256baebd24be726a3f9f6f58338044c6e6d7a5c00a91fa856b95d8,2025-01-19T11:15:10.197000 +CVE-2025-21647,1,1,99365d6629fa953bdd6c1e683aacc63e435081dfc2cf8c928f2d02a8d112f8ac,2025-01-19T11:15:10.307000 +CVE-2025-21648,1,1,6663175db1202c9b7bb949d2d1f2273ef23ad3096e362b0519d041afa47cf82d,2025-01-19T11:15:10.410000 +CVE-2025-21649,1,1,fe457f2ecfc380badb47f7b8b21347ca4731319abbdbc14ba0033053d4dc41a8,2025-01-19T11:15:10.517000 +CVE-2025-21650,1,1,8999d80331f22604edddfd75667fe17eab77150206057afd0258b361cf1da19e,2025-01-19T11:15:10.630000 +CVE-2025-21651,1,1,08b0d285d803ce14ca95c51ff0bb6822af7a1dfa543a30bb044ccb678d352dfa,2025-01-19T11:15:10.733000 +CVE-2025-21652,1,1,781ce4cdff4e60cfb6f8b0eb373b8634b7b2c8bf54de4c678c30aac3d57ceb30,2025-01-19T11:15:10.830000 +CVE-2025-21653,1,1,f32ca4f34b7bccc36e5debfdf592df2ad87aa1a93c5b7257a97a73e494c6108b,2025-01-19T11:15:10.940000 +CVE-2025-21654,1,1,1e4de08a34cab5d4b4d5c6f2cdca90847554e3952c3a83e001ff2672952d2415,2025-01-19T11:15:11.040000 CVE-2025-22130,0,0,a71c51c8237898c4394724aa5ef423b90094196082b564075e1f1cf6c2992343,2025-01-08T16:15:38.543000 CVE-2025-22132,0,0,92f694afc6ce174171da36824da367c743ab8d73a418a3347309264d0570fa9a,2025-01-07T22:15:31.590000 CVE-2025-22133,0,0,32df1a7a06703aea1606771b300b1836f84903a2a4b183527a9471791c589465,2025-01-08T15:15:21.727000