admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-30T10:00:26.528684+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-30 10:03:21 +00:00
parent a4e89ac2a1
commit 539cdd9e62
95 changed files with 3890 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2023/CVE-2023-483xx/CVE-2023-48396.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2023-48396",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-30T09:15:02.540",
"lastModified": "2024-07-30T09:15:02.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw",
"source": "security@apache.org"
}
]
}

29
CVE-2023/CVE-2023-528xx/CVE-2023-52888.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-52888",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.293",
"lastModified": "2024-07-30T08:15:02.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn't do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

30
CVE-2024/CVE-2024-278xx/CVE-2024-27823.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27823",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.170",
"lastModified": "2024-07-30T01:15:13.080",
"lastModified": "2024-07-30T09:15:02.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -48,6 +48,34 @@
{
"url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214100",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214101",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214102",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214104",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214105",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214106",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214107",
"source": "product-security@apple.com"
}
]
}

18
CVE-2024/CVE-2024-278xx/CVE-2024-27826.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27826",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:10.240",
"lastModified": "2024-07-30T02:15:04.707",
"lastModified": "2024-07-30T09:15:02.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -52,6 +52,22 @@
{
"url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214101",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214102",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214104",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214106",
"source": "product-security@apple.com"
}
]
}

22
CVE-2024/CVE-2024-278xx/CVE-2024-27884.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27884",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:11.010",
"lastModified": "2024-07-29T23:15:11.010",
"lastModified": "2024-07-30T09:15:02.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
{
"url": "https://support.apple.com/en-us/HT214108",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214101",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214102",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214104",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214106",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/kb/HT214108",
"source": "product-security@apple.com"
}
]
}

56
CVE-2024/CVE-2024-384xx/CVE-2024-38429.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38429",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:02.977",
"lastModified": "2024-07-30T09:15:02.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Matrix\u00a0Tafnit v8\n\n - \u00a0CWE-552: Files or Directories Accessible to External Parties"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-384xx/CVE-2024-38430.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38430",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:03.257",
"lastModified": "2024-07-30T09:15:03.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-384xx/CVE-2024-38431.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38431",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:03.510",
"lastModified": "2024-07-30T09:15:03.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Matrix\u00a0Tafnit v8\n\n - \n\nCWE-204: Observable Response Discrepancy"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-384xx/CVE-2024-38432.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38432",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:03.750",
"lastModified": "2024-07-30T09:15:03.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Matrix\u00a0Tafnit v8\n\n - \n\n\n\nCWE-646: Reliance on File Name or Extension of Externally-Supplied File"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-646"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

33
CVE-2024/CVE-2024-408xx/CVE-2024-40895.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-40895",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-30T09:15:03.987",
"lastModified": "2024-07-30T09:15:03.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN26734798/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.skyseaclientview.net/news/240729_01/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.support.nec.co.jp/View.aspx?id=3140109694",
"source": "vultures@jpcert.or.jp"
}
]
}

25
CVE-2024/CVE-2024-411xx/CVE-2024-41141.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41141",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-30T09:15:04.070",
"lastModified": "2024-07-30T09:15:04.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN26225832/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ec-cube.net/info/weakness/20240701/web_api_plugin.php",
"source": "vultures@jpcert.or.jp"
}
]
}

56
CVE-2024/CVE-2024-416xx/CVE-2024-41693.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41693",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:04.140",
"lastModified": "2024-07-30T09:15:04.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-416xx/CVE-2024-41694.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41694",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:04.380",
"lastModified": "2024-07-30T09:15:04.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-416xx/CVE-2024-41695.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41695",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:04.683",
"lastModified": "2024-07-30T09:15:04.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

56
CVE-2024/CVE-2024-416xx/CVE-2024-41696.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41696",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2024-07-30T09:15:04.927",
"lastModified": "2024-07-30T09:15:04.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Priority \n\nPRI WEB Portal\u00a0Add-On for Priority ERP on prem\n\n- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il"
}
]
}

25
CVE-2024/CVE-2024-419xx/CVE-2024-41924.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41924",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-30T09:15:05.203",
"lastModified": "2024-07-30T09:15:05.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN48324254/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.ec-cube.net/info/weakness/20240701/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

25
CVE-2024/CVE-2024-420xx/CVE-2024-42099.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42099",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.503",
"lastModified": "2024-07-30T08:15:02.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: Fix invalid dereferencing of indirect CCW data pointer\n\nFix invalid dereferencing of indirect CCW data pointer in\ndasd_eckd_dump_sense() that leads to a kernel panic in error cases.\n\nWhen using indirect addressing for DASD CCWs (IDAW) the CCW CDA pointer\ndoes not contain the data address itself but a pointer to the IDAL.\nThis needs to be translated from physical to virtual as well before\nusing it.\n\nThis dereferencing is also used for dasd_page_cache and also fixed\nalthough it is very unlikely that this code path ever gets used."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3a58f3b90f564f42a5c35778d8c5107b2c2150b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c116475f7d6410b1e6d399207ac75de6cf9c3652",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42100.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42100",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.577",
"lastModified": "2024-07-30T08:15:02.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common\n\nIn order to set the rate range of a hw sunxi_ccu_probe calls\nhw_to_ccu_common() assuming all entries in desc->ccu_clks are contained\nin a ccu_common struct. This assumption is incorrect and, in\nconsequence, causes invalid pointer de-references.\n\nRemove the faulty call. Instead, add one more loop that iterates over\nthe ccu_clks and sets the rate range, if required."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42101.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42101",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.647",
"lastModified": "2024-07-30T08:15:02.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix null pointer dereference in nouveau_connector_get_modes\n\nIn nouveau_connector_get_modes(), the return value of drm_mode_duplicate()\nis assigned to mode, which will lead to a possible NULL pointer\ndereference on failure of drm_mode_duplicate(). Add a check to avoid npd."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16ea46c9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/80bec6825b19d95ccdfd3393cf8ec15ff2a749b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42102.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42102",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.733",
"lastModified": "2024-07-30T08:15:02.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe & cheap. Thirdly, if dirty\nthresholds are larger than 1<<32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-421xx/CVE-2024-42103.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42103",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.817",
"lastModified": "2024-07-30T08:15:02.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix adding block group to a reclaim list and the unused list during reclaim\n\nThere is a potential parallel list adding for retrying in\nbtrfs_reclaim_bgs_work and adding to the unused list. Since the block\ngroup is removed from the reclaim list and it is on a relocation work,\nit can be added into the unused list in parallel. When that happens,\nadding it to the reclaim list will corrupt the list head and trigger\nlist corruption like below.\n\nFix it by taking fs_info->unused_bgs_lock.\n\n [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104\n [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0)\n [177.529][T2585409] ------------[ cut here ]------------\n [177.537][T2585409] kernel BUG at lib/list_debug.c:65!\n [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1\n [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022\n [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs]\n [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72\n [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286\n [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000\n [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40\n [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08\n [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0\n [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000\n [177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000\n [177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0\n [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000\n [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400\n [177.742][T2585409] PKRU: 55555554\n [177.748][T2585409] Call Trace:\n [177.753][T2585409] <TASK>\n [177.759][T2585409] ? __die_body.cold+0x19/0x27\n [177.766][T2585409] ? die+0x2e/0x50\n [177.772][T2585409] ? do_trap+0x1ea/0x2d0\n [177.779][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72\n [177.788][T2585409] ? do_error_trap+0xa3/0x160\n [177.795][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72\n [177.805][T2585409] ? handle_invalid_op+0x2c/0x40\n [177.812][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72\n [177.820][T2585409] ? exc_invalid_op+0x2d/0x40\n [177.827][T2585409] ? asm_exc_invalid_op+0x1a/0x20\n [177.834][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72\n [177.843][T2585409] btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs]\n\nThere is a similar retry_list code in btrfs_delete_unused_bgs(), but it is\nsafe, AFAICS. Since the block group was in the unused list, the used bytes\nshould be 0 when it was added to the unused list. Then, it checks\nblock_group->{used,reserved,pinned} are still 0 under the\nblock_group->lock. So, they should be still eligible for the unused list,\nnot the reclaim list.\n\nThe reason it is safe there it's because because we're holding\nspace_info->groups_sem in write mode.\n\nThat means no other task can allocate from the block group, so while we\nare at deleted_unused_bgs() it's not possible for other tasks to\nallocate and deallocate extents from the block group, so it can't be\nadded to the unused list or the reclaim list by anyone else.\n\nThe bug can be reproduced by btrfs/166 after a few rounds. In practice\nthis can be hit when relocation cannot find more chunk space and ends\nwith ENOSPC."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/326fa14549d7969ef80d3f5beea5470cd1c8e67f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48f091fd50b2eb33ae5eaea9ed3c4f81603acf38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/522b39bd7163e8dc49f8cf10b9b782218ac48746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa1d8cc0cc500e06b316cd6732d4e6c1388fe33c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8e960be923f74a273c62478c9cab9523936752b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42104.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42104",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:02.900",
"lastModified": "2024-07-30T08:15:02.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: add missing check for inode numbers on directory entries\n\nSyzbot reported that mounting and unmounting a specific pattern of\ncorrupted nilfs2 filesystem images causes a use-after-free of metadata\nfile inodes, which triggers a kernel bug in lru_add_fn().\n\nAs Jan Kara pointed out, this is because the link count of a metadata file\ngets corrupted to 0, and nilfs_evict_inode(), which is called from iput(),\ntries to delete that inode (ifile inode in this case).\n\nThe inconsistency occurs because directories containing the inode numbers\nof these metadata files that should not be visible in the namespace are\nread without checking.\n\nFix this issue by treating the inode numbers of these internal files as\nerrors in the sanity check helper when reading directory folios/pages.\n\nAlso thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer\nanalysis."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42105.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42105",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.000",
"lastModified": "2024-07-30T08:15:03.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix inode number range checks\n\nPatch series \"nilfs2: fix potential issues related to reserved inodes\".\n\nThis series fixes one use-after-free issue reported by syzbot, caused by\nnilfs2's internal inode being exposed in the namespace on a corrupted\nfilesystem, and a couple of flaws that cause problems if the starting\nnumber of non-reserved inodes written in the on-disk super block is\nintentionally (or corruptly) changed from its default value. \n\n\nThis patch (of 3):\n\nIn the current implementation of nilfs2, \"nilfs->ns_first_ino\", which\ngives the first non-reserved inode number, is read from the superblock,\nbut its lower limit is not checked.\n\nAs a result, if a number that overlaps with the inode number range of\nreserved inodes such as the root directory or metadata files is set in the\nsuper block parameter, the inode number test macros (NILFS_MDT_INODE and\nNILFS_VALID_INODE) will not function properly.\n\nIn addition, these test macros use left bit-shift calculations using with\nthe inode number as the shift count via the BIT macro, but the result of a\nshift calculation that exceeds the bit width of an integer is undefined in\nthe C specification, so if \"ns_first_ino\" is set to a large value other\nthan the default value NILFS_USER_INO (=11), the macros may potentially\nmalfunction depending on the environment.\n\nFix these issues by checking the lower bound of \"nilfs->ns_first_ino\" and\nby preventing bit shifts equal to or greater than the NILFS_USER_INO\nconstant in the inode number test macros.\n\nAlso, change the type of \"ns_first_ino\" from signed integer to unsigned\ninteger to avoid the need for type casting in comparisons such as the\nlower bound check introduced this time."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/08cab183a624ba71603f3754643ae11cab34dbc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c91058425a01131ea30dda6cf43c67b17884d6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/731011ac6c37cbe97ece229fc6daa486276052c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9194f8ca57527958bee207919458e372d638d783",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2fec219a36e0993642844be0f345513507031f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fae1959d6ab2c52677b113935e36ab4e25df37ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42106.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42106",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.100",
"lastModified": "2024-07-30T08:15:03.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42107.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42107",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.220",
"lastModified": "2024-07-30T08:15:03.220",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42108.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42108",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.333",
"lastModified": "2024-07-30T08:15:03.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rswitch: Avoid use-after-free in rswitch_poll()\n\nThe use-after-free is actually in rswitch_tx_free(), which is inlined in\nrswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the\nsame pointer, the skb is first freed using dev_kfree_skb_any(), then the\nvalue in skb->len is used to update the interface statistics.\n\nLet's move around the instructions to use skb->len before the skb is\nfreed.\n\nThis bug is trivial to reproduce using KFENCE. It will trigger a splat\nevery few packets. A simple ARP request or ICMP echo request is enough."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/92cbbe7759193e3418f38d0d73f8fe125312c58b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a0c28efeec6383ef22e97437616b920e7320b67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-421xx/CVE-2024-42109.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42109",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.407",
"lastModified": "2024-07-30T08:15:03.407",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally flush pending work before notifier\n\nsyzbot reports:\n\nKASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831\nKASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530\nKASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\nRead of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45\n[..]\nWorkqueue: events nf_tables_trans_destroy_work\nCall Trace:\n nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline]\n nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline]\n nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597\n\nProblem is that the notifier does a conditional flush, but its possible\nthat the table-to-be-removed is still referenced by transactions being\nprocessed by the worker, so we need to flush unconditionally.\n\nWe could make the flush_work depend on whether we found a table to delete\nin nf-next to avoid the flush for most cases.\n\nAFAICS this problem is only exposed in nf-next, with\ncommit e169285f8c56 (\"netfilter: nf_tables: do not store nft_ctx in transaction objects\"),\nwith this commit applied there is an unconditional fetch of\ntable->family which is whats triggering the above splat."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/09e650c3a3a7d804430260510534ccbf71c75b2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3325628cb36b7f216c5716e7b5124d9dc81199e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c06c13317b9a08decedcd7aaf706691e336277c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/55a40406aac555defe9bdd0adec9508116ce7cb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f6958ba2e902f9820c594869bd710ba74b7c4c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42110.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42110",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.487",
"lastModified": "2024-07-30T08:15:03.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] <TASK>\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] </TASK>\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should've been a noop instead. However, the code precedes this\nfix should've been using netif_rx_ni() or netif_rx_any_context()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42111.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42111",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.563",
"lastModified": "2024-07-30T08:15:03.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: always do the basic checks for btrfs_qgroup_inherit structure\n\n[BUG]\nSyzbot reports the following regression detected by KASAN:\n\n BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277\n Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171\n\n CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n Call Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277\n create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854\n create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922\n btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382\n create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875\n btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029\n btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075\n __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340\n btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422\n btrfs_ioctl+0x99e/0xc60\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7fcbf1992509\n RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509\n RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660\n R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e\n </TASK>\n\nAnd it also pinned it down to commit b5357cb268c4 (\"btrfs: qgroup: do not\ncheck qgroup inherit if qgroup is disabled\").\n\n[CAUSE]\nThat offending commit skips the whole qgroup inherit check if qgroup is\nnot enabled.\n\nBut that also skips the very basic checks like\nnum_ref_copies/num_excl_copies and the structure size checks.\n\nMeaning if a qgroup enable/disable race is happening at the background,\nand we pass a btrfs_qgroup_inherit structure when the qgroup is\ndisabled, the check would be completely skipped.\n\nThen at the time of transaction commitment, qgroup is re-enabled and\nbtrfs_qgroup_inherit() is going to use the incorrect structure and\ncausing the above KASAN error.\n\n[FIX]\nMake btrfs_qgroup_check_inherit() only skip the source qgroup checks.\nSo that even if invalid btrfs_qgroup_inherit structure is passed in, we\ncan still reject invalid ones no matter if qgroup is enabled or not.\n\nFurthermore we do already have an extra safety inside\nbtrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,\nso even if we only skip the qgroup source check we're still safe."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/724d8042cef84496ddb4492dc120291f997ae26b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ebe5ea02577b2c527958af1b76ac472c7ab53a56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42112.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42112",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.640",
"lastModified": "2024-07-30T08:15:03.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: free isb resources at the right time\n\nWhen using MSI/INTx interrupt, the shared interrupts are still being\nhandled in the device remove routine, before free IRQs. So isb memory\nis still read after it is freed. Thus move wx_free_isb_resources()\nfrom txgbe_close() to txgbe_remove(). And fix the improper isb free\naction in txgbe_open() error handling path."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/935124dd5883b5de68dc5a94f582480a10643dc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efdc3f54299835ddef23bea651c753c4d467010b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42113.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42113",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.713",
"lastModified": "2024-07-30T08:15:03.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: initialize num_q_vectors for MSI/INTx interrupts\n\nWhen using MSI/INTx interrupts, wx->num_q_vectors is uninitialized.\nThus there will be kernel panic in wx_alloc_q_vectors() to allocate\nqueue vectors."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c36711a2cd8059c2d24f5e5c1d76e8ea2d5613c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9edc7a83cd40ac96ff14fe3a17a38f7ace6611df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c98969226d1fe0c1dd779db8b1c444bc5294fc83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42114.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42114",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.797",
"lastModified": "2024-07-30T08:15:03.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values\n\nsyzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM\nto 2^31.\n\nWe had a similar issue in sch_fq, fixed with commit\nd9e15a273306 (\"pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM\")\n\nwatchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]\nModules linked in:\nirq event stamp: 131135\n hardirqs last enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]\n hardirqs last enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95\n hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline]\n softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553\n softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19\nCPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nWorkqueue: mld mld_ifc_work\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __list_del include/linux/list.h:195 [inline]\n pc : __list_del_entry include/linux/list.h:218 [inline]\n pc : list_move_tail include/linux/list.h:310 [inline]\n pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n lr : __list_del_entry include/linux/list.h:218 [inline]\n lr : list_move_tail include/linux/list.h:310 [inline]\n lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854\nsp : ffff800093d36700\nx29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000\nx26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0\nx23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0\nx20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0\nx17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8\nx14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc\nx2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470\nCall trace:\n __list_del include/linux/list.h:195 [inline]\n __list_del_entry include/linux/list.h:218 [inline]\n list_move_tail include/linux/list.h:310 [inline]\n fq_tin_dequeue include/net/fq_impl.h:112 [inline]\n ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854\n wake_tx_push_queue net/mac80211/util.c:294 [inline]\n ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315\n drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]\n schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]\n ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664\n ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966\n ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062\n __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338\n ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532\n __netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n netdev_start_xmit include/linux/netdevice.h:4917 [inline]\n xmit_one net/core/dev.c:3531 [inline]\n dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547\n __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_fini\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42115.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42115",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.867",
"lastModified": "2024-07-30T08:15:03.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: Fix potential illegal address access in jffs2_free_inode\n\nDuring the stress testing of the jffs2 file system,the following\nabnormal printouts were found:\n[ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948\n[ 2430.649622] Mem abort info:\n[ 2430.649829] ESR = 0x96000004\n[ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2430.650564] SET = 0, FnV = 0\n[ 2430.650795] EA = 0, S1PTW = 0\n[ 2430.651032] FSC = 0x04: level 0 translation fault\n[ 2430.651446] Data abort info:\n[ 2430.651683] ISV = 0, ISS = 0x00000004\n[ 2430.652001] CM = 0, WnR = 0\n[ 2430.652558] [0069696969696948] address between user and kernel address ranges\n[ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33\n[ 2430.655008] Hardware name: linux,dummy-virt (DT)\n[ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2430.656142] pc : kfree+0x78/0x348\n[ 2430.656630] lr : jffs2_free_inode+0x24/0x48\n[ 2430.657051] sp : ffff800009eebd10\n[ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000\n[ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000\n[ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14\n[ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000\n[ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000\n[ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19\n[ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14\n[ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302\n[ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342\n[ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000\n[ 2430.664217] Call trace:\n[ 2430.664528] kfree+0x78/0x348\n[ 2430.664855] jffs2_free_inode+0x24/0x48\n[ 2430.665233] i_callback+0x24/0x50\n[ 2430.665528] rcu_do_batch+0x1ac/0x448\n[ 2430.665892] rcu_core+0x28c/0x3c8\n[ 2430.666151] rcu_core_si+0x18/0x28\n[ 2430.666473] __do_softirq+0x138/0x3cc\n[ 2430.666781] irq_exit+0xf0/0x110\n[ 2430.667065] handle_domain_irq+0x6c/0x98\n[ 2430.667447] gic_handle_irq+0xac/0xe8\n[ 2430.667739] call_on_irq_stack+0x28/0x54\nThe parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of\nthe jffs_inode_info structure. It was found that all variables in the jffs_inode_info\nstructure were 5a5a5a5a, except for the first member sem. It is suspected that these\nvariables are not initialized because they were set to 5a5a5a5a during memory testing,\nwhich is meant to detect uninitialized memory.The sem variable is initialized in the\nfunction jffs2_i_init_once, while other members are initialized in\nthe function jffs2_init_inode_info.\n\nThe function jffs2_init_inode_info is called after iget_locked,\nbut in the iget_locked function, the destroy_inode process is triggered,\nwhich releases the inode and consequently, the target member of the inode\nis not initialized.In concurrent high pressure scenarios, iget_locked\nmay enter the destroy_inode branch as described in the code.\n\nSince the destroy_inode functionality of jffs2 only releases the target,\nthe fix method is to set target to NULL in jffs2_i_init_once."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05fc1ef892f862c1197b11b288bc00f602d2df0c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0b3246052e01e61a55bb3a15b76acb006759fe67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ca26334fc8a3711fed14db7f9eb1c621be4df65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d6d94287f6365282bbf41e9a5b5281985970789",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/751987a5d8ead0cc405fad96e83ebbaa51c82dbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af9a8730ddb6a4b2edd779ccc0aceb994d616830",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0bbbf31462a400bef4df33e22de91864f475455",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-421xx/CVE-2024-42116.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42116",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.950",
"lastModified": "2024-07-30T08:15:03.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb. Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[ 5.200987] igc 0000:01:00.0 eth0: PHC added"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42117.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42117",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.030",
"lastModified": "2024-07-30T08:15:04.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers' array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01eb50e53c1ce505bf449348d433181310288765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42118.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42118",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.097",
"lastModified": "2024-07-30T08:15:04.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not return negative stream id for array\n\n[WHY]\nresource_stream_to_stream_idx returns an array index and it return -1\nwhen not found; however, -1 is not a valid array index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a zero instead.\n\nThis fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42119.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42119",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.187",
"lastModified": "2024-07-30T08:15:04.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42120.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42120",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.273",
"lastModified": "2024-07-30T08:15:04.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42121.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42121",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.353",
"lastModified": "2024-07-30T08:15:04.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42122.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42122",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.430",
"lastModified": "2024-07-30T08:15:04.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why & How]\nCheck return pointer of kzalloc before using it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42123.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42123",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.500",
"lastModified": "2024-07-30T08:15:04.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix double free err_addr pointer warnings\n\nIn amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages\nwill be run many times so that double free err_addr in some special case.\nSo set the err_addr to NULL to avoid the warnings."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/506c245f3f1cd989cb89811a7f06e04ff8813a0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e24beb3c2b08a4763f920399a9cc577ed440a1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-421xx/CVE-2024-42124.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-42124",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.577",
"lastModified": "2024-07-30T08:15:04.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Make qedf_execute_tmf() non-preemptible\n\nStop calling smp_processor_id() from preemptible code in\nqedf_execute_tmf90. This results in BUG_ON() when running an RT kernel.\n\n[ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646\n[ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a8a91932b2772e75bf3f6d133ca4225d1d3e920",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b9c7787cfcd1e76d873a78f16cf45bfa4b100ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f314aadeed8cdf42c8cf30769425b5e44702748",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ceb40cdee721e13cbe15a0515cacf984e11236b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6ded5316ec56e973dcf5f9997945aad01a9f062",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa49c65a1cec6a3901ef884fdb24d98068b63493",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42125.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42125",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.667",
"lastModified": "2024-07-30T08:15:04.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42126.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42126",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.743",
"lastModified": "2024-07-30T08:15:04.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.\n\nnmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel\ncrash when invoked during real mode interrupt handling (e.g. early HMI/MCE\ninterrupt handler) if percpu allocation comes from vmalloc area.\n\nEarly HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI()\nwrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when\npercpu allocation is from the embedded first chunk. However with\nCONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu\nallocation can come from the vmalloc area.\n\nWith kernel command line \"percpu_alloc=page\" we can force percpu allocation\nto come from vmalloc area and can see kernel crash in machine_check_early:\n\n[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110\n[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0\n[ 1.215719] --- interrupt: 200\n[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)\n[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0\n[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8\n\nFix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu\nfirst chunk is not embedded."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-421xx/CVE-2024-42127.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-42127",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.820",
"lastModified": "2024-07-30T08:15:04.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix shared irq handling on driver remove\n\nlima uses a shared interrupt, so the interrupt handlers must be prepared\nto be called at any time. At driver removal time, the clocks are\ndisabled early and the interrupts stay registered until the very end of\nthe remove process due to the devm usage.\nThis is potentially a bug as the interrupts access device registers\nwhich assumes clocks are enabled. A crash can be triggered by removing\nthe driver in a kernel with CONFIG_DEBUG_SHIRQ enabled.\nThis patch frees the interrupts at each lima device finishing callback\nso that the handlers are already unregistered by the time we fully\ndisable clocks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42128.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42128",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.903",
"lastModified": "2024-07-30T08:15:04.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: an30259a: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42129.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42129",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.977",
"lastModified": "2024-07-30T08:15:04.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-421xx/CVE-2024-42130.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42130",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.053",
"lastModified": "2024-07-30T08:15:05.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc/nci: Add the inconsistency check between the input data length and count\n\nwrite$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB=\"610501\"], 0xf)\n\nSyzbot constructed a write() call with a data length of 3 bytes but a count value\nof 15, which passed too little data to meet the basic requirements of the function\nnci_rf_intf_activated_ntf_packet().\n\nTherefore, increasing the comparison between data length and count value to avoid\nproblems caused by inconsistent data length and count."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42131.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42131",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.130",
"lastModified": "2024-07-30T08:15:05.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid overflows in dirty throttling logic\n\nThe dirty throttling logic is interspersed with assumptions that dirty\nlimits in PAGE_SIZE units fit into 32-bit (so that various multiplications\nfit into 64-bits). If limits end up being larger, we will hit overflows,\npossible divisions by 0 etc. Fix these problems by never allowing so\nlarge dirty limits as they have dubious practical value anyway. For\ndirty_bytes / dirty_background_bytes interfaces we can just refuse to set\nso large limits. For dirty_ratio / dirty_background_ratio it isn't so\nsimple as the dirty limit is computed from the amount of available memory\nwhich can change due to memory hotplug etc. So when converting dirty\nlimits from ratios to numbers of pages, we just don't allow the result to\nexceed UINT_MAX.\n\nThis is root-only triggerable problem which occurs when the operator\nsets dirty limits to >16 TB."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/385d838df280eba6c8680f9777bfa0d0bfe7e8b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7a49389771ae7666f4dc3426e2a4594bf23ae290",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e0b5e7f2895eccef5c2a0018b589266f90c4805",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a25e8536184516b55ef89ab91dd2eea429de28d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd16a7ee339aef3ee4c90cb23902afb6af379ea0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c83ed422c24f0d4b264f89291d4fabe285f80dbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42132.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42132",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.213",
"lastModified": "2024-07-30T08:15:05.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX\n\nSyzbot hit warning in hci_conn_del() caused by freeing handle that was\nnot allocated using ida allocator.\n\nThis is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by\nhci_le_big_sync_established_evt(), which makes code think it's unset\nconnection.\n\nAdd same check for handle upper bound as in hci_conn_set_handle() to\nprevent warning."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42133.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42133",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.290",
"lastModified": "2024-07-30T08:15:05.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Ignore too large handle values in BIG\n\nhci_le_big_sync_established_evt is necessary to filter out cases where the\nhandle value is belonging to ida id range, otherwise ida will be erroneously\nreleased in hci_conn_cleanup."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/015d79c96d62cd8a4a359fcf5be40d58088c936b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38263088b845abeeeb98dda5b87c0de3063b6dbb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dad0003ccc68457baf005a6ed75b4d321463fe3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42134.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42134",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.360",
"lastModified": "2024-07-30T08:15:05.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev->is_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev->is_avq.\n\n[fix]\nCheck whether it is vp_dev->is_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42135.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42135",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.433",
"lastModified": "2024-07-30T08:15:05.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_task: Handle SIGKILL by flushing work and exiting\n\nInstead of lingering until the device is closed, this has us handle\nSIGKILL by:\n\n1. marking the worker as killed so we no longer try to use it with\n new virtqueues and new flush operations.\n2. setting the virtqueue to worker mapping so no new works are queued.\n3. running all the exiting works."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db5247d9bf5c6ade9fd70b4e4897441e0269b233",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dec987fe2df670827eb53b97c9552ed8dfc63ad4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42136.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42136",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.507",
"lastModified": "2024-07-30T08:15:05.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdrom: rearrange last_media_change check to avoid unintentional overflow\n\nWhen running syzkaller with the newly reintroduced signed integer wrap\nsanitizer we encounter this splat:\n\n[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33\n[ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long')\n[ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO\n[ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 366.027518] Call Trace:\n[ 366.027523] <TASK>\n[ 366.027533] dump_stack_lvl+0x93/0xd0\n[ 366.027899] handle_overflow+0x171/0x1b0\n[ 366.038787] ata1.00: invalid multi_count 32 ignored\n[ 366.043924] cdrom_ioctl+0x2c3f/0x2d10\n[ 366.063932] ? __pm_runtime_resume+0xe6/0x130\n[ 366.071923] sr_block_ioctl+0x15d/0x1d0\n[ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10\n[ 366.077642] blkdev_ioctl+0x419/0x500\n[ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10\n...\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang. It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet's rearrange the check to not perform any arithmetic, thus not\ntripping the sanitizer."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3ee21e14c8c329168a0b66bab00ecd18f5d0dee3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e809bc112712da8f7e15822674c6562da6cdf24c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efb905aeb44b0e99c0e6b07865b1885ae0471ebf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42137.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42137",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.583",
"lastModified": "2024-07-30T08:15:05.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can't be enabled after below steps:\ncold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42138.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42138",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.680",
"lastModified": "2024-07-30T08:15:05.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file\n\nIn case of invalid INI file mlxsw_linecard_types_init() deallocates memory\nbut doesn't reset pointer to NULL and returns 0. In case of any error\noccurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init()\ncalls mlxsw_linecard_types_fini() which performs memory deallocation again.\n\nAdd pointer reset to NULL.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9af7437669b72f804fc4269f487528dbbed142a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab557f5cd993a3201b09593633d04b891263d5c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8b55a465b0e8a500179808166fe9420f5c091a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42139.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42139",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.757",
"lastModified": "2024-07-30T08:15:05.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-421xx/CVE-2024-42140.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42140",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.837",
"lastModified": "2024-07-30T08:15:05.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kexec: Avoid deadlock in kexec crash path\n\nIf the kexec crash code is called in the interrupt context, the\nmachine_kexec_mask_interrupts() function will trigger a deadlock while\ntrying to acquire the irqdesc spinlock and then deactivate irqchip in\nirq_set_irqchip_state() function.\n\nUnlike arm64, riscv only requires irq_eoi handler to complete EOI and\nkeeping irq_set_irqchip_state() will only leave this possible deadlock\nwithout any use. So we simply remove it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42141.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42141",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.917",
"lastModified": "2024-07-30T08:15:05.917",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed 'pi->conn->hcon' could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348 size_t len, int flags)\n1349 {\n1350 struct sock *sk = sock->sk;\n1351 struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353 BT_DBG(\"sk %p\", sk);\n1354\n1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n &bt_sk(sk)->flags)) {\n1356 lock_sock(sk);\n1357 switch (sk->sk_state) {\n1358 case BT_CONNECT2:\n1359 if (pi->conn->hcon &&\n ^^^^^^^^^^^^^^ If ->hcon is NULL\n\n1360 test_bit(HCI_CONN_PA_SYNC,\n &pi->conn->hcon->flags)) {\n1361 iso_conn_big_sync(sk);\n1362 sk->sk_state = BT_LISTEN;\n1363 } else {\n--> 1364 iso_conn_defer_accept(pi->conn->hcon);\n ^^^^^^^^^^^^^^\n then we're toast\n\n1365 sk->sk_state = BT_CONFIG;\n1366 }\n1367 release_sock(sk);\n1368 return 0;\n1369 case BT_CONNECTED:\n1370 if (test_bit(BT_SK_PA_SYNC,"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42142.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42142",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.993",
"lastModified": "2024-07-30T08:15:05.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-switch, Create ingress ACL when needed\n\nCurrently, ingress acl is used for three features. It is created only\nwhen vport metadata match and prio tag are enabled. But active-backup\nlag mode also uses it. It is independent of vport metadata match and\nprio tag. And vport metadata match can be disabled using the\nfollowing devlink command:\n\n # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \\\n\tvalue false cmode runtime\n\nIf ingress acl is not created, will hit panic when creating drop rule\nfor active-backup lag mode. If always create it, there will be about\n5% performance degradation.\n\nFix it by creating ingress acl when needed. If esw_port_metadata is\ntrue, ingress acl exists, then create drop rule using existing\ningress acl. If esw_port_metadata is false, create ingress acl and\nthen create drop rule."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42143.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42143",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.073",
"lastModified": "2024-07-30T08:15:06.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix out-of-bounds fsid access\n\nArnd Bergmann sent a patch to fsdevel, he says:\n\n\"orangefs_statfs() copies two consecutive fields of the superblock into\nthe statfs structure, which triggers a warning from the string fortification\nhelpers\"\n\nJan Kara suggested an alternate way to do the patch to make it more readable.\n\nI ran both ideas through xfstests and both seem fine. This patch\nis based on Jan Kara's suggestion."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-421xx/CVE-2024-42144.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42144",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.157",
"lastModified": "2024-07-30T08:15:06.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data\n\nVerify that lvts_data is not NULL before using it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42145.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42145",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.227",
"lastModified": "2024-07-30T08:15:06.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Implement a limit on UMAD receive List\n\nThe existing behavior of ib_umad, which maintains received MAD\npackets in an unbounded list, poses a risk of uncontrolled growth.\nAs user-space applications extract packets from this list, the rate\nof extraction may not match the rate of incoming packets, leading\nto potential list overflow.\n\nTo address this, we introduce a limit to the size of the list. After\nconsidering typical scenarios, such as OpenSM processing, which can\nhandle approximately 100k packets per second, and the 1-second retry\ntimeout for most packets, we set the list size limit to 200k. Packets\nreceived beyond this limit are dropped, assuming they are likely timed\nout by the time they are handled by user-space.\n\nNotably, packets queued on the receive list due to reasons like\ntimed-out sends are preserved even when the list is full."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49525c894",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42146.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42146",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.313",
"lastModified": "2024-07-30T08:15:06.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf\n\nAny kunit doing any memory access should get their own runtime_pm\nouter references since they don't use the standard driver API\nentries. In special this dma_buf from the same driver.\n\nFound by pre-merge CI on adding WARN calls for unprotected\ninner callers:\n\n<6> [318.639739] # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver\n<4> [318.639957] ------------[ cut here ]------------\n<4> [318.639967] xe 0000:4d:00.0: Missing outer runtime PM protection\n<4> [318.640049] WARNING: CPU: 117 PID: 3832 at drivers/gpu/drm/xe/xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0888d15ea45ba8ef4508edd1123ea5ad95b58994",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9116f658a6217b101e3b4e89f845775b6fb05d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42147.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42147",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.383",
"lastModified": "2024-07-30T08:15:06.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42148.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42148",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.453",
"lastModified": "2024-07-30T08:15:06.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n * control by the number of fast-path status blocks supported by the\n * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n * status block represents an independent interrupts context that can\n * serve a regular L2 networking queue. However special L2 queues such\n * as the FCoE queue do not require a FP-SB and other components like\n * the CNIC may consume FP-SB reducing the number of possible L2 queues\n *\n * If the maximum number of FP-SB available is X then:\n * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n * regular L2 queues is Y=X-1\n * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n * c. If the FCoE L2 queue is supported the actual number of L2 queues\n * is Y+1\n * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n * slow-path interrupts) or Y+2 if CNIC is supported (one additional\n * FP interrupt context for the CNIC).\n * e. The number of HW context (CID count) is always X or X+1 if FCoE\n * L2 queue is supported. The cid for the FCoE L2 queue is always X.\n */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type 'stats_query_entry [19]'\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42149.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42149",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.543",
"lastModified": "2024-07-30T08:15:06.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: don't misleadingly warn during thaw operations\n\nThe block device may have been frozen before it was claimed by a\nfilesystem. Concurrently another process might try to mount that\nfrozen block device and has temporarily claimed the block device for\nthat purpose causing a concurrent fs_bdev_thaw() to end up here. The\nmounter is already about to abort mounting because they still saw an\nelevanted bdev->bd_fsfreeze_count so get_bdev_super() will return\nNULL in that case.\n\nFor example, P1 calls dm_suspend() which calls into bdev_freeze() before\nthe block device has been claimed by the filesystem. This brings\nbdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() is\nrequired.\n\nNow P2 tries to mount that frozen block device. It claims it and checks\nbdev->bd_fsfreeze_count. As it's elevated it aborts mounting.\n\nIn the meantime P3 called dm_resume(). P3 sees that the block device is\nalready claimed by a filesystem and calls into fs_bdev_thaw().\n\nP3 takes a passive reference and realizes that the filesystem isn't\nready yet. P3 puts itself to sleep to wait for the filesystem to become\nready.\n\nP2 now puts the last active reference to the filesystem and marks it as\ndying. P3 gets woken, sees that the filesystem is dying and\nget_bdev_super() fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/25b1e3906e050d452427bc51620bb7f0a591373a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ae4db5647d807efb6a87c09efaa6d1db9c905d7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42150.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42150",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.620",
"lastModified": "2024-07-30T08:15:06.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: remove separate irq request for MSI and INTx\n\nWhen using MSI or INTx interrupts, request_irq() for pdev->irq will\nconflict with request_threaded_irq() for txgbe->misc.irq, to cause\nsystem crash. So remove txgbe_request_irq() for MSI/INTx case, and\nrename txgbe_request_msix_irqs() since it only request for queue irqs.\n\nAdd wx->misc_irq_domain to determine whether the driver creates an IRQ\ndomain and threaded request the IRQs."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/850103ebe6b062ee0ab0f6670205f861acc76ace",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd07a98178462e7a02ed2bf7dec90a00944c1da5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42151.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42151",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.690",
"lastModified": "2024-07-30T08:15:06.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable\n\nTest case dummy_st_ops/dummy_init_ret_value passes NULL as the first\nparameter of the test_1() function. Mark this parameter as nullable to\nmake verifier aware of such possibility.\nOtherwise, NULL check in the test_1() code:\n\n SEC(\"struct_ops/test_1\")\n int BPF_PROG(test_1, struct bpf_dummy_ops_state *state)\n {\n if (!state)\n return ...;\n\n ... access state ...\n }\n\nMight be removed by verifier, thus triggering NULL pointer dereference\nunder certain conditions."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1479eaff1f16983d8fda7c5a08a586c21891087d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f79097b0de97a486b137b750d7dd7b20b519d23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42152.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42152",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.763",
"lastModified": "2024-07-30T08:15:06.763",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42153.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42153",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.847",
"lastModified": "2024-07-30T08:15:06.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr\n\nWhen del_timer_sync() is called in an interrupt context it throws a warning\nbecause of potential deadlock. The timer is used only to exit from\nwait_for_completion() after a timeout so replacing the call with\nwait_for_completion_timeout() allows to remove the problematic timer and\nits related functions altogether."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f63b94be6942ba82c55343e196bd09b53227618e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42154.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42154",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.933",
"lastModified": "2024-07-30T08:15:06.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42155.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42155",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.010",
"lastModified": "2024-07-30T08:15:07.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42156.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42156",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.080",
"lastModified": "2024-07-30T08:15:07.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of clear-key structures on failure\n\nWipe all sensitive data from stack for all IOCTLs, which convert a\nclear-key into a protected- or secure-key."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-421xx/CVE-2024-42157.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42157",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.150",
"lastModified": "2024-07-30T08:15:07.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42158.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42158",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.227",
"lastModified": "2024-07-30T08:15:07.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Use kfree_sensitive() to fix Coccinelle warnings\n\nReplace memzero_explicit() and kfree() with kfree_sensitive() to fix\nwarnings reported by Coccinelle:\n\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)\nWARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62151a0acde90823bdfa991d598c85cf4b1d387d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42159.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42159",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.300",
"lastModified": "2024-07-30T08:15:07.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Sanitise num_phys\n\nInformation is stored in mr_sas_port->phy_mask, values larger then size of\nthis field shouldn't be allowed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-421xx/CVE-2024-42160.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42160",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.370",
"lastModified": "2024-07-30T08:15:07.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: check validation of fault attrs in f2fs_build_fault_attr()\n\n- It missed to check validation of fault attrs in parse_options(),\nlet's fix to add check condition in f2fs_build_fault_attr().\n- Use f2fs_build_fault_attr() in __sbi_store() to clean up code."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-421xx/CVE-2024-42161.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42161",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.447",
"lastModified": "2024-07-30T08:15:07.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD\n\n[Changes from V1:\n - Use a default branch in the switch statement to initialize `val'.]\n\nGCC warns that `val' may be used uninitialized in the\nBPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as:\n\n\t[...]\n\tunsigned long long val;\t\t\t\t\t\t \\\n\t[...]\t\t\t\t\t\t\t\t \\\n\tswitch (__CORE_RELO(s, field, BYTE_SIZE)) {\t\t\t \\\n\tcase 1: val = *(const unsigned char *)p; break;\t\t\t \\\n\tcase 2: val = *(const unsigned short *)p; break;\t\t \\\n\tcase 4: val = *(const unsigned int *)p; break;\t\t\t \\\n\tcase 8: val = *(const unsigned long long *)p; break;\t\t \\\n } \t\t\t\t\t\t\t \\\n\t[...]\n\tval;\t\t\t\t\t\t\t\t \\\n\t}\t\t\t\t\t\t\t\t \\\n\nThis patch adds a default entry in the switch statement that sets\n`val' to zero in order to avoid the warning, and random values to be\nused in case __builtin_preserve_field_info returns unexpected values\nfor BPF_FIELD_BYTE_SIZE.\n\nTested in bpf-next master.\nNo regressions."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-421xx/CVE-2024-42162.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42162",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.520",
"lastModified": "2024-07-30T08:15:07.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Account for stopped queues when reading NIC stats\n\nWe now account for the fact that the NIC might send us stats for a\nsubset of queues. Without this change, gve_get_ethtool_stats might make\nan invalid access on the priv->stats_report->stats array."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-422xx/CVE-2024-42223.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42223",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.587",
"lastModified": "2024-07-30T08:15:07.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: tda10048: Fix integer overflow\n\nstate->xtal_hz can be up to 16M, so it can overflow a 32 bit integer\nwhen multiplied by pll_mfactor.\n\nCreate a new 64 bit variable to hold the calculations."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2024/CVE-2024-422xx/CVE-2024-42224.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-42224",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.667",
"lastModified": "2024-07-30T08:15:07.667",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-422xx/CVE-2024-42225.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-42225",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.747",
"lastModified": "2024-07-30T08:15:07.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: replace skb_put with skb_put_zero\n\nAvoid potentially reusing uninitialized data"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f819a2f4fbc510e088b49c79addcf1734503578",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff6b26be13032c5fbd6b6a0b24358f8eaac4f3af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-422xx/CVE-2024-42226.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42226",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.817",
"lastModified": "2024-07-30T08:15:07.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB\n\nSome transfer events don't always point to a TRB, and consequently don't\nhave a endpoint ring. In these cases, function handle_tx_event() should\nnot proceed, because if 'ep->skip' is set, the pointer to the endpoint\nring is used.\n\nTo prevent a potential failure and make the code logical, return after\nchecking the completion code for a Transfer event without TRBs."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f4a10cb826fdec5cd442df010bcb3043bfd6464",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69bed24c82139bbad0a78a075e1834a2ea7bd064",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/948554f1bb16e15b90006c109c3a558c66d4c4ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a24eb8010c2dc6a2eba56e3eb9fc07d14ffe00a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c0ee01e8ba19ff7edc98f68a114d4789faa219b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-422xx/CVE-2024-42227.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42227",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.890",
"lastModified": "2024-07-30T08:15:07.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix overlapping copy within dml_core_mode_programming\n\n[WHY]\n&mode_lib->mp.Watermark and &locals->Watermark are\nthe same address. memcpy may lead to unexpected behavior.\n\n[HOW]\nmemmove should be used."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9342da15f2491d8600eca89c8e0da08876fb969b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1fd8a0a54e6d23a6d16ee29159f247862460fd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-422xx/CVE-2024-42228.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42228",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:07.960",
"lastModified": "2024-07-30T08:15:07.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-422xx/CVE-2024-42229.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-42229",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:08.070",
"lastModified": "2024-07-30T08:15:08.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-422xx/CVE-2024-42230.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-42230",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:08.193",
"lastModified": "2024-07-30T08:15:08.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix scv instruction crash with kexec\n\nkexec on pseries disables AIL (reloc_on_exc), required for scv\ninstruction support, before other CPUs have been shut down. This means\nthey can execute scv instructions after AIL is disabled, which causes an\ninterrupt at an unexpected entry location that crashes the kernel.\n\nChange the kexec sequence to disable AIL after other CPUs have been\nbrought down.\n\nAs a refresher, the real-mode scv interrupt vector is 0x17000, and the\nfixed-location head code probably couldn't easily deal with implementing\nsuch high addresses so it was just decided not to support that interrupt\nat all."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-422xx/CVE-2024-42231.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-42231",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:08.307",
"lastModified": "2024-07-30T08:15:08.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix calc_available_free_space() for zoned mode\n\ncalc_available_free_space() returns the total size of metadata (or\nsystem) block groups, which can be allocated from unallocated disk\nspace. The logic is wrong on zoned mode in two places.\n\nFirst, the calculation of data_chunk_size is wrong. We always allocate\none zone as one chunk, and no partial allocation of a zone. So, we\nshould use zone_size (= data_sinfo->chunk_size) as it is.\n\nSecond, the result \"avail\" may not be zone aligned. Since we always\nallocate one zone as one chunk on zoned mode, returning non-zone size\naligned bytes will result in less pressure on the async metadata reclaim\nprocess.\n\nThis is serious for the nearly full state with a large zone size device.\nAllowing over-commit too much will result in less async reclaim work and\nend up in ENOSPC. We can align down to the zone size to avoid that."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/64d2c847ba380e07b9072d65a50aa6469d2aa43f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8548903b1999bba02a2b894ad750ab8eb1f40307",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

137
CVE-2024/CVE-2024-72xx/CVE-2024-7223.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7223",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-30T08:15:08.373",
"lastModified": "2024-07-30T08:15:08.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272803."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/4c28743586769e73fe37007ed92cc1a7",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.272803",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.272803",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.380470",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-72xx/CVE-2024-7224.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7224",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-30T08:15:08.653",
"lastModified": "2024-07-30T08:15:08.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/topsky979/76bc2c8ce4871ad8bb60c52e47c4fb5b",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.272804",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.272804",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.380471",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-72xx/CVE-2024-7225.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7225",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-30T09:15:05.287",
"lastModified": "2024-07-30T09:15:05.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272805 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Xu-Mingming/cve/blob/main/xss2.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.272805",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.272805",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.380967",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-72xx/CVE-2024-7226.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-7226",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-30T09:15:05.597",
"lastModified": "2024-07-30T09:15:05.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272806 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/Xu-Mingming/cve/blob/main/CSRF2.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.272806",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.272806",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.380981",
"source": "cna@vuldb.com"
}
]
}

61
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-30T08:00:17.728554+00:00
2024-07-30T10:00:26.528684+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-30T07:15:02.633000+00:00
2024-07-30T09:15:05.597000+00:00
```
### Last Data Feed Release
@ -33,42 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
258440
258530
```
### CVEs added in the last Commit
Recently added CVEs: `23`
Recently added CVEs: `90`
- [CVE-2024-1286](CVE-2024/CVE-2024-12xx/CVE-2024-1286.json) (`2024-07-30T06:15:01.777`)
- [CVE-2024-1287](CVE-2024/CVE-2024-12xx/CVE-2024-1287.json) (`2024-07-30T06:15:02.210`)
- [CVE-2024-3113](CVE-2024/CVE-2024-31xx/CVE-2024-3113.json) (`2024-07-30T06:15:02.337`)
- [CVE-2024-3669](CVE-2024/CVE-2024-36xx/CVE-2024-3669.json) (`2024-07-30T06:15:02.487`)
- [CVE-2024-3986](CVE-2024/CVE-2024-39xx/CVE-2024-3986.json) (`2024-07-30T06:15:02.617`)
- [CVE-2024-40094](CVE-2024/CVE-2024-400xx/CVE-2024-40094.json) (`2024-07-30T07:15:01.840`)
- [CVE-2024-4096](CVE-2024/CVE-2024-40xx/CVE-2024-4096.json) (`2024-07-30T06:15:02.723`)
- [CVE-2024-5765](CVE-2024/CVE-2024-57xx/CVE-2024-5765.json) (`2024-07-30T06:15:02.823`)
- [CVE-2024-5807](CVE-2024/CVE-2024-58xx/CVE-2024-5807.json) (`2024-07-30T06:15:02.917`)
- [CVE-2024-5808](CVE-2024/CVE-2024-58xx/CVE-2024-5808.json) (`2024-07-30T06:15:03.070`)
- [CVE-2024-5809](CVE-2024/CVE-2024-58xx/CVE-2024-5809.json) (`2024-07-30T06:15:03.180`)
- [CVE-2024-5975](CVE-2024/CVE-2024-59xx/CVE-2024-5975.json) (`2024-07-30T06:15:03.277`)
- [CVE-2024-6021](CVE-2024/CVE-2024-60xx/CVE-2024-6021.json) (`2024-07-30T06:15:03.387`)
- [CVE-2024-6223](CVE-2024/CVE-2024-62xx/CVE-2024-6223.json) (`2024-07-30T06:15:03.517`)
- [CVE-2024-6224](CVE-2024/CVE-2024-62xx/CVE-2024-6224.json) (`2024-07-30T06:15:03.623`)
- [CVE-2024-6226](CVE-2024/CVE-2024-62xx/CVE-2024-6226.json) (`2024-07-30T06:15:03.720`)
- [CVE-2024-6230](CVE-2024/CVE-2024-62xx/CVE-2024-6230.json) (`2024-07-30T06:15:03.873`)
- [CVE-2024-6536](CVE-2024/CVE-2024-65xx/CVE-2024-6536.json) (`2024-07-30T06:15:04.013`)
- [CVE-2024-7100](CVE-2024/CVE-2024-71xx/CVE-2024-7100.json) (`2024-07-30T07:15:02.020`)
- [CVE-2024-7219](CVE-2024/CVE-2024-72xx/CVE-2024-7219.json) (`2024-07-30T06:15:04.143`)
- [CVE-2024-7220](CVE-2024/CVE-2024-72xx/CVE-2024-7220.json) (`2024-07-30T06:15:04.847`)
- [CVE-2024-7221](CVE-2024/CVE-2024-72xx/CVE-2024-7221.json) (`2024-07-30T07:15:02.323`)
- [CVE-2024-7222](CVE-2024/CVE-2024-72xx/CVE-2024-7222.json) (`2024-07-30T07:15:02.633`)
- [CVE-2024-42151](CVE-2024/CVE-2024-421xx/CVE-2024-42151.json) (`2024-07-30T08:15:06.690`)
- [CVE-2024-42152](CVE-2024/CVE-2024-421xx/CVE-2024-42152.json) (`2024-07-30T08:15:06.763`)
- [CVE-2024-42153](CVE-2024/CVE-2024-421xx/CVE-2024-42153.json) (`2024-07-30T08:15:06.847`)
- [CVE-2024-42154](CVE-2024/CVE-2024-421xx/CVE-2024-42154.json) (`2024-07-30T08:15:06.933`)
- [CVE-2024-42155](CVE-2024/CVE-2024-421xx/CVE-2024-42155.json) (`2024-07-30T08:15:07.010`)
- [CVE-2024-42156](CVE-2024/CVE-2024-421xx/CVE-2024-42156.json) (`2024-07-30T08:15:07.080`)
- [CVE-2024-42157](CVE-2024/CVE-2024-421xx/CVE-2024-42157.json) (`2024-07-30T08:15:07.150`)
- [CVE-2024-42158](CVE-2024/CVE-2024-421xx/CVE-2024-42158.json) (`2024-07-30T08:15:07.227`)
- [CVE-2024-42159](CVE-2024/CVE-2024-421xx/CVE-2024-42159.json) (`2024-07-30T08:15:07.300`)
- [CVE-2024-42160](CVE-2024/CVE-2024-421xx/CVE-2024-42160.json) (`2024-07-30T08:15:07.370`)
- [CVE-2024-42161](CVE-2024/CVE-2024-421xx/CVE-2024-42161.json) (`2024-07-30T08:15:07.447`)
- [CVE-2024-42162](CVE-2024/CVE-2024-421xx/CVE-2024-42162.json) (`2024-07-30T08:15:07.520`)
- [CVE-2024-42223](CVE-2024/CVE-2024-422xx/CVE-2024-42223.json) (`2024-07-30T08:15:07.587`)
- [CVE-2024-42224](CVE-2024/CVE-2024-422xx/CVE-2024-42224.json) (`2024-07-30T08:15:07.667`)
- [CVE-2024-42225](CVE-2024/CVE-2024-422xx/CVE-2024-42225.json) (`2024-07-30T08:15:07.747`)
- [CVE-2024-42226](CVE-2024/CVE-2024-422xx/CVE-2024-42226.json) (`2024-07-30T08:15:07.817`)
- [CVE-2024-42227](CVE-2024/CVE-2024-422xx/CVE-2024-42227.json) (`2024-07-30T08:15:07.890`)
- [CVE-2024-42228](CVE-2024/CVE-2024-422xx/CVE-2024-42228.json) (`2024-07-30T08:15:07.960`)
- [CVE-2024-42229](CVE-2024/CVE-2024-422xx/CVE-2024-42229.json) (`2024-07-30T08:15:08.070`)
- [CVE-2024-42230](CVE-2024/CVE-2024-422xx/CVE-2024-42230.json) (`2024-07-30T08:15:08.193`)
- [CVE-2024-42231](CVE-2024/CVE-2024-422xx/CVE-2024-42231.json) (`2024-07-30T08:15:08.307`)
- [CVE-2024-7223](CVE-2024/CVE-2024-72xx/CVE-2024-7223.json) (`2024-07-30T08:15:08.373`)
- [CVE-2024-7224](CVE-2024/CVE-2024-72xx/CVE-2024-7224.json) (`2024-07-30T08:15:08.653`)
- [CVE-2024-7225](CVE-2024/CVE-2024-72xx/CVE-2024-7225.json) (`2024-07-30T09:15:05.287`)
- [CVE-2024-7226](CVE-2024/CVE-2024-72xx/CVE-2024-7226.json) (`2024-07-30T09:15:05.597`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `3`
- [CVE-2024-27823](CVE-2024/CVE-2024-278xx/CVE-2024-27823.json) (`2024-07-30T09:15:02.713`)
- [CVE-2024-27826](CVE-2024/CVE-2024-278xx/CVE-2024-27826.json) (`2024-07-30T09:15:02.820`)
- [CVE-2024-27884](CVE-2024/CVE-2024-278xx/CVE-2024-27884.json) (`2024-07-30T09:15:02.907`)
## Download and Usage

142
_state.csv
View File

@ -235832,6 +235832,7 @@ CVE-2023-48392,0,0,9c3aaa36cf10f8e1592b9126c1f846c6c07db58043210a53056a744b730a0
CVE-2023-48393,0,0,e0a815d8080ad5cea41d92984ef3a9fd7095a42aa57d20c0d12a59109c002386,2023-12-22T15:43:05.987000
CVE-2023-48394,0,0,c3024715840789d9f312132faa6fbaf0c1f9f5e5dcaedc7eeb2cfc7e710910d2,2023-12-22T15:33:02.573000
CVE-2023-48395,0,0,f4526cf83078b38c5056fd136243e449325c90f84eaf2a2201d315d32d83e447,2023-12-22T15:28:27.923000
CVE-2023-48396,1,1,9abcfcc5663c1cb9d6a91abf8edebfe931a917abb0270c2631a50693dade93b1,2024-07-30T09:15:02.540000
CVE-2023-48397,0,0,8ec89914f42c906f53d68364d7b6e597661ed4a8d677d7d81388609a835cf322,2024-03-12T21:15:55.883000
CVE-2023-48398,0,0,95bc3f0fc672fe6706032de73057764755b65a6e047d7d0a83c7838730374b09,2024-03-12T21:15:55.977000
CVE-2023-48399,0,0,2adddd0123f92d5301226919e6681905241faecb6990fd36a9f3f8b4c3c9508b,2024-03-12T21:15:56.047000
@ -239096,6 +239097,7 @@ CVE-2023-52884,0,0,bbf325b5c1ed57a9d1f4ab6303e0df9c8a8b60b96f00c7266f34fe596a2f1
CVE-2023-52885,0,0,e5c658cfc56d45f1e026b5e9d3b2354382c669c4a8a58f5c853288778028aada,2024-07-15T13:00:34.853000
CVE-2023-52886,0,0,99e5616b05810a67fbbeb83e14605ae0bcc6396fe4a66dbd84bd39d8703d92a9,2024-07-16T13:43:58.773000
CVE-2023-52887,0,0,cc5f187e0aa0340440dfe6b878cebe9396819c0bf7ebb9ce657b145ebb84b3ea,2024-07-29T16:21:52.517000
CVE-2023-52888,1,1,926540e35532cc146e3cce53ac18fdce552b88106ec4127219373eeac5090b6e,2024-07-30T08:15:02.293000
CVE-2023-5289,0,0,85a0656428a156af531ef9ce48391ff960ba4c2a8af32298a7386854e98b6d86,2023-10-02T18:13:04.227000
CVE-2023-52890,0,0,98d004bfa32a49234fd94c1d29c092368def9b12c09abef3185e148025b433c1,2024-06-13T18:36:09.010000
CVE-2023-52891,0,0,5e151a4d8c6f84e3d9dd04a36315448ea54aacacf0306d24e88a33c5bc6a9764,2024-07-09T18:19:14.047000
@ -241997,8 +241999,8 @@ CVE-2024-1282,0,0,2eb3c24a78d526ba60f7de9b228772cc4cdca541c83c9925e23d3c86e361e3
CVE-2024-1283,0,0,a97e435850ca7b90657c47e89bd465a7244a29a008bfd047df6690ffa63f1da5,2024-02-14T18:19:42.423000
CVE-2024-1284,0,0,55604dea33d2cbf989f030bf509fafa79de3f9786c8a35caf42d87f103a6d0ee,2024-02-14T18:19:17.177000
CVE-2024-1285,0,0,dc1a281c695ebb0384667e83aa8e8b27899294b8b3ab6a7160b2802a0632094a,2024-03-05T13:41:01.900000
CVE-2024-1286,1,1,dd1141bf14860d2378ac774f5d9218eefecc4f5a8855007c2ae5243a783abb53,2024-07-30T06:15:01.777000
CVE-2024-1287,1,1,5b79e434a38dfbbae67646a5f769d926c2a025ec48b7781dde9ae49d193e4318,2024-07-30T06:15:02.210000
CVE-2024-1286,0,0,dd1141bf14860d2378ac774f5d9218eefecc4f5a8855007c2ae5243a783abb53,2024-07-30T06:15:01.777000
CVE-2024-1287,0,0,5b79e434a38dfbbae67646a5f769d926c2a025ec48b7781dde9ae49d193e4318,2024-07-30T06:15:02.210000
CVE-2024-1288,0,0,9b4b26e98e455da0bf3a01191faed41bc4e93cd412694a208b945f21b0c39ba4,2024-02-29T13:49:29.390000
CVE-2024-1289,0,0,ce4baaa839d6e246e03946bbec3160687088f2a904b66c70b5f22766bbcb5e31,2024-04-10T13:24:00.070000
CVE-2024-1290,0,0,d8c98dc21c8ebffa389e2adca534c5228f87db07c9e83c1a3e5e389d19cbb2e7,2024-03-12T12:40:13.500000
@ -247972,10 +247974,10 @@ CVE-2024-2782,0,0,680a3c329ce925b550d110698489929aa37484a831dec13218a370944105b9
CVE-2024-27820,0,0,a1605198dcbf5219cf280b9649bff24b5d5f9453251b177f1725c884a033aed8,2024-07-03T01:50:58.540000
CVE-2024-27821,0,0,997425452e8be4677f15c9b9aaa18f17147699f7e8dfe8b663210b670dcd8496,2024-06-10T18:15:29.097000
CVE-2024-27822,0,0,00b8edec8aa3387668b84ecf0596531970e488898abd3e050f82e3809ca5cb58,2024-07-03T01:50:59.383000
CVE-2024-27823,0,0,e07f728e8b125043774d710caa27db8b49124a730858e6aef206d0712443b55c,2024-07-30T01:15:13.080000
CVE-2024-27823,0,1,a999471dd9590ec67b4c4294ad596c151565c64201d8e4d18e3c645803a3ba66,2024-07-30T09:15:02.713000
CVE-2024-27824,0,0,79e08efd7f96e8899d7d8541d6c0e1e0a4f8d446eaa36c3c2ce9d69863460387,2024-06-11T08:15:49.830000
CVE-2024-27825,0,0,56d745c63f5923700ccb89bf72b89b53d35743fee3115939c5b740b7e01f6df0,2024-07-03T01:51:00.263000
CVE-2024-27826,0,0,c0dbf8ba979d3073c3b952b5642a4d20f90b2ba6b2082d1f5c9630e8998d90f5,2024-07-30T02:15:04.707000
CVE-2024-27826,0,1,d696c7c89dd1f9cdf2f33af710355c39733cb87e71f3389862a72c6a033bf54c,2024-07-30T09:15:02.820000
CVE-2024-27827,0,0,cddbc1abcd04a5361aa0d1e9cd6f7e77fbe95d6c2f77829fa9afe90c486dfc2e,2024-07-03T01:51:01.090000
CVE-2024-27828,0,0,ce24f26049ae95ba26226eb49c194da6cf3360ec68cebf954b176dbdf142d332,2024-07-03T01:51:01.887000
CVE-2024-27829,0,0,29662b914240e4af6a8df4845b3cfc144c064fdea834172457246a33af580145,2024-07-03T01:51:02.723000
@ -248020,7 +248022,7 @@ CVE-2024-2788,0,0,fae17eccf9cd9e59e0540a9ad532e11d3f58404c6459f605cc04b4c55f9084
CVE-2024-27881,0,0,6995aaac42afde624f418d57a6b52274622684f8093bf13e322e8bbbb612d62a,2024-07-30T02:15:05.153000
CVE-2024-27882,0,0,df5beff67ada5277edac40546e8fff83f6b0a08540da46dc85d29fee68deb289,2024-07-30T02:15:05.210000
CVE-2024-27883,0,0,6b268de3e814c4110daf6775592a2e026d98dff2aa46f04efc275243f9c0ebd5,2024-07-30T02:15:05.267000
CVE-2024-27884,0,0,58f140c86c751c1d006370d1b382cff8ce96aa13987c7a12cceefe129ef896fe,2024-07-29T23:15:11.010000
CVE-2024-27884,0,1,27972c2b7f88abe3712d05d14c5dd14a1fee374623517c28583496a139a8e48b,2024-07-30T09:15:02.907000
CVE-2024-27885,0,0,e3765a253be02afcb43d4bff90a02eb9cc8683032aa7319a1325bda028b43ed5,2024-07-03T15:44:29.397000
CVE-2024-27886,0,0,88626e70ec505f1286a718d520229d519f2eaa13ee3c4837e6401d6ad980a736,2024-07-30T01:15:13.787000
CVE-2024-27887,0,0,175f55ff8c93e4733b0ef1c56ea5798c5485fd0309326d968f4380f1610ae662,2024-07-30T01:15:13.840000
@ -250206,7 +250208,7 @@ CVE-2024-31120,0,0,2905bfd8b8aa056c6c1fecc5c95746ce3aa103eec58c361f159a34f59556b
CVE-2024-31121,0,0,43f3a78be41b0fe7a8d76bc9574b1b11bd8f69ccdd607ace1c58f4c381191fa3,2024-04-01T01:12:59.077000
CVE-2024-31122,0,0,c4e14ba7004b2cf2b151bf3132b2165fc437583f598287125f4d98c6a273d82e,2024-04-01T01:12:59.077000
CVE-2024-31123,0,0,f20fc67a2fee91c8978a5bcb9d4415d2b8d2a544eca0031434fc9c6861c2d332,2024-04-01T01:12:59.077000
CVE-2024-3113,1,1,e6d405d40c43b1f6ab30fdcb60948571cb2f41cc1c340035412287bfde1e8fd1,2024-07-30T06:15:02.337000
CVE-2024-3113,0,0,e6d405d40c43b1f6ab30fdcb60948571cb2f41cc1c340035412287bfde1e8fd1,2024-07-30T06:15:02.337000
CVE-2024-31134,0,0,d8b2660354a47ff5d57524fb2454441ef5617ce0d4a19440e82ae14e22bd7dec,2024-03-28T16:07:30.893000
CVE-2024-31135,0,0,be23cdb06ca9fb56cf767d95aa395ad9500588039c11b7b093f03a09c2fed9d4,2024-04-08T22:39:48.067000
CVE-2024-31136,0,0,fc3cbe768e48d4625e33825c87e8160fa75cbd797dbb2249521e32101603588e,2024-03-28T16:07:30.893000
@ -253812,7 +253814,7 @@ CVE-2024-36681,0,0,91ab5a39355fb60d1e0e5e355644e5363b5d880ec14684cab5ae101662602
CVE-2024-36682,0,0,edc123e03827ea6814bb07a9757c17a0cf5703769c42695b1ae6f58aee11929e,2024-06-25T12:24:17.873000
CVE-2024-36683,0,0,18a76ea23a5695131ac0a1a1cae26aee3d1ea92ed38cb283b784e28da9cb3b8c,2024-06-25T12:24:17.873000
CVE-2024-36684,0,0,1ce5fb0cc7c8519edbfb220ffcf03bdce18fbc872672e6010db16693eec6458c,2024-06-20T12:43:25.663000
CVE-2024-3669,1,1,8f398df077a19d58abebfef11163e01c09e56c3168ebec499ca7f2ad06f73c54,2024-07-30T06:15:02.487000
CVE-2024-3669,0,0,8f398df077a19d58abebfef11163e01c09e56c3168ebec499ca7f2ad06f73c54,2024-07-30T06:15:02.487000
CVE-2024-36691,0,0,eb4ea08bf79d1a6ac1d98f330c6ba45260957add9ca280d2ec95e1cc61898b85,2024-06-13T18:36:09.010000
CVE-2024-36699,0,0,f519eb157e638490c5e16aa33d3cf222cb0f0828212475d05c477400a1f8b777,2024-06-14T15:15:50.967000
CVE-2024-3670,0,0,77ac11a62196ad685da1366e218d9d33cb33f8c42dea24a7d4be6249347cd9dc,2024-05-02T18:00:37.360000
@ -254793,7 +254795,11 @@ CVE-2024-3840,0,0,ec33e8e5666d06426f4f27241e2048dc8546d2022bc8f60f84c59f2555cee1
CVE-2024-3841,0,0,8802855d3bfa5a1c81bb3b1500254989e91bb5a660a45184fb94e49c6e6b50a2,2024-07-03T02:06:40.900000
CVE-2024-38427,0,0,8994acf8b0d2e9fdb11baea3df5edeec421ed8fa1c8aac7108ecf0d2784c04de,2024-07-03T02:05:00.507000
CVE-2024-38428,0,0,88ab77f65d2de763959b3536063d69fbc2444cb9d53c4b7dcba71cfc1a022537,2024-06-17T12:42:04.623000
CVE-2024-38429,1,1,362b0e8d174438acb1e0959c788c7dc8606509b113ca953ce9ba94c6b8f25099,2024-07-30T09:15:02.977000
CVE-2024-3843,0,0,f8304581ad62be18ba48d40e0abaf62c4d0e638c53e769e55d87254b71de405d,2024-07-03T02:06:41.770000
CVE-2024-38430,1,1,685742d1ea624cf0d9e248f4ffe4e7da78edff29213df7c6a5cd8e5e4eecf1d7,2024-07-30T09:15:03.257000
CVE-2024-38431,1,1,a5578cd27838787a81119b54321d5b8624148280ac2fa7bef17ae68832daeed7,2024-07-30T09:15:03.510000
CVE-2024-38432,1,1,95fee8ab824c70073e442ff1ce57c1a60d6cccd5e3df2069691e2cc32dcc4d24,2024-07-30T09:15:03.750000
CVE-2024-38433,0,0,f67092b0476b56495430d5a0a2004ef9f8edcc22248756a4bc924265edccd9ea,2024-07-15T18:26:30.693000
CVE-2024-38434,0,0,4a8e238d88d3486572dfa29923d4eb1c064ff172ae0f1ad768133acfd895c782,2024-07-22T13:00:31.330000
CVE-2024-38435,0,0,fc074747bdba693aebf19b6533a755af226e02ac32a25db69b162bf4e6fcd0ff,2024-07-22T13:00:31.330000
@ -255500,7 +255506,7 @@ CVE-2024-39846,0,0,cc3d14fb15e20c985bb7fdeb359e7a12ea1918f79b7c4c3ac03373ad528c6
CVE-2024-39848,0,0,8178bbb2814e5fa60c3351f00827b86e4d6b7b334f71560f5ea323ec84986fcf,2024-07-03T02:05:53.147000
CVE-2024-3985,0,0,ceb8b898ec23867d1efcc4d7f7a630f584432f67007c6b07d5fd8199e1841622,2024-05-02T18:00:37.360000
CVE-2024-39853,0,0,0a0a7ef09f69a0d0504c74e5034409e9f17837e69e722a4f1f3c2adcfb998667,2024-07-03T02:05:53.353000
CVE-2024-3986,1,1,eb6adfdaf63750cff198cebe3601aa90083de970512c7383707c16474b9158db,2024-07-30T06:15:02.617000
CVE-2024-3986,0,0,eb6adfdaf63750cff198cebe3601aa90083de970512c7383707c16474b9158db,2024-07-30T06:15:02.617000
CVE-2024-39863,0,0,0ebe9832973da51eb33019729ee2559060b8a5a553a2f86aa87ee1da77a1589d,2024-07-22T09:15:11.180000
CVE-2024-39864,0,0,d53cf864986adcf58f762cd7c857169d0cf77d7c01b84f977b101e751257847c,2024-07-08T15:47:10.990000
CVE-2024-39865,0,0,1431947f48c63c3f2f289bcb05288d0cda08dff5370e915fbcca9f419224f5d7,2024-07-09T18:19:14.047000
@ -255592,7 +255598,7 @@ CVE-2024-4007,0,0,857ffd215040050c5517e94efdf82e72cc62aae4cfd62acb973d56bcff6e13
CVE-2024-40075,0,0,ea8801174ab63f09ecb78691088214272746fb9a3a5615024827c9ef25c43b0c,2024-07-24T12:55:13.223000
CVE-2024-4008,0,0,41ba43cb718e067f099fac417cd6110082f457ea9bc7353b1528141e52f4a2d0,2024-06-18T17:00:01.570000
CVE-2024-4009,0,0,26a6ec4a10b164e2f280e8681d4c21dd6301b3a45dfa2578f28e720f7416c2f5,2024-06-18T17:01:19.897000
CVE-2024-40094,1,1,4494a63fe53d1e7407c09814c521347fc9b3680df1494964598bcfed378eb0e5,2024-07-30T07:15:01.840000
CVE-2024-40094,0,0,4494a63fe53d1e7407c09814c521347fc9b3680df1494964598bcfed378eb0e5,2024-07-30T07:15:01.840000
CVE-2024-4010,0,0,6f96a951ba4d658f2d216c10726beef3ec3f9c518875bc1c492ed89999ff3fc2,2024-05-15T16:40:19.330000
CVE-2024-4011,0,0,3791d0b8fb3f4c8257f00293727675eba680b52984c90b375af59f25fe8844d5,2024-06-28T13:21:27.280000
CVE-2024-40110,0,0,418f673a852b7bdb4f78ad41a2b0b3f2ec6f2c18daedda80c4124681891eaca1,2024-07-12T19:04:57.907000
@ -255836,6 +255842,7 @@ CVE-2024-4087,0,0,559dc8fcb531eb7d96e390fa33463b50a20c5a688e8dbefeb3187bf1d2c5f7
CVE-2024-40872,0,0,61b6054f8d04261e92c08a44feec16dc1d8422a97543a2162e5dea5f0a6c8f9d,2024-07-26T12:38:41.683000
CVE-2024-40873,0,0,16fd81fc79820f32ad2e7940b90409fc2d2f9351443634159d6f5e89b93d7b04,2024-07-26T12:38:41.683000
CVE-2024-4088,0,0,61cc31924b86843bbd20c326ef7465dc1aa394b548458b2e1a9fc62c09ede628,2024-06-11T17:11:30.193000
CVE-2024-40895,1,1,64e7940c401fbd173661dee26099a40b50e61ae46e21586456d47b8dd440564a,2024-07-30T09:15:03.987000
CVE-2024-40897,0,0,6abf47f4a62ea89c178f137de2c06b0ad3aa344f78325532ce36c2ccb3219895,2024-07-28T14:15:10.533000
CVE-2024-40898,0,0,6d797ebcdf9c53e0eade3a2c00a2f7d68b1d101b3405603dd30cc2157b772084,2024-07-18T12:28:43.707000
CVE-2024-40899,0,0,e950acc969e56b6fc4b2198a92989ebcef19e4b4c9a9c8ad08fee90da2bba031,2024-07-12T16:34:58.687000
@ -255903,7 +255910,7 @@ CVE-2024-40956,0,0,01fdb45f44f8095c8f9389fef0857cd7ac1f55e504ec60f396a8f9e5482a8
CVE-2024-40957,0,0,ba43e6ddc634305a816231c000c7b443548485728739cecf3ba6005f6c02b2f3,2024-07-12T16:34:58.687000
CVE-2024-40958,0,0,c4b20d9cb20e4970bb454dd1d6fa22674e8409df2a8f77cff22e9737b19836ab,2024-07-12T16:34:58.687000
CVE-2024-40959,0,0,e7c156318badfedaa056792bcbefa34231e67bdbb7ed04e052f8e0abfa80614c,2024-07-12T16:34:58.687000
CVE-2024-4096,1,1,b203d703401ad128b2f49bb8e591aa509377e710104db702c525a4e872a64a39,2024-07-30T06:15:02.723000
CVE-2024-4096,0,0,b203d703401ad128b2f49bb8e591aa509377e710104db702c525a4e872a64a39,2024-07-30T06:15:02.723000
CVE-2024-40960,0,0,751160d4b33ebba5233733016652a802223721da4cc034328232de6ddedfbed0,2024-07-12T16:34:58.687000
CVE-2024-40961,0,0,5ef199da94468b156b51f0574884d9506a4848926b3a11893fee68de8bbf44e4,2024-07-12T16:34:58.687000
CVE-2024-40962,0,0,3d1366142cae87f99bee1d01922e9c3346fad92689b81dead457f2b7f460d17c,2024-07-12T16:34:58.687000
@ -256080,6 +256087,7 @@ CVE-2024-41135,0,0,66c622d4a15bea76906fc51ad68d43d1d4fd2725282204f137e1bed500fb2
CVE-2024-41136,0,0,020b11b93feff063252b1869b912101e066c5fabc26a5328aa1d1ff14a3e25e0,2024-07-26T13:22:02.033000
CVE-2024-41139,0,0,c2a251a2d8ce013de552afd9007b026ec32daefafa4c07e9fa41357e3f6a71e5,2024-07-29T14:12:08.783000
CVE-2024-4114,0,0,387f9ca6df27ba000d0f44d990ccd6bb074258bb946c87938379db9652dc0a14,2024-05-17T02:40:15.917000
CVE-2024-41141,1,1,56e3c9302c0b30541849f61fbc9c2f3c497275b65e8b80c39227cd930f1eed15,2024-07-30T09:15:04.070000
CVE-2024-41143,0,0,86895945f47e1361478000a71a2798af8709b921e75a70b1e72755ffb197a147,2024-07-29T14:12:08.783000
CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994ac,2024-06-04T19:20:29.937000
CVE-2024-4116,0,0,6ee64e85b69f8f11f599040da371bf02d3a94742e1ecd0f467d9a48f26243458,2024-05-17T02:40:16.110000
@ -256195,6 +256203,10 @@ CVE-2024-4169,0,0,c62ff626929882f5d2c6f5c5b02ad92c379b5b400e34f72b774f8d063efba0
CVE-2024-41690,0,0,b18dad298671eb03eedc4db03bead7013ec614b16f648a4382d81a719b2d2fc8,2024-07-26T12:38:41.683000
CVE-2024-41691,0,0,8445b625b8d8bbb501668875ad0019a23a5b4798b2ca9bb16e1f7ec443c79eb0,2024-07-26T12:38:41.683000
CVE-2024-41692,0,0,0194fb9931aafdb4d2f1b1685143b7b5f004cffb9bb337e8efb40ab4dc65d8ec,2024-07-29T14:12:08.783000
CVE-2024-41693,1,1,8a063e6be3afc900183a2c9e8a39d459a9f080c11a183959194cf5e5e9bc5df0,2024-07-30T09:15:04.140000
CVE-2024-41694,1,1,6c97a7aff4e27a26b55f8e7bbaf4358f9b50080c087d91720e51cfa6dc25ccdf,2024-07-30T09:15:04.380000
CVE-2024-41695,1,1,319bb07d63a0e4908a12c967ea213b14522916a76a0a891f6d5c7ba88709b888,2024-07-30T09:15:04.683000
CVE-2024-41696,1,1,5fe2bd7680b5ae433628ebb16886fe3fd3bc450b41c9e71cbeeaf08e13a17aec,2024-07-30T09:15:04.927000
CVE-2024-4170,0,0,62435f89f96f29247c44c5e589e7b97688efd61a202de53db89b1fe5fd4975dc,2024-06-04T19:20:31.883000
CVE-2024-41703,0,0,a85362978996c7d236f30e97fa16c337a7f9d6be679ddc12fca950c1a606cca0,2024-07-25T16:55:48.747000
CVE-2024-41704,0,0,da6c19dec91a04b61d02ede6a13562fab5099a10133c7133c2bc4c7b7733b093,2024-07-25T16:55:24.307000
@ -256244,6 +256256,7 @@ CVE-2024-41881,0,0,dacb56705bd13075a5fc0ecd78dfcda97507df1ba74d6be3b08ddb74fce33
CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000
CVE-2024-41914,0,0,3890dc2e9dfadd1c89a9c37c2efa6249276e0e28c3236b40dae7af311b3a8be5,2024-07-25T17:47:35.247000
CVE-2024-4192,0,0,0768e429bccaed861e82d220deefd437e5feb26a94e95c7a121626318970662c,2024-05-01T13:02:20.750000
CVE-2024-41924,1,1,e88d92ef5bc48c60c56f9a2951a4f44ec730b3e651a36b527fb72bc1b3d3f6b6,2024-07-30T09:15:05.203000
CVE-2024-4193,0,0,4d4f4fcde78b01b33e30a077c434c1714d01a9ac9cd58d916bc86b963b6ddbd7,2024-05-14T16:11:39.510000
CVE-2024-4194,0,0,cb2c64b568e3bd7c78c9d4f736651c66722818abe246f3bc5aedd70e3521cb96,2024-06-06T14:17:35.017000
CVE-2024-4195,0,0,1b874e811f63a88fe0e5040c0bc90d160eaa072aa139296a2fc692655a3d77a9,2024-04-26T12:58:17.720000
@ -256305,17 +256318,90 @@ CVE-2024-42095,0,0,c9c631f902632bcdeb985a399bf03bd95230009f9b2b292e2ce1c6af34b0d
CVE-2024-42096,0,0,d53d336989f4c7decb0404974397904a54acbb383b7cb568e365d40cd07ab27d,2024-07-29T18:15:12.087000
CVE-2024-42097,0,0,3e39f80a21be7f847dd3d935f98275d4e76493a18864c5878262cf936c382354,2024-07-29T18:15:12.167000
CVE-2024-42098,0,0,431032649c8bb3976cb206e7fd38c9abfb6012b105cca427ad4c6d248b14f35d,2024-07-29T18:15:12.247000
CVE-2024-42099,1,1,d82bb7b752174fb9f3b475ff50e43ffc89b42df2a60c7219bc38a7d0b724f67b,2024-07-30T08:15:02.503000
CVE-2024-42100,1,1,16715be8c9b36495cabc90ead592e82e072e2afa40bc3b560db576677814eb1f,2024-07-30T08:15:02.577000
CVE-2024-42101,1,1,947de871ff39560ec1efd4413d900aeec41d5522e0488304857bd08b5d353f16,2024-07-30T08:15:02.647000
CVE-2024-42102,1,1,0ce662828a0fe065f3a0fb9431daa8cbe422e09525c37b5099a403730164c48d,2024-07-30T08:15:02.733000
CVE-2024-42103,1,1,2f4a5c8dcb5ee3e20b7787bde2e6623e3aceb587bf4f8ecc4f5d8630a7a4896c,2024-07-30T08:15:02.817000
CVE-2024-42104,1,1,204ecd202faf525389ca163deb61e14f75a04ff178af5327c13eeb191f6ece2d,2024-07-30T08:15:02.900000
CVE-2024-42105,1,1,12d802650ebba31be88070c0754e06352794ee1a6077695507dbb3248982e9ca,2024-07-30T08:15:03
CVE-2024-42106,1,1,70cb172ad80a1b3d86814378c327b2581dbe98cdeb8bc0588ccf311ec1806f8d,2024-07-30T08:15:03.100000
CVE-2024-42107,1,1,503b57002371b1f53aff2b21cac194d07868fa1d72c5580cd802c1a5e9641603,2024-07-30T08:15:03.220000
CVE-2024-42108,1,1,b34b1604e0b456c5c304225d6f5bf97e323468968e72d94453fd210b4ec32256,2024-07-30T08:15:03.333000
CVE-2024-42109,1,1,74475e107c636aad5caaa1a4666f7e1c5f02db1dca7dec822cb38138d5586921,2024-07-30T08:15:03.407000
CVE-2024-42110,1,1,83290b94fc580e9446dd388e09c0d545a47b2731186f5547b5535c918437200c,2024-07-30T08:15:03.487000
CVE-2024-42111,1,1,d15d6c3e5cc3338bcfe813328172f3da523a0623aa4b71fe8d4fad8d5ffe3ca9,2024-07-30T08:15:03.563000
CVE-2024-42112,1,1,1ff850b0feff84db374dce986fa8c51267c11c679a58bf45e725759ac970681f,2024-07-30T08:15:03.640000
CVE-2024-42113,1,1,906a87db8ee15fc5047565ba7b177e6cb316d2b396da5bb03a4b8ac51de32bb8,2024-07-30T08:15:03.713000
CVE-2024-42114,1,1,afde49cff7e7ca0057a4d79d46524cf34dd798a25ac9dc1480e0f5bdd5a6ad19,2024-07-30T08:15:03.797000
CVE-2024-42115,1,1,fdc23d8f799e0d2e84905d81e10ee6b47817161973503d240b0056bb7acbc995,2024-07-30T08:15:03.867000
CVE-2024-42116,1,1,47f58934267c4f3c93216690e635a7c013ada5732336cc5788dfb81114bc7110,2024-07-30T08:15:03.950000
CVE-2024-42117,1,1,35874dd01b073b27f6753bb7712205f95a552a3e411635cc1624c7407fa876ab,2024-07-30T08:15:04.030000
CVE-2024-42118,1,1,3f6ca1664d30cacf6ee6d324c435b843f90e1562ae9560f3156b4e0983b6a041,2024-07-30T08:15:04.097000
CVE-2024-42119,1,1,ecf186530206b56f1ec469b0c7b0750ab165c2602771656f6192abea6c3c936f,2024-07-30T08:15:04.187000
CVE-2024-4212,0,0,5766e7a6d4fbc74d070c835b010281385271ca336cbd1f30b8212e7da6caf8b5,2024-07-24T20:24:31.537000
CVE-2024-42120,1,1,059d3f1460629b84755bf395aed931f182e644ff171c03bb79e1f2fe22d34959,2024-07-30T08:15:04.273000
CVE-2024-42121,1,1,8ff32baf1de7b0ebcc3e4288465a6cebe6e2b80edac2479040038e44da670cc7,2024-07-30T08:15:04.353000
CVE-2024-42122,1,1,046ce0df245b3839e2d5e37fb2af4df3d51fb0f2603a0ee4885796e4be08e009,2024-07-30T08:15:04.430000
CVE-2024-42123,1,1,b11b836d5b9a47fb96f230025ebc02e215c2f17cc30b27b01f49ffa28529ff75,2024-07-30T08:15:04.500000
CVE-2024-42124,1,1,878664d8586bdb0ed43eba43f37bfc168ef7d9648617d0f0bfeee9c1aafa1045,2024-07-30T08:15:04.577000
CVE-2024-42125,1,1,825a8c88ece81a8c8f81715dedfe6b4c7edbf62009450e406ead8098c0d21e7e,2024-07-30T08:15:04.667000
CVE-2024-42126,1,1,53ab91b44512e636111bde5a60ba16904a3bee812dd7aac68adee81a289d4b2c,2024-07-30T08:15:04.743000
CVE-2024-42127,1,1,637e3750aeb8a06a2fe6285be16db009c9c6a316c9ec42fa4ff4ec73e7809e52,2024-07-30T08:15:04.820000
CVE-2024-42128,1,1,bec56f98557b7f74170b657e45c50eabde6cf34b4ce88e9196ca6233b36db0cc,2024-07-30T08:15:04.903000
CVE-2024-42129,1,1,64b50b9a6e6f1d4dff61c3d72d196a5fc30649fd3aef5daa5241db810f703bf6,2024-07-30T08:15:04.977000
CVE-2024-4213,0,0,4af0c7bd943d1e93f39eb470b6c791f96149e0a985dfe97529e29ee085d7cdf1,2024-05-14T16:11:39.510000
CVE-2024-42130,1,1,33a4ce0d01d867557f11366c2e7e6d0de66665bc75bab78c2360d3decf6fb975,2024-07-30T08:15:05.053000
CVE-2024-42131,1,1,4320a0218863ecf6f70071e36e805d2fbcf39077892e09bb09c19204a4cd1221,2024-07-30T08:15:05.130000
CVE-2024-42132,1,1,3de4ed81c68f88c51f978131e94b34cb74ef05338938abd7a81c392950a6d853,2024-07-30T08:15:05.213000
CVE-2024-42133,1,1,9d8f43808ea9e4b8a6a8bea56619cf8f3c3b15745cce10c61da79a2bdfdb2719,2024-07-30T08:15:05.290000
CVE-2024-42134,1,1,6cb19ac81d5f09e3f521dd085fc1cae64d34219bd2a160c5a033c6eb4b900ccc,2024-07-30T08:15:05.360000
CVE-2024-42135,1,1,3f64cf8449436ee2c3644d9141fc6aa1b5f3142826d6cd8927db43c4baa742e8,2024-07-30T08:15:05.433000
CVE-2024-42136,1,1,d6fcda6bd07eed4368310829502b824e6fb9617fe281f987150491a76e4ac810,2024-07-30T08:15:05.507000
CVE-2024-42137,1,1,8e0b87a288f246dd24fafd6486c279d74f6dca4774a4173e6d457014ec413b5d,2024-07-30T08:15:05.583000
CVE-2024-42138,1,1,f66d9f1ea88f1991675a45b62dc85c2d7123ddc9b7d18c0fa032719421f68c85,2024-07-30T08:15:05.680000
CVE-2024-42139,1,1,b9bed695f1d6840328b37b4c56cdd26191c8e2dc0ee4f420baf5dcf74600be6f,2024-07-30T08:15:05.757000
CVE-2024-4214,0,0,6dc95cb08891bc473beaea6b69701e404acb0b7494c8f630888ffa867e36a2c9,2024-05-17T18:35:35.070000
CVE-2024-42140,1,1,f781d6be30f56027cbae995c23f8722e9acaff24bb20c9cf9b39241a94a94bef,2024-07-30T08:15:05.837000
CVE-2024-42141,1,1,9bdcaa518117fd3e9eed65bf048dd519f8d2bd2aa7c93a325555f29242384125,2024-07-30T08:15:05.917000
CVE-2024-42142,1,1,738d28392467870b1e614cd01c02752c35a733e90d04179621b8fb8642357d07,2024-07-30T08:15:05.993000
CVE-2024-42143,1,1,99371607a1e821237205abaf0672f3e938927bfdaaa0b386e5962ed1fa516631,2024-07-30T08:15:06.073000
CVE-2024-42144,1,1,5f53457ea77a2e5906d2717446b3f493800253c1fab13d15729d2e20d753e6df,2024-07-30T08:15:06.157000
CVE-2024-42145,1,1,e842367578c4e8a24760861421b8d5152632572585331b269ee00ef78d7f4952,2024-07-30T08:15:06.227000
CVE-2024-42146,1,1,faef755443935f9f039fcd03553ca75b620adfb295c020e63efddc6285d06715,2024-07-30T08:15:06.313000
CVE-2024-42147,1,1,bd51763590ec1e14d70b8419cdabe5486d1b1868718c8aab6b330975b460a156,2024-07-30T08:15:06.383000
CVE-2024-42148,1,1,bc77414ac93169614ee2040628991e70ad9f016cfa8626bd5b98a5e2cee32102,2024-07-30T08:15:06.453000
CVE-2024-42149,1,1,cebc8001a073c05f2192a0858d05f107ee731e11ed0e70e25f1fe1c59b733376,2024-07-30T08:15:06.543000
CVE-2024-4215,0,0,e1516bffde121cdd72b9d60979ed7fe6f59f5c9dab0667f7e28a1d0bcbef7063,2024-06-10T18:15:36.443000
CVE-2024-42150,1,1,407b57ac6f3b47c10dae6c655b9b1c3e19db8130caf82a50ceddba3f84806987,2024-07-30T08:15:06.620000
CVE-2024-42151,1,1,345e578193b1ebfb12bfa6c6aac3259546512c29a831e72cd1e5cbe5cc94a38e,2024-07-30T08:15:06.690000
CVE-2024-42152,1,1,545d6e26999c2bb7869fcbe086a9444091bba8beecd6d20e2e8de6ae37788ec5,2024-07-30T08:15:06.763000
CVE-2024-42153,1,1,97b850b96da01eca05d825192163bc2969b2de16f3dbe184385c707bc430d205,2024-07-30T08:15:06.847000
CVE-2024-42154,1,1,90f7730f4fa04bfe63b98cb24d9736fc9f56a4ea8c2110809fc787d6990e4467,2024-07-30T08:15:06.933000
CVE-2024-42155,1,1,1040718e861f58daf8891f315e7e87f5596e6f8d92562d9416ff22204cbac64b,2024-07-30T08:15:07.010000
CVE-2024-42156,1,1,8e47cf70f94ccf470a5b53592b8b6445e7fb0c30374ec300f5143b72853e4b01,2024-07-30T08:15:07.080000
CVE-2024-42157,1,1,dd83965bb016bbefbbb7c4b156e6e33c7c6c0c35d2d1461e3cd75cbe9eb3d938,2024-07-30T08:15:07.150000
CVE-2024-42158,1,1,defc2dd016a70636577c040fb52e734877d1943c785681f274bac519954578df,2024-07-30T08:15:07.227000
CVE-2024-42159,1,1,fbfe1c0a0c123dd1dbc84fae0025989eef92a515c3f4c7706b4a2f93afa08814,2024-07-30T08:15:07.300000
CVE-2024-4216,0,0,fba12328dbaabec1dc61fd9a4f006fbf116bfe15b54035daf7cebf0a0d91ce67,2024-07-03T02:07:14.290000
CVE-2024-42160,1,1,1c48852ee59824fb8ca636dddca7251d0c61526b24aeb51a6e5b6c0ecf4664a2,2024-07-30T08:15:07.370000
CVE-2024-42161,1,1,0fd2c6b5b8e2b80c987cafddb8431528f077d715a8b899f1e4e582ba8c00ce81,2024-07-30T08:15:07.447000
CVE-2024-42162,1,1,1b8d0301e3d0237a00ea2bf30f4f4cfd65745c506a36685a9c12e5af0b2f5b28,2024-07-30T08:15:07.520000
CVE-2024-4217,0,0,9979c68675bcac680eb1a9ec0bfd6c467888186b775eb69528325e0624ef9dea,2024-07-15T13:00:34.853000
CVE-2024-4218,0,0,dff7b6ef5b1eda10e25547a7c58ff59e7141627798ff1eb390bbb04c101af4a9,2024-05-30T13:15:41.297000
CVE-2024-4219,0,0,e67747b1814e30f9a57aa2d5fada7a64c70b8e2f4229bf1bd72194f6b14072cc,2024-06-11T17:06:50.963000
CVE-2024-4220,0,0,046e30c2acea51afb217826bab01d9bc8062f3ae27d0f03889e044f9dcbfad10,2024-06-11T17:05:35.203000
CVE-2024-4222,0,0,4d6355f51e627298e66c1522bbe3d0815b2694594ed1a3761ea4bb349286c8e6,2024-05-16T13:03:05.353000
CVE-2024-42223,1,1,71f8bc162a7751bd0af394117974bb78610332e3bb7246dadd3150d52fbd542c,2024-07-30T08:15:07.587000
CVE-2024-42224,1,1,b62edbd5717bfb432cc484ef967178e5692bd65bd143f30bd28aa902b121622b,2024-07-30T08:15:07.667000
CVE-2024-42225,1,1,c45286b593bee5c20e0defe7be7d52e385231be9c3371589ed4a6c46f61a9ec4,2024-07-30T08:15:07.747000
CVE-2024-42226,1,1,6052082f5f89e0a33eec61ed2c9574827e416c1fa4608fb2c68e8b89d6bb1e28,2024-07-30T08:15:07.817000
CVE-2024-42227,1,1,4fb5a6413f876c620b34e2c361699b2c4257a69436d3a62c1c1ea2aa65be8dc2,2024-07-30T08:15:07.890000
CVE-2024-42228,1,1,a3696a0d5de40919219a31cfef31293c1fd2c8156e578c60eaef7211a81a299f,2024-07-30T08:15:07.960000
CVE-2024-42229,1,1,98b3c64a62d1790c769bd8aa4496cecf23ce101338fa8a440b016213b3894c31,2024-07-30T08:15:08.070000
CVE-2024-4223,0,0,a9cdfeab1a1d35d41a694125f4f4f3203fe0cd94da938f50193ff10f6450cc4d,2024-05-16T13:03:05.353000
CVE-2024-42230,1,1,f74135752071e91d3aa580cd811e5a23b907911fbf070915ee0829567e41b0af,2024-07-30T08:15:08.193000
CVE-2024-42231,1,1,badfc58d7ae6ee29998d5b6218494ac3efbfc34d22bdd2d57b94bc1f17310398,2024-07-30T08:15:08.307000
CVE-2024-4224,0,0,1072ade5e61d4673e4fde8d68c377ed60a4f449367391001c4ccc215a9b54b17,2024-07-16T13:43:58.773000
CVE-2024-4225,0,0,91f68c0336340065fb4af26f099ffa4f82ba2dd159bb3bc13f7cb1abcd1de276,2024-04-30T13:11:16.690000
CVE-2024-4226,0,0,5a1ca6b12b6f72b0f4206f29fce66dc2868959ed888bfbcbc74131b5725a94eb,2024-04-30T13:11:16.690000
@ -257609,7 +257695,7 @@ CVE-2024-5757,0,0,5cb8c18a619114307d2634441346064118b79a7aeac4723897e195eaa5132d
CVE-2024-5758,0,0,c078716fbf80b259c8ceac06415d3d039d4ef773f8ae701649c6b0b1483ee99e,2024-06-13T21:15:57.543000
CVE-2024-5759,0,0,63cf4f5f11600a3e2abf833e3aff1a738015e39c1ce27037c94f84f83452efea,2024-07-19T18:40:53.863000
CVE-2024-5761,0,0,1fdad964c86313b412878f67fac5999c9a1ea015b844614bc58b000414661a53,2024-06-07T19:15:24.467000
CVE-2024-5765,1,1,88076ae20ecb1ab79b06b58d1721c1c250a7f35057d01b879a3ee4d004bbc730,2024-07-30T06:15:02.823000
CVE-2024-5765,0,0,88076ae20ecb1ab79b06b58d1721c1c250a7f35057d01b879a3ee4d004bbc730,2024-07-30T06:15:02.823000
CVE-2024-5766,0,0,1263d0917882c36f131e194bb6b44630da06ab1a17b9faa93d76c1b934e8029c,2024-06-10T02:52:08.267000
CVE-2024-5767,0,0,946a7a6edb6231f843cc8c36568eec07c01ffe4bb17f732fe05d02ccf6a0e4bc,2024-07-09T16:23:07.280000
CVE-2024-5768,0,0,8a490ed493d8c155ddaf62bd42a8c332a10ab098da1f8113e24f2cfb8a80f0bb,2024-06-20T12:44:01.637000
@ -257642,9 +257728,9 @@ CVE-2024-5802,0,0,71daebe4bec626c1d71de5756a51cb35bdbb0ec81769b121e428d7e1cc0f83
CVE-2024-5804,0,0,944c60e3868cb88abd10c74562e980fee4d055c47351e0f84fb7de6b37f889be,2024-07-22T13:00:53.287000
CVE-2024-5805,0,0,f734cfbda04e521c3e66e4ddc2a1025a96de47f7633c45b189fcc72ae4a4191a,2024-06-25T18:50:42.040000
CVE-2024-5806,0,0,91588fb1cdb8115c3da665d3d031e599ad42ef712f85a57d764591dd0370421d,2024-06-26T00:15:11.293000
CVE-2024-5807,1,1,0c0665a3aaccc6add699cbc351fb5b8a55f16f313e589d1be047012d870c9f5f,2024-07-30T06:15:02.917000
CVE-2024-5808,1,1,8c1072533e0d3daf7b7ec8f382afcdab5d6e5795169094a25623c60161428648,2024-07-30T06:15:03.070000
CVE-2024-5809,1,1,eab46b7e46aad4ab24b09cd20ab0f8f109476a4e854ff0c5e135e6a48fdbd618,2024-07-30T06:15:03.180000
CVE-2024-5807,0,0,0c0665a3aaccc6add699cbc351fb5b8a55f16f313e589d1be047012d870c9f5f,2024-07-30T06:15:02.917000
CVE-2024-5808,0,0,8c1072533e0d3daf7b7ec8f382afcdab5d6e5795169094a25623c60161428648,2024-07-30T06:15:03.070000
CVE-2024-5809,0,0,eab46b7e46aad4ab24b09cd20ab0f8f109476a4e854ff0c5e135e6a48fdbd618,2024-07-30T06:15:03.180000
CVE-2024-5810,0,0,246ea4a74a1b10a6c799aa82916b249e6dd3093a23af41d24ba222ed5e8773fa,2024-07-09T18:19:14.047000
CVE-2024-5811,0,0,ed199cd1888a7a079b0f8dda911181091f221cb3baa9309d375439b25d6f23c2,2024-07-24T19:41:17.503000
CVE-2024-5812,0,0,05caee51ca8afdeadb9e9ce4e5c443d53c88017db3fdf90c8036b6c5139928b3,2024-06-13T18:36:45.417000
@ -257756,7 +257842,7 @@ CVE-2024-5971,0,0,e4f98c6267afcbb4d9afd3329ec44a1a1f7f72e0048e7418d4a554bf5527a4
CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000
CVE-2024-5973,0,0,2d8084cf190a1aabb2055b961565b9805ce6ba0f851f188224d67d99d834e8cf,2024-07-25T15:18:05.157000
CVE-2024-5974,0,0,7ccf1724194ada1507df11f624ca32c0386136cdfa7ae25f910321f76e1abc40,2024-07-09T18:19:14.047000
CVE-2024-5975,1,1,1e3c4ab994db1a9786560c73b4d3856e239d9c293d1b1817c82336b89b7c9b73,2024-07-30T06:15:03.277000
CVE-2024-5975,0,0,1e3c4ab994db1a9786560c73b4d3856e239d9c293d1b1817c82336b89b7c9b73,2024-07-30T06:15:03.277000
CVE-2024-5976,0,0,0d4a23e2583616de98536e1ad4d7b2a882021b32cad502d23a934bbf343ef666,2024-06-17T12:43:31.090000
CVE-2024-5977,0,0,4e816ebc7667057f83765d2758ec72f0b5ebf68f5f0bba511fae25da75815823,2024-07-19T18:27:34.967000
CVE-2024-5979,0,0,2890db7bdc2045eea751460532af007391576d7da8d9f838bf14583c0290ae73,2024-06-27T19:25:12.067000
@ -257787,7 +257873,7 @@ CVE-2024-6013,0,0,dd5aadcad9485c7b63e2c76668a62eba788e1248615fab9fd06bf5aaf41af2
CVE-2024-6014,0,0,6f9e64ff8fbf43e19b3d7e24c13ad8adc071c58e85b8bf9a829322ea55abcf8f,2024-07-19T14:18:17.607000
CVE-2024-6015,0,0,c2460029f18cca819988d11dbd49466b5328ee3d26de8c6ec6e0519debb7ea98,2024-07-19T14:13:10.463000
CVE-2024-6016,0,0,db11fa4e2db5dca1bf67cd82c1ae54777d6d6de86c83abed9806f80a5c1a5385,2024-07-19T14:02:04.600000
CVE-2024-6021,1,1,1f488cc7be5bcb938f079b9d1f57223cc11834707dab889582967a23acc34109,2024-07-30T06:15:03.387000
CVE-2024-6021,0,0,1f488cc7be5bcb938f079b9d1f57223cc11834707dab889582967a23acc34109,2024-07-30T06:15:03.387000
CVE-2024-6022,0,0,c3bbbf039abf2ccc90f9a9e873f80102af148b4d2c48a35ad0db91cf49e2a6bb,2024-07-12T12:49:07.030000
CVE-2024-6023,0,0,a984fc7b955b53890e6c7b0690fc8f43ba3a97445c95ce903ef18d81ce049f2e,2024-07-12T12:49:07.030000
CVE-2024-6024,0,0,0c9dac9804939f4358bda0a07a9c71c46e84018a1e951997775f9c46353d018f,2024-07-12T16:12:07.453000
@ -257935,13 +258021,13 @@ CVE-2024-6217,0,0,caeef107ec037a20535b69bf461e75c9da91ce4fd887edb01336f60c235444
CVE-2024-6218,0,0,3cb8a30d4ddfe61bdea61d401bfb5f7d243e9ab40309c0377a9f4fcd89ff6826,2024-06-21T15:15:16.547000
CVE-2024-6220,0,0,b8f7be72e11caf0a6de2963374978a31527ab96f2e76d2ac8d3bbf41bd4c9d7f,2024-07-19T16:07:05.057000
CVE-2024-6222,0,0,7da69ce6fbc5989cf8dc00c0967cc47c0670f03447330ea36d4de40ed4ce08ae,2024-07-12T17:05:39.070000
CVE-2024-6223,1,1,d8c1541d0754b71a76e27ba9a4903cbdd9d2fd645dcce596526e4c5aed64ee36,2024-07-30T06:15:03.517000
CVE-2024-6224,1,1,bef641814fce9d28d6fc55ee1dfcb64b7004ddded706aea1814a48b22c52fe50,2024-07-30T06:15:03.623000
CVE-2024-6223,0,0,d8c1541d0754b71a76e27ba9a4903cbdd9d2fd645dcce596526e4c5aed64ee36,2024-07-30T06:15:03.517000
CVE-2024-6224,0,0,bef641814fce9d28d6fc55ee1dfcb64b7004ddded706aea1814a48b22c52fe50,2024-07-30T06:15:03.623000
CVE-2024-6225,0,0,510a69cec2d5d6c6d036e0951030f27f3f34bcc77e3448a2bbf2dbc18120fe93,2024-06-24T19:21:28.450000
CVE-2024-6226,1,1,8a41e8a52c2a3ee855d5e585f44087eb8b2aa4e60d9298f070f4c26fb3a0f361,2024-07-30T06:15:03.720000
CVE-2024-6226,0,0,8a41e8a52c2a3ee855d5e585f44087eb8b2aa4e60d9298f070f4c26fb3a0f361,2024-07-30T06:15:03.720000
CVE-2024-6227,0,0,215ae4058fc47c00a8f95e1a670b661829a53eab0925147cf9d93bd66cc5d205,2024-07-09T18:19:14.047000
CVE-2024-6229,0,0,54fd6bf3998b843838fdb7fbe8cf0772e5599fcd948d9cf2d47de13f2ccb011e,2024-07-11T15:03:15.233000
CVE-2024-6230,1,1,e9ad484c5fddb226ab2e6c9c3fa8cd8fae53b8378c098c5d6e1c69248e3c92b8,2024-07-30T06:15:03.873000
CVE-2024-6230,0,0,e9ad484c5fddb226ab2e6c9c3fa8cd8fae53b8378c098c5d6e1c69248e3c92b8,2024-07-30T06:15:03.873000
CVE-2024-6231,0,0,95e641648a5be9f88ed3da19269ca6779e176bc3a9b366661acbe85f1cf6d0c5,2024-07-24T12:55:13.223000
CVE-2024-6235,0,0,3389c73a6ea8d57ad4659a54003738203401403add7f113413f0341ee66fc3c4,2024-07-11T15:06:34.163000
CVE-2024-6236,0,0,294d07111f47e2594afccb77d041edde3630ac9799928242bfa797180655c347,2024-07-11T13:05:54.930000
@ -258125,7 +258211,7 @@ CVE-2024-6527,0,0,4cbacb620d5954abb73dae2b3bfdb2a8824258a4de25ce8e7c75649e12d818
CVE-2024-6528,0,0,568c43fb32d79fc097335d9307aebc42d71a690423942e01ce8dbade6b5bedb0,2024-07-12T16:37:20.283000
CVE-2024-6531,0,0,1125a21608be8cb0502ea86867294670584ed16918c5bd752fdbbd37969404b8,2024-07-12T12:49:11.340000
CVE-2024-6535,0,0,d515bd0c9a2788945f1c070eede854437b7a1c58e6a79916f8d2b46233d5b6de,2024-07-25T16:15:04.583000
CVE-2024-6536,1,1,1541c707443feeea187e9f2b3b591c6e4abb1023aad14b514161180ce32e4bdd,2024-07-30T06:15:04.013000
CVE-2024-6536,0,0,1541c707443feeea187e9f2b3b591c6e4abb1023aad14b514161180ce32e4bdd,2024-07-30T06:15:04.013000
CVE-2024-6539,0,0,81a7a773476044a536e1904849aff55df114add8144e8265b917f8120b92d867,2024-07-11T14:56:20.733000
CVE-2024-6540,0,0,f13af52637070826766869c9a967d13110a057955f51f107eb0d0f88b4032338,2024-07-16T18:05:37.267000
CVE-2024-6542,0,0,54f8a75473ca23470adff5375410f0163accbe3baf07cee08839e7a197565332,2024-07-22T13:00:31.330000
@ -258359,7 +258445,7 @@ CVE-2024-7079,0,0,432b6c38d04c17da8e2aeea6e5677915e33a84f70f04ebe0988a953bc8892b
CVE-2024-7080,0,0,e8f51ead66f7469f7e63dc63102236554262bdfa2e68b9dc33e11c14a1ca04d2,2024-07-26T13:22:43.387000
CVE-2024-7081,0,0,6a139e489a9ff084a663269dd9c842c08d77e29c45f0c2d71d596839a517bb01,2024-07-26T13:18:21.957000
CVE-2024-7091,0,0,ea018e26f872aadaa59f554aafa24269e38ad2d18885b5619000c0f610b93be1,2024-07-25T12:36:39.947000
CVE-2024-7100,1,1,c2b6bd967d34d0d62b8c1029636d6858f800a06261091cb2e5b947a02c81ae69,2024-07-30T07:15:02.020000
CVE-2024-7100,0,0,c2b6bd967d34d0d62b8c1029636d6858f800a06261091cb2e5b947a02c81ae69,2024-07-30T07:15:02.020000
CVE-2024-7101,0,0,5454c1208509de59c11b3527ed3914e0b9b453785a2425c8a2e412da33d0d539,2024-07-26T12:38:41.683000
CVE-2024-7105,0,0,ebac193a722d703cc6182b67006761d03a0c9cb5217fdf90f3600dc72f51b279,2024-07-26T12:38:41.683000
CVE-2024-7106,0,0,ef114d9446090044e968605e26812a012528e5941b9264b330a28ad79b353ac3,2024-07-26T12:38:41.683000
@ -258430,10 +258516,14 @@ CVE-2024-7215,0,0,b9277b20591e87ef421e72e340b00d4c5028eb9e7f4f5d063029558fc7a96f
CVE-2024-7216,0,0,7eb91719418852fc60e41b5d5bef8dd9c9400cdbff6552f47c3dc31e14499bcb,2024-07-30T04:15:04.690000
CVE-2024-7217,0,0,27e4f1f9f03ba4cc3101f9041d3838682822f34ad6b154d753f53bcf04bb652c,2024-07-30T05:15:09.957000
CVE-2024-7218,0,0,3c7597c7c0a728275d1525bf5e1d0fe9c7694b61baee58dd16017d345efc88f8,2024-07-30T05:15:10.267000
CVE-2024-7219,1,1,6b513acb48705f9963d8ebaae99a91a618404ef4665d718e2fd80dba9eb868cb,2024-07-30T06:15:04.143000
CVE-2024-7220,1,1,a9fc2fbcd827b860e2f4c5d0da9feb7282fe780c9c1f3f317c760fa534212037,2024-07-30T06:15:04.847000
CVE-2024-7221,1,1,fe9b4e1873920259ca71e600e9ffbd681651f81ddcb9a05a3b0f33261e6d31e5,2024-07-30T07:15:02.323000
CVE-2024-7222,1,1,dd29e832b0de5a491c707eb2c0eee4972e507152e62a4f231641c11a2be568c5,2024-07-30T07:15:02.633000
CVE-2024-7219,0,0,6b513acb48705f9963d8ebaae99a91a618404ef4665d718e2fd80dba9eb868cb,2024-07-30T06:15:04.143000
CVE-2024-7220,0,0,a9fc2fbcd827b860e2f4c5d0da9feb7282fe780c9c1f3f317c760fa534212037,2024-07-30T06:15:04.847000
CVE-2024-7221,0,0,fe9b4e1873920259ca71e600e9ffbd681651f81ddcb9a05a3b0f33261e6d31e5,2024-07-30T07:15:02.323000
CVE-2024-7222,0,0,dd29e832b0de5a491c707eb2c0eee4972e507152e62a4f231641c11a2be568c5,2024-07-30T07:15:02.633000
CVE-2024-7223,1,1,309d7f3d70967e3e7748e0131d509c7ca78a04556c2109d2600dfd2aabdee044,2024-07-30T08:15:08.373000
CVE-2024-7224,1,1,b2bc85f9f0e65f5706020b528b7cdd01397f3e6c0eb5132d9a9d7ce24c3854c1,2024-07-30T08:15:08.653000
CVE-2024-7225,1,1,9597269809efedda7f7d82f784bf2466f10737fb93560510be10202593368237,2024-07-30T09:15:05.287000
CVE-2024-7226,1,1,d61137f3196f4c7f4220813557c84a27f9d48f4ff7f084725dd71a0687abfb89,2024-07-30T09:15:05.597000
CVE-2024-7248,0,0,a2ddbed55de01980f63d0b9718ce842c14c9c1b9e6cdca518c180966561a19d1,2024-07-29T22:15:05.553000
CVE-2024-7249,0,0,c7fccf87c8ceb0c945e7a77936034d5c4e5006994b9df61388b67e431ddf2786,2024-07-29T22:15:05.817000
CVE-2024-7250,0,0,47214a6631c5e0c15e01a9d48696651797894eba964a53c781b9db24f665f066,2024-07-29T22:15:06.100000

Can't render this file because it is too large.