admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-06T19:00:28.740053+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-06 19:03:52 +00:00
parent 9d1aee6303
commit 888c7a9ac7
123 changed files with 6230 additions and 710 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2019/CVE-2019-162xx/CVE-2019-16283.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-16283", "id": "CVE-2019-16283",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-09T18:15:09.483", "published": "2023-06-09T18:15:09.483",
"lastModified": "2024-11-21T04:30:27.177", "lastModified": "2025-01-06T18:15:09.650",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2020/CVE-2020-367xx/CVE-2020-36732.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36732", "id": "CVE-2020-36732",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T02:15:48.347", "published": "2023-06-12T02:15:48.347",
"lastModified": "2024-11-21T05:30:11.017", "lastModified": "2025-01-06T18:15:11.100",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-330" "value": "CWE-330"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-331"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2022/CVE-2022-437xx/CVE-2022-43777.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43777", "id": "CVE-2022-43777",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-12T20:15:10.310", "published": "2023-06-12T20:15:10.310",
"lastModified": "2024-11-21T07:27:13.020", "lastModified": "2025-01-06T17:15:08.490",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.1, "exploitabilityScore": 1.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-367" "value": "CWE-367"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
} }
], ],
"configurations": [ "configurations": [

40
CVE-2022/CVE-2022-437xx/CVE-2022-43778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43778", "id": "CVE-2022-43778",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2023-06-12T20:15:10.360", "published": "2023-06-12T20:15:10.360",
"lastModified": "2024-11-21T07:27:13.620", "lastModified": "2025-01-06T17:15:10.027",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.1, "exploitabilityScore": 1.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-367" "value": "CWE-367"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
} }
], ],
"configurations": [ "configurations": [
@ -10901,6 +10931,14 @@
"Exploit", "Exploit",
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

22
CVE-2023/CVE-2023-11xx/CVE-2023-1119.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1119", "id": "CVE-2023-1119",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-10T16:15:48.720", "published": "2023-07-10T16:15:48.720",
"lastModified": "2024-11-21T07:38:29.800", "lastModified": "2025-01-06T17:15:10.700",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },

32
CVE-2023/CVE-2023-212xx/CVE-2023-21245.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21245", "id": "CVE-2023-21245",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:23.683", "published": "2023-07-13T00:15:23.683",
"lastModified": "2024-11-21T07:42:29.000", "lastModified": "2025-01-06T17:15:11.087",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-24xx/CVE-2023-2454.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2454", "id": "CVE-2023-2454",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-09T19:15:09.253", "published": "2023-06-09T19:15:09.253",
"lastModified": "2024-11-21T07:58:38.883", "lastModified": "2025-01-06T18:15:13.670",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },

22
CVE-2023/CVE-2023-24xx/CVE-2023-2455.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2455", "id": "CVE-2023-2455",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-09T19:15:09.313", "published": "2023-06-09T19:15:09.313",
"lastModified": "2024-11-21T07:58:39.010", "lastModified": "2025-01-06T18:15:13.913",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.5 "impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
} }
] ]
}, },

32
CVE-2023/CVE-2023-254xx/CVE-2023-25434.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25434", "id": "CVE-2023-25434",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T20:15:09.337", "published": "2023-06-14T20:15:09.337",
"lastModified": "2024-11-21T07:49:30.410", "lastModified": "2025-01-06T17:15:11.303",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-120" "value": "CWE-120"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-261xx/CVE-2023-26132.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26132", "id": "CVE-2023-26132",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-06-10T05:15:08.970", "published": "2023-06-10T05:15:08.970",
"lastModified": "2024-11-21T07:50:50.543", "lastModified": "2025-01-06T17:15:11.647",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -75,6 +75,16 @@
"value": "CWE-1321" "value": "CWE-1321"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-261xx/CVE-2023-26133.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26133", "id": "CVE-2023-26133",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-06-12T05:15:09.400", "published": "2023-06-12T05:15:09.400",
"lastModified": "2024-11-21T07:50:50.667", "lastModified": "2025-01-06T17:15:11.860",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -75,6 +75,16 @@
"value": "CWE-1321" "value": "CWE-1321"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-269xx/CVE-2023-26965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26965", "id": "CVE-2023-26965",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.483", "published": "2023-06-14T21:15:09.483",
"lastModified": "2024-11-21T07:52:07.757", "lastModified": "2025-01-06T17:15:12.030",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-277xx/CVE-2023-27706.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27706", "id": "CVE-2023-27706",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T19:15:09.107", "published": "2023-06-09T19:15:09.107",
"lastModified": "2024-11-21T07:53:22.320", "lastModified": "2025-01-06T18:15:11.927",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-312" "value": "CWE-312"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-277xx/CVE-2023-27716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27716", "id": "CVE-2023-27716",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T21:15:22.543", "published": "2023-06-12T21:15:22.543",
"lastModified": "2024-11-21T07:53:22.890", "lastModified": "2025-01-06T18:15:12.193",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-284xx/CVE-2023-28478.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28478", "id": "CVE-2023-28478",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T20:15:11.717", "published": "2023-06-12T20:15:11.717",
"lastModified": "2024-11-21T07:55:10.953", "lastModified": "2025-01-06T17:15:12.243",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-297xx/CVE-2023-29712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29712", "id": "CVE-2023-29712",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T18:15:09.600", "published": "2023-06-09T18:15:09.600",
"lastModified": "2024-11-21T07:57:24.340", "lastModified": "2025-01-06T18:15:12.433",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-297xx/CVE-2023-29713.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29713", "id": "CVE-2023-29713",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T19:15:09.160", "published": "2023-06-09T19:15:09.160",
"lastModified": "2024-11-21T07:57:24.497", "lastModified": "2025-01-06T18:15:12.683",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-297xx/CVE-2023-29714.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29714", "id": "CVE-2023-29714",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T19:15:09.207", "published": "2023-06-09T19:15:09.207",
"lastModified": "2024-11-21T07:57:24.633", "lastModified": "2025-01-06T18:15:12.930",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-297xx/CVE-2023-29749.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29749", "id": "CVE-2023-29749",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T20:15:09.663", "published": "2023-06-09T20:15:09.663",
"lastModified": "2024-11-21T07:57:28.457", "lastModified": "2025-01-06T18:15:13.163",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },

32
CVE-2023/CVE-2023-297xx/CVE-2023-29767.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29767", "id": "CVE-2023-29767",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T20:15:10.140", "published": "2023-06-09T20:15:10.140",
"lastModified": "2024-11-21T07:57:29.977", "lastModified": "2025-01-06T18:15:13.400",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-400" "value": "CWE-400"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-300xx/CVE-2023-30082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30082", "id": "CVE-2023-30082",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T20:15:09.453", "published": "2023-06-14T20:15:09.453",
"lastModified": "2024-11-21T07:59:46.327", "lastModified": "2025-01-06T17:15:12.460",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-1284" "value": "CWE-1284"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-301xx/CVE-2023-30150.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30150", "id": "CVE-2023-30150",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.557", "published": "2023-06-14T21:15:09.557",
"lastModified": "2024-11-21T07:59:50.653", "lastModified": "2025-01-06T17:15:12.697",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

6
CVE-2023/CVE-2023-301xx/CVE-2023-30198.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30198", "id": "CVE-2023-30198",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T17:15:09.760", "published": "2023-06-12T17:15:09.760",
"lastModified": "2024-11-21T07:59:53.620", "lastModified": "2025-01-06T18:15:14.143",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -121,6 +121,10 @@
"tags": [ "tags": [
"Product" "Product"
] ]
},
{
"url": "https://packetstorm.news/files/id/173136",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

32
CVE-2023/CVE-2023-302xx/CVE-2023-30262.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30262", "id": "CVE-2023-30262",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T18:15:09.647", "published": "2023-06-09T18:15:09.647",
"lastModified": "2024-11-21T07:59:57.570", "lastModified": "2025-01-06T18:15:14.373",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-502" "value": "CWE-502"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-316xx/CVE-2023-31671.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31671", "id": "CVE-2023-31671",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T18:15:09.573", "published": "2023-06-14T18:15:09.573",
"lastModified": "2024-11-21T08:02:08.647", "lastModified": "2025-01-06T17:15:12.890",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-317xx/CVE-2023-31746.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31746", "id": "CVE-2023-31746",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.610", "published": "2023-06-14T21:15:09.610",
"lastModified": "2024-11-21T08:02:13.870", "lastModified": "2025-01-06T17:15:13.100",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-322xx/CVE-2023-32219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32219", "id": "CVE-2023-32219",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-12T21:15:22.597", "published": "2023-06-12T21:15:22.597",
"lastModified": "2024-11-21T08:02:55.563", "lastModified": "2025-01-06T17:15:13.383",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-322xx/CVE-2023-32220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32220", "id": "CVE-2023-32220",
"sourceIdentifier": "cna@cyber.gov.il", "sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-06-12T21:15:22.673", "published": "2023-06-12T21:15:22.673",
"lastModified": "2024-11-21T08:02:55.670", "lastModified": "2025-01-06T17:15:13.543",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -65,6 +65,16 @@
"value": "CWE-287" "value": "CWE-287"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33515.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33515", "id": "CVE-2023-33515",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.663", "published": "2023-06-14T21:15:09.663",
"lastModified": "2024-11-21T08:05:39.833", "lastModified": "2025-01-06T18:15:14.737",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33557.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33557", "id": "CVE-2023-33557",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T18:15:09.693", "published": "2023-06-09T18:15:09.693",
"lastModified": "2024-11-21T08:05:42.760", "lastModified": "2025-01-06T18:15:15.217",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-343xx/CVE-2023-34363.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34363", "id": "CVE-2023-34363",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T07:15:10.507", "published": "2023-06-09T07:15:10.507",
"lastModified": "2024-11-21T08:07:06.067", "lastModified": "2025-01-06T18:15:15.647",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.2, "exploitabilityScore": 2.2,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-338" "value": "CWE-338"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-343xx/CVE-2023-34364.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34364", "id": "CVE-2023-34364",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-09T07:15:10.563", "published": "2023-06-09T07:15:10.563",
"lastModified": "2024-11-21T08:07:06.197", "lastModified": "2025-01-06T18:15:15.910",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-343xx/CVE-2023-34367.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34367", "id": "CVE-2023-34367",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T20:15:09.510", "published": "2023-06-14T20:15:09.510",
"lastModified": "2024-11-21T08:07:06.567", "lastModified": "2025-01-06T18:15:16.153",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 2.5 "impactScore": 2.5
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
} }
] ]
}, },

32
CVE-2023/CVE-2023-350xx/CVE-2023-35031.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35031", "id": "CVE-2023-35031",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T02:15:48.447", "published": "2023-06-12T02:15:48.447",
"lastModified": "2024-11-21T08:07:50.853", "lastModified": "2025-01-06T18:15:16.410",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

12
CVE-2023/CVE-2023-350xx/CVE-2023-35034.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35034", "id": "CVE-2023-35034",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-12T02:15:48.570", "published": "2023-06-12T02:15:48.570",
"lastModified": "2024-11-21T08:07:51.330", "lastModified": "2025-01-06T18:15:16.923",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

40
CVE-2023/CVE-2023-377xx/CVE-2023-37712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37712", "id": "CVE-2023-37712",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-10T17:15:09.877", "published": "2023-07-10T17:15:09.877",
"lastModified": "2024-11-21T08:12:09.553", "lastModified": "2025-01-06T17:15:13.680",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [
@ -146,6 +176,14 @@
"Exploit", "Exploit",
"Third Party Advisory" "Third Party Advisory"
] ]
},
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

86
CVE-2023/CVE-2023-66xx/CVE-2023-6601.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2023-6601",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2025-01-06T17:15:14.217",
"lastModified": "2025-01-06T17:15:14.217",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253172",
"source": "patrick@puiterwijk.org"
}
]
}

86
CVE-2023/CVE-2023-66xx/CVE-2023-6604.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2023-6604",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2025-01-06T17:15:14.413",
"lastModified": "2025-01-06T17:15:14.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334337",
"source": "patrick@puiterwijk.org"
}
]
}

76
CVE-2023/CVE-2023-66xx/CVE-2023-6605.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2023-6605",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2025-01-06T17:15:14.613",
"lastModified": "2025-01-06T17:15:14.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334336",
"source": "patrick@puiterwijk.org"
}
]
}

10
CVE-2024/CVE-2024-109xx/CVE-2024-10957.json
View File

@ -2,20 +2,20 @@
"id": "CVE-2024-10957", "id": "CVE-2024-10957",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2025-01-04T14:15:22.430", "published": "2025-01-04T14:15:22.430",
"lastModified": "2025-01-04T14:15:22.430", "lastModified": "2025-01-06T17:15:14.853",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit." "value": "The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -38,7 +38,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

24
CVE-2024/CVE-2024-111xx/CVE-2024-11168.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11168", "id": "CVE-2024-11168",
"sourceIdentifier": "cna@python.org", "sourceIdentifier": "cna@python.org",
"published": "2024-11-12T22:15:14.920", "published": "2024-11-12T22:15:14.920",
"lastModified": "2024-12-03T21:15:05.470", "lastModified": "2025-01-06T18:15:17.900",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED" "providerUrgency": "NOT_DEFINED"
} }
} }
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
] ]
}, },
"weaknesses": [ "weaknesses": [

14
CVE-2024/CVE-2024-116xx/CVE-2024-11691.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11691", "id": "CVE-2024-11691",
"sourceIdentifier": "security@mozilla.org", "sourceIdentifier": "security@mozilla.org",
"published": "2024-11-26T14:15:18.633", "published": "2024-11-26T14:15:18.633",
"lastModified": "2024-12-13T17:15:05.813", "lastModified": "2025-01-06T18:15:18.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914707", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1914707",

24
CVE-2024/CVE-2024-122xx/CVE-2024-12254.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12254", "id": "CVE-2024-12254",
"sourceIdentifier": "cna@python.org", "sourceIdentifier": "cna@python.org",
"published": "2024-12-06T16:15:20.623", "published": "2024-12-06T16:15:20.623",
"lastModified": "2024-12-06T19:15:10.983", "lastModified": "2025-01-06T18:15:18.713",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED" "providerUrgency": "NOT_DEFINED"
} }
} }
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
] ]
}, },
"weaknesses": [ "weaknesses": [

75
CVE-2024/CVE-2024-130xx/CVE-2024-13031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13031", "id": "CVE-2024-13031",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T01:15:06.827", "published": "2024-12-30T01:15:06.827",
"lastModified": "2024-12-30T01:15:06.827", "lastModified": "2025-01-06T18:56:33.010",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 0.9, "exploitabilityScore": 0.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,24 +142,65 @@
"value": "CWE-94" "value": "CWE-94"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:antabot:white-jotter:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.2.2",
"matchCriteriaId": "6759B940-07EF-49C7-A0F8-ABC2C329843A"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ReflectedXSS-ContentEditor.md", "url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ReflectedXSS-ContentEditor.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289764", "url": "https://vuldb.com/?ctiid.289764",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289764", "url": "https://vuldb.com/?id.289764",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.466530", "url": "https://vuldb.com/?submit.466530",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

81
CVE-2024/CVE-2024-130xx/CVE-2024-13032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13032", "id": "CVE-2024-13032",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T02:15:06.260", "published": "2024-12-30T02:15:06.260",
"lastModified": "2024-12-30T02:15:06.260", "lastModified": "2025-01-06T18:47:07.217",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -120,22 +140,53 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-ArticleCoverURL.md", "nodes": [
"source": "cna@vuldb.com"
},
{ {
"url": "https://vuldb.com/?ctiid.289765", "operator": "OR",
"source": "cna@vuldb.com" "negate": false,
}, "cpeMatch": [
{ {
"url": "https://vuldb.com/?id.289765", "vulnerable": true,
"source": "cna@vuldb.com" "criteria": "cpe:2.3:a:antabot:white-jotter:*:*:*:*:*:*:*:*",
}, "versionEndIncluding": "0.2.2",
{ "matchCriteriaId": "6759B940-07EF-49C7-A0F8-ABC2C329843A"
"url": "https://vuldb.com/?submit.466551", }
"source": "cna@vuldb.com" ]
}
]
}
],
"references": [
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-ArticleCoverURL.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.289765",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.289765",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.466551",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-130xx/CVE-2024-13033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13033", "id": "CVE-2024-13033",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T02:15:07.270", "published": "2024-12-30T02:15:07.270",
"lastModified": "2024-12-30T02:15:07.270", "lastModified": "2025-01-06T18:26:59.997",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.1, "exploitabilityScore": 2.1,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,24 +142,63 @@
"value": "CWE-94" "value": "CWE-94"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E5E8E-272F-46CA-A1AB-50C53B07FFA3"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://code-projects.org/", "url": "https://code-projects.org/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289766", "url": "https://vuldb.com/?ctiid.289766",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289766", "url": "https://vuldb.com/?id.289766",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.471109", "url": "https://vuldb.com/?submit.471109",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-130xx/CVE-2024-13034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13034", "id": "CVE-2024-13034",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T02:15:07.433", "published": "2024-12-30T02:15:07.433",
"lastModified": "2024-12-30T02:15:07.433", "lastModified": "2025-01-06T18:11:07.307",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.1, "exploitabilityScore": 2.1,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,24 +142,63 @@
"value": "CWE-94" "value": "CWE-94"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E5E8E-272F-46CA-A1AB-50C53B07FFA3"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://code-projects.org/", "url": "https://code-projects.org/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289767", "url": "https://vuldb.com/?ctiid.289767",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289767", "url": "https://vuldb.com/?id.289767",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.471111", "url": "https://vuldb.com/?submit.471111",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-130xx/CVE-2024-13035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13035", "id": "CVE-2024-13035",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T03:15:06.413", "published": "2024-12-30T03:15:06.413",
"lastModified": "2024-12-30T03:15:06.413", "lastModified": "2025-01-06T17:59:47.040",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,24 +142,63 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E5E8E-272F-46CA-A1AB-50C53B07FFA3"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://code-projects.org/", "url": "https://code-projects.org/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289768", "url": "https://vuldb.com/?ctiid.289768",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289768", "url": "https://vuldb.com/?id.289768",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?submit.471112", "url": "https://vuldb.com/?submit.471112",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-130xx/CVE-2024-13036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13036", "id": "CVE-2024-13036",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T03:15:06.580", "published": "2024-12-30T03:15:06.580",
"lastModified": "2024-12-30T03:15:06.580", "lastModified": "2025-01-06T17:26:00.327",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,24 +142,63 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:chat_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C53942AF-E982-409D-BFDF-FAFD90E5C154"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://code-projects.org/", "url": "https://code-projects.org/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289769", "url": "https://vuldb.com/?ctiid.289769",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289769", "url": "https://vuldb.com/?id.289769",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?submit.471113", "url": "https://vuldb.com/?submit.471113",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

80
CVE-2024/CVE-2024-130xx/CVE-2024-13037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-13037", "id": "CVE-2024-13037",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-30T04:15:05.200", "published": "2024-12-30T04:15:05.200",
"lastModified": "2024-12-30T04:15:05.200", "lastModified": "2025-01-06T17:00:22.063",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -80,6 +80,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -111,7 +131,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -122,28 +142,72 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1000projects:attendance_tracking_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108AEB9D-CD44-4A0D-8CB6-82EA6162A0B4"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://1000projects.org/", "url": "https://1000projects.org/",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/matias-a11y/cve/issues/2", "url": "https://github.com/matias-a11y/cve/issues/2",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.289770", "url": "https://vuldb.com/?ctiid.289770",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.289770", "url": "https://vuldb.com/?id.289770",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?submit.471674", "url": "https://vuldb.com/?submit.471674",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

215
CVE-2024/CVE-2024-269xx/CVE-2024-26929.json
View File

@ -2,220 +2,15 @@
"id": "CVE-2024-26929", "id": "CVE-2024-26929",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:07.380", "published": "2024-05-01T06:15:07.380",
"lastModified": "2024-11-21T09:03:24.463", "lastModified": "2025-01-06T17:15:15.537",
"vulnStatus": "Modified", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of fcport\n\nThe server was crashing after LOGO because fcport was getting freed twice.\n\n -----------[ cut here ]-----------\n kernel BUG at mm/slub.c:371!\n invalid opcode: 0000 1 SMP PTI\n CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n RIP: 0010:set_freepointer.part.57+0x0/0x10\n RSP: 0018:ffffb07107027d90 EFLAGS: 00010246\n RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400\n RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500\n RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009\n R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500\n R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58\n FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n kfree+0x238/0x250\n qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]\n ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]\n qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? kernfs_fop_write+0x11e/0x1a0\n\nRemove one of the free calls and add check for valid fcport. Also use\nfunction qla2x00_free_fcport() instead of kfree()." "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qla2xxx: Correcci\u00f3n doble liberaci\u00f3n de fcport El servidor fallaba despu\u00e9s de LOGO porque fcport se liberaba dos veces. -----------[ cortar aqu\u00ed ]----------- \u00a1ERROR del kernel en mm/slub.c:371! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: cargado Contaminado: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Nombre de hardware: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 03/09/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 RAX: RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 RDX: 0000000000001f37 RSI : 0000000000000000 RDI: ffff9cb7c0005500 RBP: fffff693448c5400 R08: 0000000080000000 R09: 00000000000000009 R10: 0000000000000000 R11: 0000000132af0 R12: ffff9cb7c0005500 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(000) 0) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 00000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: kfree+0x238/0x250 _els_dcmd_sp_free+0x20 /0x230 [qla2xxx] ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx] qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? kernfs_fop_write+0x11e/0x1a0 Elimine una de las llamadas gratuitas y agregue una verificaci\u00f3n de fcport v\u00e1lido. Utilice tambi\u00e9n la funci\u00f3n qla2x00_free_fcport() en lugar de kfree()."
} }
], ],
"metrics": { "metrics": {},
"cvssMetricV31": [ "references": []
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"matchCriteriaId": "131A208A-4C74-498A-BFFB-240B45FE2C0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.84",
"matchCriteriaId": "834D9BD5-42A6-4D74-979E-4D6D93F630FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.24",
"matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.12",
"matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartExcluding": "6.8",
"versionEndExcluding": "6.8.3",
"matchCriteriaId": "1649B701-9DF9-4E5D-AA4B-6A7071BF05D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
} }

69
CVE-2024/CVE-2024-290xx/CVE-2024-29049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29049", "id": "CVE-2024-29049",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-04-04T22:15:08.827", "published": "2024-04-04T22:15:08.827",
"lastModified": "2024-11-21T09:07:27.020", "lastModified": "2025-01-06T18:37:14.790",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.0, "exploitabilityScore": 1.0,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
} }
] ]
}, },
@ -49,16 +69,57 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0.2365.120",
"matchCriteriaId": "1A5B11B0-BD90-4DE9-8CAF-8EB64270417B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionStartIncluding": "123.0.2420.53",
"versionEndExcluding": "123.0.2420.81",
"matchCriteriaId": "644353AD-99A7-4044-B00C-786C55306EE8"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29049", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29049",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29049", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29049",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

49
CVE-2024/CVE-2024-299xx/CVE-2024-29981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29981", "id": "CVE-2024-29981",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-04-04T22:15:09.153", "published": "2024-04-04T22:15:09.153",
"lastModified": "2024-11-21T09:08:44.330", "lastModified": "2025-01-06T18:38:04.080",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -49,16 +49,57 @@
"value": "CWE-1021" "value": "CWE-1021"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0.2365.120",
"matchCriteriaId": "1A5B11B0-BD90-4DE9-8CAF-8EB64270417B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionStartIncluding": "123.0.2420.53",
"versionEndExcluding": "123.0.2420.81",
"matchCriteriaId": "644353AD-99A7-4044-B00C-786C55306EE8"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29981", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29981",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29981", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29981",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

34
CVE-2024/CVE-2024-319xx/CVE-2024-31914.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31914", "id": "CVE-2024-31914",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-06T16:15:28.320", "published": "2025-01-06T16:15:28.320",
"lastModified": "2025-01-06T16:15:28.320", "lastModified": "2025-01-06T17:15:36.653",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,27 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Primary", "type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"references": [ "references": [

25
CVE-2024/CVE-2024-460xx/CVE-2024-46073.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-46073",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:19.493",
"lastModified": "2025-01-06T18:15:19.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the \"next\" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a user into visiting a specially crafted URL, causing the execution of arbitrary JavaScript code in the context of the victim's browser. The issue occurs even though the application has sanitization mechanisms in place."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/gamonoid/icehrm",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/manisashank/CVE-Publish/blob/main/CVE-2024-46073.md",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-466xx/CVE-2024-46622.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-46622",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:19.660",
"lastModified": "2025-01-06T18:15:19.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion."
}
],
"metrics": {},
"references": [
{
"url": "https://www.secureage.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.secureage.com/blog/resolved-escalation-of-privilege",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47475.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47475",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-01-06T17:15:37.423",
"lastModified": "2025-01-06T17:15:37.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000242681/dsa-2024-417-security-update-for-dell-powerscale-onefs-for-security-vulnerability",
"source": "security_alert@emc.com"
}
]
}

39
CVE-2024/CVE-2024-511xx/CVE-2024-51111.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51111", "id": "CVE-2024-51111",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T16:15:28.807", "published": "2025-01-06T16:15:28.807",
"lastModified": "2025-01-06T16:15:28.807", "lastModified": "2025-01-06T18:15:20.060",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser." "value": "Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://pnetlab.com", "url": "http://pnetlab.com",

76
CVE-2024/CVE-2024-514xx/CVE-2024-51472.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-51472",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-01-06T17:15:38.517",
"lastModified": "2025-01-06T17:15:38.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177856",
"source": "psirt@us.ibm.com"
}
]
}

24
CVE-2024/CVE-2024-522xx/CVE-2024-52269.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-52269", "id": "CVE-2024-52269",
"sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"published": "2024-12-04T12:15:19.500", "published": "2024-12-04T12:15:19.500",
"lastModified": "2024-12-05T11:15:06.340", "lastModified": "2025-01-06T18:15:20.720",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [ "cveTags": [
{ {
@ -66,6 +66,28 @@
"providerUrgency": "RED" "providerUrgency": "RED"
} }
} }
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
] ]
}, },
"weaknesses": [ "weaknesses": [

24
CVE-2024/CVE-2024-522xx/CVE-2024-52276.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-52276", "id": "CVE-2024-52276",
"sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"published": "2024-12-04T11:30:50.947", "published": "2024-12-04T11:30:50.947",
"lastModified": "2024-12-05T11:15:07.360", "lastModified": "2025-01-06T18:15:20.967",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [ "cveTags": [
{ {
@ -66,6 +66,28 @@
"providerUrgency": "RED" "providerUrgency": "RED"
} }
} }
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
] ]
}, },
"weaknesses": [ "weaknesses": [

108
CVE-2024/CVE-2024-531xx/CVE-2024-53185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53185", "id": "CVE-2024-53185",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:25.973", "published": "2024-12-27T14:15:25.973",
"lastModified": "2024-12-27T14:15:25.973", "lastModified": "2025-01-06T17:17:06.007",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corregir NULL ptr deref en crypto_aead_setkey() Ni SMB3.0 ni SMB3.02 admiten el contexto de negociaci\u00f3n de cifrado, por lo que cuando se establece el indicador SMB2_GLOBAL_CAP_ENCRYPTION en la respuesta de negociaci\u00f3n, el cliente utiliza AES-128-CCM como cifrado predeterminado. Consulte MS-SMB2 3.3.5.4. el commit b0abcd65ec54 (\"smb: cliente: corregir UAF en descifrado as\u00edncrono\") agreg\u00f3 una comprobaci\u00f3n @server->cipher_type para llamar condicionalmente a smb3_crypto_aead_allocate(), pero esa comprobaci\u00f3n siempre ser\u00eda falsa ya que @server->cipher_type no est\u00e1 configurado para SMB3.02. Corrija el siguiente splat de KASAN configurando tambi\u00e9n @server->cipher_type para SMB3.02. mount.cifs //srv/share /mnt -o vers=3.02,seal,... ERROR: KASAN: null-ptr-deref en crypto_aead_setkey+0x2c/0x130 Lectura de tama\u00f1o 8 en la direcci\u00f3n 0000000000000020 por la tarea mount.cifs/1095 CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs No contaminado 6.12.0 #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Rastreo de llamadas: dump_stack_lvl+0x5d/0x80 ? crypto_aead_setkey+0x2c/0x130 kasan_report+0xda/0x110 ? crypto_aead_setkey+0x2c/0x130 crypto_aead_setkey+0x2c/0x130 crypt_message+0x258/0xec0 [cifs] ? __asan_memset+0x23/0x50 ? __pfx_crypt_message+0x10/0x10 [cifs] ? mark_lock+0xb0/0x6a0 ? hlock_class+0x32/0xb0 ? mark_lock+0xb0/0x6a0 smb3_init_transform_rq+0x352/0x3f0 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 smb_send_rqst+0x144/0x230 [cifs] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] ? hlock_class+0x32/0xb0 ? smb2_setup_request+0x225/0x3a0 [cifs] ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs] compuesto_send_recv+0x59b/0x1140 [cifs] ? __pfx_compound_send_recv+0x10/0x10 [cifs] ? __create_object+0x5e/0x90 ? hlock_class+0x32/0xb0 ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? bloqueo_adquirir.parte.0+0xf4/0x2a0 ? bloqueo_adquirir+0xc6/0x120 ? _get_xid+0x16/0xd0 [cifs] ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs] cifs_get_smb_ses+0xcdd/0x10a0 [cifs] ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs] ? cifs_get_tcp_session+0xaa0/0xca0 [cifs] cifs_mount_get_session+0x8a/0x210 [cifs] dfs_mount_share+0x1b0/0x11d0 [cifs] ? __pfx___lock_acquire+0x10/0x10 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? bloqueo_adquirir.parte.0+0xf4/0x2a0 ? bloqueo_retenido_encontrar+0x8a/0xa0 ? clase_bloqueo_h+0x32/0xb0 ? liberaci\u00f3n_bloqueo+0x203/0x5d0 montaje_cifs+0xb3/0x3d0 [cifs] ? intento_bloqueo_giro_sin_bloqueo+0xc6/0x120 ? montaje_cifs_pfx+0x10/0x10 [cifs] ? bloqueo_adquirir+0x3f/0x90 ? montaje_nls_encontrar+0x16/0xa0 ? banderas_mnt_actualizar_smb3+0x372/0x3b0 [cifs] cifs_smb3_hacer_montar+0x1e2/0xc80 [cifs] ? __pfx_vfs_parse_fs_string+0x10/0x10 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs] smb3_get_tree+0x1bf/0x330 [cifs] vfs_get_tree+0x4a/0x160 path_mount+0x3c1/0xfb0 ? kasan_quarantine_put+0xc7/0x1d0 ? __pfx_path_mount+0x10/0x10 ? kmem_cache_free+0x118/0x3e0 ? user_path_at+0x74/0xa0 __x64_sys_mount+0x1a6/0x1e0 ? __pfx___x64_sys_mount+0x10/0x10 ? marcar_bloqueos_retenidos+0x1a/0x90 hacer_llamada_al_sistema_64+0xbb/0x1d0 entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x77/0x7f" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corregir NULL ptr deref en crypto_aead_setkey() Ni SMB3.0 ni SMB3.02 admiten el contexto de negociaci\u00f3n de cifrado, por lo que cuando se establece el indicador SMB2_GLOBAL_CAP_ENCRYPTION en la respuesta de negociaci\u00f3n, el cliente utiliza AES-128-CCM como cifrado predeterminado. Consulte MS-SMB2 3.3.5.4. el commit b0abcd65ec54 (\"smb: cliente: corregir UAF en descifrado as\u00edncrono\") agreg\u00f3 una comprobaci\u00f3n @server->cipher_type para llamar condicionalmente a smb3_crypto_aead_allocate(), pero esa comprobaci\u00f3n siempre ser\u00eda falsa ya que @server->cipher_type no est\u00e1 configurado para SMB3.02. Corrija el siguiente splat de KASAN configurando tambi\u00e9n @server->cipher_type para SMB3.02. mount.cifs //srv/share /mnt -o vers=3.02,seal,... ERROR: KASAN: null-ptr-deref en crypto_aead_setkey+0x2c/0x130 Lectura de tama\u00f1o 8 en la direcci\u00f3n 0000000000000020 por la tarea mount.cifs/1095 CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs No contaminado 6.12.0 #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Rastreo de llamadas: dump_stack_lvl+0x5d/0x80 ? crypto_aead_setkey+0x2c/0x130 kasan_report+0xda/0x110 ? crypto_aead_setkey+0x2c/0x130 crypto_aead_setkey+0x2c/0x130 crypt_message+0x258/0xec0 [cifs] ? __asan_memset+0x23/0x50 ? __pfx_crypt_message+0x10/0x10 [cifs] ? mark_lock+0xb0/0x6a0 ? hlock_class+0x32/0xb0 ? mark_lock+0xb0/0x6a0 smb3_init_transform_rq+0x352/0x3f0 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 smb_send_rqst+0x144/0x230 [cifs] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] ? hlock_class+0x32/0xb0 ? smb2_setup_request+0x225/0x3a0 [cifs] ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs] compuesto_send_recv+0x59b/0x1140 [cifs] ? __pfx_compound_send_recv+0x10/0x10 [cifs] ? __create_object+0x5e/0x90 ? hlock_class+0x32/0xb0 ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? bloqueo_adquirir.parte.0+0xf4/0x2a0 ? bloqueo_adquirir+0xc6/0x120 ? _get_xid+0x16/0xd0 [cifs] ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs] cifs_get_smb_ses+0xcdd/0x10a0 [cifs] ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs] ? cifs_get_tcp_session+0xaa0/0xca0 [cifs] cifs_mount_get_session+0x8a/0x210 [cifs] dfs_mount_share+0x1b0/0x11d0 [cifs] ? __pfx___lock_acquire+0x10/0x10 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? bloqueo_adquirir.parte.0+0xf4/0x2a0 ? bloqueo_retenido_encontrar+0x8a/0xa0 ? clase_bloqueo_h+0x32/0xb0 ? liberaci\u00f3n_bloqueo+0x203/0x5d0 montaje_cifs+0xb3/0x3d0 [cifs] ? intento_bloqueo_giro_sin_bloqueo+0xc6/0x120 ? montaje_cifs_pfx+0x10/0x10 [cifs] ? bloqueo_adquirir+0x3f/0x90 ? montaje_nls_encontrar+0x16/0xa0 ? banderas_mnt_actualizar_smb3+0x372/0x3b0 [cifs] cifs_smb3_hacer_montar+0x1e2/0xc80 [cifs] ? __pfx_vfs_parse_fs_string+0x10/0x10 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs] smb3_get_tree+0x1bf/0x330 [cifs] vfs_get_tree+0x4a/0x160 path_mount+0x3c1/0xfb0 ? kasan_quarantine_put+0xc7/0x1d0 ? __pfx_path_mount+0x10/0x10 ? kmem_cache_free+0x118/0x3e0 ? user_path_at+0x74/0xa0 __x64_sys_mount+0x1a6/0x1e0 ? __pfx___x64_sys_mount+0x10/0x10 ? marcar_bloqueos_retenidos+0x1a/0x90 hacer_llamada_al_sistema_64+0xbb/0x1d0 entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x77/0x7f"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/22127c1dc04364cda3da812161e70921e6c3c0af", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/46f8e25926817272ec8d5bfbd003569bdeb9a8c8", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/9b8904b53b5ace0519c74cd89fc3ca763f3856d4", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.57",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "C8945A66-658A-4AD8-A181-1427B77B6201"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11.4",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "882290D1-9594-457B-B4DE-75810B78463D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/22127c1dc04364cda3da812161e70921e6c3c0af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/46f8e25926817272ec8d5bfbd003569bdeb9a8c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b8904b53b5ace0519c74cd89fc3ca763f3856d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

92
CVE-2024/CVE-2024-532xx/CVE-2024-53221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53221", "id": "CVE-2024-53221",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:30.190", "published": "2024-12-27T14:15:30.190",
"lastModified": "2024-12-27T14:15:30.190", "lastModified": "2025-01-06T17:18:20.647",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n de null-ptr-deref en f2fs_submit_page_bio() Existe el siguiente problema al instalar simult\u00e1neamente el m\u00f3dulo f2fs.ko y montar el sistema de archivos f2fs: KASAN: null-ptr-deref en el rango [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Seguimiento de llamadas: f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] El problema anterior ocurre porque el biset del sistema de archivos f2fs no est\u00e1 configurado inicializado antes de registrar \"f2fs_fs_type\". Para solucionar el problema anterior, simplemente registre \"f2fs_fs_type\" al final de init_f2fs_fs(). Aseg\u00farese de que todos los recursos del sistema de archivos f2fs est\u00e9n inicializados." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n de null-ptr-deref en f2fs_submit_page_bio() Existe el siguiente problema al instalar simult\u00e1neamente el m\u00f3dulo f2fs.ko y montar el sistema de archivos f2fs: KASAN: null-ptr-deref en el rango [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Seguimiento de llamadas: f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] El problema anterior ocurre porque el biset del sistema de archivos f2fs no est\u00e1 configurado inicializado antes de registrar \"f2fs_fs_type\". Para solucionar el problema anterior, simplemente registre \"f2fs_fs_type\" al final de init_f2fs_fs(). Aseg\u00farese de que todos los recursos del sistema de archivos f2fs est\u00e9n inicializados."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "F6E5BC9C-2956-4725-8827-6A983AE003AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-532xx/CVE-2024-53230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53230", "id": "CVE-2024-53230",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:31.290", "published": "2024-12-27T14:15:31.290",
"lastModified": "2024-12-27T14:15:31.290", "lastModified": "2025-01-06T17:19:04.183",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: Se corrige la posible desreferenciaci\u00f3n de puntero nulo para cppc_get_cpu_cost(). cpufreq_cpu_get_raw() puede devolver NULL si la CPU no est\u00e1 en la m\u00e1scara de CPU policy->cpus y provocar\u00e1 una desreferenciaci\u00f3n de puntero nulo, as\u00ed que verifique NULL para cppc_get_cpu_cost()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: Se corrige la posible desreferenciaci\u00f3n de puntero nulo para cppc_get_cpu_cost(). cpufreq_cpu_get_raw() puede devolver NULL si la CPU no est\u00e1 en la m\u00e1scara de CPU policy->cpus y provocar\u00e1 una desreferenciaci\u00f3n de puntero nulo, as\u00ed que verifique NULL para cppc_get_cpu_cost()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/1975b481f644f8f841d9c188e3c214fce187f18b", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/1a1374bb8c5926674973d849feed500bc61ad535", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/6be57617a38b3f33266acecdb3c063c1c079aaf7", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/afd22d9839359829776abb55cc9bc4946e888704", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/f05ef81db63889f6f14eb77fd140dac6cedb6f7f", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "96FDD29E-2D1D-4602-885E-33F1A42B1BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1975b481f644f8f841d9c188e3c214fce187f18b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1a1374bb8c5926674973d849feed500bc61ad535",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6be57617a38b3f33266acecdb3c063c1c079aaf7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/afd22d9839359829776abb55cc9bc4946e888704",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f05ef81db63889f6f14eb77fd140dac6cedb6f7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-532xx/CVE-2024-53231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53231", "id": "CVE-2024-53231",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:31.390", "published": "2024-12-27T14:15:31.390",
"lastModified": "2024-12-27T14:15:31.390", "lastModified": "2025-01-06T17:19:49.817",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: Se corrige la posible desreferenciaci\u00f3n de puntero nulo para cpufreq_cpu_get_raw(). cpufreq_cpu_get_raw() puede devolver NULL si la CPU no est\u00e1 en la m\u00e1scara de CPU policy->cpus y provocar\u00e1 una desreferenciaci\u00f3n de puntero nulo." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: Se corrige la posible desreferenciaci\u00f3n de puntero nulo para cpufreq_cpu_get_raw(). cpufreq_cpu_get_raw() puede devolver NULL si la CPU no est\u00e1 en la m\u00e1scara de CPU policy->cpus y provocar\u00e1 una desreferenciaci\u00f3n de puntero nulo."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/65fe2f7fdafe2698a343661800434b3f2e51041e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/a357b63fd21e4b2791008c2175ba7a8c235ebce1", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a78e7207564258db6e373e86294a85f9d646d35a", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/e07570a8f2cfc51260c6266cb8e1bd4777a610d6", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/e9b39f1924b76abc18881e4ce899fb232dd23d12", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "96FDD29E-2D1D-4602-885E-33F1A42B1BB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/65fe2f7fdafe2698a343661800434b3f2e51041e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a357b63fd21e4b2791008c2175ba7a8c235ebce1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a78e7207564258db6e373e86294a85f9d646d35a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e07570a8f2cfc51260c6266cb8e1bd4777a610d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e9b39f1924b76abc18881e4ce899fb232dd23d12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

39
CVE-2024/CVE-2024-538xx/CVE-2024-53833.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-53833", "id": "CVE-2024-53833",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2025-01-03T04:15:06.227", "published": "2025-01-03T04:15:06.227",
"lastModified": "2025-01-03T04:15:06.227", "lastModified": "2025-01-06T17:15:39.110",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En prepare_response_locked de lwis_transaction.c, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n." "value": "En prepare_response_locked de lwis_transaction.c, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2024-12-01", "url": "https://source.android.com/security/bulletin/pixel/2024-12-01",

14
CVE-2024/CVE-2024-539xx/CVE-2024-53916.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-53916", "id": "CVE-2024-53916",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-25T00:15:04.423", "published": "2024-11-25T00:15:04.423",
"lastModified": "2024-12-04T22:15:22.840", "lastModified": "2025-01-06T18:15:21.627",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232", "url": "https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232",

25
CVE-2024/CVE-2024-548xx/CVE-2024-54879.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-54879",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:21.880",
"lastModified": "2025-01-06T18:15:21.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely."
}
],
"metrics": {},
"references": [
{
"url": "http://seacms.com",
"source": "cve@mitre.org"
},
{
"url": "https://blog.csdn.net/weixin_46686336/article/details/144797242",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-548xx/CVE-2024-54880.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-54880",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:22.037",
"lastModified": "2025-01-06T18:15:22.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.csdn.net/weixin_46686336/article/details/144797063",
"source": "cve@mitre.org"
},
{
"url": "https://www.seacms.net/",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-555xx/CVE-2024-55529.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-55529",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-06T18:15:22.183",
"lastModified": "2025-01-06T18:15:22.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \\zb_users\\theme\\shell\\template."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fengyijiu520/Z-Blog-",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-556xx/CVE-2024-55605.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-55605",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-06T17:15:39.600",
"lastModified": "2025-01-06T17:15:39.600",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7229",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-556xx/CVE-2024-55626.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-55626",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-06T18:15:22.570",
"lastModified": "2025-01-06T18:15:22.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-680"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7366",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2024/CVE-2024-556xx/CVE-2024-55627.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-55627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-06T18:15:22.757",
"lastModified": "2025-01-06T18:15:22.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7393",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2024/CVE-2024-556xx/CVE-2024-55628.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-55628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-06T18:15:22.947",
"lastModified": "2025-01-06T18:15:22.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-405"
},
{
"lang": "en",
"value": "CWE-779"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7280",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2024/CVE-2024-556xx/CVE-2024-55629.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-55629",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-06T18:15:23.130",
"lastModified": "2025-01-06T18:15:23.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-437"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7411",
"source": "security-advisories@github.com"
}
]
}

29
CVE-2024/CVE-2024-55xx/CVE-2024-5594.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5594", "id": "CVE-2024-5594",
"sourceIdentifier": "security@openvpn.net", "sourceIdentifier": "security@openvpn.net",
"published": "2025-01-06T14:15:08.807", "published": "2025-01-06T14:15:08.807",
"lastModified": "2025-01-06T14:15:08.807", "lastModified": "2025-01-06T17:15:44.383",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -11,7 +11,30 @@
"value": "OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins." "value": "OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@openvpn.net", "source": "security@openvpn.net",

162
CVE-2024/CVE-2024-565xx/CVE-2024-56574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56574", "id": "CVE-2024-56574",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.420", "published": "2024-12-27T15:15:16.420",
"lastModified": "2024-12-27T15:15:16.420", "lastModified": "2025-01-06T17:20:38.493",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN inform\u00f3 un problema de null-ptr-deref al ejecutar el siguiente comando: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd No contaminado 6.12.0-rc2+ #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 00000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 000000000000006f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... La causa del problema es que al usar sysfs para registrar din\u00e1micamente un Dispositivo i2c, no hay datos de plataforma, pero el proceso de sondeo de ts2020 necesita utilizar datos de plataforma, lo que da como resultado el acceso a un puntero nulo. Resuelva este problema agregando comprobaciones a los datos de plataforma." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN inform\u00f3 un problema de null-ptr-deref al ejecutar el siguiente comando: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd No contaminado 6.12.0-rc2+ #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 00000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 000000000000006f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... La causa del problema es que al usar sysfs para registrar din\u00e1micamente un Dispositivo i2c, no hay datos de plataforma, pero el proceso de sondeo de ts2020 necesita utilizar datos de plataforma, lo que da como resultado el acceso a un puntero nulo. Resuelva este problema agregando comprobaciones a los datos de plataforma."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "4B08AFEE-D4EF-47B3-BD35-5A861B359191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.4",
"matchCriteriaId": "04756810-D093-4B43-B1D9-CF5035968061"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

92
CVE-2024/CVE-2024-565xx/CVE-2024-56577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56577", "id": "CVE-2024-56577",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.767", "published": "2024-12-27T15:15:16.767",
"lastModified": "2024-12-27T15:15:16.767", "lastModified": "2025-01-06T17:21:33.627",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mtk-jpeg: Corregir null-ptr-deref durante la descarga del m\u00f3dulo La cola de trabajo debe destruirse en mtk_jpeg_core.c desde el commit 09aea13ecf6f (\"media: mtk-jpeg: refactorizar algunas variables\"), de lo contrario, el siguiente seguimiento de llamadas puede activarse f\u00e1cilmente. [ 677.862514] No se puede gestionar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual dfff800000000023 [ 677.863633] KASAN: null-ptr-deref en el rango [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: GO 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroy_workqueue+0x3c/0x770 [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 000000000000000 x12: x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9: ffff80000aa43e90 [677.891208] x8: 00008fffeea4d1b4 x7: ffff80008ad97267 x6: 0000000000000001 [677.892131] x5: ffff80008ad97260 x4: ffff7000115b2e4d x3: 0000000000000000 [677.893054] x2: 00000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Rastreo de llamadas: [ 677.894297] destroy_workqueue+0x3c/0x770 [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.895677] devm_action_release+0x50/0x90 [ 677.896211] release_nodes+0xe8/0x170 [ 677.896688] devres_release_all+0xf8/0x178 [ 677.897219] device_unbind_cleanup+0x24/0x170 [ 677.897785] device_release_driver_internal+0x35c/0x480 [ 677.898461] device_release_driver+0x20/0x38 ... [ 677.912665] ---[ fin de seguimiento 0000000000000000 ]---" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: mtk-jpeg: Corregir null-ptr-deref durante la descarga del m\u00f3dulo La cola de trabajo debe destruirse en mtk_jpeg_core.c desde el commit 09aea13ecf6f (\"media: mtk-jpeg: refactorizar algunas variables\"), de lo contrario, el siguiente seguimiento de llamadas puede activarse f\u00e1cilmente. [ 677.862514] No se puede gestionar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual dfff800000000023 [ 677.863633] KASAN: null-ptr-deref en el rango [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: GO 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroy_workqueue+0x3c/0x770 [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 000000000000000 x12: x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9: ffff80000aa43e90 [677.891208] x8: 00008fffeea4d1b4 x7: ffff80008ad97267 x6: 0000000000000001 [677.892131] x5: ffff80008ad97260 x4: ffff7000115b2e4d x3: 0000000000000000 [677.893054] x2: 00000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Rastreo de llamadas: [ 677.894297] destroy_workqueue+0x3c/0x770 [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.895677] devm_action_release+0x50/0x90 [ 677.896211] release_nodes+0xe8/0x170 [ 677.896688] devres_release_all+0xf8/0x178 [ 677.897219] device_unbind_cleanup+0x24/0x170 [ 677.897785] device_release_driver_internal+0x35c/0x480 [ 677.898461] device_release_driver+0x20/0x38 ... [ 677.912665] ---[ fin de seguimiento 0000000000000000 ]---"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0ba08c21c6a92e6512e73644555120427c9a49d4", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/17af2b39daf12870cac61ffc360e62bc35798afb", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/bc3889a39baf783c64c6d628bbb74d76ce164bb1", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "443C5382-3B75-483A-BDE8-C8856CA429BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.4",
"matchCriteriaId": "04756810-D093-4B43-B1D9-CF5035968061"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0ba08c21c6a92e6512e73644555120427c9a49d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/17af2b39daf12870cac61ffc360e62bc35798afb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc3889a39baf783c64c6d628bbb74d76ce164bb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

97
CVE-2024/CVE-2024-566xx/CVE-2024-56611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56611", "id": "CVE-2024-56611",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:20.587", "published": "2024-12-27T15:15:20.587",
"lastModified": "2024-12-27T15:15:20.587", "lastModified": "2025-01-06T17:22:48.560",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,94 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mempolicy: se corrige el error de migrants_to_node() suponiendo que hay al menos un VMA en un MM. Actualmente, suponemos que hay al menos un VMA en un MM, lo que no es cierto. Por lo tanto, podr\u00edamos terminar haciendo que find_vma() devuelva NULL, para luego desreferenciarlo. Por lo tanto, se gestiona correctamente el error de que find_vma() devuelva NULL. Esto corrige el informe: Ups: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 No contaminado 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [en l\u00ednea] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 C\u00f3digo: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 000000000000000 RBX: ffffc9000375fd78 RCX: 000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [en l\u00ednea] __se_sys_migrate_pages mm/mempolicy.c:1723 [en l\u00ednea] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm@linux-foundation.org: agregar improbable()]" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mempolicy: se corrige el error de migrants_to_node() suponiendo que hay al menos un VMA en un MM. Actualmente, suponemos que hay al menos un VMA en un MM, lo que no es cierto. Por lo tanto, podr\u00edamos terminar haciendo que find_vma() devuelva NULL, para luego desreferenciarlo. Por lo tanto, se gestiona correctamente el error de que find_vma() devuelva NULL. Esto corrige el informe: Ups: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 No contaminado 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [en l\u00ednea] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 C\u00f3digo: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 000000000000000 RBX: ffffc9000375fd78 RCX: 000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [en l\u00ednea] __se_sys_migrate_pages mm/mempolicy.c:1723 [en l\u00ednea] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm@linux-foundation.org: agregar improbable()]"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/091c1dd2d4df6edd1beebe0e5863d4034ade9572", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.16",
"versionEndExcluding": "6.6.66",
"matchCriteriaId": "FE619D1D-A017-4BE5-AB50-183794C0C729"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.5",
"matchCriteriaId": "9501D045-7A94-42CA-8B03-821BE94A65B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/091c1dd2d4df6edd1beebe0e5863d4034ade9572",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

167
CVE-2024/CVE-2024-566xx/CVE-2024-56643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56643", "id": "CVE-2024-56643",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:24.040", "published": "2024-12-27T15:15:24.040",
"lastModified": "2024-12-27T15:15:24.040", "lastModified": "2025-01-06T17:14:41.813",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,150 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: Se corrige la p\u00e9rdida de memoria en dccp_feat_change_recv Si dccp_feat_push_confirm() falla despu\u00e9s de que se acept\u00f3 un nuevo valor para la caracter\u00edstica SP sin conciliaci\u00f3n (rama 'entry == NULL'), la memoria asignada para ese valor con dccp_feat_clone_sp_val() nunca se libera. Aqu\u00ed est\u00e1 la pila kmemleak para esto: objeto sin referencia 0xffff88801d4ab488 (tama\u00f1o 8): comm \"syz-executor310\", pid 1127, jiffies 4295085598 (edad 41.666s) volcado hexadecimal (primeros 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [en l\u00ednea] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [en l\u00ednea] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [en l\u00ednea] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [en l\u00ednea] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 red/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 red/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv incluir/net/sock.h:1041 [en l\u00ednea] [<00000000a6c24128>] __release_sock+0x139/0x3b0 red/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] espera_de_conexi\u00f3n inet net/ipv4/af_inet.c:603 [en l\u00ednea] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] archivo_de_conexi\u00f3n_sys+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 red/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect red/socket.c:1892 [en l\u00ednea] [<00000000f4cb3815>] __se_sys_connect red/socket.c:1889 [en l\u00ednea] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 red/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Limpia la memoria asignada en caso de que dccp_feat_push_confirm() falle y se resuelve con un c\u00f3digo de reinicio de error. Encontrado por Linux Verification Center (linuxtesting.org) con Syzkaller." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dccp: Se corrige la p\u00e9rdida de memoria en dccp_feat_change_recv Si dccp_feat_push_confirm() falla despu\u00e9s de que se acept\u00f3 un nuevo valor para la caracter\u00edstica SP sin conciliaci\u00f3n (rama 'entry == NULL'), la memoria asignada para ese valor con dccp_feat_clone_sp_val() nunca se libera. Aqu\u00ed est\u00e1 la pila kmemleak para esto: objeto sin referencia 0xffff88801d4ab488 (tama\u00f1o 8): comm \"syz-executor310\", pid 1127, jiffies 4295085598 (edad 41.666s) volcado hexadecimal (primeros 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [en l\u00ednea] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [en l\u00ednea] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [en l\u00ednea] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [en l\u00ednea] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 red/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 red/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv incluir/net/sock.h:1041 [en l\u00ednea] [<00000000a6c24128>] __release_sock+0x139/0x3b0 red/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] espera_de_conexi\u00f3n inet net/ipv4/af_inet.c:603 [en l\u00ednea] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] archivo_de_conexi\u00f3n_sys+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 red/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect red/socket.c:1892 [en l\u00ednea] [<00000000f4cb3815>] __se_sys_connect red/socket.c:1889 [en l\u00ednea] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 red/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Limpia la memoria asignada en caso de que dccp_feat_push_confirm() falle y se resuelve con un c\u00f3digo de reinicio de error. Encontrado por Linux Verification Center (linuxtesting.org) con Syzkaller."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-401"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.29",
"versionEndExcluding": "5.4.287",
"matchCriteriaId": "1298C84F-E296-4E2D-8B96-829D4E94588D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.66",
"matchCriteriaId": "29A976AD-B9AB-4A95-9F08-7669F8847EB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.5",
"matchCriteriaId": "9501D045-7A94-42CA-8B03-821BE94A65B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

118
CVE-2024/CVE-2024-566xx/CVE-2024-56660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56660", "id": "CVE-2024-56660",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:25.857", "published": "2024-12-27T15:15:25.857",
"lastModified": "2024-12-27T15:15:25.857", "lastModified": "2025-01-06T18:43:45.897",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,113 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: DR, evitar la posible desreferencia del puntero de error La funci\u00f3n dr_domain_add_vport_cap() generalmente devuelve NULL en caso de error, pero a veces queremos que devuelva ERR_PTR(-EBUSY) para que el autor de la llamada pueda volver a intentarlo. El problema aqu\u00ed es que \"ret\" puede ser -EBUSY o -ENOMEM y si es y -ENOMEM, entonces el puntero de error se propaga de vuelta y finalmente se desreferencia en dr_ste_v0_build_src_gvmi_qpn_tag()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: DR, evitar la posible desreferencia del puntero de error La funci\u00f3n dr_domain_add_vport_cap() generalmente devuelve NULL en caso de error, pero a veces queremos que devuelva ERR_PTR(-EBUSY) para que el autor de la llamada pueda volver a intentarlo. El problema aqu\u00ed es que \"ret\" puede ser -EBUSY o -ENOMEM y si es y -ENOMEM, entonces el puntero de error se propaga de vuelta y finalmente se desreferencia en dr_ste_v0_build_src_gvmi_qpn_tag()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/11776cff0b563c8b8a4fa76cab620bfb633a8cb8", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/325cf73a1b449fea3158ab99d03a7a717aad1618", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/61f720e801443d4e2a3c0261eda4ad8431458dca", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/a59c61a1869ceefc65ef02886f91e8cd0062211f", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.121",
"matchCriteriaId": "D8DA16A0-9C6E-493E-90EE-309A34901477"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11776cff0b563c8b8a4fa76cab620bfb633a8cb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/325cf73a1b449fea3158ab99d03a7a717aad1618",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/61f720e801443d4e2a3c0261eda4ad8431458dca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a59c61a1869ceefc65ef02886f91e8cd0062211f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

155
CVE-2024/CVE-2024-566xx/CVE-2024-56661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56661", "id": "CVE-2024-56661",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:25.960", "published": "2024-12-27T15:15:25.960",
"lastModified": "2024-12-27T15:15:25.960", "lastModified": "2025-01-06T18:49:40.310",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,138 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: se corrige la deref NULL en cleanup_bearer() syzbot encontr\u00f3 [1] que despu\u00e9s de el commit culpada, ub->ubsock->sk era NULL al intentar atomic_dec() : atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count); Solucione esto almacenando en cach\u00e9 el puntero tipc_net. [1] Ups: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 No contaminado 6.13.0-rc1-next-20241203-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: eventos cleanup_bearer RIP: 0010:read_pnet include/net/net_namespace.h:387 [en l\u00ednea] RIP: 0010:sock_net include/net/sock.h:655 [en l\u00ednea] RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820 C\u00f3digo: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: se corrige la deref NULL en cleanup_bearer() syzbot encontr\u00f3 [1] que despu\u00e9s de el commit culpada, ub->ubsock->sk era NULL al intentar atomic_dec() : atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count); Solucione esto almacenando en cach\u00e9 el puntero tipc_net. [1] Ups: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 No contaminado 6.13.0-rc1-next-20241203-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: eventos cleanup_bearer RIP: 0010:read_pnet include/net/net_namespace.h:387 [en l\u00ednea] RIP: 0010:sock_net include/net/sock.h:655 [en l\u00ednea] RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820 C\u00f3digo: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.287:*:*:*:*:*:*:*",
"matchCriteriaId": "270B5743-09BB-4393-B8A8-86C7EAAB8DAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10.231:*:*:*:*:*:*:*",
"matchCriteriaId": "7D576002-9649-4BE6-AF72-C5E230DF0A0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.15.174:*:*:*:*:*:*:*",
"matchCriteriaId": "B25345A0-8E32-4651-B6FF-2DE4DB0B3A48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "52A2191E-D354-4732-9A39-C4059434873F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6.66:*:*:*:*:*:*:*",
"matchCriteriaId": "36894D4E-0255-4309-B4D2-06ED50D7D076"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9807ED9-EBAB-45B9-AC9D-FA54900DD0DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

168
CVE-2024/CVE-2024-566xx/CVE-2024-56662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56662", "id": "CVE-2024-56662",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.073", "published": "2024-12-27T15:15:26.073",
"lastModified": "2024-12-27T15:15:26.073", "lastModified": "2025-01-06T18:51:31.593",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,155 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: acpi: nfit: vmalloc-out-of-bounds Lectura en acpi_nfit_ctl Se soluciona un problema detectado por syzbot con KASAN: ERROR: KASAN: vmalloc-out-of-bounds en cmd_to_func drivers/acpi/nfit/ core.c:416 [en l\u00ednea] ERROR: KASAN: vmalloc-out-of-bounds en acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 El problema ocurre en cmd_to_func cuando se accede a la matriz call_pkg->nd_reserved2 sin verificar que call_pkg apunte a un b\u00fafer que tenga el tama\u00f1o adecuado como una estructura nd_cmd_pkg. Esto puede provocar un acceso fuera de los l\u00edmites y un comportamiento indefinido si el b\u00fafer no tiene suficiente espacio. Para solucionar este problema, se agreg\u00f3 una verificaci\u00f3n en acpi_nfit_ctl() para garantizar que buf no sea NULL y que buf_len sea menor que sizeof(*call_pkg) antes de acceder a \u00e9l. Esto garantiza un acceso seguro a los miembros de call_pkg, incluida la matriz nd_reserved2." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: acpi: nfit: vmalloc-out-of-bounds Lectura en acpi_nfit_ctl Se soluciona un problema detectado por syzbot con KASAN: ERROR: KASAN: vmalloc-out-of-bounds en cmd_to_func drivers/acpi/nfit/ core.c:416 [en l\u00ednea] ERROR: KASAN: vmalloc-out-of-bounds en acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 El problema ocurre en cmd_to_func cuando se accede a la matriz call_pkg->nd_reserved2 sin verificar que call_pkg apunte a un b\u00fafer que tenga el tama\u00f1o adecuado como una estructura nd_cmd_pkg. Esto puede provocar un acceso fuera de los l\u00edmites y un comportamiento indefinido si el b\u00fafer no tiene suficiente espacio. Para solucionar este problema, se agreg\u00f3 una verificaci\u00f3n en acpi_nfit_ctl() para garantizar que buf no sea NULL y que buf_len sea menor que sizeof(*call_pkg) antes de acceder a \u00e9l. Esto garantiza un acceso seguro a los miembros de call_pkg, incluida la matriz nd_reserved2."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771", "impactScore": 5.2
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-125"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.176",
"versionEndExcluding": "4.15",
"matchCriteriaId": "B6274D15-ED31-472F-B0FC-C76687469C95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.31",
"versionEndExcluding": "4.20",
"matchCriteriaId": "C208F54A-1F85-44EF-9E91-6DA461A49CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.4",
"versionEndExcluding": "5.10.232",
"matchCriteriaId": "3B31FA24-D2AC-48A5-A29D-35820E219F8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.175",
"matchCriteriaId": "7A1F3620-6900-4852-9229-C3527377EBDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.121",
"matchCriteriaId": "D8DA16A0-9C6E-493E-90EE-309A34901477"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

125
CVE-2024/CVE-2024-566xx/CVE-2024-56663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56663", "id": "CVE-2024-56663",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.187", "published": "2024-12-27T15:15:26.187",
"lastModified": "2024-12-27T15:15:26.187", "lastModified": "2025-01-06T18:52:41.737",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,120 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: correcci\u00f3n del error NL80211_ATTR_MLO_LINK_ID en uno Dado que la validaci\u00f3n del rango del atributo netlink proporciona una verificaci\u00f3n inclusiva, el *m\u00e1ximo* del atributo NL80211_ATTR_MLO_LINK_ID debe ser IEEE80211_MLD_MAX_NUM_LINKS - 1, lo que de lo contrario provocar\u00eda un error de uno. Una pila de fallos para demostraci\u00f3n: ==================================================================== ERROR: KASAN: acceso a memoria salvaje en ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 Lectura de tama\u00f1o 6 en la direcci\u00f3n 001102080000000c por la tarea fuzzer.386/9508 CPU: 1 PID: 9508 Comm: syz.1.386 No contaminado 6.1.70 #2 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_report+0xe0/0x750 mm/kasan/report.c:398 kasan_report+0x139/0x170 mm/kasan/report.c:495 kasan_check_range+0x287/0x290 mm/kasan/generic.c:189 memcpy+0x25/0x60 mm/kasan/shadow.c:65 ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 rdev_tx_control_port net/wireless/rdev-ops.h:761 [en l\u00ednea] nl80211_tx_control_port+0x7b3/0xc40 net/wireless/nl80211.c:15453 genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [en l\u00ednea] genl_rcv_msg+0x539/0x740 net/netlink/genetlink.c:850 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [en l\u00ednea] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [en l\u00ednea] __sock_sendmsg net/socket.c:728 [en l\u00ednea] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2591 [en l\u00ednea] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd Actualice la pol\u00edtica para garantizar una validaci\u00f3n correcta." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: correcci\u00f3n del error NL80211_ATTR_MLO_LINK_ID en uno Dado que la validaci\u00f3n del rango del atributo netlink proporciona una verificaci\u00f3n inclusiva, el *m\u00e1ximo* del atributo NL80211_ATTR_MLO_LINK_ID debe ser IEEE80211_MLD_MAX_NUM_LINKS - 1, lo que de lo contrario provocar\u00eda un error de uno. Una pila de fallos para demostraci\u00f3n: ==================================================================== ERROR: KASAN: acceso a memoria salvaje en ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 Lectura de tama\u00f1o 6 en la direcci\u00f3n 001102080000000c por la tarea fuzzer.386/9508 CPU: 1 PID: 9508 Comm: syz.1.386 No contaminado 6.1.70 #2 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_report+0xe0/0x750 mm/kasan/report.c:398 kasan_report+0x139/0x170 mm/kasan/report.c:495 kasan_check_range+0x287/0x290 mm/kasan/generic.c:189 memcpy+0x25/0x60 mm/kasan/shadow.c:65 ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 rdev_tx_control_port net/wireless/rdev-ops.h:761 [en l\u00ednea] nl80211_tx_control_port+0x7b3/0xc40 net/wireless/nl80211.c:15453 genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [en l\u00ednea] genl_rcv_msg+0x539/0x740 net/netlink/genetlink.c:850 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [en l\u00ednea] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [en l\u00ednea] __sock_sendmsg net/socket.c:728 [en l\u00ednea] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2591 [en l\u00ednea] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd Actualice la pol\u00edtica para garantizar una validaci\u00f3n correcta."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/29e640ae641b9f5ffc666049426d2b16c98d9963", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/2e3dbf938656986cce73ac4083500d0bcfbffe24", "impactScore": 5.2
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/f3412522f78826fef1dfae40ef378a863df2591c", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/f850d1d9f1106f528dfc5807565f2d1fa9a397d3", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-193"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"versionEndExcluding": "5.20",
"matchCriteriaId": "E8D3E719-D0A1-4044-AB60-B63044B0A1B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0",
"versionEndExcluding": "6.1.121",
"matchCriteriaId": "46F9451D-F254-4A6D-A0CE-93AC2EF2FC98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/29e640ae641b9f5ffc666049426d2b16c98d9963",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2e3dbf938656986cce73ac4083500d0bcfbffe24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f3412522f78826fef1dfae40ef378a863df2591c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f850d1d9f1106f528dfc5807565f2d1fa9a397d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

125
CVE-2024/CVE-2024-566xx/CVE-2024-56665.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56665", "id": "CVE-2024-56665",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.400", "published": "2024-12-27T15:15:26.400",
"lastModified": "2024-12-27T15:15:26.400", "lastModified": "2025-01-06T18:42:12.090",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,120 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf,perf: Se corrige el acceso no v\u00e1lido a prog_array en perf_event_detach_bpf_prog Syzbot inform\u00f3 [1] un fallo que ocurre en el siguiente escenario de seguimiento: - crear un evento perf de tracepoint con attr.inherit=1, adjuntarlo al proceso y establecerle el programa bpf - el proceso adjunto se bifurca -> chid crea un evento heredado el nuevo evento secundario comparte el programa bpf del padre y tp_event (de ah\u00ed prog_array) que es global para tracepoint - salir tanto del proceso como de su hijo -> liberar ambos eventos - la primera llamada perf_event_detach_bpf_prog liberar\u00e1 tp_event->prog_array y la segunda perf_event_detach_bpf_prog se bloquear\u00e1, porque tp_event->prog_array es NULL La correcci\u00f3n asegura que las comprobaciones perf_event_detach_bpf_prog prog_array es v\u00e1lido antes de intentar eliminar el programa bpf de \u00e9l. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf,perf: Se corrige el acceso no v\u00e1lido a prog_array en perf_event_detach_bpf_prog Syzbot inform\u00f3 [1] un fallo que ocurre en el siguiente escenario de seguimiento: - crear un evento perf de tracepoint con attr.inherit=1, adjuntarlo al proceso y establecerle el programa bpf - el proceso adjunto se bifurca -> chid crea un evento heredado el nuevo evento secundario comparte el programa bpf del padre y tp_event (de ah\u00ed prog_array) que es global para tracepoint - salir tanto del proceso como de su hijo -> liberar ambos eventos - la primera llamada perf_event_detach_bpf_prog liberar\u00e1 tp_event->prog_array y la segunda perf_event_detach_bpf_prog se bloquear\u00e1, porque tp_event->prog_array es NULL La correcci\u00f3n asegura que las comprobaciones perf_event_detach_bpf_prog prog_array es v\u00e1lido antes de intentar eliminar el programa bpf de \u00e9l. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.170",
"versionEndExcluding": "5.16",
"matchCriteriaId": "C7FE0726-C761-4349-9521-83EAB0A1FCB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.115",
"versionEndExcluding": "6.1.121",
"matchCriteriaId": "5DAD94E3-C170-44EA-93AC-5712A955ED0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.59",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "1CA5A1BF-E0D3-405F-8671-0923F72D88B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11.6",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "A23E2ECD-FEEE-4F72-A40D-756B9EC8B8DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

86
CVE-2024/CVE-2024-566xx/CVE-2024-56666.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56666", "id": "CVE-2024-56666",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.503", "published": "2024-12-27T15:15:26.503",
"lastModified": "2024-12-27T15:15:26.503", "lastModified": "2025-01-06T18:23:37.147",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,85 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Desreferenciar valor de retorno nulo En la funci\u00f3n pqm_uninit hay una asignaci\u00f3n de llamada de \"pdd = kfd_get_process_device_data\" que podr\u00eda ser nulo, y este valor fue posteriormente desreferenciado sin verificaci\u00f3n." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Desreferenciar valor de retorno nulo En la funci\u00f3n pqm_uninit hay una asignaci\u00f3n de llamada de \"pdd = kfd_get_process_device_data\" que podr\u00eda ser nulo, y este valor fue posteriormente desreferenciado sin verificaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/768442d918932c4da09003f1fd6be1750b93a4ba", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a592bb19abdc2072875c87da606461bfd7821b08", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "51496C42-4FDD-448D-9925-54CF2C078DF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/768442d918932c4da09003f1fd6be1750b93a4ba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a592bb19abdc2072875c87da606461bfd7821b08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

102
CVE-2024/CVE-2024-566xx/CVE-2024-56667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56667", "id": "CVE-2024-56667",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.600", "published": "2024-12-27T15:15:26.600",
"lastModified": "2024-12-27T15:15:26.600", "lastModified": "2025-01-06T18:21:07.280",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,99 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915: Se corrige la desreferencia de puntero NULL en capture_engine Cuando la estructura intel_context contiene NULL, genera un error de desreferencia de puntero NULL en drm_info(). (seleccionado de el commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d)" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/i915: Se corrige la desreferencia de puntero NULL en capture_engine Cuando la estructura intel_context contiene NULL, genera un error de desreferencia de puntero NULL en drm_info(). (seleccionado de el commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d)"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/da0b986256ae9a78b0215214ff44f271bfe237c1", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/e07f9c92bd127f8835ac669d83b5e7ff59bbb40f", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/e6ebe4f14a267bc431d0eebab4f335c0ebd45977", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "7ADA2DEA-E7E0-4C82-A5D7-41BCC88A223F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/da0b986256ae9a78b0215214ff44f271bfe237c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e07f9c92bd127f8835ac669d83b5e7ff59bbb40f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e6ebe4f14a267bc431d0eebab4f335c0ebd45977",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

90
CVE-2024/CVE-2024-566xx/CVE-2024-56668.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56668", "id": "CVE-2024-56668",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.693", "published": "2024-12-27T15:15:26.693",
"lastModified": "2024-12-27T15:15:26.693", "lastModified": "2025-01-06T18:20:19.580",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Arreglar el puntero NULL de qi_batch con el dominio principal anidado El qi_batch se asigna al asignar la etiqueta de cach\u00e9 para un dominio. Mientras que para el dominio principal anidado, se omite. Por lo tanto, al intentar asignar p\u00e1ginas al principal anidado, se produjo una desreferencia NULL. Adem\u00e1s, existe una posible fuga de memoria ya que no hay un bloqueo alrededor de la asignaci\u00f3n de dominio->qi_batch. Para resolverlo, agregue un ayudante para la asignaci\u00f3n de qi_batch y ll\u00e1melo tanto en __cache_tag_assign_domain() como en __cache_tag_assign_parent_domain(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000200 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 No contaminado 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Seguimiento de llamadas: ? __die+0x24/0x70 ? page_fault_oops+0x80/0x150 ? do_user_addr_fault+0x63/0x7b0 ? exc_page_fault+0x7c/0x220 ? asm_exc_page_fault+0x26/0x30 ? rango_de_vaciado_de_etiqueta_de_cach\u00e9_np+0x13c/0x260 intel_iommu_iotlb_sync_map+0x1a/0x30 iommu_map+0x61/0xf0 lote_a_dominio+0x188/0x250 iopt_area_fill_domains+0x125/0x320 ? iopt_map_pages+0x63/0x100 iopt_map_common.isra.0+0xa7/0x190 iopt_map_user_pages+0x6a/0x80 iommufd_ioas_map+0xcd/0x1d0 iommufd_fops_ioctl+0x118/0x1c0 __x64_sys_ioctl+0x93/0xc0 hacer_syscall_64+0x71/0x140 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x76/0x7e" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Arreglar el puntero NULL de qi_batch con el dominio principal anidado El qi_batch se asigna al asignar la etiqueta de cach\u00e9 para un dominio. Mientras que para el dominio principal anidado, se omite. Por lo tanto, al intentar asignar p\u00e1ginas al principal anidado, se produjo una desreferencia NULL. Adem\u00e1s, existe una posible fuga de memoria ya que no hay un bloqueo alrededor de la asignaci\u00f3n de dominio->qi_batch. Para resolverlo, agregue un ayudante para la asignaci\u00f3n de qi_batch y ll\u00e1melo tanto en __cache_tag_assign_domain() como en __cache_tag_assign_parent_domain(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000200 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 No contaminado 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Seguimiento de llamadas: ? __die+0x24/0x70 ? page_fault_oops+0x80/0x150 ? do_user_addr_fault+0x63/0x7b0 ? exc_page_fault+0x7c/0x220 ? asm_exc_page_fault+0x26/0x30 ? rango_de_vaciado_de_etiqueta_de_cach\u00e9_np+0x13c/0x260 intel_iommu_iotlb_sync_map+0x1a/0x30 iommu_map+0x61/0xf0 lote_a_dominio+0x188/0x250 iopt_area_fill_domains+0x125/0x320 ? iopt_map_pages+0x63/0x100 iopt_map_common.isra.0+0xa7/0x190 iopt_map_user_pages+0x6a/0x80 iommufd_ioas_map+0xcd/0x1d0 iommufd_fops_ioctl+0x118/0x1c0 __x64_sys_ioctl+0x93/0xc0 hacer_syscall_64+0x71/0x140 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x76/0x7e"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/74536f91962d5f6af0a42414773ce61e653c10ee", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}, },
{ {
"url": "https://git.kernel.org/stable/c/ffd774c34774fd4cc0e9cf2976595623a6c3a077", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "51496C42-4FDD-448D-9925-54CF2C078DF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/74536f91962d5f6af0a42414773ce61e653c10ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ffd774c34774fd4cc0e9cf2976595623a6c3a077",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

94
CVE-2024/CVE-2024-566xx/CVE-2024-56669.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56669", "id": "CVE-2024-56669",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.797", "published": "2024-12-27T15:15:26.797",
"lastModified": "2024-12-27T15:15:26.797", "lastModified": "2025-01-06T18:19:13.567",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,93 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: eliminar etiquetas de cach\u00e9 antes de deshabilitar ATS La implementaci\u00f3n actual elimina las etiquetas de cach\u00e9 despu\u00e9s de deshabilitar ATS, lo que genera posibles fugas de memoria y fallas del kernel. Espec\u00edficamente, las etiquetas de cach\u00e9 de tipo CACHE_TAG_DEVTLB pueden permanecer en la lista incluso despu\u00e9s de que se libere el dominio, lo que provoca una condici\u00f3n de use-after-free. Este problema realmente aparece cuando m\u00faltiples VF de diferentes PF pasan a un solo proceso de espacio de usuario a trav\u00e9s de vfio-pci. En tales casos, el n\u00facleo puede bloquearse con mensajes como: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000014 PGD 19036a067 P4D 1940a3067 PUD 136c9b067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 74 UID: 0 PID: 3183 Comm: testCli No contaminado 6.11.9 #2 RIP: 0010:cache_tag_flush_range+0x9b/0x250 Rastreo de llamadas: ? __die+0x1f/0x60 ? page_fault_oops+0x163/0x590 ? exc_page_fault+0x72/0x190 ? asm_exc_page_fault+0x22/0x30 ? rango_de_desinfecci\u00f3n_de_etiquetas_de_cach\u00e9+0x9b/0x250 ? cache_tag_flush_range+0x5d/0x250 intel_iommu_tlb_sync+0x29/0x40 intel_iommu_unmap_pages+0xfe/0x160 __iommu_unmap+0xd8/0x1a0 vfio_unmap_unpin+0x182/0x340 [vfio_iommu_type1] vfio_remove_dma+0x2a/0xb0 [vfio_iommu_type1] vfio_iommu_type1_ioctl+0xafa/0x18e0 [vfio_iommu_type1] Mueva cache_tag_unassign_domain() antes de iommu_disable_pci_caps() para solucionarlo." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: eliminar etiquetas de cach\u00e9 antes de deshabilitar ATS La implementaci\u00f3n actual elimina las etiquetas de cach\u00e9 despu\u00e9s de deshabilitar ATS, lo que genera posibles fugas de memoria y fallas del kernel. Espec\u00edficamente, las etiquetas de cach\u00e9 de tipo CACHE_TAG_DEVTLB pueden permanecer en la lista incluso despu\u00e9s de que se libere el dominio, lo que provoca una condici\u00f3n de use-after-free. Este problema realmente aparece cuando m\u00faltiples VF de diferentes PF pasan a un solo proceso de espacio de usuario a trav\u00e9s de vfio-pci. En tales casos, el n\u00facleo puede bloquearse con mensajes como: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000014 PGD 19036a067 P4D 1940a3067 PUD 136c9b067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 74 UID: 0 PID: 3183 Comm: testCli No contaminado 6.11.9 #2 RIP: 0010:cache_tag_flush_range+0x9b/0x250 Rastreo de llamadas: ? __die+0x1f/0x60 ? page_fault_oops+0x163/0x590 ? exc_page_fault+0x72/0x190 ? asm_exc_page_fault+0x22/0x30 ? rango_de_desinfecci\u00f3n_de_etiquetas_de_cach\u00e9+0x9b/0x250 ? cache_tag_flush_range+0x5d/0x250 intel_iommu_tlb_sync+0x29/0x40 intel_iommu_unmap_pages+0xfe/0x160 __iommu_unmap+0xd8/0x1a0 vfio_unmap_unpin+0x182/0x340 [vfio_iommu_type1] vfio_remove_dma+0x2a/0xb0 [vfio_iommu_type1] vfio_iommu_type1_ioctl+0xafa/0x18e0 [vfio_iommu_type1] Mueva cache_tag_unassign_domain() antes de iommu_disable_pci_caps() para solucionarlo."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/1f2557e08a617a4b5e92a48a1a9a6f86621def18", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}, },
{ {
"url": "https://git.kernel.org/stable/c/9a0a72d3ed919ebe6491f527630998be053151d8", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "EFB33A9C-69D1-4691-B0BD-2D5C9590E239"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1f2557e08a617a4b5e92a48a1a9a6f86621def18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9a0a72d3ed919ebe6491f527630998be053151d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

172
CVE-2024/CVE-2024-566xx/CVE-2024-56670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56670", "id": "CVE-2024-56670",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:26.890", "published": "2024-12-27T15:15:26.890",
"lastModified": "2024-12-27T15:15:26.890", "lastModified": "2025-01-06T18:13:02.807",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,35 +15,155 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_serial: soluciona el problema por el cual gs_start_io se bloqueaba debido al acceso a un puntero nulo. Teniendo en cuenta que en algunos casos extremos, cuando varios subprocesos acceden al controlador u_serial, el subproceso A ejecuta la operaci\u00f3n de apertura y llama a gs_open, el subproceso B ejecuta la operaci\u00f3n de desconexi\u00f3n y llama a la funci\u00f3n gserial_disconnect, el puntero port->port_usb se establecer\u00e1 en NULL. P. ej. Hilo A Hilo B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Bloqueo Esto hace que el hilo A acceda a un puntero nulo (port->port_usb es nulo) al llamar a la funci\u00f3n gs_free_requests, lo que provoca un bloqueo. Si port_usb es NULL, se omitir\u00e1 la solicitud de liberaci\u00f3n, ya que la realizar\u00e1 gserial_disconnect. Por lo tanto, agregue una verificaci\u00f3n de puntero nulo a gs_start_io antes de intentar acceder al valor del puntero port->port_usb. Rastreo de llamadas: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invocar_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_serial: soluciona el problema por el cual gs_start_io se bloqueaba debido al acceso a un puntero nulo. Teniendo en cuenta que en algunos casos extremos, cuando varios subprocesos acceden al controlador u_serial, el subproceso A ejecuta la operaci\u00f3n de apertura y llama a gs_open, el subproceso B ejecuta la operaci\u00f3n de desconexi\u00f3n y llama a la funci\u00f3n gserial_disconnect, el puntero port->port_usb se establecer\u00e1 en NULL. P. ej. Hilo A Hilo B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Bloqueo Esto hace que el hilo A acceda a un puntero nulo (port->port_usb es nulo) al llamar a la funci\u00f3n gs_free_requests, lo que provoca un bloqueo. Si port_usb es NULL, se omitir\u00e1 la solicitud de liberaci\u00f3n, ya que la realizar\u00e1 gserial_disconnect. Por lo tanto, agregue una verificaci\u00f3n de puntero nulo a gs_start_io antes de intentar acceder al valor del puntero port->port_usb. Rastreo de llamadas: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invocar_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.27",
"versionEndExcluding": "5.4.288",
"matchCriteriaId": "6E124544-1BF2-4F82-8695-47BCE74E1600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.232",
"matchCriteriaId": "0B975945-2894-4433-BA59-0988B75B4C12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.175",
"matchCriteriaId": "7A1F3620-6900-4852-9229-C3527377EBDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.121",
"matchCriteriaId": "D8DA16A0-9C6E-493E-90EE-309A34901477"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.67",
"matchCriteriaId": "BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "0CB1A9BB-F95E-43DD-A2FD-147912FD91E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

107
CVE-2024/CVE-2024-567xx/CVE-2024-56710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56710", "id": "CVE-2024-56710",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:05.970", "published": "2024-12-29T09:15:05.970",
"lastModified": "2025-01-02T14:15:08.600", "lastModified": "2025-01-06T17:13:00.090",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,104 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: se corrige la p\u00e9rdida de memoria en ceph_direct_read_write() La matriz bvecs que se asigna en iter_get_bvecs_alloc() se filtra y las p\u00e1ginas permanecen fijadas si ceph_alloc_sparse_ext_map() falla. No es necesario retrasar la asignaci\u00f3n del mapa sparse_ext hasta que se configure la matriz bvecs, as\u00ed que solucione esto moviendo la asignaci\u00f3n de sparse_ext un poco antes. Adem\u00e1s, haga un ajuste similar en __ceph_sync_read() para lograr coherencia (una p\u00e9rdida del mismo tipo en __ceph_sync_read() se ha abordado de forma diferente)." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: se corrige la p\u00e9rdida de memoria en ceph_direct_read_write() La matriz bvecs que se asigna en iter_get_bvecs_alloc() se filtra y las p\u00e1ginas permanecen fijadas si ceph_alloc_sparse_ext_map() falla. No es necesario retrasar la asignaci\u00f3n del mapa sparse_ext hasta que se configure la matriz bvecs, as\u00ed que solucione esto moviendo la asignaci\u00f3n de sparse_ext un poco antes. Adem\u00e1s, haga un ajuste similar en __ceph_sync_read() para lograr coherencia (una p\u00e9rdida del mismo tipo en __ceph_sync_read() se ha abordado de forma diferente)."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/44e518abbb498075ae85c7d1d1a503a6bb05ea2d", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/66e0c4f91461d17d48071695271c824620bed4ef", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/eb9041837123f31d5897e99bb761f46cb4ce5859", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.69",
"matchCriteriaId": "C7A72CB0-18DD-4A2A-8E59-4FB714531AA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.7",
"matchCriteriaId": "811AC89A-14AC-49FA-9B54-E99526F1CA47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/44e518abbb498075ae85c7d1d1a503a6bb05ea2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/66e0c4f91461d17d48071695271c824620bed4ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eb9041837123f31d5897e99bb761f46cb4ce5859",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

91
CVE-2024/CVE-2024-567xx/CVE-2024-56712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56712", "id": "CVE-2024-56712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T09:15:06.250", "published": "2024-12-29T09:15:06.250",
"lastModified": "2024-12-29T09:15:06.250", "lastModified": "2025-01-06T17:11:48.987",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,90 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udmabuf: reparar p\u00e9rdida de memoria en la \u00faltima ruta de error export_udmabuf() En export_udmabuf(), si dma_buf_fd() falla porque la tabla FD est\u00e1 llena, ya se ha creado un dma_buf que posee el udmabuf; pero la gesti\u00f3n de errores en udmabuf_create() destruir\u00e1 el udmabuf sin hacer nada con el dma_buf que lo contiene. Esto deja un dma_buf en la memoria que contiene un puntero colgante; aunque eso no parece conducir a nada malo excepto a una p\u00e9rdida de memoria. Arr\u00e9glelo moviendo la llamada dma_buf_fd() fuera de export_udmabuf() para que podamos darle un gesti\u00f3n de errores diferente. Tenga en cuenta que la forma de este c\u00f3digo cambi\u00f3 mucho en el commit 5e72b2b41a21 (\"udmabuf: convertir el controlador udmabuf para usar folios\"); Pero la p\u00e9rdida de memoria parece haber existido desde la introducci\u00f3n de udmabuf." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udmabuf: reparar p\u00e9rdida de memoria en la \u00faltima ruta de error export_udmabuf() En export_udmabuf(), si dma_buf_fd() falla porque la tabla FD est\u00e1 llena, ya se ha creado un dma_buf que posee el udmabuf; pero la gesti\u00f3n de errores en udmabuf_create() destruir\u00e1 el udmabuf sin hacer nada con el dma_buf que lo contiene. Esto deja un dma_buf en la memoria que contiene un puntero colgante; aunque eso no parece conducir a nada malo excepto a una p\u00e9rdida de memoria. Arr\u00e9glelo moviendo la llamada dma_buf_fd() fuera de export_udmabuf() para que podamos darle un gesti\u00f3n de errores diferente. Tenga en cuenta que la forma de este c\u00f3digo cambi\u00f3 mucho en el commit 5e72b2b41a21 (\"udmabuf: convertir el controlador udmabuf para usar folios\"); Pero la p\u00e9rdida de memoria parece haber existido desde la introducci\u00f3n de udmabuf."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/c9fc8428d4255c2128da9c4d5cd92e554d0150cf", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/f49856f525acd5bef52ae28b7da2e001bbe7439e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "6.12.7",
"matchCriteriaId": "132A930B-79DA-4CD0-9863-6D6DAD5DDACA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/c9fc8428d4255c2128da9c4d5cd92e554d0150cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f49856f525acd5bef52ae28b7da2e001bbe7439e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

144
CVE-2024/CVE-2024-567xx/CVE-2024-56726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56726", "id": "CVE-2024-56726",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:06.703", "published": "2024-12-29T12:15:06.703",
"lastModified": "2024-12-29T12:15:06.703", "lastModified": "2025-01-06T17:10:17.110",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: gestionar errores otx2_mbox_get_rsp en cn10k.c. Agregar verificaci\u00f3n de puntero de error despu\u00e9s de llamar a otx2_mbox_get_rsp()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: gestionar errores otx2_mbox_get_rsp en cn10k.c. Agregar verificaci\u00f3n de puntero de error despu\u00e9s de llamar a otx2_mbox_get_rsp()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/41f39f4c67253f802809310be6846ff408c3c758", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/54abcec092616a4d01195355eb5d6036fb8fe363", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/856ad633e11869729be698df2287ecfe6ec31f27", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/a374e7e79fbdd7574bd89344447b0d4b91ba9801", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/ac9183023b6a9c09467516abd8aab04f9a2f9564", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/c5a6c5af434671aea739a5a41c849819144f02c9", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "018DF5B7-C996-453C-A0E3-17831086B30F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/41f39f4c67253f802809310be6846ff408c3c758",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/54abcec092616a4d01195355eb5d6036fb8fe363",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/856ad633e11869729be698df2287ecfe6ec31f27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a374e7e79fbdd7574bd89344447b0d4b91ba9801",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ac9183023b6a9c09467516abd8aab04f9a2f9564",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c5a6c5af434671aea739a5a41c849819144f02c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-567xx/CVE-2024-56727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56727", "id": "CVE-2024-56727",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:06.813", "published": "2024-12-29T12:15:06.813",
"lastModified": "2024-12-29T12:15:06.813", "lastModified": "2025-01-06T17:09:19.120",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: gestionar errores otx2_mbox_get_rsp en otx2_flows.c. A\u00f1adiendo comprobaci\u00f3n de puntero de error despu\u00e9s de llamar a otx2_mbox_get_rsp()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: gestionar errores otx2_mbox_get_rsp en otx2_flows.c. A\u00f1adiendo comprobaci\u00f3n de puntero de error despu\u00e9s de llamar a otx2_mbox_get_rsp()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/8c9f8b35dc3d4ad8053a72bc0c5a7843591f6b75", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/a479b3d7586e6f77f8337bbcac980eaf2d0a4029", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/bd3110bc102ab6292656b8118be819faa0de8dd0", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/c4eae7bac880edd88aaed6a8ec2997fa85e259c7", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/e5e60f17d2462ef5c13db4d1a54eef5778fd2295", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "F74E4CA1-0407-4198-8012-2A7BB41D8B4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/8c9f8b35dc3d4ad8053a72bc0c5a7843591f6b75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a479b3d7586e6f77f8337bbcac980eaf2d0a4029",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd3110bc102ab6292656b8118be819faa0de8dd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c4eae7bac880edd88aaed6a8ec2997fa85e259c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e5e60f17d2462ef5c13db4d1a54eef5778fd2295",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

180
CVE-2024/CVE-2024-567xx/CVE-2024-56748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56748", "id": "CVE-2024-56748",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:08.303", "published": "2024-12-29T12:15:08.303",
"lastModified": "2024-12-29T12:15:08.303", "lastModified": "2025-01-06T17:07:33.423",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qedf: Se corrige una posible p\u00e9rdida de memoria en qedf_alloc_and_init_sb() El gancho \"qed_ops->common->sb_init = qed_sb_init\" no libera la memoria DMA sb_virt cuando falla. Agregue dma_free_coherent() para liberarla. Esta es la misma forma que qedr_alloc_mem_sb() y qede_alloc_mem_sb()." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qedf: Se corrige una posible p\u00e9rdida de memoria en qedf_alloc_and_init_sb() El gancho \"qed_ops->common->sb_init = qed_sb_init\" no libera la memoria DMA sb_virt cuando falla. Agregue dma_free_coherent() para liberarla. Esta es la misma forma que qedr_alloc_mem_sb() y qede_alloc_mem_sb()."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-401"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb", "versionStartIncluding": "4.11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "versionEndExcluding": "5.4.287",
"matchCriteriaId": "5F182E41-B51C-4700-AC27-E092FB0ACC21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.231",
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.174",
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

92
CVE-2024/CVE-2024-567xx/CVE-2024-56749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56749", "id": "CVE-2024-56749",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:08.410", "published": "2024-12-29T12:15:08.410",
"lastModified": "2024-12-29T12:15:08.410", "lastModified": "2025-01-06T17:06:18.380",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dlm: se corrige el recuento de referencias de dlm_recover_members en caso de error. Si dlm_recover_members() falla, no eliminamos las referencias de la lista ra\u00edz creada anteriormente que contiene y mantenemos todos los rsbs activos durante la recuperaci\u00f3n. Puede que no sea un evento improbable porque ping_members() podr\u00eda encontrarse con un -EINTR si se activa nuevamente otro progreso de recuperaci\u00f3n." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dlm: se corrige el recuento de referencias de dlm_recover_members en caso de error. Si dlm_recover_members() falla, no eliminamos las referencias de la lista ra\u00edz creada anteriormente que contiene y mantenemos todos los rsbs activos durante la recuperaci\u00f3n. Puede que no sea un evento improbable porque ping_members() podr\u00eda encontrarse con un -EINTR si se activa nuevamente otro progreso de recuperaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/200b977ebbc313a59174ba971006a231b3533dc5", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/3230718a75a6c30ed60ac920c26be2119fa82b8e", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/fb2ec564887af1f365d754f7c306f1b5cd375b5e", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "158A6B22-9260-41D7-965A-A81798A5A969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/200b977ebbc313a59174ba971006a231b3533dc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3230718a75a6c30ed60ac920c26be2119fa82b8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fb2ec564887af1f365d754f7c306f1b5cd375b5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

76
CVE-2024/CVE-2024-567xx/CVE-2024-56750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56750", "id": "CVE-2024-56750",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:08.517", "published": "2024-12-29T12:15:08.517",
"lastModified": "2024-12-29T12:15:08.517", "lastModified": "2025-01-06T17:04:58.267",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige blksize < PAGE_SIZE para montajes respaldados por archivos Ajuste sb->s_blocksize{,_bits} directamente para montajes respaldados por archivos cuando el tama\u00f1o de bloque fs es menor que PAGE_SIZE. Anteriormente, EROFS usaba sb_set_blocksize(), que causaba un p\u00e1nico si no se usaban montajes respaldados por bdev." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige blksize < PAGE_SIZE para montajes respaldados por archivos Ajuste sb->s_blocksize{,_bits} directamente para montajes respaldados por archivos cuando el tama\u00f1o de bloque fs es menor que PAGE_SIZE. Anteriormente, EROFS usaba sb_set_blocksize(), que causaba un p\u00e1nico si no se usaban montajes respaldados por bdev."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/679d8537e5748241c71ac97a6b6dc919eae31716", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/bae0854160939a64a092516ff1b2f221402b843b", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/679d8537e5748241c71ac97a6b6dc919eae31716",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bae0854160939a64a092516ff1b2f221402b843b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-567xx/CVE-2024-56751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56751", "id": "CVE-2024-56751",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-29T12:15:08.640", "published": "2024-12-29T12:15:08.640",
"lastModified": "2024-12-29T12:15:08.640", "lastModified": "2025-01-06T17:00:37.690",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: liberar el siguiente salto al eliminar el dispositivo. La CI est\u00e1 experimentando un bloqueo aperi\u00f3dico en el momento de eliminar el dispositivo en la prueba autom\u00e1tica pmtu.sh: unregister_netdevice: esperando a que veth_A-R1 se libere. Recuento de uso = 6 ref_tracker: veth_A-R1@ffff888013df15d8 tiene 1/5 usuarios en dst_init+0x84/0x4a0 dst_alloc+0x97/0x150 ip6_dst_alloc+0x23/0x90 ip6_rt_pcpu_alloc+0x1e6/0x520 ip6_pol_route+0x56f/0x840 fib6_rule_lookup+0x334/0x630 ip6_route_output_flags+0x259/0x480 ip6_dst_lookup_tail.constprop.0+0x5c2/0x940 ip6_dst_lookup_flow+0x88/0x190 udp_tunnel6_dst_lookup+0x2a7/0x4c0 vxlan_xmit_one+0xbde/0x4a50 [vxlan] vxlan_xmit+0x9ad/0xf20 [vxlan] dev_hard_start_xmit+0x10e/0x360 __dev_queue_xmit+0xf95/0x18c0 arp_solicit+0x4a2/0xe00 neigh_probe+0xaa/0xf0 Si bien el primer sospechoso es dst_cache, el seguimiento expl\u00edcito del dst que debe la \u00faltima referencia del dispositivo a trav\u00e9s de sondas demostr\u00f3 que dicho dst se mantiene en el siguiente salto en el fib6_info de origen. Similar a el commit f5b51fe804ec (\"ipv6: route: purge exception on removal\"), necesitamos liberar expl\u00edcitamente la informaci\u00f3n fib original al desconectar un dispositivo que se va a eliminar de un dst ipv6 activo: mueva la desinfecci\u00f3n fib6_info a ip6_dst_ifdown(). Probado ejecutando: ./pmtu.sh cleanup_ipv6_exception en un bucle cerrado durante m\u00e1s de 400 iteraciones sin splat, ejecutando un kernel sin parchear Observ\u00e9 un splat cada ~10 iteraciones." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: liberar el siguiente salto al eliminar el dispositivo. La CI est\u00e1 experimentando un bloqueo aperi\u00f3dico en el momento de eliminar el dispositivo en la prueba autom\u00e1tica pmtu.sh: unregister_netdevice: esperando a que veth_A-R1 se libere. Recuento de uso = 6 ref_tracker: veth_A-R1@ffff888013df15d8 tiene 1/5 usuarios en dst_init+0x84/0x4a0 dst_alloc+0x97/0x150 ip6_dst_alloc+0x23/0x90 ip6_rt_pcpu_alloc+0x1e6/0x520 ip6_pol_route+0x56f/0x840 fib6_rule_lookup+0x334/0x630 ip6_route_output_flags+0x259/0x480 ip6_dst_lookup_tail.constprop.0+0x5c2/0x940 ip6_dst_lookup_flow+0x88/0x190 udp_tunnel6_dst_lookup+0x2a7/0x4c0 vxlan_xmit_one+0xbde/0x4a50 [vxlan] vxlan_xmit+0x9ad/0xf20 [vxlan] dev_hard_start_xmit+0x10e/0x360 __dev_queue_xmit+0xf95/0x18c0 arp_solicit+0x4a2/0xe00 neigh_probe+0xaa/0xf0 Si bien el primer sospechoso es dst_cache, el seguimiento expl\u00edcito del dst que debe la \u00faltima referencia del dispositivo a trav\u00e9s de sondas demostr\u00f3 que dicho dst se mantiene en el siguiente salto en el fib6_info de origen. Similar a el commit f5b51fe804ec (\"ipv6: route: purge exception on removal\"), necesitamos liberar expl\u00edcitamente la informaci\u00f3n fib original al desconectar un dispositivo que se va a eliminar de un dst ipv6 activo: mueva la desinfecci\u00f3n fib6_info a ip6_dst_ifdown(). Probado ejecutando: ./pmtu.sh cleanup_ipv6_exception en un bucle cerrado durante m\u00e1s de 400 iteraciones sin splat, ejecutando un kernel sin parchear Observ\u00e9 un splat cada ~10 iteraciones."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/0e4c6faaef8a24b762a24ffb767280e263ef8e10", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/43e25adc80269f917d2a195f0d59f74cdd182955", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/a3c3f8a4d025acc8c857246ec2b812c59102487a", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/b2f26a27ea3f72f75d18330f76f5d1007c791848", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "NVD-CWE-noinfo"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/eb02688c5c45c3e7af7e71f036a7144f5639cbfe", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "6.1.120",
"matchCriteriaId": "00376139-25FC-484F-BF0B-09AA1783B306"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.64",
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.11",
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12",
"versionEndExcluding": "6.12.2",
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e4c6faaef8a24b762a24ffb767280e263ef8e10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43e25adc80269f917d2a195f0d59f74cdd182955",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a3c3f8a4d025acc8c857246ec2b812c59102487a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b2f26a27ea3f72f75d18330f76f5d1007c791848",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eb02688c5c45c3e7af7e71f036a7144f5639cbfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

25
CVE-2024/CVE-2024-567xx/CVE-2024-56757.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56757",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-06T17:15:40.297",
"lastModified": "2025-01-06T17:15:40.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: mediatek: add intf release flow when usb disconnect\n\nMediaTek claim an special usb intr interface for ISO data transmission.\nThe interface need to be released before unregistering hci device when\nusb disconnect. Removing BT usb dongle without properly releasing the\ninterface may cause Kernel panic while unregister hci device."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-567xx/CVE-2024-56758.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56758",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-06T17:15:40.597",
"lastModified": "2025-01-06T17:15:40.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n </TASK>\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e74859ee35edc33a022c3f3971df066ea0ca6b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d508e56270389b3a16f5b3cf247f4eb1bbad1578",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More