From 6d8a9940f54d9a9d00f13e9e62e2b419665906d5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 30 Jul 2024 20:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-07-30T20:00:17.489950+00:00 --- CVE-2024/CVE-2024-32xx/CVE-2024-3246.json | 64 ++++++++- CVE-2024/CVE-2024-39xx/CVE-2024-3930.json | 56 ++++++++ CVE-2024/CVE-2024-407xx/CVE-2024-40767.json | 94 +++++++++++- CVE-2024/CVE-2024-413xx/CVE-2024-41304.json | 21 +++ CVE-2024/CVE-2024-413xx/CVE-2024-41305.json | 21 +++ CVE-2024/CVE-2024-414xx/CVE-2024-41437.json | 37 +++++ CVE-2024/CVE-2024-414xx/CVE-2024-41438.json | 45 ++++++ CVE-2024/CVE-2024-414xx/CVE-2024-41439.json | 41 ++++++ CVE-2024/CVE-2024-414xx/CVE-2024-41440.json | 37 +++++ CVE-2024/CVE-2024-414xx/CVE-2024-41443.json | 41 ++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41943.json | 60 ++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42064.json | 73 +++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42065.json | 73 +++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42066.json | 73 +++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42067.json | 90 +++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42068.json | 114 +++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42069.json | 92 +++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42070.json | 152 ++++++++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42071.json | 80 ++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42072.json | 80 ++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42073.json | 104 +++++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42074.json | 92 +++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42075.json | 80 ++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42076.json | 140 ++++++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42077.json | 128 +++++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42078.json | 80 ++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42079.json | 85 ++++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42080.json | 109 ++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42081.json | 73 +++++++++- CVE-2024/CVE-2024-420xx/CVE-2024-42082.json | 128 +++++++++++++++-- CVE-2024/CVE-2024-420xx/CVE-2024-42083.json | 80 ++++++++++- CVE-2024/CVE-2024-422xx/CVE-2024-42229.json | 117 +++++++++++++-- CVE-2024/CVE-2024-422xx/CVE-2024-42230.json | 124 +++++++++++++++- CVE-2024/CVE-2024-422xx/CVE-2024-42231.json | 100 ++++++++++++- CVE-2024/CVE-2024-52xx/CVE-2024-5249.json | 56 ++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5250.json | 56 ++++++++ README.md | 68 +++++---- _state.csv | 105 ++++++++------ 38 files changed, 2829 insertions(+), 240 deletions(-) create mode 100644 CVE-2024/CVE-2024-39xx/CVE-2024-3930.json create mode 100644 CVE-2024/CVE-2024-413xx/CVE-2024-41304.json create mode 100644 CVE-2024/CVE-2024-413xx/CVE-2024-41305.json create mode 100644 CVE-2024/CVE-2024-414xx/CVE-2024-41437.json create mode 100644 CVE-2024/CVE-2024-414xx/CVE-2024-41438.json create mode 100644 CVE-2024/CVE-2024-414xx/CVE-2024-41439.json create mode 100644 CVE-2024/CVE-2024-414xx/CVE-2024-41440.json create mode 100644 CVE-2024/CVE-2024-414xx/CVE-2024-41443.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41943.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5249.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5250.json diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3246.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3246.json index e55dd2ab897..0966a391d3f 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3246.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3246.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3246", "sourceIdentifier": "security@wordfence.com", "published": "2024-07-24T04:15:04.280", - "lastModified": "2024-07-24T12:55:13.223", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-07-30T19:03:01.433", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:litespeedtech:litespeed_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.3", + "matchCriteriaId": "DB254A71-9242-424E-8941-A5CE926C807E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3123399/litespeed-cache/trunk/src/cloud.cls.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8036bd83-9af5-4b71-8974-9b0690ea6769?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3930.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3930.json new file mode 100644 index 00000000000..dbf15fe0cb0 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3930.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-3930", + "sourceIdentifier": "security@puppet.com", + "published": "2024-07-30T19:15:10.573", + "lastModified": "2024-07-30T19:15:10.573", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In versions of Akana API Platform prior to 2024.1.0\u00a0a flaw resulting in XML External Entity (XXE) was discovered." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4", + "source": "security@puppet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40767.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40767.json index e7d93ff256e..26fdefaec6e 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40767.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40767.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40767", "sourceIdentifier": "cve@mitre.org", "published": "2024-07-24T05:15:12.907", - "lastModified": "2024-07-25T17:15:10.910", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-07-30T19:19:40.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,103 @@ "value": "En OpenStack Nova anterior a 27.4.1, 28 anterior a 28.2.1 y 29 anterior a 29.1.1, al proporcionar una imagen sin formato que en realidad es una imagen QCOW2 manipulada con una ruta de archivo de respaldo o una imagen plana VMDK con una ruta de archivo descriptiva, se El usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido del archivo al que se hace referencia desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. Todas las implementaciones de Nova se ven afectadas. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2022-47951 y CVE-2024-32498." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", + "versionEndExcluding": "27.4.1", + "matchCriteriaId": "D74C8EE9-1EC5-4286-B208-383ED634118F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", + "versionStartIncluding": "28.0.0", + "versionEndExcluding": "28.2.1", + "matchCriteriaId": "716EDE86-85A2-4CB9-B494-D4F2D08052F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", + "versionStartIncluding": "29.0.0", + "versionEndExcluding": "29.1.1", + "matchCriteriaId": "11E02C0C-E7BD-47D4-BAF9-906CE166CD0B" + } + ] + } + ] + } + ], "references": [ { "url": "https://launchpad.net/bugs/2071734", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://security.openstack.org", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.openstack.org/ossa/OSSA-2024-002.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41304.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41304.json new file mode 100644 index 00000000000..62db7481e89 --- /dev/null +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41304.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-41304", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T18:15:05.817", + "lastModified": "2024-07-30T18:15:05.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-413xx/CVE-2024-41305.json b/CVE-2024/CVE-2024-413xx/CVE-2024-41305.json new file mode 100644 index 00000000000..7869b8f6e7e --- /dev/null +++ b/CVE-2024/CVE-2024-413xx/CVE-2024-41305.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-41305", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T18:15:05.910", + "lastModified": "2024-07-30T18:15:05.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41437.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41437.json new file mode 100644 index 00000000000..5c8654df6b6 --- /dev/null +++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41437.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41437", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T19:15:10.933", + "lastModified": "2024-07-30T19:15:10.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc/sample6.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.assets/image-20240530183857985.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r1-cp_unfilter-cute_png-1019c11/poc", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41438.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41438.json new file mode 100644 index 00000000000..a1e2806e594 --- /dev/null +++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41438.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-41438", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T19:15:11.027", + "lastModified": "2024-07-30T19:15:11.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184723547.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530184848743.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.assets/image-20240530185015780.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/vulDescription.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor/heapof-r65280-cp_stored-cute_png-543c2/poc/sample10.png", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41439.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41439.json new file mode 100644 index 00000000000..62fdaa80f48 --- /dev/null +++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41439.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41439", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T19:15:11.123", + "lastModified": "2024-07-30T19:15:11.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc/sample13.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240530192505615.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240531002753478.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41440.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41440.json new file mode 100644 index 00000000000..8fa7d9ccf5c --- /dev/null +++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41440.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41440", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T19:15:11.210", + "lastModified": "2024-07-30T19:15:11.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41443.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41443.json new file mode 100644 index 00000000000..e9c35370131 --- /dev/null +++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41443.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2024-41443", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-07-30T19:15:11.300", + "lastModified": "2024-07-30T19:15:11.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/poc/sample16.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223831738.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.assets/image-20240530223921086.png", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/stkof-w133-cp_dynamic-cute_png-603/vulDescription.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41943.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41943.json new file mode 100644 index 00000000000..b53acdc5f2c --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41943.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-41943", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-30T18:15:06.037", + "lastModified": "2024-07-30T18:15:06.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mkucej/i-librarian-free/commit/b4570103d21fc4fdd2483689aafc6028d9f6a76d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mkucej/i-librarian-free/security/advisories/GHSA-h5hx-fm7f-2xmx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42064.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42064.json index 1e8fdeeee22..931328720cb 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42064.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42064.json @@ -2,24 +2,87 @@ "id": "CVE-2024-42064", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.133", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:03:25.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip pipe if the pipe idx not set properly\n\n[why]\nDriver crashes when pipe idx not set properly\n\n[how]\nAdd code to skip the pipe that idx not set properly" + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: omitir la tuber\u00eda si el idx de la tuber\u00eda no est\u00e1 configurado correctamente [por qu\u00e9] El controlador falla cuando el idx de la tuber\u00eda no est\u00e1 configurado correctamente [c\u00f3mo] Agregar c\u00f3digo para omitir la tuber\u00eda cuyo idx no est\u00e1 configurado correctamente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "5810FB48-F33E-4087-A3BB-2F33EEFFA914" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/27df59c6071470efce7182ee92fbb16afba551e0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af114efe8d24b5711cfbedf7180f2ac1a296c24b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42065.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42065.json index 30f01169613..85cc1fe1fea 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42065.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42065.json @@ -2,24 +2,87 @@ "id": "CVE-2024-42065", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.197", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:02:59.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Add a NULL check in xe_ttm_stolen_mgr_init\n\nAdd an explicit check to ensure that the mgr is not NULL." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: agregue una verificaci\u00f3n NULL en xe_ttm_stolen_mgr_init Agregue una verificaci\u00f3n expl\u00edcita para garantizar que mgr no sea NULL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "5810FB48-F33E-4087-A3BB-2F33EEFFA914" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/a6eff8f9c7e844cb24ccb188ca24abcd59734e74", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cc796a77985d6af75c9362cb2e73dce4ae3f97cd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42066.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42066.json index 9a41a2a80eb..b4634102c86 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42066.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42066.json @@ -2,24 +2,87 @@ "id": "CVE-2024-42066", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.257", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:02:32.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix potential integer overflow in page size calculation\n\nExplicitly cast tbo->page_alignment to u64 before bit-shifting to\nprevent overflow when assigning to min_page_size." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/xe: soluciona el posible desbordamiento de enteros en el c\u00e1lculo del tama\u00f1o de la p\u00e1gina. Transmite expl\u00edcitamente tbo->page_alignment a u64 antes del cambio de bits para evitar el desbordamiento al asignar a min_page_size." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "5810FB48-F33E-4087-A3BB-2F33EEFFA914" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/4f4fcafde343a54465f85a2909fc684918507a4b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/79d54ddf0e292b810887994bb04709c5ac0e1531", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42067.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42067.json index ffe289a5775..6ad76abcea0 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42067.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42067.json @@ -2,32 +2,108 @@ "id": "CVE-2024-42067", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.323", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:02:20.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error." + }, + { + "lang": "es", + "value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: Tener en cuenta el retorno de set_memory_rox() con bpf_jit_binary_lock_ro() set_memory_rox() puede fallar, dejando la memoria desprotegida. Verifique la devoluci\u00f3n y el rescate cuando bpf_jit_binary_lock_ro() devuelva un error." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "816250D9-9650-4A7D-A4A7-1D69242F2032" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42068.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42068.json index 3754d7728d8..e5f10882cee 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42068.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42068.json @@ -2,40 +2,136 @@ "id": "CVE-2024-42068", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.387", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:02:12.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()\n\nset_memory_ro() can fail, leaving memory unprotected.\n\nCheck its return and take it into account as an error." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: Tener en cuenta el retorno de set_memory_ro() con bpf_prog_lock_ro() set_memory_ro() puede fallar, dejando la memoria desprotegida. Comprueba su devoluci\u00f3n y tenlo en cuenta como error." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "DD1E49C8-DE20-4CCB-8715-3FB3FA95ABC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42069.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42069.json index 0652d3c6dbe..cdf37006232 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42069.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42069.json @@ -2,28 +2,108 @@ "id": "CVE-2024-42069", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.467", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:01:58.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix possible double free in error handling path\n\nWhen auxiliary_device_add() returns error and then calls\nauxiliary_device_uninit(), callback function adev_release\ncalls kfree(madev). We shouldn't call kfree(madev) again\nin the error handling path. Set 'madev' to NULL." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: corrige posible double free en la ruta de manejo de errores Cuando auxiliar_device_add() devuelve un error y luego llama a auxiliar_device_uninit(), la funci\u00f3n de devoluci\u00f3n de llamada adev_release llama a kfree(madev). No deber\u00edamos volver a llamar a kfree(madev) en la ruta de manejo de errores. Establezca 'madev' en NULL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2", + "matchCriteriaId": "108695B6-7133-4B6C-80AF-0F66880FE858" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "F039BDA1-E26D-4651-9C4F-F13860449857" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/1864b8224195d0e43ddb92a8151f54f6562090cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3243e64eb4d897c3eeb48b2a7221ab5a95e1282a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ed45c0a0b662079d4c0e518014cc148c753979b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42070.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42070.json index 05100131347..4263f10e7e1 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42070.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42070.json @@ -2,48 +2,178 @@ "id": "CVE-2024-42070", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.540", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:01:47.300", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: validar completamente NFT_DATA_VALUE en la tienda para registros de datos. La validaci\u00f3n de la tienda para NFT_DATA_VALUE es condicional; sin embargo, el tipo de datos siempre es NFT_DATA_VALUE o NFT_DATA_VERDICT. Esto solo requiere una nueva funci\u00f3n auxiliar para inferir el tipo de registro a partir del tipo de datos establecido para que se pueda eliminar esta verificaci\u00f3n condicional. De lo contrario, el puntero al objeto de la cadena se puede filtrar a trav\u00e9s de los registros." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.13", + "matchCriteriaId": "E37CAD46-6582-4D99-9D51-C217F9083FC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.14", + "versionEndExcluding": "4.19.317", + "matchCriteriaId": "94AD7CE0-1AB3-4F0C-9642-209112A5ECB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.279", + "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42071.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42071.json index c481cef6459..e7492432016 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42071.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42071.json @@ -2,24 +2,94 @@ "id": "CVE-2024-42071", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.623", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:01:26.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: use dev_consume_skb_any outside of napi\n\nIf we're not in a NAPI softirq context, we need to be careful\nabout how we call napi_consume_skb(), specifically we need to\ncall it with budget==0 to signal to it that we're not in a\nsafe context.\n\nThis was found while running some configuration stress testing\nof traffic and a change queue config loop running, and this\ncurious note popped out:\n\n[ 4371.402645] BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/20545\n[ 4371.402897] caller is napi_skb_cache_put+0x16/0x80\n[ 4371.403120] CPU: 25 PID: 20545 Comm: ethtool Kdump: loaded Tainted: G OE 6.10.0-rc3-netnext+ #8\n[ 4371.403302] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 01/23/2021\n[ 4371.403460] Call Trace:\n[ 4371.403613] \n[ 4371.403758] dump_stack_lvl+0x4f/0x70\n[ 4371.403904] check_preemption_disabled+0xc1/0xe0\n[ 4371.404051] napi_skb_cache_put+0x16/0x80\n[ 4371.404199] ionic_tx_clean+0x18a/0x240 [ionic]\n[ 4371.404354] ionic_tx_cq_service+0xc4/0x200 [ionic]\n[ 4371.404505] ionic_tx_flush+0x15/0x70 [ionic]\n[ 4371.404653] ? ionic_lif_qcq_deinit.isra.23+0x5b/0x70 [ionic]\n[ 4371.404805] ionic_txrx_deinit+0x71/0x190 [ionic]\n[ 4371.404956] ionic_reconfigure_queues+0x5f5/0xff0 [ionic]\n[ 4371.405111] ionic_set_ringparam+0x2e8/0x3e0 [ionic]\n[ 4371.405265] ethnl_set_rings+0x1f1/0x300\n[ 4371.405418] ethnl_default_set_doit+0xbb/0x160\n[ 4371.405571] genl_family_rcv_msg_doit+0xff/0x130\n\t[...]\n\nI found that ionic_tx_clean() calls napi_consume_skb() which calls\nnapi_skb_cache_put(), but before that last call is the note\n /* Zero budget indicate non-NAPI context called us, like netpoll */\nand\n DEBUG_NET_WARN_ON_ONCE(!in_softirq());\n\nThose are pretty big hints that we're doing it wrong. We can pass a\ncontext hint down through the calls to let ionic_tx_clean() know what\nwe're doing so it can call napi_consume_skb() correctly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ionic: usa dev_consume_skb_any fuera de napi. Si no estamos en un contexto de softirq de NAPI, debemos tener cuidado con c\u00f3mo llamamos a napi_consume_skb(), espec\u00edficamente debemos llamarlo con Budget==0 para indicarle que no estamos en un contexto seguro. Esto se encontr\u00f3 mientras se ejecutaban algunas pruebas de estr\u00e9s de configuraci\u00f3n del tr\u00e1fico y se ejecutaba un bucle de configuraci\u00f3n de cola de cambios, y apareci\u00f3 esta nota curiosa: [4371.402645] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: ethtool/20545 [4371.402897] la persona que llama es napi_skb_cache_put+0x16/0x80 [ 4371.403120] CPU: 25 PID: 20545 Comm: ethtool Kdump: loaded Tainted: G OE 6.10.0-rc3-netnext+ #8 [ 4371.403302] Nombre de hardware: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen 10, BIOSU32 23/01/2021 [ 4371.403460] Seguimiento de llamadas: [ 4371.403613] [ 4371.403758] dump_stack_lvl+0x4f/0x70 [ 4371.403904] check_preemption_disabled+0xc1/0xe0 [ 4371.40405 1] napi_skb_cache_put+0x16/0x80 [ 4371.404199] ionic_tx_clean+0x18a/0x240 [ i\u00f3nico] [4371.404354] ionic_tx_cq_service+0xc4/0x200 [i\u00f3nico] [4371.404505] ionic_tx_flush+0x15/0x70 [i\u00f3nico] [4371.404653]? ionic_lif_qcq_deinit.isra.23+0x5b/0x70 [ionic] [ 4371.404805] ionic_txrx_deinit+0x71/0x190 [ionic] [ 4371.404956] ionic_reconfigure_queues+0x5f5/0xff0 [ionic] [ 4371.4051 11] ionic_set_ringparam+0x2e8/0x3e0 [ionic] [4371.405265] ethnl_set_rings+ 0x1f1/0x300 [ 4371.405418] ethnl_default_set_doit+0xbb/0x160 [ 4371.405571] genl_family_rcv_msg_doit+0xff/0x130 [...] encontr\u00e9 que ionic_tx_clean() llama a napi_consume_skb() que llama a napi_skb_cache_put() , pero antes de esa \u00faltima llamada est\u00e1 la nota /* El presupuesto cero indica que nos llam\u00f3 un contexto que no es NAPI, como netpoll */ y DEBUG_NET_WARN_ON_ONCE(!in_softirq()); Esos son indicios bastante importantes de que lo estamos haciendo mal. Podemos pasar una sugerencia de contexto a trav\u00e9s de las llamadas para que ionic_tx_clean() sepa lo que estamos haciendo para que pueda llamar a napi_consume_skb() correctamente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-834" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9", + "matchCriteriaId": "18FE1EAE-C36C-49FC-A5E0-0A661CDC561E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.1", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "1557DCF8-46D3-4910-8B19-5C77412AB681" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/84b767f9e34fdb143c09e66a2a20722fc2921821", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef7646ed49fff962e97b276f4ab91327a67eeb5a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42072.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42072.json index ca82ac09b68..f072540328e 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42072.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42072.json @@ -2,24 +2,94 @@ "id": "CVE-2024-42072", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.693", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:01:12.833", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix may_goto with negative offset.\n\nZac's syzbot crafted a bpf prog that exposed two bugs in may_goto.\nThe 1st bug is the way may_goto is patched. When offset is negative\nit should be patched differently.\nThe 2nd bug is in the verifier:\nwhen current state may_goto_depth is equal to visited state may_goto_depth\nit means there is an actual infinite loop. It's not correct to prune\nexploration of the program at this point.\nNote, that this check doesn't limit the program to only one may_goto insn,\nsince 2nd and any further may_goto will increment may_goto_depth only\nin the queued state pushed for future exploration. The current state\nwill have may_goto_depth == 0 regardless of number of may_goto insns\nand the verifier has to explore the program until bpf_exit." + }, + { + "lang": "es", + "value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: corrige may_goto con desplazamiento negativo. El syzbot de Zac cre\u00f3 un programa bpf que expuso dos errores en may_goto. El primer error es la forma en que se parchea may_goto. Cuando el desplazamiento es negativo, se debe parchear de manera diferente. El segundo error est\u00e1 en el verificador: cuando el estado actual may_goto_ Depth es igual al estado visitado may_goto_ Depth, significa que hay un bucle infinito real. No es correcto podar la exploraci\u00f3n del programa en este momento. Tenga en cuenta que esta verificaci\u00f3n no limita el programa a solo un may_goto insn, ya que el segundo may_goto y cualquier otro may_goto incrementar\u00e1 may_goto_profundidad solo en el estado en cola enviado para exploraci\u00f3n futura. El estado actual tendr\u00e1 may_goto_ Depth == 0 independientemente del n\u00famero de may_goto insns y el verificador tiene que explorar el programa hasta bpf_exit." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9", + "matchCriteriaId": "18FE1EAE-C36C-49FC-A5E0-0A661CDC561E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.1", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "1557DCF8-46D3-4910-8B19-5C77412AB681" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/175827e04f4be53f3dfb57edf12d0d49b18fd939", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2b2efe1937ca9f8815884bd4dcd5b32733025103", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42073.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42073.json index 4c0f48c69f8..070450df90c 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42073.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42073.json @@ -2,32 +2,122 @@ "id": "CVE-2024-42073", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.770", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:00:52.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems\n\nThe following two shared buffer operations make use of the Shared Buffer\nStatus Register (SBSR):\n\n # devlink sb occupancy snapshot pci/0000:01:00.0\n # devlink sb occupancy clearmax pci/0000:01:00.0\n\nThe register has two masks of 256 bits to denote on which ingress /\negress ports the register should operate on. Spectrum-4 has more than\n256 ports, so the register was extended by cited commit with a new\n'port_page' field.\n\nHowever, when filling the register's payload, the driver specifies the\nports as absolute numbers and not relative to the first port of the port\npage, resulting in memory corruptions [1].\n\nFix by specifying the ports relative to the first port of the port page.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\nRead of size 1 at addr ffff8881068cb00f by task devlink/1566\n[...]\nCall Trace:\n \n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0\n mlxsw_devlink_sb_occ_snapshot+0x75/0xb0\n devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0\n genl_family_rcv_msg_doit+0x20c/0x300\n genl_rcv_msg+0x567/0x800\n netlink_rcv_skb+0x170/0x450\n genl_rcv+0x2d/0x40\n netlink_unicast+0x547/0x830\n netlink_sendmsg+0x8d4/0xdb0\n __sys_sendto+0x49b/0x510\n __x64_sys_sendto+0xe5/0x1c0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[...]\nAllocated by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n copy_verifier_state+0xbc2/0xfb0\n do_check_common+0x2c51/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 1:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x109/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xca/0x2b0\n free_verifier_state+0xce/0x270\n do_check_common+0x4828/0xc7e0\n bpf_check+0x5107/0x9960\n bpf_prog_load+0xf0e/0x2690\n __sys_bpf+0x1a61/0x49d0\n __x64_sys_bpf+0x7d/0xc0\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: spectrum_buffers: corrige da\u00f1os en la memoria en sistemas Spectrum-4 Las siguientes dos operaciones de b\u00fafer compartido utilizan el registro de estado del b\u00fafer compartido (SBSR): # devlink sb occupancy snapshot pci/0000 :01:00.0 # devlink sb occupancy clearmax pci/0000:01:00.0 El registro tiene dos m\u00e1scaras de 256 bits para indicar en qu\u00e9 puertos de entrada/salida debe operar el registro. Spectrum-4 tiene m\u00e1s de 256 puertos, por lo que el registro se ampli\u00f3 mediante la confirmaci\u00f3n citada con un nuevo campo 'port_page'. Sin embargo, al llenar el payload del registro, el controlador especifica los puertos como n\u00fameros absolutos y no relativos al primer puerto de la p\u00e1gina de puertos, lo que provoca da\u00f1os en la memoria [1]. Corrija especificando los puertos relativos al primer puerto de la p\u00e1gina de puertos. [1] ERROR: KASAN: slab-use-after-free en mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 Lectura del tama\u00f1o 1 en la direcci\u00f3n ffff8881068cb00f mediante la tarea devlink/1566 [...] Seguimiento de llamadas: dump_stack_lvl+0xc6/0x120 print_report+ 0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0 mlxsw_devlink_sb_occ_snapshot+0x75/0xb0 devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0 genl_family_rcv_ msg_doit+0x20c/0x300 genl_rcv_msg+0x567/0x800 netlink_rcv_skb+0x170/0x450 genl_rcv+0x2d/0x40 netlink_unicast+0x547/0x830 netlink_sendmsg+ 0x8d4/0xdb0 __sys_sendto+0x49b/0x510 __x64_sys_sendto+0xe5/0x1c0 do_syscall_64+0xc1/0x1d0 Entry_SYSCALL_64_after_hwframe+0x77/0x7f [...] Asignado por tarea 1: kasan_save_stack+0x33/ 0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 copy_verifier_state+ 0xbc2/0xfb0 do_check_common+0x2c51/0xc7e0 bpf_check+0x5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+0x7d/0xc0 _64+0xc1/0x1d0 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 1: kasan_save_stack+0x33/0x60 kasan_save_track+ 0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x109/0x170 __kasan_slab_free+0x14/0x30 kfree+0xca/0x2b0 free_verifier_state+0xce/0x270 do_check_common+0x4828/0xc7e0 bpf_check+0x 5107/0x9960 bpf_prog_load+0xf0e/0x2690 __sys_bpf+0x1a61/0x49d0 __x64_sys_bpf+ 0x7d/0xc0 do_syscall_64+0xc1/0x1d0 entrada_SYSCALL_64_after_hwframe+0x77/0x7f" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.17", + "matchCriteriaId": "A37A8EE9-3F14-4C7A-A882-DA8A6AD1897C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "D6EFEE97-4CE8-4BE7-8CAF-B3004753F1CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/942901e0fc74ad4b7992ef7ca9336e68d5fd6d36", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf8781ede7bd9a37c0fcabca78976e61300b5a1a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bfa86a96912faa0b6142a918db88cc0c738a769e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c28947de2bed40217cf256c5d0d16880054fcf13", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42074.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42074.json index 5b294532146..a041e3af94f 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42074.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42074.json @@ -2,28 +2,108 @@ "id": "CVE-2024-42074", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.843", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:00:33.493", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: add a null check for chip_pdev structure\n\nWhen acp platform device creation is skipped, chip->chip_pdev value will\nremain NULL. Add NULL check for chip->chip_pdev structure in\nsnd_acp_resume() function to avoid null pointer dereference." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: amd: acp: agregue una verificaci\u00f3n nula para la estructura chip_pdev Cuando se omite la creaci\u00f3n del dispositivo de plataforma acp, el valor chip->chip_pdev permanecer\u00e1 NULL. Agregue una verificaci\u00f3n NULL para la estructura chip->chip_pdev en la funci\u00f3n snd_acp_resume() para evitar la desreferencia del puntero nulo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6", + "matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.1", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "84406A8A-4CD3-4332-91B8-B100E5AD2A2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42075.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42075.json index 42197e03bd4..489ef2034d2 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42075.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42075.json @@ -2,24 +2,94 @@ "id": "CVE-2024-42075", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.900", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:00:26.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix remap of arena.\n\nThe bpf arena logic didn't account for mremap operation. Add a refcnt for\nmultiple mmap events to prevent use-after-free in arena_vm_close." + }, + { + "lang": "es", + "value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: Se corrigi\u00f3 la reasignaci\u00f3n de arena. La l\u00f3gica de bpf arena no tuvo en cuenta la operaci\u00f3n de mremap. Agregue un refcnt para m\u00faltiples eventos mmap para evitar el uso despu\u00e9s de la liberaci\u00f3n en arena_vm_close." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9", + "matchCriteriaId": "18FE1EAE-C36C-49FC-A5E0-0A661CDC561E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.1", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "1557DCF8-46D3-4910-8B19-5C77412AB681" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/87496a1b01e8e2e399428c0db25e106f7961d01e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b90d77e5fd784ada62ddd714d15ee2400c28e1cf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42076.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42076.json index 9e0ff1b07f8..0559e247ade 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42076.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42076.json @@ -2,44 +2,164 @@ "id": "CVE-2024-42076", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:06.960", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:00:17.847", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: Initialize unused data in j1939_send_one()\n\nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()\ncreates full frame including unused data, but it doesn't initialize\nit. This causes the kernel-infoleak issue. Fix this by initializing\nunused data.\n\n[1]\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185\n copy_to_iter include/linux/uio.h:196 [inline]\n memcpy_to_msg include/linux/skbuff.h:4113 [inline]\n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x2c4/0x340 net/socket.c:1068\n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803\n ___sys_recvmsg+0x223/0x840 net/socket.c:2845\n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034\n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1313 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795\n sock_alloc_send_skb include/net/sock.h:1842 [inline]\n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]\n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]\n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674\n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBytes 12-15 of 16 are uninitialized\nMemory access of size 16 starts at ffff888120969690\nData copied to user address 00000000200017c0\n\nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: can: j1939: Inicializar datos no utilizados en j1939_send_one() syzbot inform\u00f3 kernel-infoleak en raw_recvmsg() [1]. j1939_send_one() crea un fotograma completo que incluye datos no utilizados, pero no lo inicializa. Esto causa el problema de fuga de informaci\u00f3n del kernel. Solucione este problema inicializando los datos no utilizados. [1] ERROR: KMSAN: kernel-infoleak en instrument_copy_to_user include/linux/instrumented.h:114 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en copy_to_user_iter lib/iov_iter.c:24 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en iterate_ubuf include/linux/iov_iter.h:29 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en iterate_and_advance2 include/linux/iov_iter.h:245 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en iterate_and_advance include/linux/iov_iter. h:271 [en l\u00ednea] ERROR: KMSAN: kernel-infoleak en _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [en l\u00ednea] copy_to_user_iter lib/iov_iter.c:24 [en l\u00ednea] iterate_ubuf include/linux/iov_iter.h:29 [en l\u00ednea] iterate_and_advance2 include/linux/iov_iter.h:245 [en l\u00ednea] iterate_and_advance include/linux/iov_iter.h:271 [en l\u00ednea] _copy_to_iter+0x366/0x2520 lib/iov_iter.c: 185 copy_to_iter include/linux/uio.h:196 [en l\u00ednea] memcpy_to_msg include/linux/skbuff.h:4113 [en l\u00ednea] raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008 sock_recvmsg_nosec net/socket.c:1046 [ en l\u00ednea] sock_recvmsg+0x2c4/0x340 net/socket.c:1068 ____sys_recvmsg+0x18a/0x620 net/socket.c:2803 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 do_recvmmsg+0x4fc/0xfd 0 red/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [en l\u00ednea] __do_sys_recvmmsg net/socket.c:3041 [en l\u00ednea] __se_sys_recvmmsg net/socket.c:3034 [en l\u00ednea] __x64_sys_recvmmsg+0x397/0x490 4 x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/ 0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3804 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff .c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1313 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 sock_alloc_send_skb include/net/sock.h:1842 [en l\u00ednea] j1939_sk_alloc_skb net/can/j1939/socket.c:878 [en l\u00ednea] j1939_sk_send_loop net/can/j1939/socket.c:1142 [ en l\u00ednea] j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0 xb60 red/enchufe. c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2676 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2674 [en l\u00ednea] __x64_sys_sendmsg+ 0x307/0x4a0 net/socket.c:2674 x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f Los bytes 12-15 de 16 no est\u00e1n inicializados El acceso a la memoria de tama\u00f1o 16 comienza en ffff888120969690 Datos copiados a la direcci\u00f3n de usuario 00000000200017c0 CPU: 1 PID: 5050 Comm: tor198 No tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4", + "matchCriteriaId": "9121F506-8266-4787-ACB9-4221B549FA05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.1", + "versionEndExcluding": "5.4.279", + "matchCriteriaId": "F419826B-02DC-4FB6-9A03-D5515443EEA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42077.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42077.json index 0d20f6972be..adefd4e8fd1 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42077.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42077.json @@ -2,40 +2,150 @@ "id": "CVE-2024-42077", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.037", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T18:59:53.480", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits(). This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases. For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents. Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error. This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx TASK: xxxx CPU: 5 COMMAND: \"SubmitThread-CA\"\n #0 machine_kexec at ffffffff8c069932\n #1 __crash_kexec at ffffffff8c1338fa\n #2 panic at ffffffff8c1d69b9\n #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ocfs2: corrige la falla de DIO debido a cr\u00e9ditos de transacci\u00f3n insuficientes. El c\u00f3digo en ocfs2_dio_end_io_write() estima el n\u00famero de cr\u00e9ditos de transacci\u00f3n necesarios usando ocfs2_calc_extend_credits(). Sin embargo, esto no tiene en cuenta que el IO podr\u00eda ser arbitrariamente grande y contener un n\u00famero arbitrario de extensiones. Las manipulaciones del \u00e1rbol de extensi\u00f3n a menudo extienden la transacci\u00f3n actual, pero no en todos los casos. Por ejemplo, si solo tenemos extensiones de un solo bloque en el \u00e1rbol, ocfs2_mark_extent_write() terminar\u00e1 llamando a ocfs2_replace_extent_rec() todo el tiempo y nunca extenderemos la transacci\u00f3n actual y eventualmente agotaremos todos los cr\u00e9ditos de la transacci\u00f3n si el IO contiene muchas extensiones de un solo bloque. Una vez que eso sucede, se activa un WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) en jbd2_journal_dirty_metadata() y posteriormente OCFS2 cancela en respuesta a este error. En realidad, esto fue provocado por uno de nuestros clientes en un sistema de archivos OCFS2 muy fragmentado. Para solucionar el problema, aseg\u00farese de que la transacci\u00f3n siempre tenga suficientes cr\u00e9ditos para una inserci\u00f3n de extensi\u00f3n antes de cada llamada de ocfs2_mark_extent_writing(). Heming Zhao dijo: ------ P\u00c1NICO: \"P\u00e1nico del kernel - no se sincroniza: OCFS2: (dispositivo dm-1): p\u00e1nico forzado despu\u00e9s del error\" PID: xxx TAREA: xxxx CPU: 5 COMANDO: \"SubmitThread-CA\" # 0 machine_kexec en ffffffff8c069932 #1 __crash_kexec en ffffffff8c1338fa #2 p\u00e1nico en ffffffff8c1d69b9 #3 ocfs2_handle_error en ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort en ffffffffc0c88387 #5 ocfs2_journal_dirty en ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent en ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag en ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_writing en ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write en ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io en ffffffffc0c2c0f5 [ocfs2] #11 completo en ffffffff8c2b9fa7 #12 do_blockdev_direct_IO en ffffffff8c2bc09f #13 ocfs2_direct_IO en ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write en ffffffff8c1dcf14 #15 __generic_file_write_iter en ffffffff8c1dd07b #16 ocfs2_file_write_iter en ffffffffc0c49f1f [ocfs2] #17 aio_write en ffffffff8c2cc72e #18 kmem_cache_alloc en ffffffff8c248dde #19 _enviar en ffffffff8c2ccada #20 do_syscall_64 en ffffffff8c004984 #21 Entry_SYSCALL_64_after_hwframe en ffffffff8c8000ba" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.6", + "matchCriteriaId": "BB258587-714D-4846-9C1F-798BB73BF43E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.7", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "E3CE7A55-F62F-405A-AED4-E9E38AE2F163" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42078.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42078.json index 510a111370c..abba1962501 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42078.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42078.json @@ -2,24 +2,94 @@ "id": "CVE-2024-42078", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.120", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T18:58:41.253", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: initialise nfsd_info.mutex early.\n\nnfsd_info.mutex can be dereferenced by svc_pool_stats_start()\nimmediately after the new netns is created. Currently this can\ntrigger an oops.\n\nMove the initialisation earlier before it can possibly be dereferenced." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: inicialice nfsd_info.mutex anticipadamente. svc_pool_stats_start() puede eliminar la referencia a nfsd_info.mutex inmediatamente despu\u00e9s de crear la nueva red. Actualmente, esto puede provocar un error. Mueva la inicializaci\u00f3n antes antes de que se pueda desreferenciarla." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.8", + "matchCriteriaId": "D0B66B9B-B773-474F-A817-85A8F2B3CF0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "27FD59BC-7E78-439F-A026-F054A090E41C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/7e8b94045bc77ce4f085ddfb9eb04e5760e66169", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0011bca603c101f2a3c007bdb77f7006fa78fb1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42079.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42079.json index 76a7cb4f84e..a867664d40a 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42079.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42079.json @@ -2,28 +2,101 @@ "id": "CVE-2024-42079", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.180", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T18:58:08.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix NULL pointer dereference in gfs2_log_flush\n\nIn gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush\nlock to provide exclusion against gfs2_log_flush().\n\nIn gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before\ndereferencing it. Otherwise, we could run into a NULL pointer\ndereference when outstanding glock work races with an unmount\n(glock_work_func -> run_queue -> do_xmote -> inode_go_sync ->\ngfs2_log_flush)." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: corrige la desreferencia del puntero NULL en gfs2_log_flush En gfs2_jindex_free(), establezca sdp->sd_jdesc en NULL bajo el bloqueo de descarga de registros para proporcionar exclusi\u00f3n contra gfs2_log_flush(). En gfs2_log_flush(), verifique si sdp->sd_jdesc no es NULL antes de desreferenciarlo. De lo contrario, podr\u00edamos encontrarnos con una desreferencia de puntero NULL cuando el trabajo de glock pendiente se ejecuta con un desmontaje (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "816250D9-9650-4A7D-A4A7-1D69242F2032" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42080.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42080.json index 0e55c78ea9a..a7ac7e57dfb 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42080.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42080.json @@ -2,36 +2,129 @@ "id": "CVE-2024-42080", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.247", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T18:57:58.493", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/restrack: corrige una posible direcci\u00f3n de acceso no v\u00e1lida. El kern_name de la estructura rdma_restrack_entry se configur\u00f3 en KBUILD_MODNAME en ib_create_cq(), mientras que si el m\u00f3dulo sal\u00eda pero olvidaba esta rdma_restrack_entry, causar\u00eda una direcci\u00f3n no v\u00e1lida. acceda en rdma_restrack_clean() cuando imprima el propietario de este rdma_restrack_entry. Este c\u00f3digo se utiliza para ayudar a encontrar una versi\u00f3n de PD olvidada en uno de los ULP. Pero ya no es necesario, as\u00ed que elim\u00ednelos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "DD1E49C8-DE20-4CCB-8715-3FB3FA95ABC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42081.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42081.json index 97c5966b9ca..47416f77ef8 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42081.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42081.json @@ -2,24 +2,87 @@ "id": "CVE-2024-42081", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.317", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T18:57:21.440", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_devcoredump: Check NULL before assignments\n\nAssign 'xe_devcoredump_snapshot *' and 'xe_device *' only if\n'coredump' is not NULL.\n\nv2\n- Fix commit messages.\n\nv3\n- Define variables before code.(Ashutosh/Jose)\n\nv4\n- Drop return check for coredump_to_xe. (Jose/Rodrigo)\n\nv5\n- Modify misleading commit message. (Matt)" + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/xe_devcoredump: marque NULL antes de las asignaciones. Asigne 'xe_devcoredump_snapshot *' y 'xe_device *' solo si 'coredump' no es NULL. v2: corrige los mensajes de confirmaci\u00f3n. v3: definir variables antes del c\u00f3digo. (Ashutosh/Jose) v4: eliminar la verificaci\u00f3n de retorno para coredump_to_xe. (Jos\u00e9/Rodrigo) v5 - Modificar mensaje de confirmaci\u00f3n enga\u00f1oso. (Matt)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "5810FB48-F33E-4087-A3BB-2F33EEFFA914" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/76ec0e33707282d5321555698d902f4e067aff37", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b15e65349553b1689d15fbdebea874ca5ae2274a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42082.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42082.json index 1f0ca98478c..0388b3365e8 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42082.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42082.json @@ -2,40 +2,150 @@ "id": "CVE-2024-42082", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.373", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:04:15.837", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n 1. memory allocation fails;\n 2. rhashtable_init() fails when some fields of rhashtable_params\n struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xdp: Eliminar WARN() de __xdp_reg_mem_model() syzkaller informa una advertencia en __xdp_reg_mem_model(). La advertencia ocurre solo si __mem_id_init_hash_table() devuelve un error. Devuelve el error en dos casos: 1. falla la asignaci\u00f3n de memoria; 2. rhashtable_init() falla cuando algunos campos de la estructura rhashtable_params no se inicializan correctamente. El segundo caso no puede ocurrir ya que hay una estructura est\u00e1tica const rhashtable_params con campos v\u00e1lidos. Por lo tanto, la advertencia s\u00f3lo se activa cuando hay un problema con la asignaci\u00f3n de memoria. Por lo tanto, no tiene sentido utilizar WARN() para manejar este error y se puede eliminar de forma segura. ADVERTENCIA: CPU: 0 PID: 5065 en net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 No contaminado 6.8.0-syzkaller -05271-gf99c5f563c17 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Seguimiento de llamadas: xdp_reg_mem_model+0x22/ 0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [en l\u00ednea] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_ ejecutar.c: 1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [en l\u00ednea] pf kernel/bpf/syscall.c :5736 [en l\u00ednea] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con syzkaller." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.18", + "matchCriteriaId": "3249552B-A101-45A3-9F46-0E0F0BDBA9E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19", + "versionEndExcluding": "5.10.221", + "matchCriteriaId": "A8BA741C-9AA4-40E2-9FC0-E66CDEFE9BB9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.162", + "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.97", + "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.37", + "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42083.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42083.json index 295c148e7ab..3b7a0d39b67 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42083.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42083.json @@ -2,24 +2,94 @@ "id": "CVE-2024-42083", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-29T16:15:07.440", - "lastModified": "2024-07-29T16:21:52.517", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:03:40.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: fix kernel panic due to multi-buffer handling\n\nCurrently, the ionic_run_xdp() doesn't handle multi-buffer packets\nproperly for XDP_TX and XDP_REDIRECT.\nWhen a jumbo frame is received, the ionic_run_xdp() first makes xdp\nframe with all necessary pages in the rx descriptor.\nAnd if the action is either XDP_TX or XDP_REDIRECT, it should unmap\ndma-mapping and reset page pointer to NULL for all pages, not only the\nfirst page.\nBut it doesn't for SG pages. So, SG pages unexpectedly will be reused.\nIt eventually causes kernel panic.\n\nOops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25\nRIP: 0010:xdp_return_frame+0x42/0x90\nCode: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd <41> 80 7d0\nRSP: 0018:ffff99d00122ce08 EFLAGS: 00010202\nRAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001\nRDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49\nRBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000\nR10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010\nR13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0\nFS: 0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \n ? die_addr+0x33/0x90\n ? exc_general_protection+0x251/0x2f0\n ? asm_exc_general_protection+0x22/0x30\n ? xdp_return_frame+0x42/0x90\n ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]\n __napi_poll.constprop.0+0x29/0x1b0\n net_rx_action+0x2c4/0x350\n handle_softirqs+0xf4/0x320\n irq_exit_rcu+0x78/0xa0\n common_interrupt+0x77/0x90" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ionic: corrige el p\u00e1nico del kernel debido al manejo de m\u00faltiples b\u00fafer Actualmente, ionic_run_xdp() no maneja correctamente los paquetes de m\u00faltiples b\u00fafer para XDP_TX y XDP_REDIRECT. Cuando se recibe una trama gigante, ionic_run_xdp() primero crea una trama xdp con todas las p\u00e1ginas necesarias en el descriptor rx. Y si la acci\u00f3n es XDP_TX o XDP_REDIRECT, deber\u00eda desasignar dma-mapping y restablecer el puntero de p\u00e1gina a NULL para todas las p\u00e1ginas, no solo la primera. Pero no es as\u00ed para las p\u00e1ginas SG. Por lo tanto, las p\u00e1ginas SG se reutilizar\u00e1n inesperadamente. Eventualmente causa p\u00e1nico en el kernel. Vaya: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25 RIP: 0010:xdp_return_frame+0x42/ 0x90 C\u00f3digo: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd 41> 80 7d0 RSP: 0018:ffff99d00122ce08 EFLAGS: 00010202 RAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 00000000000000001 RDX: 00000000670e1000 RSI 000 000011f90d000 RDI: 504f4e4d4c4b4a49 RBP: ffff99d003907740 R08: 0000000000000000 R09: 00000000000000000 R10: 000000011f90d000 R11: 00000000000 R12: ffff8d325f904010 R13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0 FS: 0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 050033 CR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0 PKRU: 55555554 Seguimiento de llamadas: ? die_addr+0x33/0x90? exc_general_protection+0x251/0x2f0? asm_exc_general_protection+0x22/0x30? xdp_return_frame+0x42/0x90 ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015] ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c65 5c59c54812b319ed2cd015] ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015] __napi_poll.constprop.0+0x29/0x1b0 net_rx_action+0x2c4/0x 350 handle_softirqs+0xf4/ 0x320 irq_exit_rcu+0x78/0xa0 interrupci\u00f3n_com\u00fan+0x77/0x90" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9", + "matchCriteriaId": "18FE1EAE-C36C-49FC-A5E0-0A661CDC561E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.1", + "versionEndExcluding": "6.9.8", + "matchCriteriaId": "1557DCF8-46D3-4910-8B19-5C77412AB681" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/8ae401525ae84228a8986bb369224a6224e4d22f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e3f02f32a05009a688a87f5799e049ed6b55bab5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42229.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42229.json index bd5c12a4193..aeb4d84d6a6 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42229.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42229.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42229", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:08.070", - "lastModified": "2024-07-30T13:32:45.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:46:56.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: aead,cipher - poner a cero el b\u00fafer de claves despu\u00e9s de su uso IG 9.7.B para FIPS 140-3 especifica que las variables que contienen temporalmente informaci\u00f3n criptogr\u00e1fica deben ponerse a cero una vez que ya no sean necesarias. Logre esto usando kfree_SENSITIVE para los b\u00fafers que anteriormente conten\u00edan la clave privada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.222", + "matchCriteriaId": "0ADFA1F9-906A-4D75-8667-7FECEF422B59" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.163", + "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.39", + "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42230.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42230.json index ace8f61fe38..67c9e763c5e 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42230.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42230.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42230", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:08.193", - "lastModified": "2024-07-30T13:32:45.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:32:51.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,133 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/pseries: corrige el fallo de la instrucci\u00f3n scv con kexec kexec en pseries desactiva AIL (reloc_on_exc), necesario para el soporte de instrucciones scv, antes de que se apaguen otras CPU. Esto significa que pueden ejecutar instrucciones scv despu\u00e9s de que AIL est\u00e9 desactivado, lo que provoca una interrupci\u00f3n en una ubicaci\u00f3n de entrada inesperada que bloquea el kernel. Cambie la secuencia kexec para deshabilitar AIL despu\u00e9s de que se hayan desactivado otras CPU. Como repaso, el vector de interrupci\u00f3n scv en modo real es 0x17000, y el c\u00f3digo principal de ubicaci\u00f3n fija probablemente no podr\u00eda manejar f\u00e1cilmente la implementaci\u00f3n de direcciones tan altas, por lo que simplemente se decidi\u00f3 no admitir esa interrupci\u00f3n en absoluto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.9", + "versionEndExcluding": "6.1.98", + "matchCriteriaId": "A7E92232-0258-4DF2-8BAB-A29F93F78C0D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndIncluding": "6.6.39", + "matchCriteriaId": "25B0CC37-7862-4BB8-9603-1132387FAD81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/21a741eb75f80397e5f7d3739e24d7d75e619011", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c550679d604798d9fed8a5b2bb5693448a25407c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d10e3c39001e9194b9a1bfd6979bd3fa19dccdc5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-422xx/CVE-2024-42231.json b/CVE-2024/CVE-2024-422xx/CVE-2024-42231.json index 11b08be5de5..c9891dc0f95 100644 --- a/CVE-2024/CVE-2024-422xx/CVE-2024-42231.json +++ b/CVE-2024/CVE-2024-422xx/CVE-2024-42231.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42231", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:08.307", - "lastModified": "2024-07-30T13:32:45.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-07-30T19:30:52.427", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,105 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs:zoned: fix calc_available_free_space() para el modo zonal calc_available_free_space() devuelve el tama\u00f1o total de los grupos de bloques de metadatos (o sistema), que se pueden asignar desde espacio en disco no asignado. La l\u00f3gica es incorrecta en el modo por zonas en dos lugares. Primero, el c\u00e1lculo de data_chunk_size es incorrecto. Siempre asignamos una zona como un fragmento y no asignamos una zona parcial. Entonces, deber\u00edamos usar Zone_size (= data_sinfo->chunk_size) tal como est\u00e1. En segundo lugar, es posible que el resultado \"avail\" no est\u00e9 alineado con la zona. Dado que siempre asignamos una zona como un fragmento en el modo de zona, devolver bytes alineados sin tama\u00f1o de zona generar\u00e1 menos presi\u00f3n sobre el proceso de recuperaci\u00f3n de metadatos as\u00edncronos. Esto es grave para el estado casi lleno con un dispositivo de gran tama\u00f1o de zona. Permitir un compromiso excesivo dar\u00e1 como resultado menos trabajo de recuperaci\u00f3n as\u00edncrona y terminar\u00e1 en ENOSPC. Podemos alinearnos con el tama\u00f1o de la zona para evitar eso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-682" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.9.9", + "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", + "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", + "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", + "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", + "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", + "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/64d2c847ba380e07b9072d65a50aa6469d2aa43f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8548903b1999bba02a2b894ad750ab8eb1f40307", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5249.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5249.json new file mode 100644 index 00000000000..6d009fc7575 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5249.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-5249", + "sourceIdentifier": "security@puppet.com", + "published": "2024-07-30T19:15:11.400", + "lastModified": "2024-07-30T19:15:11.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] + } + ], + "references": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO", + "source": "security@puppet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5250.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5250.json new file mode 100644 index 00000000000..8b97e004598 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5250.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-5250", + "sourceIdentifier": "security@puppet.com", + "published": "2024-07-30T19:15:11.613", + "lastModified": "2024-07-30T19:15:11.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@puppet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO", + "source": "security@puppet.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0cccfaeef04..cb7cd71fb64 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-30T18:00:16.728364+00:00 +2024-07-30T20:00:17.489950+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-30T17:15:14.513000+00:00 +2024-07-30T19:46:56.943000+00:00 ``` ### Last Data Feed Release @@ -33,41 +33,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -258555 +258566 ``` ### CVEs added in the last Commit -Recently added CVEs: `14` +Recently added CVEs: `11` -- [CVE-2022-33167](CVE-2022/CVE-2022-331xx/CVE-2022-33167.json) (`2024-07-30T17:15:10.020`) -- [CVE-2023-26288](CVE-2023/CVE-2023-262xx/CVE-2023-26288.json) (`2024-07-30T17:15:11.720`) -- [CVE-2023-26289](CVE-2023/CVE-2023-262xx/CVE-2023-26289.json) (`2024-07-30T17:15:12.740`) -- [CVE-2023-38001](CVE-2023/CVE-2023-380xx/CVE-2023-38001.json) (`2024-07-30T17:15:13.000`) -- [CVE-2024-41802](CVE-2024/CVE-2024-418xx/CVE-2024-41802.json) (`2024-07-30T16:15:04.400`) -- [CVE-2024-41803](CVE-2024/CVE-2024-418xx/CVE-2024-41803.json) (`2024-07-30T16:15:04.643`) -- [CVE-2024-41804](CVE-2024/CVE-2024-418xx/CVE-2024-41804.json) (`2024-07-30T16:15:04.873`) -- [CVE-2024-41915](CVE-2024/CVE-2024-419xx/CVE-2024-41915.json) (`2024-07-30T17:15:13.450`) -- [CVE-2024-41916](CVE-2024/CVE-2024-419xx/CVE-2024-41916.json) (`2024-07-30T17:15:13.667`) -- [CVE-2024-41944](CVE-2024/CVE-2024-419xx/CVE-2024-41944.json) (`2024-07-30T17:15:13.853`) -- [CVE-2024-5486](CVE-2024/CVE-2024-54xx/CVE-2024-5486.json) (`2024-07-30T17:15:14.120`) -- [CVE-2024-7208](CVE-2024/CVE-2024-72xx/CVE-2024-7208.json) (`2024-07-30T17:15:14.360`) -- [CVE-2024-7209](CVE-2024/CVE-2024-72xx/CVE-2024-7209.json) (`2024-07-30T17:15:14.450`) -- [CVE-2024-7297](CVE-2024/CVE-2024-72xx/CVE-2024-7297.json) (`2024-07-30T17:15:14.513`) +- [CVE-2024-3930](CVE-2024/CVE-2024-39xx/CVE-2024-3930.json) (`2024-07-30T19:15:10.573`) +- [CVE-2024-41304](CVE-2024/CVE-2024-413xx/CVE-2024-41304.json) (`2024-07-30T18:15:05.817`) +- [CVE-2024-41305](CVE-2024/CVE-2024-413xx/CVE-2024-41305.json) (`2024-07-30T18:15:05.910`) +- [CVE-2024-41437](CVE-2024/CVE-2024-414xx/CVE-2024-41437.json) (`2024-07-30T19:15:10.933`) +- [CVE-2024-41438](CVE-2024/CVE-2024-414xx/CVE-2024-41438.json) (`2024-07-30T19:15:11.027`) +- [CVE-2024-41439](CVE-2024/CVE-2024-414xx/CVE-2024-41439.json) (`2024-07-30T19:15:11.123`) +- [CVE-2024-41440](CVE-2024/CVE-2024-414xx/CVE-2024-41440.json) (`2024-07-30T19:15:11.210`) +- [CVE-2024-41443](CVE-2024/CVE-2024-414xx/CVE-2024-41443.json) (`2024-07-30T19:15:11.300`) +- [CVE-2024-41943](CVE-2024/CVE-2024-419xx/CVE-2024-41943.json) (`2024-07-30T18:15:06.037`) +- [CVE-2024-5249](CVE-2024/CVE-2024-52xx/CVE-2024-5249.json) (`2024-07-30T19:15:11.400`) +- [CVE-2024-5250](CVE-2024/CVE-2024-52xx/CVE-2024-5250.json) (`2024-07-30T19:15:11.613`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `25` -- [CVE-2021-25650](CVE-2021/CVE-2021-256xx/CVE-2021-25650.json) (`2024-07-30T17:15:09.763`) -- [CVE-2021-39613](CVE-2021/CVE-2021-396xx/CVE-2021-39613.json) (`2024-07-30T16:15:02.850`) -- [CVE-2023-45935](CVE-2023/CVE-2023-459xx/CVE-2023-45935.json) (`2024-07-30T16:15:03.320`) -- [CVE-2024-34149](CVE-2024/CVE-2024-341xx/CVE-2024-34149.json) (`2024-07-30T16:15:03.927`) -- [CVE-2024-6904](CVE-2024/CVE-2024-69xx/CVE-2024-6904.json) (`2024-07-30T16:30:08.790`) -- [CVE-2024-6905](CVE-2024/CVE-2024-69xx/CVE-2024-6905.json) (`2024-07-30T16:29:56.697`) -- [CVE-2024-6906](CVE-2024/CVE-2024-69xx/CVE-2024-6906.json) (`2024-07-30T16:29:47.097`) -- [CVE-2024-6907](CVE-2024/CVE-2024-69xx/CVE-2024-6907.json) (`2024-07-30T16:29:32.840`) +- [CVE-2024-3246](CVE-2024/CVE-2024-32xx/CVE-2024-3246.json) (`2024-07-30T19:03:01.433`) +- [CVE-2024-40767](CVE-2024/CVE-2024-407xx/CVE-2024-40767.json) (`2024-07-30T19:19:40.767`) +- [CVE-2024-42064](CVE-2024/CVE-2024-420xx/CVE-2024-42064.json) (`2024-07-30T19:03:25.797`) +- [CVE-2024-42065](CVE-2024/CVE-2024-420xx/CVE-2024-42065.json) (`2024-07-30T19:02:59.217`) +- [CVE-2024-42066](CVE-2024/CVE-2024-420xx/CVE-2024-42066.json) (`2024-07-30T19:02:32.857`) +- [CVE-2024-42067](CVE-2024/CVE-2024-420xx/CVE-2024-42067.json) (`2024-07-30T19:02:20.687`) +- [CVE-2024-42068](CVE-2024/CVE-2024-420xx/CVE-2024-42068.json) (`2024-07-30T19:02:12.100`) +- [CVE-2024-42069](CVE-2024/CVE-2024-420xx/CVE-2024-42069.json) (`2024-07-30T19:01:58.623`) +- [CVE-2024-42070](CVE-2024/CVE-2024-420xx/CVE-2024-42070.json) (`2024-07-30T19:01:47.300`) +- [CVE-2024-42071](CVE-2024/CVE-2024-420xx/CVE-2024-42071.json) (`2024-07-30T19:01:26.950`) +- [CVE-2024-42072](CVE-2024/CVE-2024-420xx/CVE-2024-42072.json) (`2024-07-30T19:01:12.833`) +- [CVE-2024-42073](CVE-2024/CVE-2024-420xx/CVE-2024-42073.json) (`2024-07-30T19:00:52.667`) +- [CVE-2024-42074](CVE-2024/CVE-2024-420xx/CVE-2024-42074.json) (`2024-07-30T19:00:33.493`) +- [CVE-2024-42075](CVE-2024/CVE-2024-420xx/CVE-2024-42075.json) (`2024-07-30T19:00:26.477`) +- [CVE-2024-42076](CVE-2024/CVE-2024-420xx/CVE-2024-42076.json) (`2024-07-30T19:00:17.847`) +- [CVE-2024-42077](CVE-2024/CVE-2024-420xx/CVE-2024-42077.json) (`2024-07-30T18:59:53.480`) +- [CVE-2024-42078](CVE-2024/CVE-2024-420xx/CVE-2024-42078.json) (`2024-07-30T18:58:41.253`) +- [CVE-2024-42079](CVE-2024/CVE-2024-420xx/CVE-2024-42079.json) (`2024-07-30T18:58:08.977`) +- [CVE-2024-42080](CVE-2024/CVE-2024-420xx/CVE-2024-42080.json) (`2024-07-30T18:57:58.493`) +- [CVE-2024-42081](CVE-2024/CVE-2024-420xx/CVE-2024-42081.json) (`2024-07-30T18:57:21.440`) +- [CVE-2024-42082](CVE-2024/CVE-2024-420xx/CVE-2024-42082.json) (`2024-07-30T19:04:15.837`) +- [CVE-2024-42083](CVE-2024/CVE-2024-420xx/CVE-2024-42083.json) (`2024-07-30T19:03:40.337`) +- [CVE-2024-42229](CVE-2024/CVE-2024-422xx/CVE-2024-42229.json) (`2024-07-30T19:46:56.943`) +- [CVE-2024-42230](CVE-2024/CVE-2024-422xx/CVE-2024-42230.json) (`2024-07-30T19:32:51.137`) +- [CVE-2024-42231](CVE-2024/CVE-2024-422xx/CVE-2024-42231.json) (`2024-07-30T19:30:52.427`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 2ca1d409c95..a756ad6ee52 100644 --- a/_state.csv +++ b/_state.csv @@ -171343,7 +171343,7 @@ CVE-2021-25646,0,0,df9f110cbb9e219bd7342970d7fcc2b69a7ad3e4f4b39e45c459a5b9987a9 CVE-2021-25647,0,0,954c8364244f42db291b3449905f58708bbace6c200bd694ea063f0ae28603a1,2021-02-03T15:20:45.617000 CVE-2021-25648,0,0,5ec9a49ffd62f2890687042a682656e3770891dc309099ce7b88315bbfee6cc4,2023-08-08T14:22:24.967000 CVE-2021-25649,0,0,e292b9b7714bea88111a73dc4ed8ce247a59c59dcfc7de31296c18638018499a,2024-06-04T19:17:03.130000 -CVE-2021-25650,0,1,71145a72aa77ce64187180be06e9b2cb63ad16d0a233f4fe95c99d7f212a4435,2024-07-30T17:15:09.763000 +CVE-2021-25650,0,0,71145a72aa77ce64187180be06e9b2cb63ad16d0a233f4fe95c99d7f212a4435,2024-07-30T17:15:09.763000 CVE-2021-25651,0,0,fc47c7b0464cb84c38c9776c86baf553ce293c27b5eed6b769fc6463a8119a14,2024-05-17T01:54:52.460000 CVE-2021-25652,0,0,f7167eedf72d370d7e40b2f11e08db5be68e666c68e693b96d8b4ce641a6efeb,2023-11-07T03:31:30.323000 CVE-2021-25653,0,0,c116818ffaaca3fa4416c8b9ff5c46b0b4e67a9c2a99f24dfdd52961b533acca,2022-04-26T15:30:57.317000 @@ -181483,7 +181483,7 @@ CVE-2021-39602,0,0,4b2494c33e82c8e2f2efabed22e33408965db634d8e0a50ecd550843bf084 CVE-2021-39608,0,0,ce014907ecf8f98f00ade28cdbc1c113927ef263f92b37f2e1e7409305fa3dfb,2021-09-14T18:44:06.410000 CVE-2021-39609,0,0,bb6ed2fdbc44bdedc7b36b045f8bb043c33087fc67200291d48729043972e863,2022-07-28T00:30:35.780000 CVE-2021-3961,0,0,7062c913ceaf3cfd16a1935e22749b49bcfce0a8f3e5cd25bdd4e524f6740cdb,2021-11-23T17:58:00.417000 -CVE-2021-39613,0,1,42386538a61dc67bf7c102f6568d600504730de095f6a8c230bcc00aee2de093,2024-07-30T16:15:02.850000 +CVE-2021-39613,0,0,42386538a61dc67bf7c102f6568d600504730de095f6a8c230bcc00aee2de093,2024-07-30T16:15:02.850000 CVE-2021-39614,0,0,ae8218c0748eb783280802554bf3af0dd502bb1ac68d3afec1a4fc78a799d195,2021-08-30T16:22:00.760000 CVE-2021-39615,0,0,313c572c07cbd6b3017d4ff4b78672da4ebf0b30e8db828d2e4a5e4f81c980c6,2024-05-17T02:00:03.840000 CVE-2021-39616,0,0,a72adf1aa4cdde36a276737e428e8887e8d100759618725f9b47e4575aaf9982,2022-02-15T18:14:11.893000 @@ -200695,7 +200695,7 @@ CVE-2022-33163,0,0,b61f3ea147baa21e6ebf2ff08a6d967daea38661c6a0960dc98920da3d5f2 CVE-2022-33164,0,0,dbaf77514b572a2cfd8228382e6c957006b84e1d6ae63a3e84231dd2ca0b472b,2023-09-12T19:32:37.400000 CVE-2022-33165,0,0,e7688469b7d6da31601d151e4c0adf399b51978b7602bb1f42ecf3e3278543da,2023-10-18T20:34:14.447000 CVE-2022-33166,0,0,e85541c384b746b96b9d33eb0263e975b828602e7416a357919e72b62444ef10,2023-06-21T01:22:50.790000 -CVE-2022-33167,1,1,436448fde88773a5160b99b7acd0d74a17a241d2d3fa0ec1ebef2398884f223c,2024-07-30T17:15:10.020000 +CVE-2022-33167,0,0,436448fde88773a5160b99b7acd0d74a17a241d2d3fa0ec1ebef2398884f223c,2024-07-30T17:15:10.020000 CVE-2022-33168,0,0,d8fdb94492ba6489154f8aca9c0eecd94de3711393c324c6e4d851bce05e2b6f,2023-06-21T01:21:46.097000 CVE-2022-33169,0,0,cfc3df51be78adce6bbadea63b270a04fdd7dbca24937beb040dac0cf32cf08d,2022-08-05T03:33:42.300000 CVE-2022-3317,0,0,88f73658b7867db677c6a97ed0d6c5ff67cd67599f695f80a21307846e2cb628,2023-08-08T14:22:24.967000 @@ -219533,8 +219533,8 @@ CVE-2023-26283,0,0,e2064453ef2858146e69fe81df96344f4104450fa7f97beea6cf1e61b0996 CVE-2023-26284,0,0,073b510f28598cf859c51864d3d5cb28a2670fa73a47d6359231a92a2ad99632,2023-11-07T04:09:33.223000 CVE-2023-26285,0,0,69e6dc88fcd70dc78045a5db1289708f9ca9a570c9301acb9ca5f4642eea2a04,2023-05-11T22:53:08.387000 CVE-2023-26286,0,0,cab2929777eabe42a9ecf50972c3c56d1004ade86317ce69ed1a003338ca9299,2023-05-12T05:15:17.507000 -CVE-2023-26288,1,1,021bb58c1493769ddbf7fab4ec67c515e8089b08bf62ce7cddabf2e9e1f23443,2024-07-30T17:15:11.720000 -CVE-2023-26289,1,1,bb403ac32ff88d04bde11d8673f39808e3b9b26d09555ee6e33eb33fcf6c9d9b,2024-07-30T17:15:12.740000 +CVE-2023-26288,0,0,021bb58c1493769ddbf7fab4ec67c515e8089b08bf62ce7cddabf2e9e1f23443,2024-07-30T17:15:11.720000 +CVE-2023-26289,0,0,bb403ac32ff88d04bde11d8673f39808e3b9b26d09555ee6e33eb33fcf6c9d9b,2024-07-30T17:15:12.740000 CVE-2023-2629,0,0,21397e525ac41df26b8c18bc0045d1b7263f8621bfadf0b1224b0c2fbfedb9fb,2023-05-31T14:02:09.597000 CVE-2023-26290,0,0,b45b134fbb8059d4d4a1ebae8fcfa511a842f92cfbbd7470a968c4d99358ab04,2023-11-07T04:09:33.393000 CVE-2023-26291,0,0,06cc66dbb2bc40c140a9d706389f20fb4cb58bd9ff5dd353e4433818c6edbc38,2023-11-07T04:09:33.470000 @@ -228336,7 +228336,7 @@ CVE-2023-37998,0,0,b235ebc4dfb9ccf88c1ccca0a67b26b1e77751f80e2e1faaef2f3a2c5008f CVE-2023-37999,0,0,0ffe5370e8d38da9bb953723ad926e1f3493ef3ca0779b6a9480408ff8b47933,2024-05-17T18:36:05.263000 CVE-2023-3800,0,0,9adb1d1466c7c08548f0b20099e401daef224cd81c97907d28a5225c2b6e13a0,2024-05-17T02:27:49.107000 CVE-2023-38000,0,0,9ba3b6ec3d4ae6f319e5b267a1938b9242dfbd7353650738c1d9f78858e009da,2023-10-16T17:04:06.637000 -CVE-2023-38001,1,1,7f3474b8df60c688897afcbe3a0246b232593bae5758953b33bb9d3cc2e7e80e,2024-07-30T17:15:13 +CVE-2023-38001,0,0,7f3474b8df60c688897afcbe3a0246b232593bae5758953b33bb9d3cc2e7e80e,2024-07-30T17:15:13 CVE-2023-38002,0,0,1540466a828ca09fbbbfd3a7d1fa6f341816e6e7a4b7eb520ebe82fd4c1ac11f,2024-04-30T17:52:35.057000 CVE-2023-38003,0,0,4ddd805b10542d9494e91de28e072619549d2912a77654914b8456fbaea47381,2024-01-19T16:15:09.013000 CVE-2023-3801,0,0,138ee77b03ceaffda7a612b3ad2047ee632ca7ad988ceac5a51bc864960549cf,2024-05-17T02:27:49.220000 @@ -234128,7 +234128,7 @@ CVE-2023-4593,0,0,4991cf119c8ebfc10d48154734bdf0ee9365316ccc7c1b60d5d04e7ab999d2 CVE-2023-45930,0,0,ac3197c84435c7633fa4745f386c7743f353780ba24625d46aefcbc75ec9d4de,2024-01-30T06:15:45.560000 CVE-2023-45931,0,0,32d239b1e62bbd0b54a0a218227a5636759e2741d631c9477b0074df734aaffe,2024-05-17T02:29:57.280000 CVE-2023-45932,0,0,5804986f26a4a7091164de7ac51ad9027240da2e953af7ae7ca5bb7bec6cb357,2024-01-29T09:15:42.593000 -CVE-2023-45935,0,1,beccd2002c097e3f98a106c173bb0ad00f40ad57fc9054abc4a5722740334972,2024-07-30T16:15:03.320000 +CVE-2023-45935,0,0,beccd2002c097e3f98a106c173bb0ad00f40ad57fc9054abc4a5722740334972,2024-07-30T16:15:03.320000 CVE-2023-4594,0,0,24c035b780c77202dedc81f329600980e9f4ebf5e60ff552b7c3ea2fd6139c32,2023-11-29T21:23:22.717000 CVE-2023-4595,0,0,e074cf3112cc40f52c3cb7bd1d68d6206089cc822c0d5f9ca4fee6aa17585812,2023-11-29T21:23:11.087000 CVE-2023-45951,0,0,a0ce1dec3006fcbc682f8af4087e6b6b07ea1f5c8d28deeaa25ad267f3532e34,2023-10-24T20:49:24.337000 @@ -251061,7 +251061,7 @@ CVE-2024-32456,0,0,d14077b9c0d3fd624bb090c8902408112668af5dcd1ec1392b17398cab655 CVE-2024-32457,0,0,e19d3294c5bd0f5932cb781ff1a6aaf0ad9675f665e5d230b25da52c6eb0ab24,2024-04-17T12:48:07.510000 CVE-2024-32458,0,0,61e534ffc05a2fd1f0c764d7b2f3b2dc812bdfe09bd360efea2bba78b4568568,2024-06-10T18:15:32.790000 CVE-2024-32459,0,0,565c2820f9f40b3ae7ac4380cb45711f29b0c6684b22418bec49fb00db4f3c9e,2024-06-10T18:15:32.940000 -CVE-2024-3246,0,0,c79fd28ca59ab763673faa857c0bce8ace903e0e33808dbfea5f83a6b45b9730,2024-07-24T12:55:13.223000 +CVE-2024-3246,0,1,5e51d525244a378c87fc93ad78d7e53820315c4e55f1a9812675c8988463f0b2,2024-07-30T19:03:01.433000 CVE-2024-32460,0,0,791d6f5eece9c40a7a8e9bf5719f0d21a50aef5a23765ed0735f0298c727e1a8,2024-06-10T18:15:33.033000 CVE-2024-32461,0,0,7a7784b51f232219ca425c17e34b523d7eced76a74e448dd98d2af59b52810da,2024-04-23T12:52:26.253000 CVE-2024-32462,0,0,3d3d05bcc9e36c0ca38630e8f66ae4fc7d4ac5c6b704d1bc0d85811d4a35b050,2024-05-01T18:15:24.140000 @@ -252194,7 +252194,7 @@ CVE-2024-34145,0,0,38c44993a1dc70421d8e9284263c594effe0d087a5df7c7a4b3ac5e8c821f CVE-2024-34146,0,0,787b7a8aac402effb291b025d8f2aec84609a236cac974fe09cd7845739a936f,2024-07-03T01:59:27.270000 CVE-2024-34147,0,0,d9d77d8f0db4502f689561e9042a311ab3573d6b584b25af82549f0ad3fc4dcb,2024-07-03T01:59:28.043000 CVE-2024-34148,0,0,39bc79113db1a4cb24c1e032d2832991ff9777a6aea1f2d179dc9afdce78b080,2024-07-03T01:59:28.797000 -CVE-2024-34149,0,1,d0dde56f430ade77d5830f322a2f39f31b9f49bf08d957a11e37c1a667050da8,2024-07-30T16:15:03.927000 +CVE-2024-34149,0,0,d0dde56f430ade77d5830f322a2f39f31b9f49bf08d957a11e37c1a667050da8,2024-07-30T16:15:03.927000 CVE-2024-3415,0,0,34ccb97766fc5acac460b5429af5d66fea7f850526947b377f986615d31afcf6,2024-05-17T02:39:54.247000 CVE-2024-34152,0,0,2436c8a621b0d09dd7154ff9aa9ad8e75fea3818a8a19b6b0802746c78436018,2024-05-28T12:39:28.377000 CVE-2024-3416,0,0,a081ed6eeab1f8c610822f30cf17aa2151f535dbb3c22c142c8cc9d4a77c8f63,2024-05-17T02:39:54.337000 @@ -255248,6 +255248,7 @@ CVE-2024-39292,0,0,1e56ccb176115700ab782778ca3caad0c0ce72d927e8ec4deb0eae57f1b32 CVE-2024-39293,0,0,1fec2940f1bd80b7fcd0ef6093774070c9cb79d5cc06d154bd66dc488c9431e4,2024-06-25T18:50:42.040000 CVE-2024-39296,0,0,1505e8dd09a63330ec5436e9f86022e9b63137e3bb41d294e6c4ca091f2e08ed,2024-06-25T18:50:42.040000 CVE-2024-39298,0,0,ebc8c1ac57b6c8432c32f877ad1093e868a3d2381cb98ee4d7cf51055258ad60,2024-06-25T18:50:42.040000 +CVE-2024-3930,1,1,99fba2b6ce5b9594a842ca8c98c795b49659c920913148827bd1c3d978f9c77f,2024-07-30T19:15:10.573000 CVE-2024-39301,0,0,72934b8f63bc52924fc16a3afe1a18dbebdfa8998d51203c594a2fbcffcac42e,2024-06-25T18:50:42.040000 CVE-2024-39302,0,0,946c3f23cfe199dda1010c0ea47b1d5e32454ef20b5307dfd8e2dc92485c1baa,2024-07-01T12:37:24.220000 CVE-2024-39303,0,0,a34ed591f51be43b3400c03523a5f8c55eb5097c5f908eacc0a16ec90a0e778f,2024-07-02T12:09:16.907000 @@ -255786,7 +255787,7 @@ CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b98 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000 CVE-2024-4076,0,0,e0e2b007c1440dbf9672681a5eff521aa004949693c7d660a7d1e4ee3ddd4740,2024-07-24T12:55:13.223000 CVE-2024-40764,0,0,31190fa168623fbefe72005739844174b20afc4fdab83062110ac517be35c6d0,2024-07-18T12:28:43.707000 -CVE-2024-40767,0,0,01a151f22bd3f1cd8b44f314114a7bbe92f50d1e2d88d2bec8d0eaa4d4f7e2fb,2024-07-25T17:15:10.910000 +CVE-2024-40767,0,1,0f0f227d49db4f76a18af060eeadd57ea0ca5da0ccc7bd26ef12905f9453740a,2024-07-30T19:19:40.767000 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000 CVE-2024-40774,0,0,f362e44a6513e9a7ad670a01f69c050dc7028489484160824ab1f96f580e42a0,2024-07-30T13:32:45.943000 CVE-2024-40775,0,0,1fdbbe2b554a0166a3b8a0cf31bf852c33e7d8e5242e045fa4d346d0613760b8,2024-07-30T13:32:45.943000 @@ -256118,6 +256119,8 @@ CVE-2024-4127,0,0,13aabefe1ea17c857d1bb509e28f374ee8245c3658c3b51912d597c1f898ec CVE-2024-4128,0,0,68bc0506eec8fccf6c4228f6f90915fa5b089633c8bc20338b2c6bd4b4236a0b,2024-05-02T18:00:37.360000 CVE-2024-41281,0,0,67d3a54ff6c69e817d1c4d3304511fe0d1b87ffa7ae182f6c630038b3326bf87,2024-07-22T13:00:53.287000 CVE-2024-4129,0,0,f2fba94e29dd925b8a56a23f2711717731ea628ca4457222b442fc21c3f8c80a,2024-05-14T16:11:39.510000 +CVE-2024-41304,1,1,fc267a0abc75b30a6dc8d5a03a26c13cc3369d57b67b1467db56fe797a92ba88,2024-07-30T18:15:05.817000 +CVE-2024-41305,1,1,abfbbbf72d9386d5a8287d954777b040b4d86e2a1e7578dd383d0a4a2e8a1f50,2024-07-30T18:15:05.910000 CVE-2024-41314,0,0,b51b0e3a4e5d4ef00805134d9c64392d4de8d2322e969183a3b6dc33816f9694,2024-07-24T12:55:13.223000 CVE-2024-41315,0,0,a68e90aec55f0c153342e794139e84a95b20ef3a1a126ec70584092245e39d47,2024-07-24T12:55:13.223000 CVE-2024-41316,0,0,c9274bb79d4ba765ad537ccc2706ac76777f5e15d362d310fbcad6af2fafb632,2024-07-24T12:55:13.223000 @@ -256141,7 +256144,12 @@ CVE-2024-4140,0,0,1a159a4a143aac5301b6b2c31977a1ba9c685fc606596154a85964b944248c CVE-2024-4141,0,0,6345d107b3806446cb477db17841c2bd741df862ff110a2cbbd3d3a9945eb29d,2024-04-24T19:58:40.710000 CVE-2024-4142,0,0,15f953d52654601c03ad89c9ea21867b549a2aa12635e109fbf9627466e8a212,2024-05-02T13:27:25.103000 CVE-2024-4143,0,0,e6d56e099b9443f818cba12ec6584b2ae78b4e2e6fa1554ff08fbd2e8dc736a0,2024-07-16T13:43:58.773000 +CVE-2024-41437,1,1,a480c7cafdea4f10f177c36c7d68e338075390fe39545b619acfe0e3760dfe90,2024-07-30T19:15:10.933000 +CVE-2024-41438,1,1,43c51501220b9280fbb2a619b5823f3bda1e19f0112e67053d52746177998068,2024-07-30T19:15:11.027000 +CVE-2024-41439,1,1,7ffa4e6c6f9f64706db3166377e99b171ca158a78a397ac8af977d0560520ab8,2024-07-30T19:15:11.123000 CVE-2024-4144,0,0,f950a1b03316faa802a71776ce4e62cc15162cc9cec7d4c30c76255605b1c1fc,2024-05-14T19:17:55.627000 +CVE-2024-41440,1,1,2786894dea1f01314595c88d1156e8c651a11df92fd4b99000a5278ef5b49e7a,2024-07-30T19:15:11.210000 +CVE-2024-41443,1,1,70cf21032fa6437b334dbab8fc23f567906f3652be13d825ed8738ccbca4ba57,2024-07-30T19:15:11.300000 CVE-2024-4145,0,0,704254773246494130c81e0600984df247a970411736d475449e315ca595ee9b,2024-07-03T02:07:08.133000 CVE-2024-41459,0,0,27333ea1f8bbfaac7382ac7849477df0d4e7f0cb54570d7d12028ddbda3304d0,2024-07-26T13:21:21.527000 CVE-2024-4146,0,0,5bcf92f96755106fd9c198be9e70039e9dbd3f86c15b09e938b03dc5a47e5822,2024-07-19T19:03:00.867000 @@ -256238,9 +256246,9 @@ CVE-2024-41799,0,0,fc4b2e07a5edf18e2d71545043137e7f6abe0decf71ec7d6e02dec3d0f75a CVE-2024-4180,0,0,89f84993baa10ab5b41ed58678b5b9e31ff190980a67ee18130266156f7434fc,2024-06-04T16:57:41.053000 CVE-2024-41800,0,0,de10ad962b669cb0e83390124cefb714c566366c680caf05af31d5cbb07531ef,2024-07-26T12:38:41.683000 CVE-2024-41801,0,0,7a4a47d8d4dd1e6f1ffdce276bee976a7b2cf6eead2e5e4570c33554bb7cb103,2024-07-26T12:38:41.683000 -CVE-2024-41802,1,1,2b670e7d25a714038fb9e419a0d0ae51c55165af12dc99c8ccde6690f2d105f9,2024-07-30T16:15:04.400000 -CVE-2024-41803,1,1,c654cf289ef6fee989c08cc2f33ab623e2a9f82b81a47aae84d298c9d79d8808,2024-07-30T16:15:04.643000 -CVE-2024-41804,1,1,f23af4660764bb6506d71b019800b62b1155bb231b567fbf1e98c3c2a79801b5,2024-07-30T16:15:04.873000 +CVE-2024-41802,0,0,2b670e7d25a714038fb9e419a0d0ae51c55165af12dc99c8ccde6690f2d105f9,2024-07-30T16:15:04.400000 +CVE-2024-41803,0,0,c654cf289ef6fee989c08cc2f33ab623e2a9f82b81a47aae84d298c9d79d8808,2024-07-30T16:15:04.643000 +CVE-2024-41804,0,0,f23af4660764bb6506d71b019800b62b1155bb231b567fbf1e98c3c2a79801b5,2024-07-30T16:15:04.873000 CVE-2024-41805,0,0,d25981eca346da6da343ee3e5d5d95b55972138683a74ea987fda864ae2895de,2024-07-29T14:12:08.783000 CVE-2024-41806,0,0,538c83928617c702a46380612d20226d3b25d01fddbfea7d5ac18a5a8a9114ce,2024-07-26T12:38:41.683000 CVE-2024-41807,0,0,e86c4e0879be0f622b0de12c8fba430b974ce92b24702bd4e14aaf255cc07969,2024-07-26T16:15:03.593000 @@ -256271,13 +256279,14 @@ CVE-2024-41880,0,0,2045bc24fb104b692bbe32c5951eb01a25f3639f665062ea76ff47318e893 CVE-2024-41881,0,0,dacb56705bd13075a5fc0ecd78dfcda97507df1ba74d6be3b08ddb74fce33a82,2024-07-29T14:12:08.783000 CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000 CVE-2024-41914,0,0,3890dc2e9dfadd1c89a9c37c2efa6249276e0e28c3236b40dae7af311b3a8be5,2024-07-25T17:47:35.247000 -CVE-2024-41915,1,1,1b5a23a940c746004b7ee5798b3d346fca648bab65e98be4f3a1421b77013f49,2024-07-30T17:15:13.450000 -CVE-2024-41916,1,1,406bef2ce60bcbe08c1e7f77e5a70e6f77196bbbc9cacb85b20a5e195f13469b,2024-07-30T17:15:13.667000 +CVE-2024-41915,0,0,1b5a23a940c746004b7ee5798b3d346fca648bab65e98be4f3a1421b77013f49,2024-07-30T17:15:13.450000 +CVE-2024-41916,0,0,406bef2ce60bcbe08c1e7f77e5a70e6f77196bbbc9cacb85b20a5e195f13469b,2024-07-30T17:15:13.667000 CVE-2024-4192,0,0,0768e429bccaed861e82d220deefd437e5feb26a94e95c7a121626318970662c,2024-05-01T13:02:20.750000 CVE-2024-41924,0,0,24158a49c3742b0541bdd3409c983b7d59bb552b3c444ac190659070a374a298,2024-07-30T13:32:45.943000 CVE-2024-4193,0,0,4d4f4fcde78b01b33e30a077c434c1714d01a9ac9cd58d916bc86b963b6ddbd7,2024-05-14T16:11:39.510000 CVE-2024-4194,0,0,cb2c64b568e3bd7c78c9d4f736651c66722818abe246f3bc5aedd70e3521cb96,2024-06-06T14:17:35.017000 -CVE-2024-41944,1,1,38ddc144465089a90f723a639a1365a358acd1ffefa771e73c1360e990bcf220,2024-07-30T17:15:13.853000 +CVE-2024-41943,1,1,ea6a0b804baee78cda5149280c1542286d7d394f503361f987f54b2f96746108,2024-07-30T18:15:06.037000 +CVE-2024-41944,0,0,38ddc144465089a90f723a639a1365a358acd1ffefa771e73c1360e990bcf220,2024-07-30T17:15:13.853000 CVE-2024-4195,0,0,1b874e811f63a88fe0e5040c0bc90d160eaa072aa139296a2fc692655a3d77a9,2024-04-26T12:58:17.720000 CVE-2024-4196,0,0,2bee927395e72028cfccdf65300c6a2b8979e20b943a96185278ab936245f10e,2024-06-25T12:24:17.873000 CVE-2024-4197,0,0,45da0b07f911473fe59b939894a184bd20b4010bb74cc514ccd6533e9d15c77b,2024-06-25T12:24:17.873000 @@ -256300,27 +256309,27 @@ CVE-2024-42054,0,0,7cefcb5df710c5d52c7b44743e7320cbb773b7864f3adff97191d41734299 CVE-2024-42055,0,0,38832abf63aaabdc907feb9726d6725f630aba764b55549d89c565bd77d3378b,2024-07-29T14:12:08.783000 CVE-2024-4206,0,0,094d5b07d12006961f56a1900b69d613595338528ec5cf7d408eb10d270cfa9f,2024-06-11T10:15:13.553000 CVE-2024-42063,0,0,b79fa6aa08c846471acf77f3dfbf57119b631126c398ef36dda54a714ad37725,2024-07-29T16:21:52.517000 -CVE-2024-42064,0,0,4679d97185cbee2e17e7533ff437d3d3f3e21a8c01c99b9d4bc671599dd4f31a,2024-07-29T16:21:52.517000 -CVE-2024-42065,0,0,b95721447c37954666d7392b84370b2bca66ebb35310a21945326271b11bdef4,2024-07-29T16:21:52.517000 -CVE-2024-42066,0,0,d79ebf33a0010495fc3db9958c31aede3ad2f9b3bf4a620a7785d0990f1e5dcb,2024-07-29T16:21:52.517000 -CVE-2024-42067,0,0,42e6bcde3c01a8e5013884229468ab334ddf4a2627abd8cae29a16a0c000d388,2024-07-29T16:21:52.517000 -CVE-2024-42068,0,0,665209387eca1f21572bc4f18045c25d63dcc5a8cf6a44e21970126df393bbfe,2024-07-29T16:21:52.517000 -CVE-2024-42069,0,0,7b8eac405f44b2b7a981f9aa48a6c4cfabd48b4d939fbb60805d1bc5ca64a9a2,2024-07-29T16:21:52.517000 -CVE-2024-42070,0,0,5a5df6d3e438d4cf9359046cf405555c8ced646d3a670010fefca85ae46d9516,2024-07-29T16:21:52.517000 -CVE-2024-42071,0,0,11bbfff5a88b3c5ba1d2c158252d2b340e7c541a7ab9e6ebd9dbcbc167761bf6,2024-07-29T16:21:52.517000 -CVE-2024-42072,0,0,2a70a4af89bc54ec73e4ebb16b7bb6a331baf76ec9c685694c7320a0b2296483,2024-07-29T16:21:52.517000 -CVE-2024-42073,0,0,ba485be47f7b0d3b24816f00ef4d238195c63b9d46dad2c92e21e09856031069,2024-07-29T16:21:52.517000 -CVE-2024-42074,0,0,09e30bf5c169245c7bc7eefe3398897dbab856eaf5f443ad00a824858f7f7d94,2024-07-29T16:21:52.517000 -CVE-2024-42075,0,0,a35c85fee1df014f2e193a02996d4cff7676818a7ccc1af7603de3b2a0a96c76,2024-07-29T16:21:52.517000 -CVE-2024-42076,0,0,4d6c7c55b704eb998400fea56d7bfa5aaaac1b2245c1016c02d1842e27f6c748,2024-07-29T16:21:52.517000 -CVE-2024-42077,0,0,a1b9a08b24333f2acc54a58b9d53cc36ad85b1a6bd822ec8014323b43a4d0173,2024-07-29T16:21:52.517000 -CVE-2024-42078,0,0,595822375564726846986c51f9d947e34f294f3ee15ff643dec7e90ee137e38b,2024-07-29T16:21:52.517000 -CVE-2024-42079,0,0,827baeedeafc7120f8ec3445291ea3ee87b97a9d1d89d888395fac3fdbf72e07,2024-07-29T16:21:52.517000 +CVE-2024-42064,0,1,aff9875e6448c473c643bff3b6337ebbd7539dcae5f98d4517c155e837f00f5d,2024-07-30T19:03:25.797000 +CVE-2024-42065,0,1,f0f03032a73aa86560acd839e088b479e13d13725614d9ef0b38fd19889bc64c,2024-07-30T19:02:59.217000 +CVE-2024-42066,0,1,13367e8042c7deb50de62c4bc97d68b98aeec4d6d8b79660880bbd2b9f9751ee,2024-07-30T19:02:32.857000 +CVE-2024-42067,0,1,76b8a48a5c9c39c834303c1ab49427d9ea91f3b40b52494de61b4b6e2c5fda5d,2024-07-30T19:02:20.687000 +CVE-2024-42068,0,1,1a160585aaee5b8057f9754dd933ab025ae98bb2f1265de1f07411334b3b7824,2024-07-30T19:02:12.100000 +CVE-2024-42069,0,1,60fa9d91087c81456e7c5fb921427aaf3b5afe0a67efd57dd11a894c17fbb41c,2024-07-30T19:01:58.623000 +CVE-2024-42070,0,1,e64f943ce3129e4d8ae036dffdbca01cf0dc26f8755575b087b493eb24d90087,2024-07-30T19:01:47.300000 +CVE-2024-42071,0,1,ff080b79e51ffa2c8ca921ced41476b4268b9bbb102ab5b0e74f4466a89e1962,2024-07-30T19:01:26.950000 +CVE-2024-42072,0,1,0b4090285289756aa6386870bfb03879aa1c74b07de9263b8ad88a48de945c2e,2024-07-30T19:01:12.833000 +CVE-2024-42073,0,1,f43077c064bf834b648ca031d8c7c90c16484619a635dcde5279f184eca4f504,2024-07-30T19:00:52.667000 +CVE-2024-42074,0,1,c1003ca1cd857d6901b3df9173f0a7927b093db043332c5d10100926e7521f32,2024-07-30T19:00:33.493000 +CVE-2024-42075,0,1,09886a603959c28eac08e3691cd5c50b20630f2b1656317a40eb926c920c8fc3,2024-07-30T19:00:26.477000 +CVE-2024-42076,0,1,c9acd2aee37ee2d39b2fd653fd4a679a2b01ab0266df65621ad96d984e85c7ec,2024-07-30T19:00:17.847000 +CVE-2024-42077,0,1,ae5445c1f3c93a0b71a56c4d4c519fd4c92ee7bc024435048d7b31da1476344b,2024-07-30T18:59:53.480000 +CVE-2024-42078,0,1,46aeb1640b69db3d766b123cb8661ee9c5b0244bf9cfe66df62dcc1f1bc485de,2024-07-30T18:58:41.253000 +CVE-2024-42079,0,1,615fba7ddb879610fe652b42080e11b3fd9ce7c703bdec8a6a4e9644c1bbd677,2024-07-30T18:58:08.977000 CVE-2024-4208,0,0,32e5dd37fcb796c0866341642387d4cc76a1d3ae9362eee8c22ff2c138c94874,2024-05-15T16:40:19.330000 -CVE-2024-42080,0,0,49e268bdf91e1aaff14757cab53081314588fff9da244d7899e056c4c45fb551,2024-07-29T16:21:52.517000 -CVE-2024-42081,0,0,a8e4739711d49a9258a926457d5df1437d5dcc0b8cea1cf08495685977b8e9ae,2024-07-29T16:21:52.517000 -CVE-2024-42082,0,0,b6679962b84bea31f2355e0c4782168ca3500020508b5489409d2f012eba4db6,2024-07-29T16:21:52.517000 -CVE-2024-42083,0,0,116e62b5e743249254c9b2ff6813f7a1bd0b84a1beb69ca2add7a0541d57cd2f,2024-07-29T16:21:52.517000 +CVE-2024-42080,0,1,7fbaaca0a6aeb5bdfda9d2ffcdb0eeebd9767469aa1e7a137d6a790bb0180339,2024-07-30T18:57:58.493000 +CVE-2024-42081,0,1,7952f0a0cb7322f4a55d2e3ed80f93080c6d5ba97bfc359475cbbdb5247053db,2024-07-30T18:57:21.440000 +CVE-2024-42082,0,1,eff775e1665f30ff881719df9a585aaa82084c989b937633b1a5625f819031d7,2024-07-30T19:04:15.837000 +CVE-2024-42083,0,1,89007ffa1723bb9616d5e97e8206878c7bc8d4d034d65ecc75c2333799bd1db9,2024-07-30T19:03:40.337000 CVE-2024-42084,0,0,2419bf7f9c0ff6d4ecd88d3174d0de0433fb1a33ae81692aac9b85c4d85c76f8,2024-07-30T13:33:30.653000 CVE-2024-42085,0,0,42ad9d94684b357600f8069e6980c249dd991ef89c82a342c9436c234ae4419b,2024-07-30T13:33:30.653000 CVE-2024-42086,0,0,0486c374fb7721de34d27071e7947be100dd7ee23784594c29172b09ce48c174,2024-07-30T13:33:30.653000 @@ -256417,10 +256426,10 @@ CVE-2024-42225,0,0,fc91c22ede93264c5678296991dbb7b23b3f375088bbc4cec4e958e8b9234 CVE-2024-42226,0,0,80b29dabdc697490ec3fc6e3f90a9c09017d124bd922d25f924e7a6419400cb6,2024-07-30T13:32:45.943000 CVE-2024-42227,0,0,a2c43cd8c9a5b737406bf04cfac9ab320ae2654e82850d4364101bbda03cea8a,2024-07-30T13:32:45.943000 CVE-2024-42228,0,0,f24e3d39153e88d81adcb0b9c453368bdf820250a2141753e787d3f5659875a5,2024-07-30T13:32:45.943000 -CVE-2024-42229,0,0,57417ccf3318378d226bcd4392ccf0e9a3ce4854a782a5e2e52e82ffc3c8cb67,2024-07-30T13:32:45.943000 +CVE-2024-42229,0,1,36cc6538a49438424165de83459803117419e403bec726ebc7859e65ec89d3a6,2024-07-30T19:46:56.943000 CVE-2024-4223,0,0,a9cdfeab1a1d35d41a694125f4f4f3203fe0cd94da938f50193ff10f6450cc4d,2024-05-16T13:03:05.353000 -CVE-2024-42230,0,0,937d490ecbea6cae0417689e295e24eef28d317646becb02a00311156bf071e0,2024-07-30T13:32:45.943000 -CVE-2024-42231,0,0,5698ff5b1db575d197b1c8c1dc5219f4779d7262b8f14a97c9dd459883d257dc,2024-07-30T13:32:45.943000 +CVE-2024-42230,0,1,489de0c942b162ae04db8d65286f120a7fa8b9f22ca14fe8139d983112a4bb74,2024-07-30T19:32:51.137000 +CVE-2024-42231,0,1,10724278b1403d9010315b9b102a7133e512f19dc0258e17964781455ceff0fb,2024-07-30T19:30:52.427000 CVE-2024-4224,0,0,1072ade5e61d4673e4fde8d68c377ed60a4f449367391001c4ccc215a9b54b17,2024-07-16T13:43:58.773000 CVE-2024-4225,0,0,91f68c0336340065fb4af26f099ffa4f82ba2dd159bb3bc13f7cb1abcd1de276,2024-04-30T13:11:16.690000 CVE-2024-4226,0,0,5a1ca6b12b6f72b0f4206f29fce66dc2868959ed888bfbcbc74131b5725a94eb,2024-04-30T13:11:16.690000 @@ -257309,6 +257318,8 @@ CVE-2024-5245,0,0,8367cc316d7fd622697ed020483e2edc6264aea8aa776978b7228518baa317 CVE-2024-5246,0,0,481ebf23b779dd3e32e9e0cda77aaee7d0bfc9eca82266cde6c77415f4c9c730,2024-07-03T02:08:44.767000 CVE-2024-5247,0,0,fdfe6c1388c42f602cdcb0ffda38b56b5f1ed960e60bfada435f42d294b2956e,2024-05-24T01:15:30.977000 CVE-2024-5248,0,0,2c3e52f7d10efa84a65c2d56e808c7c6b6e082b4d0e6c7b1b0a814f5918d2bf2,2024-06-07T14:56:05.647000 +CVE-2024-5249,1,1,232f47cfb2c69c6a8c9d02a3b0cfea12f31b0f5b2461136c3f6fb34f19fe55d0,2024-07-30T19:15:11.400000 +CVE-2024-5250,1,1,3670f2c0e7c70580f978e446568f5ac668b790748e31a5c3911ef088cda40359,2024-07-30T19:15:11.613000 CVE-2024-5251,0,0,7d84d2df7bf6674f7d634954defb2f38b0363c19ae19f78012df0aa633abf27a,2024-07-19T15:25:30.980000 CVE-2024-5252,0,0,1b28d536afc88eae5088fe06ff49428bbad5ffcb2aa7139fe40c4c06d2601422,2024-07-19T15:29:35.447000 CVE-2024-5253,0,0,73f9562f224a9a11b8b8279a7bf00d920003fa046cb7c88a3a55caf281adabe4,2024-07-19T15:30:34.717000 @@ -257512,7 +257523,7 @@ CVE-2024-5482,0,0,3b1b42d732a855ed8e91ef26579f45fec6ebdee965d18872f2c0403904f8cd CVE-2024-5483,0,0,2e97255179d42c1fdc159b28df8a118b6b7a66fe00e7310d283bd122fc23ff3b,2024-06-11T17:19:17.143000 CVE-2024-5484,0,0,b3b185b98c733a0f4717de1a808b2127ff5f3061f156212c34336d217a368118,2024-05-31T11:15:09.783000 CVE-2024-5485,0,0,5ff776ceb9b311264eb0a3fd1aecab1cf4920b9e3fce511521464a36e3b91a61,2024-06-04T16:57:41.053000 -CVE-2024-5486,1,1,1f2dc713a77e5691297d12d3cead45337ff5c683bd97084e57d7df3e0c4d214d,2024-07-30T17:15:14.120000 +CVE-2024-5486,0,0,1f2dc713a77e5691297d12d3cead45337ff5c683bd97084e57d7df3e0c4d214d,2024-07-30T17:15:14.120000 CVE-2024-5488,0,0,1ba8afad84fb064b3094b3beeaef45abdf0d0012417462bce1916c1780ec0647,2024-07-11T15:06:31.120000 CVE-2024-5489,0,0,855f98d82c4255d7a1decf5a548f61d8944b9bffb6e3f6a5299c190e758f26a4,2024-06-11T18:15:01.617000 CVE-2024-5491,0,0,c9a62638dd7b2098d22ccc85d55914e20b3d8c19adc41e6518825648965a51ba,2024-07-11T13:05:54.930000 @@ -258398,10 +258409,10 @@ CVE-2024-6900,0,0,e500188038c3ea14b8e23eb8bbafe809d907d6d44fb62c1134048b20990557 CVE-2024-6901,0,0,5b35468e95067e893aef6f3b2a5c35230a71dda604aa4246e174e6067847a2c6,2024-07-24T16:55:57.230000 CVE-2024-6902,0,0,9b85a01f5de4fc5c3a3410cfeacfa5e7187e00590b2e96e858dd024e26f3a385,2024-07-24T16:55:37.197000 CVE-2024-6903,0,0,3562be7283cd266c32fb750a7d46a5a631a70817178a7f6f69f1ad8349916e1d,2024-07-24T16:56:18.070000 -CVE-2024-6904,0,1,f239c56450b95a0a33b77085a89b1f98fb41f140890e8af9dce4de20a8c1954d,2024-07-30T16:30:08.790000 -CVE-2024-6905,0,1,d2866e0a7d3747dac026ea98f4db9a35d905d0462b1cfb352305554736cc69c1,2024-07-30T16:29:56.697000 -CVE-2024-6906,0,1,443e7519587f09813d3604bd2f060eb5fd20e9ad214121b65d696b6b4cd41fa5,2024-07-30T16:29:47.097000 -CVE-2024-6907,0,1,9c6270ce9f9c570726d59d5bb26a5447e18c4636767aab7051423d31252e8bfe,2024-07-30T16:29:32.840000 +CVE-2024-6904,0,0,f239c56450b95a0a33b77085a89b1f98fb41f140890e8af9dce4de20a8c1954d,2024-07-30T16:30:08.790000 +CVE-2024-6905,0,0,d2866e0a7d3747dac026ea98f4db9a35d905d0462b1cfb352305554736cc69c1,2024-07-30T16:29:56.697000 +CVE-2024-6906,0,0,443e7519587f09813d3604bd2f060eb5fd20e9ad214121b65d696b6b4cd41fa5,2024-07-30T16:29:47.097000 +CVE-2024-6907,0,0,9c6270ce9f9c570726d59d5bb26a5447e18c4636767aab7051423d31252e8bfe,2024-07-30T16:29:32.840000 CVE-2024-6908,0,0,39238ceecec75ca0113efef9ebf9de02325a2ecd066a43e78f16c4451849b776,2024-07-22T13:00:53.287000 CVE-2024-6911,0,0,46d89096f6e412b4d1b26c4491b89cca1edef35f1edb197cda4640c904cf9862,2024-07-24T12:55:13.223000 CVE-2024-6912,0,0,b579ffc43dbaf89f50f93b1659dc012bb7b84a2d36bcb32b984560565416f527,2024-07-24T12:55:13.223000 @@ -258531,8 +258542,8 @@ CVE-2024-7199,0,0,1c38ae71600e9c4c0d209d192fce66196ad6d1d1454dfe95d9b268bf29c6a5 CVE-2024-7200,0,0,d21a4dd541acbc0094d3b150aee5dc57732e3b43b8983d68802bfc40bea446f0,2024-07-29T14:12:08.783000 CVE-2024-7201,0,0,ada84f4b903b0c95dc45be4013db2022612c9fdb66b840b2138f16a8a9061fa8,2024-07-29T14:12:08.783000 CVE-2024-7202,0,0,47ee30ff0ebecde915aadd7cf1bd702d0bebf04cac4786411e427c0fde39b1f2,2024-07-29T14:12:08.783000 -CVE-2024-7208,1,1,46953efa12a5d662fff94e2c99734c2e20fbdfcfc741cd26c9caf517aab8eea2,2024-07-30T17:15:14.360000 -CVE-2024-7209,1,1,981807f81ce86beb4f096cbcdb19b49a40a39636a3c8cf91886492003874ebb8,2024-07-30T17:15:14.450000 +CVE-2024-7208,0,0,46953efa12a5d662fff94e2c99734c2e20fbdfcfc741cd26c9caf517aab8eea2,2024-07-30T17:15:14.360000 +CVE-2024-7209,0,0,981807f81ce86beb4f096cbcdb19b49a40a39636a3c8cf91886492003874ebb8,2024-07-30T17:15:14.450000 CVE-2024-7212,0,0,f6bebad6ae53838fdfc46656ae8fba28c66f127a824bd527778b34c8dcd63e65,2024-07-30T13:32:45.943000 CVE-2024-7213,0,0,1d232a759ef9c9587d56c52f8268da136472cbcd6eef42f7766a15dddc72721a,2024-07-30T13:32:45.943000 CVE-2024-7214,0,0,f3edd19e8cfc3c22a6f8f65ed67f6c523f424989a4dab15459681566d0408238,2024-07-30T13:32:45.943000 @@ -258553,4 +258564,4 @@ CVE-2024-7249,0,0,b1c62b4f237d55dfb39f8f205e178006f9409a78ccfd426e79f2f98ca375d8 CVE-2024-7250,0,0,2ad6dc357ed437eabcd60fe2775245fd2e54c1167d56f0a56470e33155a5fc4c,2024-07-30T13:32:45.943000 CVE-2024-7251,0,0,56e37f41fcf38f76a5deb1629f8d7e708899009a1e9f2b615de298d4a45a835f,2024-07-30T13:32:45.943000 CVE-2024-7252,0,0,b11855d09d58123416b1c452f42a306230094dfbea0e43cbf3d1a4ad2d82d89e,2024-07-30T13:32:45.943000 -CVE-2024-7297,1,1,2e874bfba57ad5ec5745065eab38f5876ea9fcd7307b48661cf2daf7f9f6b574,2024-07-30T17:15:14.513000 +CVE-2024-7297,0,0,2e874bfba57ad5ec5745065eab38f5876ea9fcd7307b48661cf2daf7f9f6b574,2024-07-30T17:15:14.513000