From 36e6184c8f98d851b0b869b7b46218f2f0000815 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 28 Feb 2024 05:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-28T05:00:25.355764+00:00 --- CVE-2022/CVE-2022-375xx/CVE-2022-37599.json | 14 ++++-- CVE-2023/CVE-2023-261xx/CVE-2023-26136.json | 14 ++++-- CVE-2023/CVE-2023-462xx/CVE-2023-46234.json | 12 ++++- CVE-2023/CVE-2023-507xx/CVE-2023-50735.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50736.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-507xx/CVE-2023-50737.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23850.json | 8 ++- CVE-2024/CVE-2024-238xx/CVE-2024-23851.json | 8 ++- CVE-2024/CVE-2024-265xx/CVE-2024-26582.json | 10 +++- CVE-2024/CVE-2024-265xx/CVE-2024-26583.json | 10 +++- CVE-2024/CVE-2024-265xx/CVE-2024-26584.json | 10 +++- CVE-2024/CVE-2024-265xx/CVE-2024-26585.json | 10 +++- CVE-2024/CVE-2024-265xx/CVE-2024-26593.json | 10 +++- CVE-2024/CVE-2024-266xx/CVE-2024-26603.json | 14 +++++- CVE-2024/CVE-2024-266xx/CVE-2024-26604.json | 10 +++- CVE-2024/CVE-2024-266xx/CVE-2024-26606.json | 10 +++- README.md | 30 +++++++---- 17 files changed, 306 insertions(+), 29 deletions(-) create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50735.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50736.json create mode 100644 CVE-2023/CVE-2023-507xx/CVE-2023-50737.json diff --git a/CVE-2022/CVE-2022-375xx/CVE-2022-37599.json b/CVE-2022/CVE-2022-375xx/CVE-2022-37599.json index 818a3a6fcee..a9d8818095e 100644 --- a/CVE-2022/CVE-2022-375xx/CVE-2022-37599.json +++ b/CVE-2022/CVE-2022-375xx/CVE-2022-37599.json @@ -2,8 +2,8 @@ "id": "CVE-2022-37599", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-11T19:15:11.853", - "lastModified": "2023-02-09T01:50:42.293", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-28T03:15:06.897", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-1333" } ] } @@ -114,6 +114,14 @@ "Patch", "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", + "source": "cve@mitre.org" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26136.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26136.json index 267a6d9720f..7e167b7028a 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26136.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26136.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26136", "sourceIdentifier": "report@snyk.io", "published": "2023-07-01T05:15:16.103", - "lastModified": "2023-11-07T04:09:26.400", + "lastModified": "2024-02-28T03:15:07.087", "vulnStatus": "Modified", "descriptions": [ { @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", + "source": "report@snyk.io", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +66,7 @@ ] }, { - "source": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", + "source": "report@snyk.io", "type": "Secondary", "description": [ { @@ -122,6 +122,14 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", "source": "report@snyk.io" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", + "source": "report@snyk.io" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", + "source": "report@snyk.io" + }, { "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", "source": "report@snyk.io", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46234.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46234.json index 512e0a90ec7..63f7b4d4f2f 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46234.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46234.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46234", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-26T15:15:09.087", - "lastModified": "2023-11-07T19:57:50.453", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-28T03:15:07.220", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -130,6 +130,14 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5539", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50735.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50735.json new file mode 100644 index 00000000000..e685f4b39af --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50735.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50735", + "sourceIdentifier": "7bc73191-a2b6-4c63-9918-753964601853", + "published": "2024-02-28T03:15:07.357", + "lastModified": "2024-02-28T03:15:07.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-465" + } + ] + } + ], + "references": [ + { + "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html", + "source": "7bc73191-a2b6-4c63-9918-753964601853" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50736.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50736.json new file mode 100644 index 00000000000..8d91eb5e72b --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50736.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50736", + "sourceIdentifier": "7bc73191-a2b6-4c63-9918-753964601853", + "published": "2024-02-28T03:15:07.657", + "lastModified": "2024-02-28T03:15:07.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-131" + } + ] + } + ], + "references": [ + { + "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html", + "source": "7bc73191-a2b6-4c63-9918-753964601853" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50737.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50737.json new file mode 100644 index 00000000000..ae36a732478 --- /dev/null +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50737.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50737", + "sourceIdentifier": "7bc73191-a2b6-4c63-9918-753964601853", + "published": "2024-02-28T03:15:07.900", + "lastModified": "2024-02-28T03:15:07.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "7bc73191-a2b6-4c63-9918-753964601853", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html", + "source": "7bc73191-a2b6-4c63-9918-753964601853" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23850.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23850.json index 5f3ee2653ee..f72c3912304 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23850.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23850.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23850", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T09:15:36.120", - "lastModified": "2024-01-29T22:59:41.243", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-28T03:15:08.097", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "cve@mitre.org" + }, { "url": "https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/", "source": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23851.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23851.json index a1738cf03e5..c3278ce7f54 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23851.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23851", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-23T09:15:36.180", - "lastModified": "2024-01-29T22:59:12.447", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-28T03:15:08.163", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "cve@mitre.org" + }, { "url": "https://www.spinics.net/lists/dm-devel/msg56574.html", "source": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26582.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26582.json index 311f714424a..bf80b92de8a 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26582.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26582.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26582", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-21T15:15:09.327", - "lastModified": "2024-02-23T09:15:22.617", + "lastModified": "2024-02-28T03:15:08.227", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -31,6 +31,14 @@ { "url": "https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26583.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26583.json index de6b1750b42..3e489c1ced5 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26583.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26583.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26583", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-21T15:15:09.373", - "lastModified": "2024-02-23T09:15:22.670", + "lastModified": "2024-02-28T03:15:08.287", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -31,6 +31,14 @@ { "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26584.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26584.json index df85f0a8a5a..726d1e5f727 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26584.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26584.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26584", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-21T15:15:09.420", - "lastModified": "2024-02-23T09:15:22.720", + "lastModified": "2024-02-28T03:15:08.390", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -27,6 +27,14 @@ { "url": "https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26585.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26585.json index 2cb94279e42..a996572149f 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26585.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26585.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26585", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-21T15:15:09.467", - "lastModified": "2024-02-23T09:15:22.770", + "lastModified": "2024-02-28T03:15:08.490", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -27,6 +27,14 @@ { "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26593.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26593.json index f6bd41418e8..2d4e5529615 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26593.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26593.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26593", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-23T10:15:07.943", - "lastModified": "2024-02-23T16:14:43.447", + "lastModified": "2024-02-28T03:15:08.580", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -43,6 +43,14 @@ { "url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26603.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26603.json index dbc0e9e79a6..6d04b8616a2 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26603.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26603.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26603", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-26T16:28:00.097", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-02-28T03:15:08.647", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw->xstate_size. fx_sw->xstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw->xstate_size is smaller than the size required by valid bits in\n fx_sw->xfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw->xstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate->user_size).\n\n[ dhansen: tweak subject / changelog ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/fpu: dejar de depender del espacio de usuario para que la informaci\u00f3n falle en el b\u00fafer xsave Antes de este cambio, el tama\u00f1o esperado del b\u00fafer de espacio de usuario se tomaba de fx_sw->xstate_size. fx_sw->xstate_size se puede cambiar desde el espacio de usuario, por lo que es posible construir un marco sigreturn donde: * fx_sw->xstate_size es m\u00e1s peque\u00f1o que el tama\u00f1o requerido por los bits v\u00e1lidos en fx_sw->xfeatures. * el espacio de usuario desasigna partes del b\u00fafer fpu de sigrame para que no se pueda acceder a todo el b\u00fafer requerido por xrstor. En este caso, xrstor intenta restaurar y accede al \u00e1rea no asignada, lo que genera una falla. Pero falla_in_readable tiene \u00e9xito porque buf + fx_sw->xstate_size est\u00e1 dentro del \u00e1rea a\u00fan mapeada, por lo que regresa e intenta xrstor nuevamente. Girar\u00e1 en este bucle para siempre. En cambio, falla en el tama\u00f1o m\u00e1ximo que XRSTOR puede tocar (tomado de fpstate->user_size). [dhansen: modificar asunto/registro de cambios]" } ], "metrics": {}, @@ -27,6 +31,14 @@ { "url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26604.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26604.json index 584cea20ccf..1372af80ca0 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26604.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26604.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26604", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-26T16:28:00.150", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-02-28T03:15:08.690", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"kobject: Remove redundant checks for whether ktype is NULL\"\n\nThis reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.\n\nIt is reported to cause problems, so revert it for now until the root\ncause can be found." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Revertir \"kobject: eliminar comprobaciones redundantes para saber si ktype es NULL\" Esto revierte el commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. Se informa que causa problemas, as\u00ed que rev\u00edselo por ahora hasta que se pueda encontrar la causa ra\u00edz." } ], "metrics": {}, @@ -23,6 +27,10 @@ { "url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26606.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26606.json index 0dcfa596512..acb3c864a89 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26606.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26606.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26606", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-26T16:28:00.260", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-02-28T03:15:08.737", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: signal epoll threads of self-work\n\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\n\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon't trigger a wakeup either as the thread has pending work." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: carpeta: se\u00f1al de epoll de subprocesos de autotrabajo En el modo (e)poll, los subprocesos a menudo dependen de eventos de E/S para determinar cu\u00e1ndo los datos est\u00e1n listos para el consumo. Dentro de Binder, un hilo puede iniciar un comando a trav\u00e9s de BINDER_WRITE_READ sin un b\u00fafer de lectura y luego hacer uso de epoll_wait() o similar para consumir cualquier respuesta posterior. Entonces es crucial que los subprocesos de epoll sean se\u00f1alizados mediante activaci\u00f3n cuando ponen en cola su propio trabajo. De lo contrario, corren el riesgo de esperar indefinidamente a que ocurra un evento que deje su trabajo sin gestionar. Lo que es peor, los comandos posteriores tampoco activar\u00e1n una reactivaci\u00f3n ya que el hilo tiene trabajo pendiente." } ], "metrics": {}, @@ -43,6 +47,10 @@ { "url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 88429b43d5b..4208a204f9e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-28T03:00:24.553271+00:00 +2024-02-28T05:00:25.355764+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-28T02:15:24.200000+00:00 +2024-02-28T03:15:08.737000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239686 +239689 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -* [CVE-2023-50303](CVE-2023/CVE-2023-503xx/CVE-2023-50303.json) (`2024-02-28T01:15:07.560`) -* [CVE-2023-50734](CVE-2023/CVE-2023-507xx/CVE-2023-50734.json) (`2024-02-28T02:15:23.957`) +* [CVE-2023-50735](CVE-2023/CVE-2023-507xx/CVE-2023-50735.json) (`2024-02-28T03:15:07.357`) +* [CVE-2023-50736](CVE-2023/CVE-2023-507xx/CVE-2023-50736.json) (`2024-02-28T03:15:07.657`) +* [CVE-2023-50737](CVE-2023/CVE-2023-507xx/CVE-2023-50737.json) (`2024-02-28T03:15:07.900`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `13` -* [CVE-2023-7033](CVE-2023/CVE-2023-70xx/CVE-2023-7033.json) (`2024-02-28T01:15:07.780`) -* [CVE-2024-1597](CVE-2024/CVE-2024-15xx/CVE-2024-1597.json) (`2024-02-28T02:15:24.200`) +* [CVE-2022-37599](CVE-2022/CVE-2022-375xx/CVE-2022-37599.json) (`2024-02-28T03:15:06.897`) +* [CVE-2023-26136](CVE-2023/CVE-2023-261xx/CVE-2023-26136.json) (`2024-02-28T03:15:07.087`) +* [CVE-2023-46234](CVE-2023/CVE-2023-462xx/CVE-2023-46234.json) (`2024-02-28T03:15:07.220`) +* [CVE-2024-23850](CVE-2024/CVE-2024-238xx/CVE-2024-23850.json) (`2024-02-28T03:15:08.097`) +* [CVE-2024-23851](CVE-2024/CVE-2024-238xx/CVE-2024-23851.json) (`2024-02-28T03:15:08.163`) +* [CVE-2024-26582](CVE-2024/CVE-2024-265xx/CVE-2024-26582.json) (`2024-02-28T03:15:08.227`) +* [CVE-2024-26583](CVE-2024/CVE-2024-265xx/CVE-2024-26583.json) (`2024-02-28T03:15:08.287`) +* [CVE-2024-26584](CVE-2024/CVE-2024-265xx/CVE-2024-26584.json) (`2024-02-28T03:15:08.390`) +* [CVE-2024-26585](CVE-2024/CVE-2024-265xx/CVE-2024-26585.json) (`2024-02-28T03:15:08.490`) +* [CVE-2024-26593](CVE-2024/CVE-2024-265xx/CVE-2024-26593.json) (`2024-02-28T03:15:08.580`) +* [CVE-2024-26603](CVE-2024/CVE-2024-266xx/CVE-2024-26603.json) (`2024-02-28T03:15:08.647`) +* [CVE-2024-26604](CVE-2024/CVE-2024-266xx/CVE-2024-26604.json) (`2024-02-28T03:15:08.690`) +* [CVE-2024-26606](CVE-2024/CVE-2024-266xx/CVE-2024-26606.json) (`2024-02-28T03:15:08.737`) ## Download and Usage