Auto-Update: 2024-08-31T08:00:16.795709+00:00

CVE-2022/CVE-2022-489xx/CVE-2022-48936.json

@@ -2,172 +2,15 @@
   "id": "CVE-2022-48936",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-08-22T04:15:16.950",
-  "lastModified": "2024-08-22T19:03:59.643",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-08-31T06:15:06.460",
+  "vulnStatus": "Rejected",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: do not skip outer ip header in case of ipip and net_failover\n\nWe encounter a tcp drop issue in our cloud environment. Packet GROed in\nhost forwards to a VM virtio_net nic with net_failover enabled. VM acts\nas a IPVS LB with ipip encapsulation. The full path like:\nhost gro -> vm virtio_net rx -> net_failover rx -> ipvs fullnat\n -> ipip encap -> net_failover tx -> virtio_net tx\n\nWhen net_failover transmits a ipip pkt (gso_type = 0x0103, which means\nSKB_GSO_TCPV4, SKB_GSO_DODGY and SKB_GSO_IPXIP4), there is no gso\ndid because it supports TSO and GSO_IPXIP4. But network_header points to\ninner ip header.\n\nCall Trace:\n tcp4_gso_segment        ------> return NULL\n inet_gso_segment        ------> inner iph, network_header points to\n ipip_gso_segment\n inet_gso_segment        ------> outer iph\n skb_mac_gso_segment\n\nAfterwards virtio_net transmits the pkt, only inner ip header is modified.\nAnd the outer one just keeps unchanged. The pkt will be dropped in remote\nhost.\n\nCall Trace:\n inet_gso_segment        ------> inner iph, outer iph is skipped\n skb_mac_gso_segment\n __skb_gso_segment\n validate_xmit_skb\n validate_xmit_skb_list\n sch_direct_xmit\n __qdisc_run\n __dev_queue_xmit        ------> virtio_net\n dev_hard_start_xmit\n __dev_queue_xmit        ------> net_failover\n ip_finish_output2\n ip_output\n iptunnel_xmit\n ip_tunnel_xmit\n ipip_tunnel_xmit        ------> ipip\n dev_hard_start_xmit\n __dev_queue_xmit\n ip_finish_output2\n ip_output\n ip_forward\n ip_rcv\n __netif_receive_skb_one_core\n netif_receive_skb_internal\n napi_gro_receive\n receive_buf\n virtnet_poll\n net_rx_action\n\nThe root cause of this issue is specific with the rare combination of\nSKB_GSO_DODGY and a tunnel device that adds an SKB_GSO_ tunnel option.\nSKB_GSO_DODGY is set from external virtio_net. We need to reset network\nheader when callbacks.gso_segment() returns NULL.\n\nThis patch also includes ipv6_gso_segment(), considering SIT, etc."
-    },
-    {
-      "lang": "es",
-      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: gso: no omita el encabezado de IP externo en caso de ipip y net_failover. Nos encontramos con un problema de ca\u00edda de TCP en nuestro entorno de nube. El paquete GROed en el host se reenv\u00eda a una NIC virtio_net de VM con net_failover habilitado. VM act\u00faa como IPVS LB con encapsulaci\u00f3n ipip. La ruta completa como: host gro -> vm virtio_net rx -> net_failover rx -> ipvs fullnat -> ipip encap -> net_failover tx -> virtio_net tx Cuando net_failover transmite un paquete ipip (gso_type = 0x0103, que significa SKB_GSO_TCPV4, SKB_GSO_DODGY y SKB_GSO_IPXIP 4 ), no existe gso porque admite TSO y GSO_IPXIP4. Pero network_header apunta al encabezado IP interno. Seguimiento de llamadas: tcp4_gso_segment ------> return NULL inet_gso_segment ------> iph interno, network_header apunta a ipip_gso_segment inet_gso_segment ------> iph externo skb_mac_gso_segment Luego, virtio_net transmite el paquete, solo se muestra el encabezado de IP interno modificado. Y el exterior simplemente se mantiene sin cambios. El paquete se colocar\u00e1 en el host remoto. Seguimiento de llamadas: inet_gso_segment ------> iph interno, se omite el iph externo skb_mac_gso_segment __skb_gso_segment validar_xmit_skb validar_xmit_skb_list sch_direct_xmit __qdisc_run __dev_queue_xmit ------> virtio_net dev_hard_start_xmit __dev_queue_xmit --- ---> net_failover ip_finish_output2 ip_output iptunnel_xmit ip_tunnel_xmit ipip_tunnel_xmit -- ----> ipip dev_hard_start_xmit __dev_queue_xmit ip_finish_output2 ip_output ip_forward ip_rcv __netif_receive_skb_one_core netif_receive_skb_internal napi_gro_receiveceived_buf virtnet_poll net_rx_action La causa ra\u00edz de este problema es espec\u00edfica de la rara combinaci\u00f3n de SKB_GSO_DODGY y un dispositivo de t\u00fanel que agrega una opci\u00f3n de t\u00fanel SKB_GSO_. SKB_GSO_DODGY se configura desde virtio_net externo. Necesitamos restablecer el encabezado de la red cuando callbacks.gso_segment() devuelve NULL. Este parche tambi\u00e9n incluye ipv6_gso_segment(), considerando SIT, etc."
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
     }
   ],
-  "metrics": {
-    "cvssMetricV31": [
-      {
-        "source": "nvd@nist.gov",
-        "type": "Primary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
-          "attackVector": "LOCAL",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "NONE",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "NONE",
-          "integrityImpact": "NONE",
-          "availabilityImpact": "HIGH",
-          "baseScore": 5.5,
-          "baseSeverity": "MEDIUM"
-        },
-        "exploitabilityScore": 1.8,
-        "impactScore": 3.6
-      }
-    ]
-  },
-  "weaknesses": [
-    {
-      "source": "nvd@nist.gov",
-      "type": "Primary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "NVD-CWE-noinfo"
-        }
-      ]
-    }
-  ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "3.13",
-              "versionEndExcluding": "4.9.304",
-              "matchCriteriaId": "C6CC1F21-FAA1-403B-826E-B5709A12D4EE"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.10",
-              "versionEndExcluding": "4.14.269",
-              "matchCriteriaId": "F0F577D3-EFEA-42CF-80AA-905297529D7F"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.15",
-              "versionEndExcluding": "4.19.232",
-              "matchCriteriaId": "EF11C6DC-8B9A-4A37-B1E6-33B68F5366ED"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "4.20",
-              "versionEndExcluding": "5.4.182",
-              "matchCriteriaId": "EE74CED8-43BF-4060-9578-93A09735B4E2"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.5",
-              "versionEndExcluding": "5.10.103",
-              "matchCriteriaId": "1A95B717-3110-4D4F-B8FC-373919BB514D"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.11",
-              "versionEndExcluding": "5.15.26",
-              "matchCriteriaId": "9AB342AE-A62E-4947-A6EA-511453062B2B"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "5.16",
-              "versionEndExcluding": "5.16.12",
-              "matchCriteriaId": "C76BAB21-7F23-4AD8-A25F-CA7B262A2698"
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2b3cdd70ea5f5a694f95ea1788393fb3b83071ea",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/45d006c2c7ed7baf1fa258fa7b5bc9923d3a983e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7840e559799a08a8588ee6de27516a991cb2e5e7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/899e56a1ad435261812355550ae869d8be3df395",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a739963f43269297c3f438b776194542e2a97499",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cc20cced0598d9a5ff91ae4ab147b3b5e99ee819",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dac2490d9ee0b89dffc72f1172b8bbeb60eaec39",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e9ffbe63f6f32f526a461756309b61c395168d73",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-      "tags": [
-        "Patch"
-      ]
-    }
-  ]
+  "metrics": {},
+  "references": []
 }

CVE-2024/CVE-2024-449xx/CVE-2024-44945.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-44945",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-08-31T07:15:03.760",
+  "lastModified": "2024-08-31T07:15:03.760",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink: Initialise extack before use in ACKs\n\nAdd missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/3e03b536d9454c5802168b9e85248d456d3ff6a3",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d1a7b382a9d3f0f3e5a80e0be2991c075fa4f618",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-08-31T06:00:16.987987+00:00
+2024-08-31T08:00:16.795709+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-08-31T05:15:13.677000+00:00
+2024-08-31T07:15:03.760000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-261622
+261623
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `1`
 
-- [CVE-2024-3886](CVE-2024/CVE-2024-38xx/CVE-2024-3886.json) (`2024-08-31T05:15:13.353`)
-- [CVE-2024-5212](CVE-2024/CVE-2024-52xx/CVE-2024-5212.json) (`2024-08-31T05:15:13.677`)
+- [CVE-2024-44945](CVE-2024/CVE-2024-449xx/CVE-2024-44945.json) (`2024-08-31T07:15:03.760`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2022-48936](CVE-2022/CVE-2022-489xx/CVE-2022-48936.json) (`2024-08-31T06:15:06.460`)
 
 
 ## Download and Usage

_state.csv

@@ -212465,7 +212465,7 @@ CVE-2022-48932,0,0,827a73f8f8e4e42d3c001e9e0940fd88c4ea31c4830d11930163e773566d8
 CVE-2022-48933,0,0,b006add90d90a7908ac31a96e3814a6ab2b6644466aadebc7bb2d78f8d5f146e,2024-08-23T01:50:09.313000
 CVE-2022-48934,0,0,5b4d3e9f36a52ea0bbbb4966ebd00c594a823cadc603a7281937d3623cfb89c3,2024-08-22T20:33:29.860000
 CVE-2022-48935,0,0,b0558ba7333ba5b6f11a266cc14a6047809664d823e0a328d44fb10a334549ef,2024-08-23T01:45:31.280000
-CVE-2022-48936,0,0,36ac70219cd8aef6a8970544481442eac16b9c0cd068921aa64078a27ffc7215,2024-08-22T19:03:59.643000
+CVE-2022-48936,0,1,314cbb90d15468a6b1d7555d054a6b503128a9503d9ec5951ea48c3a9258d9c6,2024-08-31T06:15:06.460000
 CVE-2022-48937,0,0,5acf0c5064ef79bcf25c1dae2675f0433d0999928e6f36ce64d5e6c9907aa5b9,2024-08-22T19:07:28.567000
 CVE-2022-48938,0,0,eff2e9fbfc7aa611d20c84d8b3736eb4c859583a2ca7af1dd4c15351c5551139,2024-08-22T18:49:20.320000
 CVE-2022-48939,0,0,171710b03fe72b0b5576806a870449655b0f9165fe85d09b9d9bd74ca80174f4,2024-08-22T19:02:08.770000
@@ -255930,7 +255930,7 @@ CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d
 CVE-2024-38856,0,0,cf2c30abb1c3c3e6b03acfa253b7bd98efa464ab76b49fddc2034ce3ce8a3be1,2024-08-28T16:15:58.043000
 CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e638,2024-07-02T12:09:16.907000
 CVE-2024-38859,0,0,593edb58800c759df69d81e4c4902db80ed6954e27fabcb131a77e637ddeaf57,2024-08-26T15:15:23.727000
-CVE-2024-3886,1,1,32ede4456a4ddb6db7c3453d25beda4c9751e9335da840bc98f3ff533375804e,2024-08-31T05:15:13.353000
+CVE-2024-3886,0,0,32ede4456a4ddb6db7c3453d25beda4c9751e9335da840bc98f3ff533375804e,2024-08-31T05:15:13.353000
 CVE-2024-38867,0,0,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000
 CVE-2024-38868,0,0,5f60194e3d1d59618be01fdc85fcd84265bb98850782dfe5e0cc1c80bd3ff2b3,2024-08-30T18:15:06.957000
 CVE-2024-38869,0,0,c0f887639cd5f8290b163362347e9df211e2de0bfae6dfee57ed54004469d16e,2024-08-30T18:15:07.150000
@@ -258764,6 +258764,7 @@ CVE-2024-44941,0,0,15a1c7001949731e4df03f4a864ae7a9e64adc22c4c644da2de0836d77651
 CVE-2024-44942,0,0,17b37362bd3ba24b1a5ce481b72105519e3d684fbcb26bdd0327529225c432f3,2024-08-27T16:09:10.010000
 CVE-2024-44943,0,0,5bf597bf2fa044f6eb0ba2afa66eeb4ae405658ddc3b2a597c7fedca3c5f2035,2024-08-28T12:57:17.117000
 CVE-2024-44944,0,0,2311e8e140052a8ffceda234565ab592ce1eef31ad86de13e1707e1e1dd9a467,2024-08-30T13:00:05.390000
+CVE-2024-44945,1,1,b9925d61818b0f13538430fa3fa098f09fe3d38e458b14d49416d01436c660e9,2024-08-31T07:15:03.760000
 CVE-2024-4495,0,0,cb1d8bc801c43f7ab8180176a646c9e39a56603c1305eac804522af3adac0fa8,2024-05-17T02:40:25.167000
 CVE-2024-4496,0,0,6e858d3d5b48b877aff577f900a80fd10c799bd74cdf4188d346fa0d13641a80,2024-06-04T19:20:39.340000
 CVE-2024-4497,0,0,6a1d6365c146727895628930cc6e441179a183396cbc0224f0d3e640240772d3,2024-06-04T19:20:39.437000
@@ -259452,7 +259453,7 @@ CVE-2024-5208,0,0,1cccb0861be6781d1738a6540c67013b2ca290af7bc911f2a2acee7d44fa67
 CVE-2024-5209,0,0,7531866dc2069833de5cded2977d100fe13c1eac0700fc84557e1bd601c0dcd0,2024-08-19T13:00:23.117000
 CVE-2024-5210,0,0,573e35f227eabc9e8da1d5a4ec5c123d22f983494acc77bb8e423c30a6d4c28b,2024-08-19T13:00:23.117000
 CVE-2024-5211,0,0,98a88a37609463fc748729234fb7fa88ed6b19a9a862440dab2a89ae616c7fd0,2024-06-13T18:36:09.010000
-CVE-2024-5212,1,1,acd3cd1bbb5acea57970498438e237d6d9457368613a3993a9ddb14828e5cf45,2024-08-31T05:15:13.677000
+CVE-2024-5212,0,0,acd3cd1bbb5acea57970498438e237d6d9457368613a3993a9ddb14828e5cf45,2024-08-31T05:15:13.677000
 CVE-2024-5213,0,0,d0914ed8289e640566cb58700956c5d2665253a06d0896526d4a9160af504e00,2024-07-17T14:36:39.397000
 CVE-2024-5214,0,0,63d7572dfe3fc62d2b94f5bd6d323fcf441de42b521ffae91ecf8348de5e238f,2024-06-03T19:15:09.360000
 CVE-2024-5215,0,0,000fc07f4cc70899827567e140fa6ed8e48b521d55f3767b5621ab75b67abf1a,2024-06-26T12:44:29.693000