admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-29T11:00:20.449423+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-29 11:03:43 +00:00
parent 07c5b62e30
commit 648d0b490d
15 changed files with 645 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
CVE-2024/CVE-2024-130xx/CVE-2024-13007.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-13007",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-29T09:15:05.580",
"lastModified": "2024-12-29T09:15:05.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/T3rm1n4L-LYC/Vuldb/blob/main/SQL_Injection_in_Event_Management_System.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289668",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289668",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.470304",
"source": "cna@vuldb.com"
}
]
}

149
CVE-2024/CVE-2024-130xx/CVE-2024-13008.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2024-13008",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-29T10:15:05.853",
"lastModified": "2024-12-29T10:15:05.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Responsive Hotel Site 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/newsletter.php. The manipulation of the argument eid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Err-4O4/cve/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/18",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289669",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289669",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.470575",
"source": "cna@vuldb.com"
}
]
}

33
CVE-2024/CVE-2024-567xx/CVE-2024-56709.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56709",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:05.820",
"lastModified": "2024-12-29T09:15:05.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find ->io_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n->iowq check would race."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ca94c8de36091067b9ce7527ae8db3812d38781",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f95a2186b7f2af09331e1e8069bcaf34fe019cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/534d59ab38010aada88390db65985e65d0de7d9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56710.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56710",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:05.970",
"lastModified": "2024-12-29T09:15:05.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leak in ceph_direct_read_write()\n\nThe bvecs array which is allocated in iter_get_bvecs_alloc() is leaked\nand pages remain pinned if ceph_alloc_sparse_ext_map() fails.\n\nThere is no need to delay the allocation of sparse_ext map until after\nthe bvecs array is set up, so fix this by moving sparse_ext allocation\na bit earlier. Also, make a similar adjustment in __ceph_sync_read()\nfor consistency (a leak of the same kind in __ceph_sync_read() has been\naddressed differently)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/66e0c4f91461d17d48071695271c824620bed4ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb9041837123f31d5897e99bb761f46cb4ce5859",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56711.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56711",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.110",
"lastModified": "2024-12-29T09:15:06.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference\n\ndrm_mode_duplicate() could return NULL due to lack of memory,\nwhich will then call NULL pointer dereference. Add a check to\nprevent it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/747547972e647509815ad8530ff09d62220a56c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1e1af9148dc4c866eda3fb59cd6ec3c7ea34b1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56712.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.250",
"lastModified": "2024-12-29T09:15:06.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix memory leak on last export_udmabuf() error path\n\nIn export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a\ndma_buf owning the udmabuf has already been created; but the error handling\nin udmabuf_create() will tear down the udmabuf without doing anything about\nthe containing dma_buf.\n\nThis leaves a dma_buf in memory that contains a dangling pointer; though\nthat doesn't seem to lead to anything bad except a memory leak.\n\nFix it by moving the dma_buf_fd() call out of export_udmabuf() so that we\ncan give it different error handling.\n\nNote that the shape of this code changed a lot in commit 5e72b2b41a21\n(\"udmabuf: convert udmabuf driver to use folios\"); but the memory leak\nseems to have existed since the introduction of udmabuf."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/c9fc8428d4255c2128da9c4d5cd92e554d0150cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f49856f525acd5bef52ae28b7da2e001bbe7439e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56713.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56713",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.377",
"lastModified": "2024-12-29T09:15:06.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: fix nsim_pp_hold_write()\n\nnsim_pp_hold_write() has two problems:\n\n1) It may return with rtnl held, as found by syzbot.\n\n2) Its return value does not propagate an error if any."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c553262f063b3bf85df3b22a9818a8d92510f4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9b8301d369b4c876de5255dbf067b19ba88ac71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56714.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56714",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.510",
"lastModified": "2024-12-29T09:15:06.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13355dd37e22edbcb99c599f783233188740a650",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/746e6ae2e202b062b9deee7bd86d94937997ecd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-567xx/CVE-2024-56715.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56715",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.643",
"lastModified": "2024-12-29T09:15:06.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: Fix netdev notifier unregister on failure\n\nIf register_netdev() fails, then the driver leaks the netdev notifier.\nFix this by calling ionic_lif_unregister() on register_netdev()\nfailure. This will also call ionic_lif_unregister_phc() if it has\nalready been registered."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9590d32e090ea2751e131ae5273859ca22f5ac14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da5736f516a664a9e1ff74902663c64c423045d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da93a12876f8b969df7316dc93aac7e725f88252",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee2e931b2b46de9af7f681258e8ec8e2cd81cfc6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-567xx/CVE-2024-56716.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56716",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.777",
"lastModified": "2024-12-29T09:15:06.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: prevent bad user input in nsim_dev_health_break_write()\n\nIf either a zero count or a large one is provided, kernel can crash."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/470c5ecbac2f19b1cdee2a6ce8d5650c3295c94b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e9ef6bdf71bf25f4735e0230ce1919de8985835",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d10321be26ff9e9e912697e9e8448099654ff561",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee76746387f6233bdfa93d7406990f923641568f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-567xx/CVE-2024-56717.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56717",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.907",
"lastModified": "2024-12-29T09:15:06.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()\n\nPackets injected by the CPU should have a SRC_PORT field equal to the\nCPU port module index in the Analyzer block (ocelot->num_phys_ports).\n\nThe blamed commit copied the ocelot_ifh_set_basic() call incorrectly\nfrom ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling\nwith \"x\", it calls with BIT_ULL(x), but the field is not a port mask,\nbut rather a single port index.\n\n[ side note: this is the technical debt of code duplication :( ]\n\nThe error used to be silent and doesn't appear to have other\nuser-visible manifestations, but with new changes in the packing\nlibrary, it now fails loudly as follows:\n\n------------[ cut here ]------------\nCannot store 0x40 inside bits 46-43 - will truncate\nsja1105 spi2.0: xmit timed out\nWARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198\nsja1105 spi2.0: timed out polling for tstamp\nCPU: 1 UID: 0 PID: 102 Comm: felix_xmit\nTainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605\nCall trace:\n __pack+0x90/0x198 (P)\n __pack+0x90/0x198 (L)\n packing+0x78/0x98\n ocelot_ifh_set_basic+0x260/0x368\n ocelot_port_inject_frame+0xa8/0x250\n felix_port_deferred_xmit+0x14c/0x258\n kthread_worker_fn+0x134/0x350\n kthread+0x114/0x138\n\nThe code path pertains to the ocelot switchdev driver and to the felix\nsecondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.\n\nThe messenger (packing) is not really to blame, so fix the original\ncommit instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d5df3a680ffdaf606baa10636bdb1daf757832e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f3c62ffe88116cd2a39cd73e01103535599970f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59c4ca8d8d7918eb6e2df91d2c254827264be309",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a8836eae3288c351acd3b2743d2fad2a4ee2bd56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-567xx/CVE-2024-56718.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56718",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:07.040",
"lastModified": "2024-12-29T09:15:07.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev->next should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2627c3e8646932dfc7b9722c88c2e1ffcf7a9fb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/841b1824750d3b8d1dc0a96b14db4418b952abbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bec2f52866d511e94c1c37cd962e4382b1b1a299",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-567xx/CVE-2024-56719.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56719",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:07.187",
"lastModified": "2024-12-29T09:15:07.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]'s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv->dma_cap.addr64 > 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

27
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-29T09:00:20.133849+00:00
2024-12-29T11:00:20.449423+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-29T08:15:06.840000+00:00
2024-12-29T10:15:05.853000+00:00
```
### Last Data Feed Release
@ -33,19 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
275087
275100
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `13`
- [CVE-2018-25107](CVE-2018/CVE-2018-251xx/CVE-2018-25107.json) (`2024-12-29T07:15:05.287`)
- [CVE-2024-13004](CVE-2024/CVE-2024-130xx/CVE-2024-13004.json) (`2024-12-29T07:15:05.643`)
- [CVE-2024-13005](CVE-2024/CVE-2024-130xx/CVE-2024-13005.json) (`2024-12-29T08:15:05.143`)
- [CVE-2024-13006](CVE-2024/CVE-2024-130xx/CVE-2024-13006.json) (`2024-12-29T08:15:06.840`)
- [CVE-2024-56737](CVE-2024/CVE-2024-567xx/CVE-2024-56737.json) (`2024-12-29T07:15:06.000`)
- [CVE-2024-56738](CVE-2024/CVE-2024-567xx/CVE-2024-56738.json) (`2024-12-29T07:15:06.183`)
- [CVE-2024-13007](CVE-2024/CVE-2024-130xx/CVE-2024-13007.json) (`2024-12-29T09:15:05.580`)
- [CVE-2024-13008](CVE-2024/CVE-2024-130xx/CVE-2024-13008.json) (`2024-12-29T10:15:05.853`)
- [CVE-2024-56709](CVE-2024/CVE-2024-567xx/CVE-2024-56709.json) (`2024-12-29T09:15:05.820`)
- [CVE-2024-56710](CVE-2024/CVE-2024-567xx/CVE-2024-56710.json) (`2024-12-29T09:15:05.970`)
- [CVE-2024-56711](CVE-2024/CVE-2024-567xx/CVE-2024-56711.json) (`2024-12-29T09:15:06.110`)
- [CVE-2024-56712](CVE-2024/CVE-2024-567xx/CVE-2024-56712.json) (`2024-12-29T09:15:06.250`)
- [CVE-2024-56713](CVE-2024/CVE-2024-567xx/CVE-2024-56713.json) (`2024-12-29T09:15:06.377`)
- [CVE-2024-56714](CVE-2024/CVE-2024-567xx/CVE-2024-56714.json) (`2024-12-29T09:15:06.510`)
- [CVE-2024-56715](CVE-2024/CVE-2024-567xx/CVE-2024-56715.json) (`2024-12-29T09:15:06.643`)
- [CVE-2024-56716](CVE-2024/CVE-2024-567xx/CVE-2024-56716.json) (`2024-12-29T09:15:06.777`)
- [CVE-2024-56717](CVE-2024/CVE-2024-567xx/CVE-2024-56717.json) (`2024-12-29T09:15:06.907`)
- [CVE-2024-56718](CVE-2024/CVE-2024-567xx/CVE-2024-56718.json) (`2024-12-29T09:15:07.040`)
- [CVE-2024-56719](CVE-2024/CVE-2024-567xx/CVE-2024-56719.json) (`2024-12-29T09:15:07.187`)
### CVEs modified in the last Commit

25
_state.csv
View File

@ -121429,7 +121429,7 @@ CVE-2018-25103,0,0,898e59dad77386a317e4ff1bf68be33ab8be6db6918e382c5845df0e79bdc
CVE-2018-25104,0,0,07c0f7f8deacc6ae3510edd97c87fb0b6a5d5de0a9d91e721e0835794336db5c,2024-10-18T12:52:33.507000
CVE-2018-25105,0,0,d16cf144daafb93b508b5b5e5d66a4d924219330c977526c844488af5bef18a9,2024-10-30T18:23:57.830000
CVE-2018-25106,0,0,35ad370f4c1c497d53dd214ed57078e196a3735bc3f2d88e16b64e910fc18b4d,2024-12-23T23:15:05.720000
CVE-2018-25107,1,1,74fe43821f03126162d488ec00a65204173cbcceaa7aefb00faa3ca65d85a033,2024-12-29T07:15:05.287000
CVE-2018-25107,0,0,74fe43821f03126162d488ec00a65204173cbcceaa7aefb00faa3ca65d85a033,2024-12-29T07:15:05.287000
CVE-2018-2515,0,0,5409b099d6b1ad12de2273669dad1cdf61ce6e1c2e305b93396a548635b48aa4,2023-11-07T02:57:57.887000
CVE-2018-2560,0,0,64c0ce8dd86b8cd41f028fc0faeb4c2703b3a3d6c99b5cfb7e065de6e8a10aab,2024-11-21T04:03:56.060000
CVE-2018-2561,0,0,03752647d2e63906688e002ddaaa7e85aba13094709fdf81fa6e8215efd59a07,2024-11-21T04:03:56.197000
@ -245235,9 +245235,11 @@ CVE-2024-13000,0,0,ba6321bc2a9fc6078fc868df7010f5a2c8da0158ccdbfe518bbd87147a0c4
CVE-2024-13001,0,0,be40bea3f9713703b5e2c7f0750b0232200ed0b00592b8848558523d2019da99,2024-12-29T03:15:07.477000
CVE-2024-13002,0,0,1ee78e58e0bd811308cb70352869369439477741fcd1b12a69351acb2458d95f,2024-12-29T04:15:05.443000
CVE-2024-13003,0,0,235764cea3e87d08a4207ae0008036e9e6129c72487209c3a06677e7cba31132,2024-12-29T04:15:06.620000
CVE-2024-13004,1,1,34f98fb39218b32464ee43ddbfdf00f9813682437257720830c2d4afaa952288,2024-12-29T07:15:05.643000
CVE-2024-13005,1,1,e5e2385e8ce60b58efeb40b0d581422277441d17970e70c05027460637962444,2024-12-29T08:15:05.143000
CVE-2024-13006,1,1,b47c7490c834b5f47712cdc6db1c8e8e7ea249aa0e12f85b99916c911e2c3be4,2024-12-29T08:15:06.840000
CVE-2024-13004,0,0,34f98fb39218b32464ee43ddbfdf00f9813682437257720830c2d4afaa952288,2024-12-29T07:15:05.643000
CVE-2024-13005,0,0,e5e2385e8ce60b58efeb40b0d581422277441d17970e70c05027460637962444,2024-12-29T08:15:05.143000
CVE-2024-13006,0,0,b47c7490c834b5f47712cdc6db1c8e8e7ea249aa0e12f85b99916c911e2c3be4,2024-12-29T08:15:06.840000
CVE-2024-13007,1,1,f5cad9710933d23e3389578dd4d0d5404b879c4d2d39feb445c8fdd214ea510a,2024-12-29T09:15:05.580000
CVE-2024-13008,1,1,9fab76a79510c5e7440ef1eb71b4757d894477f22e5ea95a048516ad378c0751,2024-12-29T10:15:05.853000
CVE-2024-1301,0,0,a82904378c141da107f996cbfc3663893c64b71f2f3d06fe2a7b32b9cc0bfa85,2024-11-21T08:50:16.340000
CVE-2024-1302,0,0,50e21539c22b43b4db748f33a4680786d0cd3b39c9a7a5fc858bc75c33660782,2024-11-21T08:50:16.467000
CVE-2024-1303,0,0,922ad92b627c1129d744b1f80cb5c88d28598a22649a8dddf52c9956281bb86f,2024-11-21T08:50:16.593000
@ -271413,12 +271415,23 @@ CVE-2024-56705,0,0,71a9e7a89ce33c23ce760af5bb2f1ef5858bbde18ca92e3d840b49c3e3c45
CVE-2024-56706,0,0,0689e956c96ec8950f1406b0d49eea033f09e982fdfd2693978e4ea271da4e46,2024-12-28T10:15:19.400000
CVE-2024-56707,0,0,ffb915c20de9b64b07625689174f55f04c7c7fd97241ba0a317e5655d619cc29,2024-12-28T10:15:19.660000
CVE-2024-56708,0,0,01fc648fbd4d0320492dbd784f8f9a0b9c372d04309ee9d5bf65ddda29656b5a,2024-12-28T10:15:20.397000
CVE-2024-56709,1,1,1bbdc06a103f4aa2cc735082afa19e9063ddba8b70d17cb37458eb833ceb3220,2024-12-29T09:15:05.820000
CVE-2024-5671,0,0,ed90f881c7f33cc4424c259b337566a1f77772369738ebea5bec64062f030b65,2024-11-21T09:48:07.823000
CVE-2024-56710,1,1,0e3f89701f606ed5d8e96aca6824c66a0c4b0ca303ca66aae7b94699adb07300,2024-12-29T09:15:05.970000
CVE-2024-56711,1,1,3e3c630995a9cb58dc2c2c3625f2a2d18f7c0552e9895d2e8af6ab7aa9b7044b,2024-12-29T09:15:06.110000
CVE-2024-56712,1,1,07dc462cafcf2dc7663e0ace72b369c8519e72405c1874d7254628101d016e21,2024-12-29T09:15:06.250000
CVE-2024-56713,1,1,299ca340f3b765190e64da87c4ee6e292a89ca7cfa57297391512e9d79a0ae7e,2024-12-29T09:15:06.377000
CVE-2024-56714,1,1,9815e16bdaa10b13e3e0007a565f76aa47d3696b837dcba2d60a9430f70d5d6c,2024-12-29T09:15:06.510000
CVE-2024-56715,1,1,84fa02c3fbfc80769af452d43601c66bb292a6c3957046df247ad94e2ddf386d,2024-12-29T09:15:06.643000
CVE-2024-56716,1,1,ab1d565b1cc6802da5a2d849d42b3ec99545135d5033dfafd20eb045a313d194,2024-12-29T09:15:06.777000
CVE-2024-56717,1,1,8261134fcf72b301c923d6a4dfb4c8c38b729c50723567c04771d3735adbaf14,2024-12-29T09:15:06.907000
CVE-2024-56718,1,1,40ef19e0309793c02e9f777cc05f8823d59013699a418e3f05bca052ccbfe21e,2024-12-29T09:15:07.040000
CVE-2024-56719,1,1,fe90d654f9fef87d11308e47a364f5ff0c5b03643c08ac1ea9757a4407134877,2024-12-29T09:15:07.187000
CVE-2024-5672,0,0,959d4e0f075fbde1ffae4f52f6c938c4cdb5c2c3237469dedb1dd077104a3da1,2024-11-21T09:48:07.940000
CVE-2024-5673,0,0,f8b3774ce465f722b68e8727929e95d8d546e4b203a41a4244c7e4dffeee7a73,2024-11-21T09:48:08.057000
CVE-2024-56732,0,0,287b71ca5ec03d5825a19e7eb68f3eaf02e994b222dd83ad368ff3860bd04893,2024-12-28T17:15:08.190000
CVE-2024-56737,1,1,c5b53d74a7d8becee9d7686cadbd97c81361cafe48dbaf7f17677fffdb74d569,2024-12-29T07:15:06
CVE-2024-56738,1,1,dbe898f2fe3f1be88a29cc27198d8199547b6c9a324db196d7c00718a50e331e,2024-12-29T07:15:06.183000
CVE-2024-56737,0,0,c5b53d74a7d8becee9d7686cadbd97c81361cafe48dbaf7f17677fffdb74d569,2024-12-29T07:15:06
CVE-2024-56738,0,0,dbe898f2fe3f1be88a29cc27198d8199547b6c9a324db196d7c00718a50e331e,2024-12-29T07:15:06.183000
CVE-2024-5674,0,0,7c06c249e0424ac37040b124ed7da9cd19cf8f5ce54c37fa3d48f3eda72c297e,2024-11-21T09:48:08.183000
CVE-2024-5675,0,0,a93ae1d48690177c193b4a8fbcc4865158a63f066f83c2c6531b88eed5564aca,2024-11-21T09:48:08.303000
CVE-2024-5676,0,0,42e21ca7cdab0bdccf25cf6637d45fef7f036494b6d014c88b5835e6e4847379,2024-11-21T09:48:08.420000

Can't render this file because it is too large.