admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 03:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-26T12:00:17.986841+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-26 12:03:16 +00:00
parent 35be6b7225
commit 380fbb8127
47 changed files with 1326 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2022/CVE-2022-12xx/CVE-2022-1271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-1271",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-08-31T16:15:09.347",
"lastModified": "2023-11-07T03:41:52.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-26T10:47:19.123",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -107,6 +107,22 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.5",
"matchCriteriaId": "B815FE77-341C-45D5-B7C5-5A828AE7764A"
}
]
}
]
}
],
"references": [
@ -127,7 +143,10 @@
},
{
"url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html",

6
CVE-2023/CVE-2023-223xx/CVE-2023-22359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22359",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-06-26T07:15:09.297",
"lastModified": "2024-07-23T19:37:16.630",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-26T10:15:03.987",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-203"
}
]
}

6
CVE-2023/CVE-2023-235xx/CVE-2023-23549.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23549",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-11-15T11:15:08.173",
"lastModified": "2024-07-23T19:37:16.630",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-26T10:15:04.890",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-1284"
}
]
}

6
CVE-2023/CVE-2023-312xx/CVE-2023-31209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31209",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-08-10T09:15:12.123",
"lastModified": "2024-07-23T19:37:16.630",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-26T10:15:05.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-78"
}
]
}

4
CVE-2023/CVE-2023-312xx/CVE-2023-31211.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31211",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-01-12T08:15:43.137",
"lastModified": "2024-07-23T19:37:16.630",
"lastModified": "2024-08-26T10:15:05.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-691"
"value": "CWE-303"
}
]
}

8
CVE-2023/CVE-2023-62xx/CVE-2023-6287.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6287",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-11-27T14:15:08.157",
"lastModified": "2023-12-01T02:30:49.880",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-26T10:15:05.410",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -74,10 +74,6 @@
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-598"

6
CVE-2023/CVE-2023-67xx/CVE-2023-6735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6735",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-01-12T08:15:43.650",
"lastModified": "2024-07-23T19:37:16.630",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-26T10:15:05.587",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-95"
}
]
}

4
CVE-2024/CVE-2024-33xx/CVE-2024-3367.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3367",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-04-16T12:15:10.463",
"lastModified": "2024-04-24T12:15:07.093",
"lastModified": "2024-08-26T10:15:05.743",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-349"
"value": "CWE-88"
}
]
}

37
CVE-2024/CVE-2024-438xx/CVE-2024-43885.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-43885",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:03.720",
"lastModified": "2024-08-26T11:15:03.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double inode unlock for direct IO sync writes\n\nIf we do a direct IO sync write, at btrfs_sync_file(), and we need to skip\ninode logging or we get an error starting a transaction or an error when\nflushing delalloc, we end up unlocking the inode when we shouldn't under\nthe 'out_release_extents' label, and then unlock it again at\nbtrfs_direct_write().\n\nFix that by checking if we have to skip inode unlocking under that label."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a607d22dea4f60438747705495ec4d0af2ec451",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ba27f14161fc20c4fc0051658a22ddd832eb0aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8bd4c9220416111500c275546c69c63d42185793",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d924a0be2f218501588cf463d70f1c71afea06d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0391e92f9ab4fb3dbdeb139c967dcfa7ac4b115",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43886.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43886",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:03.830",
"lastModified": "2024-08-26T11:15:03.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check in resource_log_pipe_topology_update\n\n[WHY]\nWhen switching from \"Extend\" to \"Second Display Only\" we sometimes\ncall resource_get_otg_master_for_stream on a stream for the eDP,\nwhich is disconnected. This leads to a null pointer dereference.\n\n[HOW]\nAdded a null check in dc_resource.c/resource_log_pipe_topology_update."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/899d92fd26fe780aad711322aa671f68058207a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43887.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43887",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:03.877",
"lastModified": "2024-08-26T11:15:03.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp: Disable TCP-AO static key after RCU grace period\n\nThe lifetime of TCP-AO static_key is the same as the last\ntcp_ao_info. On the socket destruction tcp_ao_info ceases to be\nwith RCU grace period, while tcp-ao static branch is currently deferred\ndestructed. The static key definition is\n: DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ);\n\nwhich means that if RCU grace period is delayed by more than a second\nand tcp_ao_needed is in the process of disablement, other CPUs may\nyet see tcp_ao_info which atent dead, but soon-to-be.\nAnd that breaks the assumption of static_key_fast_inc_not_disabled().\n\nSee the comment near the definition:\n> * The caller must make sure that the static key can't get disabled while\n> * in this function. It doesn't patch jump labels, only adds a user to\n> * an already enabled static key.\n\nOriginally it was introduced in commit eb8c507296f6 (\"jump_label:\nPrevent key->enabled int overflow\"), which is needed for the atomic\ncontexts, one of which would be the creation of a full socket from a\nrequest socket. In that atomic context, it's known by the presence\nof the key (md5/ao) that the static branch is already enabled.\nSo, the ref counter for that static branch is just incremented\ninstead of holding the proper mutex.\nstatic_key_fast_inc_not_disabled() is just a helper for such usage\ncase. But it must not be used if the static branch could get disabled\nin parallel as it's not protected by jump_label_mutex and as a result,\nraces with jump_label_update() implementation details.\n\nHappened on netdev test-bot[1], so not a theoretical issue:\n\n[] jump_label: Fatal kernel bug, unexpected op at tcp_inbound_hash+0x1a7/0x870 [ffffffffa8c4e9b7] (eb 50 0f 1f 44 != 66 90 0f 1f 00)) size:2 type:1\n[] ------------[ cut here ]------------\n[] kernel BUG at arch/x86/kernel/jump_label.c:73!\n[] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[] CPU: 3 PID: 243 Comm: kworker/3:3 Not tainted 6.10.0-virtme #1\n[] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[] Workqueue: events jump_label_update_timeout\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n...\n[] Call Trace:\n[] <TASK>\n[] arch_jump_label_transform_queue+0x6c/0x110\n[] __jump_label_update+0xef/0x350\n[] __static_key_slow_dec_cpuslocked.part.0+0x3c/0x60\n[] jump_label_update_timeout+0x2c/0x40\n[] process_one_work+0xe3b/0x1670\n[] worker_thread+0x587/0xce0\n[] kthread+0x28a/0x350\n[] ret_from_fork+0x31/0x70\n[] ret_from_fork_asm+0x1a/0x30\n[] </TASK>\n[] Modules linked in: veth\n[] ---[ end trace 0000000000000000 ]---\n[] RIP: 0010:__jump_label_patch+0x2f6/0x350\n\n[1]: https://netdev-3.bots.linux.dev/vmksft-tcp-ao-dbg/results/696681/5-connect-deny-ipv6/stderr"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14ab4792ee120c022f276a7e4768f4dcb08f0cdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/954d55a59b2501f4a9bd693b40ce45a1c46cb2b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43888.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43888",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:03.930",
"lastModified": "2024-08-26T11:15:03.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: list_lru: fix UAF for memory cgroup\n\nThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or\ncgroup_mutex or others which could prevent returned memcg from being\nfreed. Fix it by adding missing rcu read lock.\n\nFound by code inspection.\n\n[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil]\n Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4589f77c18dd98b65f45617b6d1e95313cf6fcab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5161b48712dcd08ec427c450399d4d1483e21dea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-438xx/CVE-2024-43889.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-43889",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:03.980",
"lastModified": "2024-08-26T11:15:03.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n [ 10.017908] Workqueue: events_unbound padata_mt_helper\n [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n :\n [ 10.017963] Call Trace:\n [ 10.017968] <TASK>\n [ 10.018004] ? padata_mt_helper+0x39/0xb0\n [ 10.018084] process_one_work+0x174/0x330\n [ 10.018093] worker_thread+0x266/0x3a0\n [ 10.018111] kthread+0xcf/0x100\n [ 10.018124] ret_from_fork+0x31/0x50\n [ 10.018138] ret_from_fork_asm+0x1a/0x30\n [ 10.018147] </TASK>\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps->chunk_size is 0. The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-438xx/CVE-2024-43890.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-43890",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.040",
"lastModified": "2024-08-26T11:15:04.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\"."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43891.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43891",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.103",
"lastModified": "2024-08-26T11:15:04.103",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have format file honor EVENT_FILE_FL_FREED\n\nWhen eventfs was introduced, special care had to be done to coordinate the\nfreeing of the file meta data with the files that are exposed to user\nspace. The file meta data would have a ref count that is set when the file\nis created and would be decremented and freed after the last user that\nopened the file closed it. When the file meta data was to be freed, it\nwould set a flag (EVENT_FILE_FL_FREED) to denote that the file is freed,\nand any new references made (like new opens or reads) would fail as it is\nmarked freed. This allowed other meta data to be freed after this flag was\nset (under the event_mutex).\n\nAll the files that were dynamically created in the events directory had a\npointer to the file meta data and would call event_release() when the last\nreference to the user space file was closed. This would be the time that it\nis safe to free the file meta data.\n\nA shortcut was made for the \"format\" file. It's i_private would point to\nthe \"call\" entry directly and not point to the file's meta data. This is\nbecause all format files are the same for the same \"call\", so it was\nthought there was no reason to differentiate them. The other files\nmaintain state (like the \"enable\", \"trigger\", etc). But this meant if the\nfile were to disappear, the \"format\" file would be unaware of it.\n\nThis caused a race that could be trigger via the user_events test (that\nwould create dynamic events and free them), and running a loop that would\nread the user_events format files:\n\nIn one console run:\n\n # cd tools/testing/selftests/user_events\n # while true; do ./ftrace_test; done\n\nAnd in another console run:\n\n # cd /sys/kernel/tracing/\n # while true; do cat events/user_events/__test_event/format; done 2>/dev/null\n\nWith KASAN memory checking, it would trigger a use-after-free bug report\n(which was a real bug). This was because the format file was not checking\nthe file's meta data flag \"EVENT_FILE_FL_FREED\", so it would access the\nevent that the file meta data pointed to after the event was freed.\n\nAfter inspection, there are other locations that were found to not check\nthe EVENT_FILE_FL_FREED flag when accessing the trace_event_file. Add a\nnew helper function: event_file_file() that will make sure that the\nevent_mutex is held, and will return NULL if the trace_event_file has the\nEVENT_FILE_FL_FREED flag set. Have the first reference of the struct file\npointer use event_file_file() and check for NULL. Later uses can still use\nthe event_file_data() helper function if the event_mutex is still held and\nwas not released since the event_file_file() call."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/531dc6780d94245af037c25c2371c8caf652f0f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b1560408692cd0ab0370cfbe9deb03ce97ab3f6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-438xx/CVE-2024-43892.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-43892",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.157",
"lastModified": "2024-08-26T11:15:04.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 (\"mm: memcontrol: fix cgroup creation failure after\nmany small jobs\") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures. It introduced IDR to maintain the memcg ID\nspace. The IDR depends on external synchronization mechanisms for\nmodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications. However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero. Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time. These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode. Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block's list_lru didn't have list_lru_one for the\nmemcg of that object. The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success. No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg's id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them. So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove(). These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them. Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-438xx/CVE-2024-43893.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-43893",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.213",
"lastModified": "2024-08-26T11:15:04.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: check uartclk for zero to avoid divide by zero\n\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\n\nOops: divide error: 0000 PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n <TASK>\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nRule: add"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52b138f1021113e593ee6ad258ce08fe90693a9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/55b2a5d331a6ceb1c4372945fdb77181265ba24f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68dc02f319b9ee54dc23caba742a5c754d1cccc8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6eabce6608d6f3440f4c03aa3d3ef50a47a3d193",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9196e42a3b8eeff1707e6ef769112b4b6096be49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e13ba3fe5ee070f8a9dab60029d52b1f61da5051",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3ad503876283ac3fcca922a1bf243ef9eb0b0e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-438xx/CVE-2024-43894.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-43894",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.280",
"lastModified": "2024-08-26T11:15:04.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: fix null pointer dereference in drm_client_modeset_probe\n\nIn drm_client_modeset_probe(), the return value of drm_mode_duplicate() is\nassigned to modeset->mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/113fd6372a5bb3689aba8ef5b8a265ed1529a78f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/24ddda932c43ffe156c7f3c568bed85131c63ae6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5291d4f73452c91e8a11f71207617e3e234d418e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/612cae53e99ce32a58cb821b3b67199eb6e92dff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c763dfe09425152b6bb0e348900a637c62c2ce52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d64847c383100423aecb6ac5f18be5f4316d9d62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d64fc94f7bb24fc2be0d6bd5df8df926da461a6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-438xx/CVE-2024-43895.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-43895",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.333",
"lastModified": "2024-08-26T11:15:04.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n<TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.\n\n(cherry picked from commit 8151a6c13111b465dbabe07c19f572f7cbd16fef)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43896.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43896",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.387",
"lastModified": "2024-08-26T11:15:04.387",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL\n\nCall efi_rt_services_supported() to check that efi.get_variable exists\nbefore calling it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b6baaa7cbd77ff980516bad38bbc5a648bb5158",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc268085e499666b9f4f0fcb4c5a94e1c0b193b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-438xx/CVE-2024-43897.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-43897",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.437",
"lastModified": "2024-08-26T11:15:04.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: drop bad gso csum_start and offset in virtio_net_hdr\n\nTighten csum_start and csum_offset checks in virtio_net_hdr_to_skb\nfor GSO packets.\n\nThe function already checks that a checksum requested with\nVIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets\nthis might not hold for segs after segmentation.\n\nSyzkaller demonstrated to reach this warning in skb_checksum_help\n\n\toffset = skb_checksum_start_offset(skb);\n\tret = -EINVAL;\n\tif (WARN_ON_ONCE(offset >= skb_headlen(skb)))\n\nBy injecting a TSO packet:\n\nWARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0\n ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774\n ip_finish_output_gso net/ipv4/ip_output.c:279 [inline]\n __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301\n iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813\n __gre_xmit net/ipv4/ip_gre.c:469 [inline]\n ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661\n __netdev_start_xmit include/linux/netdevice.h:4850 [inline]\n netdev_start_xmit include/linux/netdevice.h:4864 [inline]\n xmit_one net/core/dev.c:3595 [inline]\n dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611\n __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261\n packet_snd net/packet/af_packet.c:3073 [inline]\n\nThe geometry of the bad input packet at tcp_gso_segment:\n\n[ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0\n[ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244\n[ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0))\n[ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536\nip_summed=3 complete_sw=0 valid=0 level=0)\n\nMitigate with stricter input validation.\n\ncsum_offset: for GSO packets, deduce the correct value from gso_type.\nThis is already done for USO. Extend it to TSO. Let UFO be:\nudp[46]_ufo_fragment ignores these fields and always computes the\nchecksum in software.\n\ncsum_start: finding the real offset requires parsing to the transport\nheader. Do not add a parser, use existing segmentation parsing. Thanks\nto SKB_GSO_DODGY, that also catches bad packets that are hw offloaded.\nAgain test both TSO and USO. Do not test UFO for the above reason, and\ndo not test UDP tunnel offload.\n\nGSO packet are almost always CHECKSUM_PARTIAL. USO packets may be\nCHECKSUM_NONE since commit 10154dbded6d6 (\"udp: Allow GSO transmit\nfrom devices with no checksum offload\"), but then still these fields\nare initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no\nneed to test for ip_summed == CHECKSUM_PARTIAL first.\n\nThis revises an existing fix mentioned in the Fixes tag, which broke\nsmall packets with GSO offload, as detected by kselftests."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2edbb3e8838c672cd7e247e47989df9d03fc6668",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6772c4868a8e7ad5305957cdb834ce881793acb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89add40066f9ed9abe5f7f886fe5789ff7e0c50e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-438xx/CVE-2024-43898.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-43898",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.493",
"lastModified": "2024-08-26T11:15:04.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: sanity check for NULL pointer after ext4_force_shutdown\n\nTest case: 2 threads write short inline data to a file.\nIn ext4_page_mkwrite the resulting inline data is converted.\nHandling ext4_grp_locked_error with description \"block bitmap\nand bg descriptor inconsistent: X vs Y free clusters\" calls\next4_force_shutdown. The conversion clears\nEXT4_STATE_MAY_INLINE_DATA but fails for\next4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due\nto ext4_forced_shutdown. The restoration of inline data fails\nfor the same reason not setting EXT4_STATE_MAY_INLINE_DATA.\nWithout the flag set a regular process path in ext4_da_write_end\nfollows trying to dereference page folio private pointer that has\nnot been set. The fix calls early return with -EIO error shall the\npointer to private be NULL.\n\nSample crash report:\n\nUnable to handle kernel paging request at virtual address dfff800000000004\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000004] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167\nlr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160\nsp : ffff8000a1957600\nx29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0\nx26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000\nx23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020\nx20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196\nx17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0\nx14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020\nx2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0\nCall trace:\n __block_commit_write+0x64/0x2b0 fs/buffer.c:2167\n block_write_end+0xb4/0x104 fs/buffer.c:2253\n ext4_da_do_write_end fs/ext4/inode.c:2955 [inline]\n ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028\n generic_perform_write+0x394/0x588 mm/filemap.c:3985\n ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299\n ext4_file_write_iter+0x188/0x1780\n call_write_iter include/linux/fs.h:2110 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x968/0xc3c fs/read_write.c:590\n ksys_write+0x15c/0x26c fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:652\n __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: 97f85911 f94002da 91008356 d343fec8 (38796908)\n---[ end trace 0000000000000000 ]---\n----------------\nCode disassembly (best guess):\n 0:\t97f85911 \tbl\t0xffffffffffe16444\n 4:\tf94002da \tldr\tx26, [x22]\n 8:\t91008356 \tadd\tx22, x26, #0x20\n c:\td343fec8 \tlsr\tx8, x22, #3\n* 10:\t38796908 \tldrb\tw8, [x8, x25] <-- trapping instruction"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-438xx/CVE-2024-43899.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43899",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.557",
"lastModified": "2024-08-26T11:15:04.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] <TASK>\n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-439xx/CVE-2024-43900.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-43900",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.613",
"lastModified": "2024-08-26T11:15:04.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504 worker_thread\ntuner_probe <= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait <= create a worker\n...\ntuner_remove <= free dvb_frontend\n...\n request_firmware_work_func <= the firmware is ready\n load_firmware_cb <= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n ==================================================================\n BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n Call trace:\n load_firmware_cb+0x1310/0x17a0\n request_firmware_work_func+0x128/0x220\n process_one_work+0x770/0x1824\n worker_thread+0x488/0xea0\n kthread+0x300/0x430\n ret_from_fork+0x10/0x20\n\n Allocated by task 6504:\n kzalloc\n tuner_probe+0xb0/0x1430\n i2c_device_probe+0x92c/0xaf0\n really_probe+0x678/0xcd0\n driver_probe_device+0x280/0x370\n __device_attach_driver+0x220/0x330\n bus_for_each_drv+0x134/0x1c0\n __device_attach+0x1f4/0x410\n device_initial_probe+0x20/0x30\n bus_probe_device+0x184/0x200\n device_add+0x924/0x12c0\n device_register+0x24/0x30\n i2c_new_device+0x4e0/0xc44\n v4l2_i2c_new_subdev_board+0xbc/0x290\n v4l2_i2c_new_subdev+0xc8/0x104\n em28xx_v4l2_init+0x1dd0/0x3770\n\n Freed by task 6504:\n kfree+0x238/0x4e4\n tuner_remove+0x144/0x1c0\n i2c_device_remove+0xc8/0x290\n __device_release_driver+0x314/0x5fc\n device_release_driver+0x30/0x44\n bus_remove_device+0x244/0x490\n device_del+0x350/0x900\n device_unregister+0x28/0xd0\n i2c_unregister_device+0x174/0x1d0\n v4l2_device_unregister+0x224/0x380\n em28xx_v4l2_init+0x1d90/0x3770\n\n The buggy address belongs to the object at ffff8000d7ca2000\n which belongs to the cache kmalloc-2k of size 2048\n The buggy address is located 776 bytes inside of\n 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n The buggy address belongs to the page:\n page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n flags: 0x7ff800000000100(slab)\n raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\n[2]\n Actually, it is allocated for struct tuner, and dvb_frontend is inside."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-439xx/CVE-2024-43901.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43901",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.673",
"lastModified": "2024-08-26T11:15:04.673",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference for DTN log in DCN401\n\nWhen users run the command:\n\ncat /sys/kernel/debug/dri/0/amdgpu_dm_dtn_log\n\nThe following NULL pointer dereference happens:\n\n[ +0.000003] BUG: kernel NULL pointer dereference, address: NULL\n[ +0.000005] #PF: supervisor instruction fetch in kernel mode\n[ +0.000002] #PF: error_code(0x0010) - not-present page\n[ +0.000002] PGD 0 P4D 0\n[ +0.000004] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ +0.000003] RIP: 0010:0x0\n[ +0.000008] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[...]\n[ +0.000002] PKRU: 55555554\n[ +0.000002] Call Trace:\n[ +0.000002] <TASK>\n[ +0.000003] ? show_regs+0x65/0x70\n[ +0.000006] ? __die+0x24/0x70\n[ +0.000004] ? page_fault_oops+0x160/0x470\n[ +0.000006] ? do_user_addr_fault+0x2b5/0x690\n[ +0.000003] ? prb_read_valid+0x1c/0x30\n[ +0.000005] ? exc_page_fault+0x8c/0x1a0\n[ +0.000005] ? asm_exc_page_fault+0x27/0x30\n[ +0.000012] dcn10_log_color_state+0xf9/0x510 [amdgpu]\n[ +0.000306] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000003] ? vsnprintf+0x2fb/0x600\n[ +0.000009] dcn10_log_hw_state+0xfd0/0xfe0 [amdgpu]\n[ +0.000218] ? __mod_memcg_lruvec_state+0xe8/0x170\n[ +0.000008] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000002] ? debug_smp_processor_id+0x17/0x20\n[ +0.000003] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000002] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000002] ? set_ptes.isra.0+0x2b/0x90\n[ +0.000004] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000002] ? _raw_spin_unlock+0x19/0x40\n[ +0.000004] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000002] ? do_anonymous_page+0x337/0x700\n[ +0.000004] dtn_log_read+0x82/0x120 [amdgpu]\n[ +0.000207] full_proxy_read+0x66/0x90\n[ +0.000007] vfs_read+0xb0/0x340\n[ +0.000005] ? __count_memcg_events+0x79/0xe0\n[ +0.000002] ? srso_alias_return_thunk+0x5/0xfbef5\n[ +0.000003] ? count_memcg_events.constprop.0+0x1e/0x40\n[ +0.000003] ? handle_mm_fault+0xb2/0x370\n[ +0.000003] ksys_read+0x6b/0xf0\n[ +0.000004] __x64_sys_read+0x19/0x20\n[ +0.000003] do_syscall_64+0x60/0x130\n[ +0.000004] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ +0.000003] RIP: 0033:0x7fdf32f147e2\n[...]\n\nThis error happens when the color log tries to read the gamut remap\ninformation from DCN401 which is not initialized in the dcn401_dpp_funcs\nwhich leads to a null pointer dereference. This commit addresses this\nissue by adding a proper guard to access the gamut_remap callback in\ncase the specific ASIC did not implement this function."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e68b7ce6bc6073579fe8713ec6b85aa9cd2e351",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5af757124792817f8eb1bd0c80ad60fab519586b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-439xx/CVE-2024-43902.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-43902",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.733",
"lastModified": "2024-08-26T11:15:04.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checker before passing variables\n\nChecks null pointer before passing variables to functions.\n\nThis fixes 3 NULL_RETURNS issues reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1686675405d07f35eae7ff3d13a530034b899df2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cc2a94d96caeb3c975acdae7351c2f997c32175",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8092aa3ab8f7b737a34b71f91492c676a843043a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83c7f509ef087041604e9572938f82e18b724c9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-439xx/CVE-2024-43903.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-43903",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.793",
"lastModified": "2024-08-26T11:15:04.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-439xx/CVE-2024-43904.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43904",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.847",
"lastModified": "2024-08-26T11:15:04.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing\n\nThis commit adds null checks for the 'stream' and 'plane' variables in\nthe dcn30_apply_idle_power_optimizations function. These variables were\npreviously assumed to be null at line 922, but they were used later in\nthe code without checking if they were null. This could potentially lead\nto a null pointer dereference, which would cause a crash.\n\nThe null checks ensure that 'stream' and 'plane' are not null before\nthey are used, preventing potential crashes.\n\nFixes the below static smatch checker:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/16a8a2a839d19c4cf7253642b493ffb8eee1d857",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-439xx/CVE-2024-43905.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-43905",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.897",
"lastModified": "2024-08-26T11:15:04.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix the null pointer dereference for vega10_hwmgr\n\nCheck return value and conduct null pointer handling to avoid null pointer dereference."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e538944996d0dd497faf8ee81f8bfcd3aca7d80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50151b7f1c79a09117837eb95b76c2de76841dab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69a441473fec2fc2aa2cf56122d6c42c4266a239",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2629daf218a325f4d69754452cd42fe8451c15b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-439xx/CVE-2024-43906.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-43906",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.947",
"lastModified": "2024-08-26T11:15:04.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/admgpu: fix dereferencing null pointer context\n\nWhen user space sets an invalid ta type, the pointer context will be empty.\nSo it need to check the pointer context before using it"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/030ffd4d43b433bc6671d9ec34fc12c59220b95d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4fd52f7c2c11d330571c6bde06e5ea508ec25c9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/641dac64178ccdb9e45c92b67120316896294d05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-439xx/CVE-2024-43907.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-43907",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.000",
"lastModified": "2024-08-26T11:15:05.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules\n\nCheck the pointer value to fix potential null pointer\ndereference"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-439xx/CVE-2024-43908.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-43908",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.057",
"lastModified": "2024-08-26T11:15:05.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer dereference to ras_manager\n\nCheck ras_manager before using it"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48cada0ac79e4775236d642e9ec5998a7c7fb7a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c11d30c95576937c6c35e6f29884761f2dddb43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56e848034ccabe44e8f22ffcf49db771c17b0d0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b89616333979114bb0da5fa40fb6e4a2f5294ca2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d81c1eeb333d84b3012a91c0500189dc1d71e46c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-439xx/CVE-2024-43909.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-43909",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.117",
"lastModified": "2024-08-26T11:15:05.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: Fix the null pointer dereference for smu7\n\noptimize the code to avoid pass a null pointer (hwmgr->backend)\nto function smu7_update_edc_leakage_table."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/09544cd95c688d3041328a4253bd7514972399bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b8aa82b80bd947b68a8ab051d960a0c7935e22d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f56f050f02c27ed89cce1ea0c04b34abce32751",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c02c1960c93eede587576625a1221205a68a904f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-439xx/CVE-2024-43910.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.177",
"lastModified": "2024-08-26T11:15:05.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses\n\nCurrently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to\na global function as an argument. The adverse effects of this is that\nBPF helpers can continue to make use of this modified\nCONST_PTR_TO_DYNPTR from within the context of the global function,\nwhich can unintentionally result in out-of-bounds memory accesses and\ntherefore compromise overall system stability i.e.\n\n[ 244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140\n[ 244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302\n[ 244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b586715063 #533\n[ 244.174318] Call Trace:\n[ 244.175787] <TASK>\n[ 244.177356] dump_stack_lvl+0x66/0xa0\n[ 244.179531] print_report+0xce/0x670\n[ 244.182314] ? __virt_addr_valid+0x200/0x3e0\n[ 244.184908] kasan_report+0xd7/0x110\n[ 244.187408] ? bpf_dynptr_data+0x137/0x140\n[ 244.189714] ? bpf_dynptr_data+0x137/0x140\n[ 244.192020] bpf_dynptr_data+0x137/0x140\n[ 244.194264] bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26\n[ 244.198044] bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23\n[ 244.202136] bpf_user_ringbuf_drain+0x2c7/0x570\n[ 244.204744] ? 0xffffffffc0009e58\n[ 244.206593] ? __pfx_bpf_user_ringbuf_drain+0x10/0x10\n[ 244.209795] bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b\n[ 244.215922] bpf_trampoline_6442502480+0x43/0xe3\n[ 244.218691] __x64_sys_prlimit64+0x9/0xf0\n[ 244.220912] do_syscall_64+0xc1/0x1d0\n[ 244.223043] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 244.226458] RIP: 0033:0x7ffa3eb8f059\n[ 244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48\n[ 244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e\n[ 244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059\n[ 244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0\n[ 244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000\n[ 244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80\n[ 244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000\n[ 244.268303] </TASK>\n\nAdd a check_func_arg_reg_off() to the path in which the BPF verifier\nverifies the arguments of global function arguments, specifically\nthose which take an argument of type ARG_PTR_TO_DYNPTR |\nMEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any\nexplicit and strict type matching on the supplied register type, so\nlet's also enforce that a register either type PTR_TO_STACK or\nCONST_PTR_TO_DYNPTR is by the caller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13663a7c644bf1dedaf461d07252db5d76c8759a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec2b9a5e11e51fea1bb04c1e7e471952e887e874",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-439xx/CVE-2024-43911.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43911",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.227",
"lastModified": "2024-08-26T11:15:05.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif->bss_conf. So, there will be no chanreq assigned to\nvif->bss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G OE 6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 <83> 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n 0:\tf7 e8 \timul %eax\n 2:\td5 \t(bad)\n 3:\t93 \txchg %eax,%ebx\n 4:\t3e ea \tds (bad)\n 6:\t48 83 c4 28 \tadd $0x28,%rsp\n a:\t89 d8 \tmov %ebx,%eax\n c:\t5b \tpop %rbx\n d:\t41 5c \tpop %r12\n f:\t41 5d \tpop %r13\n 11:\t41 5e \tpop %r14\n 13:\t41 5f \tpop %r15\n 15:\t5d \tpop %rbp\n 16:\tc3 \tretq\n 17:\tcc \tint3\n 18:\tcc \tint3\n 19:\tcc \tint3\n 1a:\tcc \tint3\n 1b:\t49 8b 84 24 e0 f1 ff \tmov -0xe20(%r12),%rax\n 22:\tff\n 23:\t48 8b 80 90 1b 00 00 \tmov 0x1b90(%rax),%rax\n 2a:*\t83 38 03 \tcmpl $0x3,(%rax)\t\t<-- trapping instruction\n 2d:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe6a\n 33:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n 38:\teb cc \tjmp 0x6\n 3a:\t49 \trex.WB\n 3b:\t8b \t.byte 0x8b\n 3c:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 3f:\tf3 \trepz\n\nCode starting with the faulting instruction\n===========================================\n 0:\t83 38 03 \tcmpl $0x3,(%rax)\n 3:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe40\n 9:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n e:\teb cc \tjmp 0xffffffffffffffdc\n 10:\t49 \trex.WB\n 11:\t8b \t.byte 0x8b\n 12:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 15:\tf3 \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS: 0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324] <TASK>\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-439xx/CVE-2024-43912.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-43912",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.280",
"lastModified": "2024-08-26T11:15:05.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-439xx/CVE-2024-43913.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-43913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.330",
"lastModified": "2024-08-26T11:15:05.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: apple: fix device reference counting\n\nDrivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.\nSplit the allocation side out to make the error handling boundary easier\nto navigate. The apple driver had been doing this wrong, leaking the\ncontroller device memory on a tagset failure."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9ecbfa45516182cd062fecd286db7907ba84210",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d59c4d0eb6adc24c2201f153ccb7fd0a335b0d3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-439xx/CVE-2024-43914.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-43914",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.380",
"lastModified": "2024-08-26T11:15:05.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: avoid BUG_ON() while continue reshape after reassembling\n\nCurrently, mdadm support --revert-reshape to abort the reshape while\nreassembling, as the test 07revert-grow. However, following BUG_ON()\ncan be triggerred by the test:\n\nkernel BUG at drivers/md/raid5.c:6278!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nirq event stamp: 158985\nCPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94\nRIP: 0010:reshape_request+0x3f1/0xe60\nCall Trace:\n <TASK>\n raid5_sync_request+0x43d/0x550\n md_do_sync+0xb7a/0x2110\n md_thread+0x294/0x2b0\n kthread+0x147/0x1c0\n ret_from_fork+0x59/0x70\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nRoot cause is that --revert-reshape update the raid_disks from 5 to 4,\nwhile reshape position is still set, and after reassembling the array,\nreshape position will be read from super block, then during reshape the\nchecking of 'writepos' that is caculated by old reshape position will\nfail.\n\nFix this panic the easy way first, by converting the BUG_ON() to\nWARN_ON(), and stop the reshape if checkings fail.\n\nNoted that mdadm must fix --revert-shape as well, and probably md/raid\nshould enhance metadata validation as well, however this means\nreassemble will fail and there must be user tools to fix the wrong\nmetadata."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-449xx/CVE-2024-44931.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44931",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.447",
"lastModified": "2024-08-26T11:15:05.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: prevent potential speculation leaks in gpio_device_get_desc()\n\nUserspace may trigger a speculative read of an address outside the gpio\ndescriptor array.\nUsers can do that by calling gpio_ioctl() with an offset out of range.\nOffset is copied from user and then used as an array index to get\nthe gpio descriptor without sanitization in gpio_device_get_desc().\n\nThis change ensures that the offset is sanitized by using\narray_index_nospec() to mitigate any possibility of speculative\ninformation leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-449xx/CVE-2024-44932.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44932",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.500",
"lastModified": "2024-08-26T11:15:05.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix UAFs when destroying the queues\n\nThe second tagged commit started sometimes (very rarely, but possible)\nthrowing WARNs from\nnet/core/page_pool.c:page_pool_disable_direct_recycling().\nTurned out idpf frees interrupt vectors with embedded NAPIs *before*\nfreeing the queues making page_pools' NAPI pointers lead to freed\nmemory before these pools are destroyed by libeth.\nIt's not clear whether there are other accesses to the freed vectors\nwhen destroying the queues, but anyway, we usually free queue/interrupt\nvectors only when the queues are destroyed and the NAPIs are guaranteed\nto not be referenced anywhere.\n\nInvert the allocation and freeing logic making queue/interrupt vectors\nbe allocated first and freed last. Vectors don't require queues to be\npresent, so this is safe. Additionally, this change allows to remove\nthat useless queue->q_vector pointer cleanup, as vectors are still\nvalid when freeing the queues (+ both are freed within one function,\nso it's not clear why nullify the pointers at all)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/290f1c033281c1a502a3cd1c53c3a549259c491f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3cde714b0e77206ed1b5cf31f28c18ba9ae946fd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-449xx/CVE-2024-44933.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44933",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.547",
"lastModified": "2024-08-26T11:15:05.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()\n\nA recent commit has modified the code in __bnxt_reserve_rings() to\nset the default RSS indirection table to default only when the number\nof RX rings is changing. While this works for newer firmware that\nrequires RX ring reservations, it causes the regression on older\nfirmware not requiring RX ring resrvations (BNXT_NEW_RM() returns\nfalse).\n\nWith older firmware, RX ring reservations are not required and so\nhw_resc->resv_rx_rings is not always set to the proper value. The\ncomparison:\n\nif (old_rx_rings != bp->hw_resc.resv_rx_rings)\n\nin __bnxt_reserve_rings() may be false even when the RX rings are\nchanging. This will cause __bnxt_reserve_rings() to skip setting\nthe default RSS indirection table to default to match the current\nnumber of RX rings. This may later cause bnxt_fill_hw_rss_tbl() to\nuse an out-of-range index.\n\nWe already have bnxt_check_rss_tbl_no_rmgr() to handle exactly this\nscenario. We just need to move it up in bnxt_need_reserve_rings()\nto be called unconditionally when using older firmware. Without the\nfix, if the TX rings are changing, we'll skip the\nbnxt_check_rss_tbl_no_rmgr() call and __bnxt_reserve_rings() may also\nskip the bnxt_set_dflt_rss_indir_tbl() call for the reason explained\nin the last paragraph. Without setting the default RSS indirection\ntable to default, it causes the regression:\n\nBUG: KASAN: slab-out-of-bounds in __bnxt_hwrm_vnic_set_rss+0xb79/0xe40\nRead of size 2 at addr ffff8881c5809618 by task ethtool/31525\nCall Trace:\n__bnxt_hwrm_vnic_set_rss+0xb79/0xe40\n bnxt_hwrm_vnic_rss_cfg_p5+0xf7/0x460\n __bnxt_setup_vnic_p5+0x12e/0x270\n __bnxt_open_nic+0x2262/0x2f30\n bnxt_open_nic+0x5d/0xf0\n ethnl_set_channels+0x5d4/0xb30\n ethnl_default_set_doit+0x2f1/0x620"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/abd573e9ad2ba64eaa6418a5f4eec819de28f205",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da03f5d1b2c319a2b74fe76edeadcd8fa5f44376",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-449xx/CVE-2024-44934.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-44934",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.593",
"lastModified": "2024-08-26T11:15:05.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: wait for previous gc cycles when removing port\n\nsyzbot hit a use-after-free[1] which is caused because the bridge doesn't\nmake sure that all previous garbage has been collected when removing a\nport. What happens is:\n CPU 1 CPU 2\n start gc cycle remove port\n acquire gc lock first\n wait for lock\n call br_multicasg_gc() directly\n acquire lock now but free port\n the port can be freed\n while grp timers still\n running\n\nMake sure all previous gc cycles have finished by using flush_work before\nfreeing the port.\n\n[1]\n BUG: KASAN: slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699\n\n CPU: 1 PID: 9699 Comm: syz.5.1232 Not tainted 6.10.0-rc5-syzkaller-00021-g24ca36a562d6 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n Call Trace:\n <IRQ>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861\n call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1792\n expire_timers kernel/time/timer.c:1843 [inline]\n __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417\n __run_timer_base kernel/time/timer.c:2428 [inline]\n __run_timer_base kernel/time/timer.c:2421 [inline]\n run_timer_base+0x111/0x190 kernel/time/timer.c:2437"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d8b26e10e680c01522d7cc14abe04c3265a928f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1e16828020c674b3be85f52685e8b80f9008f50f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92c4ee25208d0f35dafc3213cdf355fbe449e078",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2f794b168cf560682ff976b255aa6d29d14a658",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3145ca904fa8dbfd1a5bf0187905bc117b0efce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-449xx/CVE-2024-44935.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-44935",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.643",
"lastModified": "2024-08-26T11:15:05.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT. Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n 1. Two sockets call listen() concurrently\n 2. No socket in the same group found in sctp_ep_hashtable[]\n 3. Two sockets call reuseport_alloc() and form two reuseport groups\n 4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet's apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-449xx/CVE-2024-44936.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44936",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.700",
"lastModified": "2024-08-26T11:15:05.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rt5033: Bring back i2c_set_clientdata\n\nCommit 3a93da231c12 (\"power: supply: rt5033: Use devm_power_supply_register() helper\")\nreworked the driver to use devm. While at it, the i2c_set_clientdata\nwas dropped along with the remove callback. Unfortunately other parts\nof the driver also rely on i2c clientdata so this causes kernel oops.\n\nBring the call back to fix the driver."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c5d0871b0af0184abc6f7f52f8705b39a6251ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3911f1639e67fc7b12aae0efa5a540976d7443b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-449xx/CVE-2024-44937.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44937",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.753",
"lastModified": "2024-08-26T11:15:05.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 (\"ACPI: OSL: Allow Notify () handlers to run on\nall CPUs\") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv->switches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17'\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-26T10:00:17.128537+00:00
2024-08-26T12:00:17.986841+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-26T09:15:04.963000+00:00
2024-08-26T11:15:05.753000+00:00
```
### Last Data Feed Release
@ -33,25 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
261134
261171
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `37`
- [CVE-2024-43442](CVE-2024/CVE-2024-434xx/CVE-2024-43442.json) (`2024-08-26T09:15:04.340`)
- [CVE-2024-43443](CVE-2024/CVE-2024-434xx/CVE-2024-43443.json) (`2024-08-26T09:15:04.573`)
- [CVE-2024-43444](CVE-2024/CVE-2024-434xx/CVE-2024-43444.json) (`2024-08-26T09:15:04.760`)
- [CVE-2024-43884](CVE-2024/CVE-2024-438xx/CVE-2024-43884.json) (`2024-08-26T08:15:03.827`)
- [CVE-2024-8161](CVE-2024/CVE-2024-81xx/CVE-2024-8161.json) (`2024-08-26T09:15:04.963`)
- [CVE-2024-43897](CVE-2024/CVE-2024-438xx/CVE-2024-43897.json) (`2024-08-26T11:15:04.437`)
- [CVE-2024-43898](CVE-2024/CVE-2024-438xx/CVE-2024-43898.json) (`2024-08-26T11:15:04.493`)
- [CVE-2024-43899](CVE-2024/CVE-2024-438xx/CVE-2024-43899.json) (`2024-08-26T11:15:04.557`)
- [CVE-2024-43900](CVE-2024/CVE-2024-439xx/CVE-2024-43900.json) (`2024-08-26T11:15:04.613`)
- [CVE-2024-43901](CVE-2024/CVE-2024-439xx/CVE-2024-43901.json) (`2024-08-26T11:15:04.673`)
- [CVE-2024-43902](CVE-2024/CVE-2024-439xx/CVE-2024-43902.json) (`2024-08-26T11:15:04.733`)
- [CVE-2024-43903](CVE-2024/CVE-2024-439xx/CVE-2024-43903.json) (`2024-08-26T11:15:04.793`)
- [CVE-2024-43904](CVE-2024/CVE-2024-439xx/CVE-2024-43904.json) (`2024-08-26T11:15:04.847`)
- [CVE-2024-43905](CVE-2024/CVE-2024-439xx/CVE-2024-43905.json) (`2024-08-26T11:15:04.897`)
- [CVE-2024-43906](CVE-2024/CVE-2024-439xx/CVE-2024-43906.json) (`2024-08-26T11:15:04.947`)
- [CVE-2024-43907](CVE-2024/CVE-2024-439xx/CVE-2024-43907.json) (`2024-08-26T11:15:05.000`)
- [CVE-2024-43908](CVE-2024/CVE-2024-439xx/CVE-2024-43908.json) (`2024-08-26T11:15:05.057`)
- [CVE-2024-43909](CVE-2024/CVE-2024-439xx/CVE-2024-43909.json) (`2024-08-26T11:15:05.117`)
- [CVE-2024-43910](CVE-2024/CVE-2024-439xx/CVE-2024-43910.json) (`2024-08-26T11:15:05.177`)
- [CVE-2024-43911](CVE-2024/CVE-2024-439xx/CVE-2024-43911.json) (`2024-08-26T11:15:05.227`)
- [CVE-2024-43912](CVE-2024/CVE-2024-439xx/CVE-2024-43912.json) (`2024-08-26T11:15:05.280`)
- [CVE-2024-43913](CVE-2024/CVE-2024-439xx/CVE-2024-43913.json) (`2024-08-26T11:15:05.330`)
- [CVE-2024-43914](CVE-2024/CVE-2024-439xx/CVE-2024-43914.json) (`2024-08-26T11:15:05.380`)
- [CVE-2024-44931](CVE-2024/CVE-2024-449xx/CVE-2024-44931.json) (`2024-08-26T11:15:05.447`)
- [CVE-2024-44932](CVE-2024/CVE-2024-449xx/CVE-2024-44932.json) (`2024-08-26T11:15:05.500`)
- [CVE-2024-44933](CVE-2024/CVE-2024-449xx/CVE-2024-44933.json) (`2024-08-26T11:15:05.547`)
- [CVE-2024-44934](CVE-2024/CVE-2024-449xx/CVE-2024-44934.json) (`2024-08-26T11:15:05.593`)
- [CVE-2024-44935](CVE-2024/CVE-2024-449xx/CVE-2024-44935.json) (`2024-08-26T11:15:05.643`)
- [CVE-2024-44936](CVE-2024/CVE-2024-449xx/CVE-2024-44936.json) (`2024-08-26T11:15:05.700`)
- [CVE-2024-44937](CVE-2024/CVE-2024-449xx/CVE-2024-44937.json) (`2024-08-26T11:15:05.753`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `8`
- [CVE-2024-31380](CVE-2024/CVE-2024-313xx/CVE-2024-31380.json) (`2024-08-26T08:15:03.640`)
- [CVE-2022-1271](CVE-2022/CVE-2022-12xx/CVE-2022-1271.json) (`2024-08-26T10:47:19.123`)
- [CVE-2023-22359](CVE-2023/CVE-2023-223xx/CVE-2023-22359.json) (`2024-08-26T10:15:03.987`)
- [CVE-2023-23549](CVE-2023/CVE-2023-235xx/CVE-2023-23549.json) (`2024-08-26T10:15:04.890`)
- [CVE-2023-31209](CVE-2023/CVE-2023-312xx/CVE-2023-31209.json) (`2024-08-26T10:15:05.083`)
- [CVE-2023-31211](CVE-2023/CVE-2023-312xx/CVE-2023-31211.json) (`2024-08-26T10:15:05.250`)
- [CVE-2023-6287](CVE-2023/CVE-2023-62xx/CVE-2023-6287.json) (`2024-08-26T10:15:05.410`)
- [CVE-2023-6735](CVE-2023/CVE-2023-67xx/CVE-2023-6735.json) (`2024-08-26T10:15:05.587`)
- [CVE-2024-3367](CVE-2024/CVE-2024-33xx/CVE-2024-3367.json) (`2024-08-26T10:15:05.743`)
## Download and Usage

65
_state.csv
View File

@ -188646,7 +188646,7 @@ CVE-2022-1267,0,0,7e26238dfb18b3ea1f63ac127c5760eacf86652bb599bc268adc604f520b7e
CVE-2022-1268,0,0,7e3e1487e20b91f801f7cabb42e1e3e13c7790b1a0ae2c1c5737dcf80954107c,2022-05-28T02:15:16.163000
CVE-2022-1269,0,0,13944ac360be92436d03f202b1351b7bbe4b98ce71588f8b95e2d13140848520,2022-10-27T12:16:17.693000
CVE-2022-1270,0,0,7c052158e8bd3f58a56d9a4dc1f4946beaf3f77d50948d1602afa1fd9ee44f05,2023-02-01T14:11:34.353000
CVE-2022-1271,0,0,d4f606bfec08ee8742086076a8faa8c21bce730becdd72e68cbda4c653ce437a,2023-11-07T03:41:52.377000
CVE-2022-1271,0,1,f21988ad23d54531e0f0d5a434ae2ce4d25998d030bb70e0ecec14c5ed0a76a3,2024-08-26T10:47:19.123000
CVE-2022-1273,0,0,ca7f62817d1af7465b965f53590f33d37f68ad0c2797c9fb60c9147a26653a9a,2022-05-10T19:17:22.510000
CVE-2022-1274,0,0,32bec89cbff9d8b0e2c7e493ecf46f1fae4b34e28c1309358864ceed832b9a26,2023-12-22T16:15:07.353000
CVE-2022-1275,0,0,b5a85ba89c2129f68d14932aa00af0d916570f3a64029c5613c53aec71fa7bca,2022-06-08T17:18:24.933000
@ -216517,7 +216517,7 @@ CVE-2023-22355,0,0,a4d5d05d75f9291e4d7aee98ebeb547af4dbaa85a32c0ef766a03f2cf1397
CVE-2023-22356,0,0,e852fab1aca651d3d6d42d227a83bf92510ecd1bf693b619e916d5217eea8557,2023-11-07T04:06:51.347000
CVE-2023-22357,0,0,bce0f24fcbe872f2b6a922c5dd1151c2a9a30b4aa1c4c602bb72e0bb2f8b2883,2023-01-24T21:00:11.467000
CVE-2023-22358,0,0,84bd07a0547b596ec584b8600cd4bda251f43b737cf6566c7dbac934b16a117d,2023-11-07T04:06:51.727000
CVE-2023-22359,0,0,16a7d4417e376170226ceb31f7e183ebf4d24431c201f9e208d06f209ca00ccf,2024-07-23T19:37:16.630000
CVE-2023-22359,0,1,7747ac31aa6bdb8a6d73da6597489b8787bfb99c3b4c759ba48f2e22a831926d,2024-08-26T10:15:03.987000
CVE-2023-2236,0,0,dc196e50b268dacab4df24630536396e7f8781535043c20f2273d9efe70f9565,2023-08-11T19:51:06.083000
CVE-2023-22360,0,0,602e31b755cdde8fc0c2765a9c8cc741580b4dc94dc0f0c28bb04d8944659f69,2023-02-27T17:26:46.630000
CVE-2023-22361,0,0,3c67b76e23aadc428abb8da47175fbff1fc213579640d9f0b9d7cb522e33c19a,2023-05-16T21:13:19.133000
@ -217393,7 +217393,7 @@ CVE-2023-23545,0,0,7e8a1a1f5ad0893750762c161dc9fda182d786a788cef2239c13d8ec38187
CVE-2023-23546,0,0,cef725a9842d9972508ad94026e569092d054f12ed23ec2ed7a26b7f0f87fcd0,2023-07-13T17:10:31.897000
CVE-2023-23547,0,0,40794d478de8fe20f21fb54cd925726cfd971ec30022af065d886ccc43d0bdda,2023-07-13T01:49:25.823000
CVE-2023-23548,0,0,26f6ef46802aea6ca8e73215c77cd8eafab0fec173eeca5906b3de8715f0e2f1,2024-07-23T19:37:16.630000
CVE-2023-23549,0,0,c0f6b6c7628f92730593b8031903dff81a73f70c99d08e6ce6a0c84ed0a597fb,2024-07-23T19:37:16.630000
CVE-2023-23549,0,1,7008dd2e2b51842cafca299df716196f27e4641df3e74adc04cd6ff5731db5fb,2024-08-26T10:15:04.890000
CVE-2023-2355,0,0,c58e03a2db1205e3098225797b59c90ca44457d70fc40cc0f8ec47375d439951,2023-05-09T16:38:54.170000
CVE-2023-23550,0,0,5f1e3c4561970447a31762cdde45e11f9bffd6be707a45119aed7abf5c683fec,2023-07-13T17:20:58.420000
CVE-2023-23551,0,0,0bce626087533e7ed89ccb682491f55dfdf78ab5d6e965987a48247bc4643465,2023-11-07T04:07:44.507000
@ -223513,10 +223513,10 @@ CVE-2023-31203,0,0,e20ee84ba3753fe4459b52304841db8ed359cfcb0631867aff4534b827d7b
CVE-2023-31206,0,0,a8d72bdc931be244e474c0480916a79eccf4e243c7050b62fa92dd3a089b14e7,2023-05-31T01:25:33.760000
CVE-2023-31207,0,0,547125180cffd0c493ff8787c644b028bd8f18938978f39df407f0a197af0c90,2024-07-23T19:37:16.630000
CVE-2023-31208,0,0,95c19457e4d84f3e922d42dc0c6a1550abef2b702e7ba80d1256849ed16f675d,2024-07-23T19:37:16.630000
CVE-2023-31209,0,0,24fa54ee20b85363250fa4c02e27f53237b1178aef5d23621497ce47f1b045ab,2024-07-23T19:37:16.630000
CVE-2023-31209,0,1,b0d163613db3908a63b52fa8aa8684ce97e73a6c6a29472adafd5e4272934788,2024-08-26T10:15:05.083000
CVE-2023-3121,0,0,ea8731305873b2e9955fbdef80d1714e7efb818ccffd04fd3622d879b8a18964,2024-05-17T02:27:17.330000
CVE-2023-31210,0,0,88b12180c8fa2420beef8d9adbc253b4ea973d239cee4102a68060eb6e2eded0,2024-07-23T19:37:16.630000
CVE-2023-31211,0,0,0c48fe63f4265906040eb23f324f1a7beeb834037ee5e4b9fb638ff59190f22f,2024-07-23T19:37:16.630000
CVE-2023-31211,0,1,bf5d125c86d7e4ade6aa6be5f1e0a2ae3ddb8a20b235098a09d2766c553a58f0,2024-08-26T10:15:05.250000
CVE-2023-31212,0,0,ccf63ad68c42b79ca42a52d05fbe3f89ffcee21f9fd6d3180865ae889a2c4080,2023-11-08T18:47:36.203000
CVE-2023-31213,0,0,936cf9b4226c806d2c0f043831e1e975e827dca012d4f1da9fc4e97043ca0a3d,2023-07-19T18:25:45.263000
CVE-2023-31215,0,0,38ff3a6906e088291a7be3db4a8bac5a68f2e164faa42afc601631fff6fcb3e2,2023-12-28T13:32:56.443000
@ -240228,7 +240228,7 @@ CVE-2023-6278,0,0,c78b8d879da1ce114b8d36c4602cd8be742dae98eec5ce3b7337c3170b6a2e
CVE-2023-6279,0,0,058b7b47599ec599cdb9a002a2c8fd40321be5fd43b36531af9da360a427c486,2024-02-03T01:22:07.893000
CVE-2023-6280,0,0,0eaf6e9cc251121d8849df1baff5f176eba03fb9d352ccd6592a3f06b406e6e7,2024-08-02T09:15:35.567000
CVE-2023-6282,0,0,4784548eba10b83af13ad1d418558edb4e512140732c316a2e8a92ea50bef36a,2024-01-31T19:11:25.767000
CVE-2023-6287,0,0,b3b5d6bcccc7394e3aa5bbff92db5f5b957f95512830a9a9a15a37acc84d083e,2023-12-01T02:30:49.880000
CVE-2023-6287,0,1,1dc104a6208e2fcd17543a0dc13f4dedd7d6956d712be42b1aea5436f65a922c,2024-08-26T10:15:05.410000
CVE-2023-6288,0,0,ddba7a52ea6fdfc95d03dc2edaccec79b45285ddf1c7a92ebb5137eeba0abac1,2023-12-12T16:52:48.990000
CVE-2023-6289,0,0,b65eee10c1a6b84921476339a7fcab0851c86d4319ac77b38e98a36e824313e7,2023-12-21T20:55:29.640000
CVE-2023-6290,0,0,0cb76e16605dd96f79aa6ca00ffeede53beb4e89b7b2813602ed988100f64c50,2024-01-26T19:36:13.877000
@ -240605,7 +240605,7 @@ CVE-2023-6731,0,0,3d191e2c26a0a3aa0821f60da98004f88d38a1819ac9580185e4501f59332a
CVE-2023-6732,0,0,a8cf2e4c4dcc6f1ed4b0c8bd0cc0fcda4e222ce88394800e3628dc6aaf413fbd,2024-01-23T14:59:59.107000
CVE-2023-6733,0,0,832505676334ad625eb90fd9b49928f28a572b7669f9de534ef509c303ffa9a0,2024-01-10T16:53:12.160000
CVE-2023-6734,0,0,f702cfc07dd4f70df68ba07e813e6841d7b4220f597a5c694e7bd72e1e10c540,2024-06-05T20:15:12.617000
CVE-2023-6735,0,0,2e8f7e121cf6cbda714126642707eada1ad8e6858b9cdb01ed908d3fbabb3e4d,2024-07-23T19:37:16.630000
CVE-2023-6735,0,1,26f3b074e6e49303d0efb2238ca8c596f9facb1d1e46a1e6c9dd8332df3ce00a,2024-08-26T10:15:05.587000
CVE-2023-6736,0,0,b18daa793a87d835eb2fccf096463070492ca1a30d88985059b30d6acd104fbf,2024-03-04T20:33:21.807000
CVE-2023-6737,0,0,81f112c4602b8dca9ae7ad1bb41c2e0b9119096841578c5144da63c16d3c4e20,2024-01-17T20:38:08.660000
CVE-2023-6738,0,0,98f706f66e07756fc125df3a56bb9b72e3055907fa5539d0076bd32208d65fdb,2024-01-10T16:50:13.013000
@ -250819,7 +250819,7 @@ CVE-2024-31377,0,0,14d5fdec649c6be9cfc3ab64974f9a03d7034e93ffc2ce281082511fa57ba
CVE-2024-31378,0,0,ce408a331b9e77feecb7fcc79968cf7225aafa4ab3498e249477ad6e3e7e91db,2024-04-15T13:15:31.997000
CVE-2024-31379,0,0,2b2e01f8a7e33e5808874beb1600d01a4c40352a2f341a57b9caabc7fce43e5d,2024-04-15T13:15:31.997000
CVE-2024-3138,0,0,34e13813d3cb7daae925fc230e045833072a77ff600b9e54dcd625ae5516e07d,2024-08-01T20:15:24.490000
CVE-2024-31380,0,1,c0568178de2753924f19de6819b939cfa1d03e942c28e0963312663d8a844b83,2024-08-26T08:15:03.640000
CVE-2024-31380,0,0,c0568178de2753924f19de6819b939cfa1d03e942c28e0963312663d8a844b83,2024-08-26T08:15:03.640000
CVE-2024-31381,0,0,8dbaf6f553ec6641f373c53d423bfb38349bd9c80d777f0ca2fa3e9b1a5e7ace,2024-04-15T13:15:31.997000
CVE-2024-31382,0,0,55e0620b5b0279ac0a2bb51ea72874c14f8516886940b297f7110d03f735a736,2024-04-15T13:15:31.997000
CVE-2024-31383,0,0,48340f427b746833cc0f7109feca4b8c2b4ef5e27f7db3904372a76af6fbd2dc,2024-04-15T13:15:31.997000
@ -252349,7 +252349,7 @@ CVE-2024-33666,0,0,8e982c6a0c03f8b5d1cbd58e6d45d8ee40f43b5fb9ebc6cbaefdef7cc6467
CVE-2024-33667,0,0,d9a60490b5a47ab58d6800af0e868d69fb5acbd4454834ffe597651ec1e47cdb,2024-04-26T12:58:17.720000
CVE-2024-33668,0,0,1057e9899f3d071fbe9469ff4d64f06b263f71484eb3414fb82aad54f0a342bc,2024-07-03T01:58:34.653000
CVE-2024-33669,0,0,9f9e4923b29b77e4df7ed4bfab7ff189f9617396636ad12f3335720e7b3f148c,2024-07-03T01:58:35.420000
CVE-2024-3367,0,0,31f1b96caacdf32cb07b44d556d68ab31ddfc6550ca25d8ad2ff89de82dc4e9a,2024-04-24T12:15:07.093000
CVE-2024-3367,0,1,3b87f70833bb8ccf4c6d89027b50770ba7c3694c19e37821dd6ef423c5078200,2024-08-26T10:15:05.743000
CVE-2024-33670,0,0,3abc3d385958341e24c9eda52dec235106719c4d891dda10a7a17ff0ec58be16,2024-07-03T01:58:36.127000
CVE-2024-33671,0,0,5feca8f352d561cdd0e0c6bac5759d95e299a4747d95bc22a8db29940e7c5bd1,2024-04-26T12:58:17.720000
CVE-2024-33672,0,0,4f42606374298c39a17dbd38700642945b2e9bef08fd2b3fd4fad590404e973d,2024-07-03T01:58:36.807000
@ -258234,9 +258234,9 @@ CVE-2024-43410,0,0,34c0de7d3aba2e2bf754c89b4a746899ed92baa2a863da3cba07091015a18
CVE-2024-43411,0,0,17fae2b6c19a1c99d860c5f9c414f25b1a9d716a3875184bd3648e5d7c5063c5,2024-08-21T17:25:08.560000
CVE-2024-4342,0,0,2403af0b003f5953a3d2a1b74bf46d64f4a354bc628b01d2ea5f60de4a4002c6,2024-06-03T14:46:24.250000
CVE-2024-4344,0,0,0e21345ffbddb43f0000901c1c1f7a4c33b525c68a381cd32a35ab8e755aa5fd,2024-06-03T14:46:24.250000
CVE-2024-43442,1,1,4d85fee72215ef316e2797264d5b9c2dc9a0ce40e3eb1de6c4c0d6916adda093,2024-08-26T09:15:04.340000
CVE-2024-43443,1,1,ad3f76362bcd2482823dcdb604af9f5de481150140eb03b4db5defa6889281bc,2024-08-26T09:15:04.573000
CVE-2024-43444,1,1,91a6f9746f5adb661e3f076c0a8e2081ace637409905e745133ade446ba7c5a9,2024-08-26T09:15:04.760000
CVE-2024-43442,0,0,4d85fee72215ef316e2797264d5b9c2dc9a0ce40e3eb1de6c4c0d6916adda093,2024-08-26T09:15:04.340000
CVE-2024-43443,0,0,ad3f76362bcd2482823dcdb604af9f5de481150140eb03b4db5defa6889281bc,2024-08-26T09:15:04.573000
CVE-2024-43444,0,0,91a6f9746f5adb661e3f076c0a8e2081ace637409905e745133ade446ba7c5a9,2024-08-26T09:15:04.760000
CVE-2024-4345,0,0,991a52fb88968c952c460a76f59f283c0ad80fedc25d9533338fbc3b0d515f60,2024-05-07T13:39:32.710000
CVE-2024-4346,0,0,9d7617b39f85e35f3b425bc36c01c8cc51c24d84e65ff0d34bf4ea7488f000ec,2024-05-07T13:39:32.710000
CVE-2024-4347,0,0,f9a9185c34e13435315e8c5679dcdbef88eacdd68a031d012b94daf573ce3f3f,2024-05-24T01:15:30.977000
@ -258364,10 +258364,40 @@ CVE-2024-43880,0,0,620881f474d97ec9d89405e6ef8dfb0deeccc719de94ff3b069983055d50d
CVE-2024-43881,0,0,a40946e430007d3d83ea6de83f76454a9e9d71f940866bbda51302ab2716b573,2024-08-21T12:30:33.697000
CVE-2024-43882,0,0,d55668215cd6d665e2480e5f531dc425652dbf9b52271fdc563c400a262ed289,2024-08-21T12:30:33.697000
CVE-2024-43883,0,0,91d9dc24243e1eb7439b854fe03a12be52a8a2651dc7ad627233ff467dccabae,2024-08-23T16:18:28.547000
CVE-2024-43884,1,1,907c82411f19f6755ae4d009660ba67ea249672646ba816062bd6b0090ee8e3c,2024-08-26T08:15:03.827000
CVE-2024-43884,0,0,907c82411f19f6755ae4d009660ba67ea249672646ba816062bd6b0090ee8e3c,2024-08-26T08:15:03.827000
CVE-2024-43885,1,1,e57f0d0c9d2ae5475bc7a7a992773057c282e69505b12132a913cb3b47135f3a,2024-08-26T11:15:03.720000
CVE-2024-43886,1,1,63dc724d80e40d8c19a27b9879dc6fe3b4c1dbcbf9f13780f50c990cd96364dc,2024-08-26T11:15:03.830000
CVE-2024-43887,1,1,605b0ae03866b1a729deabe6360d8b6065d94e8dba1b76d16cf127ba2d0f6199,2024-08-26T11:15:03.877000
CVE-2024-43888,1,1,0e42c76d77ea9074bc435f8cacf1ed0b0cc1ba19f8be677b523fe467632f1911,2024-08-26T11:15:03.930000
CVE-2024-43889,1,1,addff851396d802061ccaa802db84572fd18d0a094d3d31b1b3c9adb66d6bd6d,2024-08-26T11:15:03.980000
CVE-2024-4389,0,0,ea54671e2f1f297a2bfa11e14d812b86fa7a7f36f3487a0625bc52be81ee66b3,2024-08-14T13:00:37.107000
CVE-2024-43890,1,1,c0ee178213e43bda9285bd61a66b129dec502909b72cdee5bd08e626d4894e6b,2024-08-26T11:15:04.040000
CVE-2024-43891,1,1,6803fc75d06ac367b5911a0f0df77bb170b57814fa4da54de3be11a47a0403ad,2024-08-26T11:15:04.103000
CVE-2024-43892,1,1,3254c2347c53c4ea20d6ee88111f7ca344f972f557a522075dccba6e215c8b4d,2024-08-26T11:15:04.157000
CVE-2024-43893,1,1,ad6c096295783f993f2ce42d27bc2df25b35f532f00adcff5eebd8246d9bbee1,2024-08-26T11:15:04.213000
CVE-2024-43894,1,1,1370fccbcaa026954a0edab8d63b78084b6a34f3896bfe4a66fcb4bbb1a7b4ae,2024-08-26T11:15:04.280000
CVE-2024-43895,1,1,ab572505ed6b65203f3f8f2d6bdbbb327c7534bef60e6f954ea362fbf9dbb056,2024-08-26T11:15:04.333000
CVE-2024-43896,1,1,f8130262aa2a8a1bb2de61f967a32f1f3c453d6da3f3a64f1c89ab3e6dfe7d27,2024-08-26T11:15:04.387000
CVE-2024-43897,1,1,a55192b4d7810173b5e38f467e56df24fb162cdb3f613dc7a2ca57db1304e980,2024-08-26T11:15:04.437000
CVE-2024-43898,1,1,f119a1adf107b1847743961b38af997028a6635e56a74f7221d5b9c719fd9c6d,2024-08-26T11:15:04.493000
CVE-2024-43899,1,1,6be75360c348b6591d56b77e02c4eb21b0ad63b3cf8b0cbf3a20a63763b2447c,2024-08-26T11:15:04.557000
CVE-2024-4390,0,0,e7e7976abdd60c38776b1ca6e6489a541123a6d22aaefce9d02ee1d97e2bf9c9,2024-07-17T14:10:55.550000
CVE-2024-43900,1,1,ac09ad39bf797b7de8637cd2d90db0416e1d6f1c7f33c85721ad1baa68687e21,2024-08-26T11:15:04.613000
CVE-2024-43901,1,1,df0b413e112294a542197a93f070eadaefff8b69d13d8e2d045c0899fc906c68,2024-08-26T11:15:04.673000
CVE-2024-43902,1,1,7c083a461a610ff4e67d2b173a1e4732c5b06e82eb052775921d6b3012eb881a,2024-08-26T11:15:04.733000
CVE-2024-43903,1,1,dd7f1a3bfa9282ddfd310a2f0da445433156114e9bf6b3f0b87ba5fdffb0ebf9,2024-08-26T11:15:04.793000
CVE-2024-43904,1,1,82aeb7a874d903fe91533131e2a8297290ccd4391f758467587c122766f597c8,2024-08-26T11:15:04.847000
CVE-2024-43905,1,1,e28d88db60c868f9e7ea2aaa713f51d4bc485ee32f763a09fe2e5e8da0a8074b,2024-08-26T11:15:04.897000
CVE-2024-43906,1,1,f4ff92efb9decc90d87f4f0c92ae11b2331aa961ad0d23874ec31b88e0ea6c0e,2024-08-26T11:15:04.947000
CVE-2024-43907,1,1,d2bca590fe1f23e2f383ba211db6c2d17faf3a5de311ccc177aa309fd66cc083,2024-08-26T11:15:05
CVE-2024-43908,1,1,5f1d2cae814ce901d074d9e749ce86b19e54f0ec789cb6b35da230c6bf968251,2024-08-26T11:15:05.057000
CVE-2024-43909,1,1,64f58c22bdb2630174e7521e62dda3755a865dd47b68b2d8b0ff63be635b7bfa,2024-08-26T11:15:05.117000
CVE-2024-4391,0,0,3c50ad807a6efe83c676c20cbd033bdfc9a5c436710b6a08536dff480db62e6d,2024-05-16T13:03:05.353000
CVE-2024-43910,1,1,c090013e7eaa650a8dcaaf9e04a40deb52e3395799ee0893441209825e87c443,2024-08-26T11:15:05.177000
CVE-2024-43911,1,1,7b6b484164d2ca1bd8b3accdc007775987168e087e88981cc192fd1c9f24db51,2024-08-26T11:15:05.227000
CVE-2024-43912,1,1,a5892b2f5ec2aac89c106613d3dd54dcd609beb95e949c01a4122415952800a2,2024-08-26T11:15:05.280000
CVE-2024-43913,1,1,f9f2415014579a7a96b046da56608da2ea1f057f13abd46556099f0b1e267e8c,2024-08-26T11:15:05.330000
CVE-2024-43914,1,1,5437d9cc17e0e3ed447be84277edb93a02e7b70fc65f6694ad68417278b9dfee,2024-08-26T11:15:05.380000
CVE-2024-4392,0,0,5c82c123a66d3444e81adbb958bd6b8cf11e432e36668571a78dbfc8c82c1c37,2024-05-14T19:17:55.627000
CVE-2024-4393,0,0,4e00802830a11f2dfec38985ebf8ec82363098448bfe6d2b274aa9f7d7f56b33,2024-05-08T13:15:00.690000
CVE-2024-4395,0,0,7eb8bb55518c25270e2cdb5da345e646a2437fce6bdd0ba1dda9f1e27539a52c,2024-07-03T02:07:30.800000
@ -258464,6 +258494,13 @@ CVE-2024-4490,0,0,46d58037d58f18ff9df6b6b94f91d6beb02adec3983ce96102d15aba21f19f
CVE-2024-4491,0,0,fec0fa99feb905362d1059ae18d849f25d02b15efc10c179ce136112d1e08871,2024-06-04T19:20:38.950000
CVE-2024-4492,0,0,0237cea7742a82f916a95c7121fd101b19e30a52d4f326fc68f5db785a621a29,2024-06-04T19:20:39.047000
CVE-2024-4493,0,0,890374eb1d5a1051bad1d8c630ec03ea130ffcf654be5d03c4d1c85a0ebc3c87,2024-06-04T19:20:39.143000
CVE-2024-44931,1,1,d012a5e5dafebea3bbd989b7d8fe4ade8e83f8a556cb699e3b7e4fac79785636,2024-08-26T11:15:05.447000
CVE-2024-44932,1,1,624deef212d36dd76fab1bb65f10b45f125d1d023711c896d37273f2f720a5ae,2024-08-26T11:15:05.500000
CVE-2024-44933,1,1,0106375a11c2dece5fce3cd930233e119d5776f7fec9f134110a02061391eac4,2024-08-26T11:15:05.547000
CVE-2024-44934,1,1,886ebabe662597544691be3c24dc24445af407a997f47a51171edc1ded6bfeca,2024-08-26T11:15:05.593000
CVE-2024-44935,1,1,7f0fabd200183dcca3fdd75a54ca288c357c544efacad13e2aa7f83da97babb3,2024-08-26T11:15:05.643000
CVE-2024-44936,1,1,902a0c30ac2f163137de593db8faf2c28f494b58a6d6a70aeb50c2563d87b2e6,2024-08-26T11:15:05.700000
CVE-2024-44937,1,1,ad7946a04125d0e70306e74fca188a903acc22283c0100ba21b5e1740fae2120,2024-08-26T11:15:05.753000
CVE-2024-4494,0,0,48359226f338c9b2ea2806c2c68d5e2ef65a24ac708162309f084eae0ceb81a4,2024-06-04T19:20:39.240000
CVE-2024-4495,0,0,cb1d8bc801c43f7ab8180176a646c9e39a56603c1305eac804522af3adac0fa8,2024-05-17T02:40:25.167000
CVE-2024-4496,0,0,6e858d3d5b48b877aff577f900a80fd10c799bd74cdf4188d346fa0d13641a80,2024-06-04T19:20:39.340000
@ -261132,4 +261169,4 @@ CVE-2024-8153,0,0,dfc4d04c4fbd06b0923ec07bfc19963cc72052dcc6c147bd97ffdd59ff8f84
CVE-2024-8154,0,0,618a11194c7687b74544b6939c2600e264a0b2ac3dca5b301df7302a1e3ac166,2024-08-25T23:15:03.873000
CVE-2024-8155,0,0,83ac7e698fc7bba5c7db7ba4fc8c2590235a58fb4cbfdc6191eb0c3f95b723da,2024-08-25T23:15:04.123000
CVE-2024-8158,0,0,f18a2842260369752caf57a130caf674f0864f15f2f96231792194e96367a2af,2024-08-25T22:15:05.903000
CVE-2024-8161,1,1,9f5e1a6494989b72fd0f551f8e5aa0b28ae4544d2ffc1ddfdc7cc30606517f46,2024-08-26T09:15:04.963000
CVE-2024-8161,0,0,9f5e1a6494989b72fd0f551f8e5aa0b28ae4544d2ffc1ddfdc7cc30606517f46,2024-08-26T09:15:04.963000

Can't render this file because it is too large.