From 9dfd72c97e43482238eb587f73aa0c310f5ce602 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 23 Oct 2024 16:03:56 +0000 Subject: [PATCH] Auto-Update: 2024-10-23T16:00:54.822569+00:00 --- CVE-2018/CVE-2018-133xx/CVE-2018-13374.json | 14 +- CVE-2018/CVE-2018-133xx/CVE-2018-13379.json | 14 +- CVE-2018/CVE-2018-133xx/CVE-2018-13382.json | 14 +- CVE-2018/CVE-2018-133xx/CVE-2018-13383.json | 14 +- CVE-2019/CVE-2019-55xx/CVE-2019-5591.json | 34 +- CVE-2021/CVE-2021-245xx/CVE-2021-24566.json | 14 +- CVE-2021/CVE-2021-441xx/CVE-2021-44168.json | 4 +- CVE-2022/CVE-2022-238xx/CVE-2022-23861.json | 8 +- CVE-2022/CVE-2022-238xx/CVE-2022-23862.json | 8 +- CVE-2022/CVE-2022-437xx/CVE-2022-43713.json | 14 +- CVE-2022/CVE-2022-489xx/CVE-2022-48946.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48947.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48948.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48949.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48950.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48951.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48952.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48953.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48954.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48955.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48956.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48957.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48958.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48959.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48960.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48961.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48962.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48963.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48964.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48965.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48966.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48967.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48968.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48969.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48970.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48971.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48972.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48973.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48974.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48975.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48976.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48977.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48978.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48979.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48980.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48981.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48982.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48983.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48984.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48985.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48986.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48987.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48988.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48989.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48990.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48991.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48992.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48994.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48995.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48996.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48997.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48998.json | 8 +- CVE-2022/CVE-2022-489xx/CVE-2022-48999.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49000.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49001.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49002.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49003.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49004.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49005.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49006.json | 10 +- CVE-2022/CVE-2022-490xx/CVE-2022-49007.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49008.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49009.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49010.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49011.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49012.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49013.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49014.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49015.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49016.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49017.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49018.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49019.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49020.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49021.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49022.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49023.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49024.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49025.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49026.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49027.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49028.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49029.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49030.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49031.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49032.json | 8 +- CVE-2022/CVE-2022-490xx/CVE-2022-49033.json | 8 +- CVE-2023/CVE-2023-206xx/CVE-2023-20677.json | 34 +- CVE-2023/CVE-2023-262xx/CVE-2023-26269.json | 22 +- CVE-2023/CVE-2023-287xx/CVE-2023-28707.json | 24 +- CVE-2023/CVE-2023-289xx/CVE-2023-28935.json | 22 +- CVE-2023/CVE-2023-324xx/CVE-2023-32418.json | 14 +- CVE-2023/CVE-2023-337xx/CVE-2023-33745.json | 14 +- CVE-2023/CVE-2023-384xx/CVE-2023-38410.json | 14 +- CVE-2023/CVE-2023-401xx/CVE-2023-40154.json | 57 +- CVE-2023/CVE-2023-401xx/CVE-2023-40161.json | 57 +- CVE-2023/CVE-2023-410xx/CVE-2023-41090.json | 57 +- CVE-2023/CVE-2023-461xx/CVE-2023-46186.json | 51 +- CVE-2023/CVE-2023-503xx/CVE-2023-50310.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5122.json | 62 +- CVE-2023/CVE-2023-529xx/CVE-2023-52918.json | 8 +- CVE-2023/CVE-2023-529xx/CVE-2023-52919.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10002.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10003.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10041.json | 48 + CVE-2024/CVE-2024-100xx/CVE-2024-10045.json | 8 +- CVE-2024/CVE-2024-101xx/CVE-2024-10125.json | 8 +- CVE-2024/CVE-2024-101xx/CVE-2024-10169.json | 71 +- CVE-2024/CVE-2024-101xx/CVE-2024-10183.json | 8 +- CVE-2024/CVE-2024-101xx/CVE-2024-10189.json | 8 +- CVE-2024/CVE-2024-101xx/CVE-2024-10196.json | 69 +- CVE-2024/CVE-2024-101xx/CVE-2024-10197.json | 69 +- CVE-2024/CVE-2024-102xx/CVE-2024-10229.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10230.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10231.json | 43 +- CVE-2024/CVE-2024-102xx/CVE-2024-10234.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10250.json | 60 ++ CVE-2024/CVE-2024-102xx/CVE-2024-10276.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10277.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10278.json | 4 +- CVE-2024/CVE-2024-102xx/CVE-2024-10279.json | 4 +- CVE-2024/CVE-2024-102xx/CVE-2024-10280.json | 141 +++ CVE-2024/CVE-2024-102xx/CVE-2024-10281.json | 141 +++ CVE-2024/CVE-2024-102xx/CVE-2024-10282.json | 141 +++ CVE-2024/CVE-2024-102xx/CVE-2024-10283.json | 141 +++ CVE-2024/CVE-2024-102xx/CVE-2024-10286.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10287.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10288.json | 8 +- CVE-2024/CVE-2024-102xx/CVE-2024-10289.json | 4 +- CVE-2024/CVE-2024-102xx/CVE-2024-10290.json | 137 +++ CVE-2024/CVE-2024-262xx/CVE-2024-26271.json | 8 +- CVE-2024/CVE-2024-262xx/CVE-2024-26272.json | 8 +- CVE-2024/CVE-2024-262xx/CVE-2024-26273.json | 8 +- CVE-2024/CVE-2024-265xx/CVE-2024-26519.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30122.json | 44 + CVE-2024/CVE-2024-301xx/CVE-2024-30157.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30158.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30159.json | 8 +- CVE-2024/CVE-2024-301xx/CVE-2024-30160.json | 8 +- CVE-2024/CVE-2024-310xx/CVE-2024-31007.json | 8 +- CVE-2024/CVE-2024-310xx/CVE-2024-31029.json | 8 +- CVE-2024/CVE-2024-318xx/CVE-2024-31880.json | 8 +- CVE-2024/CVE-2024-31xx/CVE-2024-3166.json | 61 +- CVE-2024/CVE-2024-352xx/CVE-2024-35285.json | 8 +- CVE-2024/CVE-2024-352xx/CVE-2024-35286.json | 8 +- CVE-2024/CVE-2024-352xx/CVE-2024-35287.json | 8 +- CVE-2024/CVE-2024-353xx/CVE-2024-35308.json | 8 +- CVE-2024/CVE-2024-353xx/CVE-2024-35314.json | 8 +- CVE-2024/CVE-2024-353xx/CVE-2024-35315.json | 8 +- CVE-2024/CVE-2024-380xx/CVE-2024-38002.json | 8 +- CVE-2024/CVE-2024-397xx/CVE-2024-39753.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40083.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40084.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40085.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40086.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40087.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40088.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40089.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40090.json | 8 +- CVE-2024/CVE-2024-400xx/CVE-2024-40091.json | 8 +- CVE-2024/CVE-2024-404xx/CVE-2024-40493.json | 8 +- CVE-2024/CVE-2024-404xx/CVE-2024-40494.json | 8 +- CVE-2024/CVE-2024-407xx/CVE-2024-40746.json | 8 +- CVE-2024/CVE-2024-411xx/CVE-2024-41183.json | 8 +- CVE-2024/CVE-2024-417xx/CVE-2024-41712.json | 8 +- CVE-2024/CVE-2024-417xx/CVE-2024-41713.json | 8 +- CVE-2024/CVE-2024-417xx/CVE-2024-41714.json | 8 +- CVE-2024/CVE-2024-417xx/CVE-2024-41717.json | 8 +- CVE-2024/CVE-2024-419xx/CVE-2024-41902.json | 60 +- CVE-2024/CVE-2024-426xx/CVE-2024-42643.json | 8 +- CVE-2024/CVE-2024-431xx/CVE-2024-43173.json | 8 +- CVE-2024/CVE-2024-431xx/CVE-2024-43177.json | 8 +- CVE-2024/CVE-2024-436xx/CVE-2024-43698.json | 8 +- CVE-2024/CVE-2024-438xx/CVE-2024-43812.json | 8 +- CVE-2024/CVE-2024-439xx/CVE-2024-43924.json | 8 +- CVE-2024/CVE-2024-440xx/CVE-2024-44000.json | 53 +- CVE-2024/CVE-2024-443xx/CVE-2024-44331.json | 8 +- CVE-2024/CVE-2024-448xx/CVE-2024-44812.json | 45 +- CVE-2024/CVE-2024-453xx/CVE-2024-45334.json | 8 +- CVE-2024/CVE-2024-453xx/CVE-2024-45335.json | 8 +- CVE-2024/CVE-2024-455xx/CVE-2024-45518.json | 8 +- CVE-2024/CVE-2024-455xx/CVE-2024-45519.json | 26 +- CVE-2024/CVE-2024-455xx/CVE-2024-45526.json | 8 +- CVE-2024/CVE-2024-462xx/CVE-2024-46236.json | 8 +- CVE-2024/CVE-2024-462xx/CVE-2024-46238.json | 8 +- CVE-2024/CVE-2024-462xx/CVE-2024-46239.json | 8 +- CVE-2024/CVE-2024-462xx/CVE-2024-46240.json | 8 +- CVE-2024/CVE-2024-463xx/CVE-2024-46326.json | 8 +- CVE-2024/CVE-2024-464xx/CVE-2024-46482.json | 8 +- CVE-2024/CVE-2024-464xx/CVE-2024-46483.json | 8 +- CVE-2024/CVE-2024-465xx/CVE-2024-46538.json | 8 +- CVE-2024/CVE-2024-468xx/CVE-2024-46870.json | 69 +- CVE-2024/CVE-2024-469xx/CVE-2024-46902.json | 8 +- CVE-2024/CVE-2024-469xx/CVE-2024-46903.json | 8 +- CVE-2024/CVE-2024-471xx/CVE-2024-47189.json | 8 +- CVE-2024/CVE-2024-472xx/CVE-2024-47223.json | 8 +- CVE-2024/CVE-2024-472xx/CVE-2024-47224.json | 8 +- CVE-2024/CVE-2024-474xx/CVE-2024-47459.json | 27 +- CVE-2024/CVE-2024-475xx/CVE-2024-47575.json | 56 ++ CVE-2024/CVE-2024-476xx/CVE-2024-47668.json | 144 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47679.json | 134 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47682.json | 110 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47683.json | 145 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47685.json | 134 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47686.json | 110 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47687.json | 86 +- CVE-2024/CVE-2024-476xx/CVE-2024-47688.json | 105 ++- CVE-2024/CVE-2024-476xx/CVE-2024-47689.json | 105 ++- CVE-2024/CVE-2024-478xx/CVE-2024-47819.json | 8 +- CVE-2024/CVE-2024-478xx/CVE-2024-47825.json | 8 +- CVE-2024/CVE-2024-478xx/CVE-2024-47845.json | 87 +- CVE-2024/CVE-2024-479xx/CVE-2024-47901.json | 100 ++ CVE-2024/CVE-2024-479xx/CVE-2024-47902.json | 100 ++ CVE-2024/CVE-2024-479xx/CVE-2024-47903.json | 100 ++ CVE-2024/CVE-2024-479xx/CVE-2024-47904.json | 100 ++ CVE-2024/CVE-2024-479xx/CVE-2024-47912.json | 8 +- CVE-2024/CVE-2024-484xx/CVE-2024-48415.json | 8 +- CVE-2024/CVE-2024-485xx/CVE-2024-48509.json | 8 +- CVE-2024/CVE-2024-485xx/CVE-2024-48570.json | 8 +- CVE-2024/CVE-2024-485xx/CVE-2024-48597.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48605.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48644.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48645.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48652.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48656.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48657.json | 8 +- CVE-2024/CVE-2024-486xx/CVE-2024-48659.json | 8 +- CVE-2024/CVE-2024-487xx/CVE-2024-48706.json | 8 +- CVE-2024/CVE-2024-487xx/CVE-2024-48707.json | 8 +- CVE-2024/CVE-2024-487xx/CVE-2024-48708.json | 8 +- CVE-2024/CVE-2024-487xx/CVE-2024-48709.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48903.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48904.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48919.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48925.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48926.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48927.json | 8 +- CVE-2024/CVE-2024-489xx/CVE-2024-48929.json | 8 +- CVE-2024/CVE-2024-492xx/CVE-2024-49208.json | 8 +- CVE-2024/CVE-2024-492xx/CVE-2024-49209.json | 8 +- CVE-2024/CVE-2024-492xx/CVE-2024-49210.json | 8 +- CVE-2024/CVE-2024-492xx/CVE-2024-49211.json | 8 +- CVE-2024/CVE-2024-493xx/CVE-2024-49366.json | 10 +- CVE-2024/CVE-2024-493xx/CVE-2024-49367.json | 10 +- CVE-2024/CVE-2024-493xx/CVE-2024-49368.json | 10 +- CVE-2024/CVE-2024-493xx/CVE-2024-49370.json | 78 ++ CVE-2024/CVE-2024-493xx/CVE-2024-49373.json | 8 +- CVE-2024/CVE-2024-496xx/CVE-2024-49604.json | 59 +- CVE-2024/CVE-2024-496xx/CVE-2024-49606.json | 47 +- CVE-2024/CVE-2024-496xx/CVE-2024-49611.json | 47 +- CVE-2024/CVE-2024-496xx/CVE-2024-49675.json | 56 ++ CVE-2024/CVE-2024-498xx/CVE-2024-49863.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49864.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49865.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49866.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49867.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49868.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49869.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49870.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49871.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49872.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49873.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49874.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49875.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49876.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49877.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49878.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49879.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49880.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49881.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49882.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49883.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49884.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49885.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49886.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49887.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49888.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49889.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49890.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49891.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49892.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49893.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49894.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49895.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49896.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49897.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49898.json | 8 +- CVE-2024/CVE-2024-498xx/CVE-2024-49899.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49900.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49901.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49902.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49903.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49904.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49905.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49906.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49907.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49908.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49909.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49910.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49911.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49912.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49913.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49914.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49915.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49916.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49917.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49918.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49919.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49920.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49921.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49922.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49923.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49924.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49925.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49926.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49927.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49928.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49929.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49930.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49931.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49932.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49933.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49934.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49935.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49936.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49937.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49938.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49939.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49940.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49941.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49942.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49943.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49944.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49945.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49946.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49947.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49948.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49949.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49950.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49951.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49952.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49953.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49954.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49955.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49956.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49957.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49958.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49959.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49960.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49961.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49962.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49963.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49964.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49965.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49966.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49967.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49968.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49969.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49970.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49971.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49972.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49973.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49974.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49975.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49976.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49977.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49978.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49979.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49980.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49981.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49982.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49983.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49984.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49985.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49986.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49987.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49988.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49989.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49990.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49991.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49992.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49993.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49994.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49995.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49996.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49997.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49998.json | 8 +- CVE-2024/CVE-2024-499xx/CVE-2024-49999.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50000.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50001.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50002.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50003.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50004.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50005.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50006.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50007.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50008.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50009.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50010.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50011.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50012.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50013.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50014.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50015.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50016.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50017.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50018.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50019.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50020.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50021.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50022.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50023.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50024.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50025.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50026.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50027.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50028.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50029.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50030.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50031.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50032.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50033.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50034.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50035.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50036.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50037.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50038.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50039.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50040.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50041.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50042.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50043.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50044.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50045.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50046.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50047.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50048.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50049.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50050.json | 21 + CVE-2024/CVE-2024-500xx/CVE-2024-50055.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50056.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50057.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50058.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50059.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50060.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50061.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50062.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50063.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50064.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50065.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50066.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50311.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50312.json | 8 +- CVE-2024/CVE-2024-57xx/CVE-2024-5764.json | 78 ++ CVE-2024/CVE-2024-75xx/CVE-2024-7587.json | 8 +- CVE-2024/CVE-2024-85xx/CVE-2024-8500.json | 8 +- CVE-2024/CVE-2024-88xx/CVE-2024-8852.json | 8 +- CVE-2024/CVE-2024-89xx/CVE-2024-8901.json | 8 +- CVE-2024/CVE-2024-89xx/CVE-2024-8980.json | 8 +- CVE-2024/CVE-2024-90xx/CVE-2024-9050.json | 6 +- CVE-2024/CVE-2024-91xx/CVE-2024-9129.json | 8 +- CVE-2024/CVE-2024-92xx/CVE-2024-9231.json | 8 +- CVE-2024/CVE-2024-92xx/CVE-2024-9287.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9530.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9541.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9583.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9588.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9589.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9590.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9591.json | 8 +- CVE-2024/CVE-2024-96xx/CVE-2024-9627.json | 8 +- CVE-2024/CVE-2024-96xx/CVE-2024-9677.json | 8 +- CVE-2024/CVE-2024-98xx/CVE-2024-9829.json | 8 +- CVE-2024/CVE-2024-99xx/CVE-2024-9927.json | 8 +- CVE-2024/CVE-2024-99xx/CVE-2024-9947.json | 18 +- CVE-2024/CVE-2024-99xx/CVE-2024-9987.json | 8 +- README.md | 57 +- _state.csv | 959 ++++++++++---------- 488 files changed, 6891 insertions(+), 1527 deletions(-) create mode 100644 CVE-2024/CVE-2024-100xx/CVE-2024-10041.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10250.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10280.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10281.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10282.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10283.json create mode 100644 CVE-2024/CVE-2024-102xx/CVE-2024-10290.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30122.json create mode 100644 CVE-2024/CVE-2024-475xx/CVE-2024-47575.json create mode 100644 CVE-2024/CVE-2024-479xx/CVE-2024-47901.json create mode 100644 CVE-2024/CVE-2024-479xx/CVE-2024-47902.json create mode 100644 CVE-2024/CVE-2024-479xx/CVE-2024-47903.json create mode 100644 CVE-2024/CVE-2024-479xx/CVE-2024-47904.json create mode 100644 CVE-2024/CVE-2024-493xx/CVE-2024-49370.json create mode 100644 CVE-2024/CVE-2024-496xx/CVE-2024-49675.json create mode 100644 CVE-2024/CVE-2024-500xx/CVE-2024-50050.json create mode 100644 CVE-2024/CVE-2024-57xx/CVE-2024-5764.json diff --git a/CVE-2018/CVE-2018-133xx/CVE-2018-13374.json b/CVE-2018/CVE-2018-133xx/CVE-2018-13374.json index a897f4960e2..6db85d456f6 100644 --- a/CVE-2018/CVE-2018-133xx/CVE-2018-13374.json +++ b/CVE-2018/CVE-2018-133xx/CVE-2018-13374.json @@ -2,8 +2,8 @@ "id": "CVE-2018-13374", "sourceIdentifier": "psirt@fortinet.com", "published": "2019-01-22T14:29:00.220", - "lastModified": "2024-06-28T14:04:14.410", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:00.903", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2022-09-08", "cisaActionDue": "2022-09-29", @@ -98,6 +98,16 @@ "value": "CWE-732" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] } ], "configurations": [ diff --git a/CVE-2018/CVE-2018-133xx/CVE-2018-13379.json b/CVE-2018/CVE-2018-133xx/CVE-2018-13379.json index b4eaaf2f4c7..a0d2559eb88 100644 --- a/CVE-2018/CVE-2018-133xx/CVE-2018-13379.json +++ b/CVE-2018/CVE-2018-133xx/CVE-2018-13379.json @@ -2,8 +2,8 @@ "id": "CVE-2018-13379", "sourceIdentifier": "psirt@fortinet.com", "published": "2019-06-04T21:29:00.233", - "lastModified": "2024-07-25T14:09:54.960", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:02.830", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", @@ -98,6 +98,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2018/CVE-2018-133xx/CVE-2018-13382.json b/CVE-2018/CVE-2018-133xx/CVE-2018-13382.json index c99893de409..3dceee6ad79 100644 --- a/CVE-2018/CVE-2018-133xx/CVE-2018-13382.json +++ b/CVE-2018/CVE-2018-133xx/CVE-2018-13382.json @@ -2,8 +2,8 @@ "id": "CVE-2018-13382", "sourceIdentifier": "psirt@fortinet.com", "published": "2019-06-04T21:29:00.373", - "lastModified": "2024-07-24T17:00:11.230", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:03.977", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2022-01-10", "cisaActionDue": "2022-07-10", @@ -98,6 +98,16 @@ "value": "CWE-863" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/CVE-2018/CVE-2018-133xx/CVE-2018-13383.json b/CVE-2018/CVE-2018-133xx/CVE-2018-13383.json index 953d431fc28..a6516927706 100644 --- a/CVE-2018/CVE-2018-133xx/CVE-2018-13383.json +++ b/CVE-2018/CVE-2018-133xx/CVE-2018-13383.json @@ -2,8 +2,8 @@ "id": "CVE-2018-13383", "sourceIdentifier": "psirt@fortinet.com", "published": "2019-05-29T18:29:00.693", - "lastModified": "2021-03-16T15:48:20.167", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:04.847", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2022-01-10", "cisaActionDue": "2022-07-10", @@ -98,6 +98,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/CVE-2019/CVE-2019-55xx/CVE-2019-5591.json b/CVE-2019/CVE-2019-55xx/CVE-2019-5591.json index cd5384553b3..702d630b84b 100644 --- a/CVE-2019/CVE-2019-55xx/CVE-2019-5591.json +++ b/CVE-2019/CVE-2019-55xx/CVE-2019-5591.json @@ -2,8 +2,8 @@ "id": "CVE-2019-5591", "sourceIdentifier": "psirt@fortinet.com", "published": "2020-08-14T16:15:16.070", - "lastModified": "2021-07-21T11:39:23.747", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:05.617", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", @@ -40,6 +40,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -78,6 +98,16 @@ "value": "CWE-306" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-245xx/CVE-2021-24566.json b/CVE-2021/CVE-2021-245xx/CVE-2021-24566.json index 112cf1eeb49..9b5499fa86b 100644 --- a/CVE-2021/CVE-2021-245xx/CVE-2021-24566.json +++ b/CVE-2021/CVE-2021-245xx/CVE-2021-24566.json @@ -2,8 +2,8 @@ "id": "CVE-2021-24566", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-16T16:15:09.003", - "lastModified": "2024-01-23T20:37:16.450", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:02.310", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -49,6 +49,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44168.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44168.json index 3368d58d0fb..70dd7bcfee8 100644 --- a/CVE-2021/CVE-2021-441xx/CVE-2021-44168.json +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44168.json @@ -2,8 +2,8 @@ "id": "CVE-2021-44168", "sourceIdentifier": "psirt@fortinet.com", "published": "2022-01-04T13:15:07.957", - "lastModified": "2024-10-22T21:35:02.960", - "vulnStatus": "Modified", + "lastModified": "2024-10-23T15:40:23.217", + "vulnStatus": "Analyzed", "cveTags": [], "cisaExploitAdd": "2021-12-10", "cisaActionDue": "2021-12-24", diff --git a/CVE-2022/CVE-2022-238xx/CVE-2022-23861.json b/CVE-2022/CVE-2022-238xx/CVE-2022-23861.json index ca38dd264e3..9b39ccc8cae 100644 --- a/CVE-2022/CVE-2022-238xx/CVE-2022-23861.json +++ b/CVE-2022/CVE-2022-238xx/CVE-2022-23861.json @@ -2,13 +2,17 @@ "id": "CVE-2022-23861", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T16:15:04.897", - "lastModified": "2024-10-22T19:35:01.570", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface." + }, + { + "lang": "es", + "value": " Se descubrieron m\u00faltiples vulnerabilidades de cross-site scripting almacenadas en Y Soft SAFEQ 6 Build 53. Se pueden usar varios campos en la aplicaci\u00f3n web YSoft SafeQ para inyectar entradas maliciosas que, debido a la falta de desinfecci\u00f3n de salida, dan como resultado la ejecuci\u00f3n de c\u00f3digo JS arbitrario. Estos campos se pueden aprovechar para realizar ataques XSS a usuarios leg\u00edtimos que acceden a la interfaz web de SafeQ." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-238xx/CVE-2022-23862.json b/CVE-2022/CVE-2022-238xx/CVE-2022-23862.json index e235f5c22fc..b55eee5d951 100644 --- a/CVE-2022/CVE-2022-238xx/CVE-2022-23862.json +++ b/CVE-2022/CVE-2022-238xx/CVE-2022-23862.json @@ -2,13 +2,17 @@ "id": "CVE-2022-23862", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T16:15:05.443", - "lastModified": "2024-10-22T19:35:03.463", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the \"NT Authority\\System\" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un problema de escalada de privilegios locales en Y Soft SAFEQ 6 Build 53. El servicio JMX de SafeQ que se ejecuta en el puerto 9696 es vulnerable a ataques JMX MLet. Debido a que el servicio no aplicaba la autenticaci\u00f3n y se ejecutaba bajo el usuario \"NT Authority\\System\", un atacante puede usar la vulnerabilidad para ejecutar c\u00f3digo arbitrario y ascender al usuario del sistema." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43713.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43713.json index 597ba20fcdd..a0baa363d46 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43713.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43713.json @@ -2,8 +2,8 @@ "id": "CVE-2022-43713", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-26T14:15:09.930", - "lastModified": "2023-08-04T15:49:03.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:06.987", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "CWE-20" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] } ], "configurations": [ diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json index 0f5f800df36..fca603b74f8 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48946.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48946", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.020", - "lastModified": "2024-10-21T20:15:06.020", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrige el descarte de preasignaci\u00f3n en el l\u00edmite de extensi\u00f3n indirecta. Cuando la extensi\u00f3n de preasignaci\u00f3n es la primera en el bloque de extensi\u00f3n, el c\u00f3digo corromper\u00eda el encabezado del \u00e1rbol de extensi\u00f3n. Corrija el problema y use udf_delete_aext() para eliminar la extensi\u00f3n y evitar la duplicaci\u00f3n de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json index d85eef2592b..2e10e5442ac 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48947.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48947", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.150", - "lastModified": "2024-10-21T20:15:06.150", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix u8 overflow\n\nBy keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases\nmultiple times and eventually it will wrap around the maximum number\n(i.e., 255).\nThis patch prevents this by adding a boundary check with\nL2CAP_MAX_CONF_RSP\n\nBtmon log:\nBluetooth monitor ver 5.64\n= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594\n= Note: Bluetooth subsystem version 2.22 0.264636\n@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191\n= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604\n@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741\n= Open Index: 00:00:00:00:00:00 [hci0] 13.900426\n(...)\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106\n invalid packet size (12 != 1033)\n 08 00 01 00 02 01 04 00 01 10 ff ff ............\n> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561\n invalid packet size (14 != 1547)\n 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......\n= bluetoothd: Bluetooth daemon 5.43 14.401828\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753\n invalid packet size (12 != 1033)\n 08 00 01 00 04 01 04 00 40 00 00 00 ........@..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: Corregir desbordamiento de u8 Al seguir enviando paquetes L2CAP_CONF_REQ, chan->num_conf_rsp aumenta varias veces y eventualmente alcanzar\u00e1 el n\u00famero m\u00e1ximo (es decir, 255). Este parche evita esto a\u00f1adiendo una comprobaci\u00f3n de los l\u00edmites con L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Nota: Linux versi\u00f3n 6.1.0-rc2 (x86_64) 0.264594 = Nota: Subsistema Bluetooth versi\u00f3n 2.22 0.264636 @ MGMT Open: btmon (privilegiado) versi\u00f3n 1.22 {0x0001} 0.272191 = Nuevo \u00edndice: 00:00:00:00:00:00 (Principal,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privilegiado) versi\u00f3n 2.22 {0x0002} 13.890741 = Abierto \u00cdndice: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1033 #32 [hci0] 14.273106 tama\u00f1o de paquete no v\u00e1lido (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1547 #33 [hci0] 14.273561 tama\u00f1o de paquete no v\u00e1lido (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Manejar 200 indicadores 0x00 dlen 2061 #34 [hci0] 14.274390 tama\u00f1o de paquete no v\u00e1lido (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Manejar 200 indicadores 0x00 dlen 2061 #35 [hci0] 14.274932 tama\u00f1o de paquete no v\u00e1lido (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Daemon Bluetooth 5.43 14.401828 > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1033 #36 [hci0] 14.275753 tama\u00f1o de paquete no v\u00e1lido (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@..." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json index 059ab0a9b72..fa8184cf8db 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48948.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48948", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.230", - "lastModified": "2024-10-21T20:15:06.230", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Prevent buffer overflow in setup handler\n\nSetup function uvc_function_setup permits control transfer\nrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),\ndata stage handler for OUT transfer uses memcpy to copy req->actual\nbytes to uvc_event->data.data array of size 60. This may result\nin an overflow of 4 bytes." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: uvc: Evitar desbordamiento de b\u00fafer en el controlador de configuraci\u00f3n La funci\u00f3n de configuraci\u00f3n uvc_function_setup permite solicitudes de transferencia de control con hasta 64 bytes de payload (UVC_MAX_REQUEST_SIZE), el controlador de etapa de datos para transferencia OUT usa memcpy para copiar req->actual bytes a la matriz uvc_event->data.data de tama\u00f1o 60. Esto puede resultar en un desbordamiento de 4 bytes." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json index c7204b65e21..8df787ed6b0 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48949.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48949", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.337", - "lastModified": "2024-10-21T20:15:06.337", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Initialize mailbox message for VF reset\n\nWhen a MAC address is not assigned to the VF, that portion of the message\nsent to the VF is not set. The memory, however, is allocated from the\nstack meaning that information may be leaked to the VM. Initialize the\nmessage buffer to 0 so that no information is passed to the VM in this\ncase." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: inicializar mensaje de buz\u00f3n para restablecer VF Cuando no se asigna una direcci\u00f3n MAC a la VF, esa parte del mensaje enviado a la VF no se configura. Sin embargo, la memoria se asigna desde la pila, lo que significa que la informaci\u00f3n puede filtrarse a la VM. Inicialice el b\u00fafer de mensajes a 0 para que no se pase informaci\u00f3n a la VM en este caso." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json index 9ffbbe69d7c..5d92bb7f7df 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48950.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48950", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.440", - "lastModified": "2024-10-21T20:15:06.440", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix perf_pending_task() UaF\n\nPer syzbot it is possible for perf_pending_task() to run after the\nevent is free()'d. There are two related but distinct cases:\n\n - the task_work was already queued before destroying the event;\n - destroying the event itself queues the task_work.\n\nThe first cannot be solved using task_work_cancel() since\nperf_release() itself might be called from a task_work (____fput),\nwhich means the current->task_works list is already empty and\ntask_work_cancel() won't be able to find the perf_pending_task()\nentry.\n\nThe simplest alternative is extending the perf_event lifetime to cover\nthe task_work.\n\nThe second is just silly, queueing a task_work while you know the\nevent is going away makes no sense and is easily avoided by\nre-arranging how the event is marked STATE_DEAD and ensuring it goes\nthrough STATE_OFF on the way down." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf: Fix perf_pending_task() UaF Por syzbot es posible que perf_pending_task() se ejecute despu\u00e9s de que el evento sea free(). Hay dos casos relacionados pero distintos: - el task_work ya estaba en cola antes de destruir el evento; - destruir el evento en s\u00ed mismo pone en cola el task_work. El primero no se puede resolver usando task_work_cancel() ya que perf_release() en s\u00ed mismo podr\u00eda ser llamado desde un task_work (____fput), lo que significa que la lista current->task_works ya est\u00e1 vac\u00eda y task_work_cancel() no podr\u00e1 encontrar la entrada perf_pending_task(). La alternativa m\u00e1s simple es extender la duraci\u00f3n de perf_event para cubrir el task_work. El segundo es simplemente una tonter\u00eda, poner en cola una tarea_trabajo mientras sabes que el evento va a desaparecer no tiene sentido y se evita f\u00e1cilmente reorganizando c\u00f3mo se marca el evento como STATE_DEAD y asegur\u00e1ndose de que pase por STATE_OFF en el camino hacia abajo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json index 02e6cae4295..5f0020824e1 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48951.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48951", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.530", - "lastModified": "2024-10-21T20:15:06.530", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()\n\nThe bounds checks in snd_soc_put_volsw_sx() are only being applied to the\nfirst channel, meaning it is possible to write out of bounds values to the\nsecond channel in stereo controls. Add appropriate checks." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Verificar l\u00edmites para el segundo canal en snd_soc_put_volsw_sx() Las comprobaciones de los l\u00edmites en snd_soc_put_volsw_sx() solo se aplican al primer canal, lo que significa que es posible escribir valores fuera de los l\u00edmites en el segundo canal en controles est\u00e9reo. Agregue las comprobaciones adecuadas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json index 686e3a421ce..3af39d3d27c 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48952.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48952", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.617", - "lastModified": "2024-10-21T20:15:06.617", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mt7621: Add sentinel to quirks table\n\nCurrent driver is missing a sentinel in the struct soc_device_attribute\narray, which causes an oops when assessed by the\nsoc_device_match(mt7621_pcie_quirks_match) call.\n\nThis was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr\nwas fixed to register the SOC as a device, in:\n\ncommit 7c18b64bba3b (\"mips: ralink: mt7621: do not use kzalloc too early\")\n\nFix it by adding the required sentinel." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: mt7621: Agregar centinela a la tabla de peculiaridades Al controlador actual le falta un centinela en la matriz struct soc_device_attribute, lo que provoca un error cuando se eval\u00faa mediante la llamada soc_device_match(mt7621_pcie_quirks_match). Esto solo se expuso una vez que se arregl\u00f3 CONFIG_SOC_MT7621 mt7621 soc_dev_attr para registrar el SOC como un dispositivo, en: commit 7c18b64bba3b (\"mips: ralink: mt7621: no use kzalloc demasiado pronto\") Arr\u00e9glelo agregando el centinela requerido." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json index cbede9b9014..d46e42060ff 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48953.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48953", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.700", - "lastModified": "2024-10-21T20:15:06.700", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtc: cmos: Fix event handler registration ordering issue Debido a que acpi_install_fixed_event_handler() habilita el evento autom\u00e1ticamente en caso de \u00e9xito, es incorrecto llamarlo antes de que la rutina del controlador que se le pasa est\u00e9 lista para manejar eventos. Desafortunadamente, el controlador rtc-cmos hace exactamente lo incorrecto al llamar a cmos_wake_setup(), que pasa rtc_handler() a acpi_install_fixed_event_handler(), antes de cmos_do_probe(), porque rtc_handler() usa dev_get_drvdata() para llegar al puntero del objeto cmos y el puntero de datos del controlador solo se completa en cmos_do_probe(). Esto conduce a una desreferencia de puntero NULL en rtc_handler() en el arranque si el evento RTC fixed est\u00e1 activo en el momento de inicializaci\u00f3n. Para solucionar este problema, cambie el orden de inicializaci\u00f3n del controlador de modo que cmos_wake_setup() siempre se llame despu\u00e9s de una llamada a cmos_do_probe() exitosa. Mientras tanto, cambie cmos_pnp_probe() para llamar a cmos_do_probe() despu\u00e9s de la declaraci\u00f3n if () inicial utilizada para calcular el argumento IRQ que se pasar\u00e1 a cmos_do_probe(), lo que es m\u00e1s limpio que llamarlo en cada rama de ese if () (la variable local \"irq\" puede ser de tipo int, porque se pasa a esa funci\u00f3n como un argumento de tipo int). Tenga en cuenta que el commit 6492fed7d8c9 (\"rtc: rtc-cmos: No marque ACPI_FADT_LOW_POWER_S0\") provoc\u00f3 que este problema afectara a una mayor cantidad de sistemas, porque anteriormente solo afectaba a los sistemas con ACPI_FADT_LOW_POWER_S0 configurado, pero est\u00e1 presente independientemente de esa confirmaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json index d5efcf83083..7a8cbc343ed 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48954.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48954", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.783", - "lastModified": "2024-10-21T20:15:06.783", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: fix use-after-free in hsci\n\nKASAN found that addr was dereferenced after br2dev_event_work was freed.\n\n==================================================================\nBUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0\nRead of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540\nCPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1\nHardware name: IBM 8561 T01 703 (LPAR)\nWorkqueue: 0.0.8000_event qeth_l2_br2dev_worker\nCall Trace:\n [<000000016944d4ce>] dump_stack_lvl+0xc6/0xf8\n [<000000016942cd9c>] print_address_description.constprop.0+0x34/0x2a0\n [<000000016942d118>] print_report+0x110/0x1f8\n [<0000000167a7bd04>] kasan_report+0xfc/0x128\n [<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0\n [<00000001673edd1e>] process_one_work+0x76e/0x1128\n [<00000001673ee85c>] worker_thread+0x184/0x1098\n [<000000016740718a>] kthread+0x26a/0x310\n [<00000001672c606a>] __ret_from_fork+0x8a/0xe8\n [<00000001694711da>] ret_from_fork+0xa/0x40\nAllocated by task 108338:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n __kasan_kmalloc+0xa0/0xc0\n qeth_l2_switchdev_event+0x25a/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nFreed by task 540:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n kasan_save_free_info+0x4c/0x68\n ____kasan_slab_free+0x14e/0x1a8\n __kasan_slab_free+0x24/0x30\n __kmem_cache_free+0x168/0x338\n qeth_l2_br2dev_worker+0x154/0x6b0\n process_one_work+0x76e/0x1128\n worker_thread+0x184/0x1098\n kthread+0x26a/0x310\n __ret_from_fork+0x8a/0xe8\n ret_from_fork+0xa/0x40\nLast potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n insert_work+0x56/0x2e8\n __queue_work+0x4ce/0xd10\n queue_work_on+0xf4/0x100\n qeth_l2_switchdev_event+0x520/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nSecond to last potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n kvfree_call_rcu+0xb2/0x760\n kernfs_unlink_open_file+0x348/0x430\n kernfs_fop_release+0xc2/0x320\n __fput+0x1ae/0x768\n task_work_run+0x1bc/0x298\n exit_to_user_mode_prepare+0x1a0/0x1a8\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nThe buggy address belongs to the object at 00000000fdcea400\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 64 bytes inside of\n 96-byte region [00000000fdcea400, 00000000fdcea460)\nThe buggy address belongs to the physical page:\npage:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea\nflags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff)\nraw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00\nraw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n 00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n 00000000fdcea380: fb fb fb fb fb fb f\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/qeth: se corrige el use after free en hsci KASAN descubri\u00f3 que addr fue desreferenciado despu\u00e9s de que se liber\u00f3 br2dev_event_work. ===================================================================== ERROR: KASAN: use after free en qeth_l2_br2dev_worker+0x5ba/0x6b0 Lectura de tama\u00f1o 1 en la direcci\u00f3n 00000000fdcea440 por la tarea kworker/u760:4/540 CPU: 17 PID: 540 Comm: kworker/u760:4 Contaminado: GE 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1 Nombre del hardware: IBM 8561 T01 703 (LPAR) Cola de trabajo: 0.0.8000_evento qeth_l2_br2dev_worker Seguimiento de llamadas: [<000000016944d4ce>] nivel_pila_volcado+0xc6/0xf8 [<000000016942cd9c>] descripci\u00f3n_direcci\u00f3n_impresi\u00f3n.constprop.0+0x34/0x2a0 [<000000016942d118>] informe_impresi\u00f3n+0x110/0x1f8 [<0000000167a7bd04>] informe_kasan+0xfc/0x128 [<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0 [<00000001673edd1e>] proceso_uno_trabajo+0x76e/0x1128 [<00000001673ee85c>] subproceso_trabajador+0x184/0x1098 [<000000016740718a>] subproceso_k+0x26a/0x310 [<00000001672c606a>] __ret_from_fork+0x8a/0xe8 [<00000001694711da>] ret_from_fork+0xa/0x40 Asignado por la tarea 108338: kasan_save_stack+0x40/0x68 kasan_set_track+0x36/0x48 __kasan_kmalloc+0xa0/0xc0 qeth_l2_switchdev_event+0x25a/0x738 cadena_de_llamadas_de_notificador_at\u00f3mico+0x9c/0xf8 br_switchdev_fdb_notify+0xf4/0x110 fdb_notify+0x122/0x180 fdb_add_entry.constprop.0.isra.0+0x312/0x558 br_fdb_add+0x59e/0x858 rtnl_fdb_add+0x58a/0x928 rtnetlink_rcv_msg+0x5f8/0x8d8 netlink_rcv_skb+0x1f2/0x408 netlink_unicast+0x570/0x790 netlink_sendmsg+0x752/0xbe0 sock_sendmsg+0xca/0x110 ____sys_sendmsg+0x510/0x6a8 ___sys_sendmsg+0x12a/0x180 __sys_sendmsg+0xe6/0x168 __do_sys_socketcall+0x3c8/0x468 do_syscall+0x22c/0x328 __do_syscall+0x94/0xf0 llamada_sistema+0x82/0xb0 Liberado por la tarea 540: kasan_save_stack+0x40/0x68 kasan_set_track+0x36/0x48 kasan_save_free_info+0x4c/0x68 ____kasan_slab_free+0x14e/0x1a8 __kasan_slab_free+0x24/0x30 __kmem_cache_free+0x168/0x338 qeth_l2_br2dev_worker+0x154/0x6b0 process_one_work+0x76e/0x1128 worker_thread+0x184/0x1098 kthread+0x26a/0x310 __ret_from_fork+0x8a/0xe8 ret_from_fork+0xa/0x40 \u00daltima creaci\u00f3n de trabajo potencialmente relacionada: kasan_save_stack+0x40/0x68 __kasan_record_aux_stack+0xbe/0xd0 insert_work+0x56/0x2e8 __queue_work+0x4ce/0xd10 queue_work_on+0xf4/0x100 qeth_l2_switchdev_event+0x520/0x738 cadena de llamada de notificador at\u00f3mico+0x9c/0xf8 br_switchdev_fdb_notify+0xf4/0x110 fdb_notify+0x122/0x180 fdb_add_entry.constprop.0.isra.0+0x312/0x558 br_fdb_add+0x59e/0x858 rtnl_fdb_add+0x58a/0x928 rtnetlink_rcv_msg+0x5f8/0x8d8 netlink_rcv_skb+0x1f2/0x408 netlink_unicast+0x570/0x790 netlink_sendmsg+0x752/0xbe0 sock_sendmsg+0xca/0x110 ____sys_sendmsg+0x510/0x6a8 ___sys_sendmsg+0x12a/0x180 __sys_sendmsg+0xe6/0x168 __do_sys_socketcall+0x3c8/0x468 do_syscall+0x22c/0x328 __do_syscall+0x94/0xf0 system_call+0x82/0xb0 Pen\u00faltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x40/0x68 __kasan_record_aux_stack+0xbe/0xd0 kvfree_call_rcu+0xb2/0x760 kernfs_unlink_open_file+0x348/0x430 kernfs_fop_release+0xc2/0x320 __fput+0x1ae/0x768 task_work_run+0x1bc/0x298 exit_to_user_mode_prepare+0x1a0/0x1a8 __do_syscall+0x94/0xf0 system_call+0x82/0xb0 La direcci\u00f3n con errores pertenece al objeto en 00000000fdcea400 que pertenece a la cach\u00e9 kmalloc-96 de tama\u00f1o 96 La direcci\u00f3n con errores se encuentra 64 bytes dentro de la regi\u00f3n de 96 bytes [00000000fdcea400, 00000000fdcea460) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0xfdcea flags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff) raw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00 raw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: 00000000fdcea300: fb ..." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json index 0f96c5bad23..88c2ac5f848 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48955.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48955", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.870", - "lastModified": "2024-10-21T20:15:06.870", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: thunderbolt: fix memory leak in tbnet_open()\n\nWhen tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in\ntb_xdomain_alloc_out_hopid() is not released. Add\ntb_xdomain_release_out_hopid() to the error path to release ida." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: thunderbolt: se corrige la p\u00e9rdida de memoria en tbnet_open() Cuando tb_ring_alloc_rx() fallo en tbnet_open(), no se libera el ida asignado en tb_xdomain_alloc_out_hopid(). Agregue tb_xdomain_release_out_hopid() a la ruta de error para liberar el ida." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json index 461a16337d6..0a5f87d2d59 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48956.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48956", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:06.973", - "lastModified": "2024-10-21T20:15:06.973", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid use-after-free in ip6_fragment()\n\nBlamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.\n\nIt seems to not be always true, at least for UDP stack.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]\nBUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\nRead of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618\n\nCPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x45d mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n ip6_dst_idev include/net/ip6_fib.h:245 [inline]\n ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\n __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]\n ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206\n NF_HOOK_COND include/linux/netfilter.h:291 [inline]\n ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227\n dst_output include/net/dst.h:445 [inline]\n ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161\n ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966\n udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286\n udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313\n udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xd3/0x120 net/socket.c:734\n sock_write_iter+0x295/0x3d0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2191 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x9ed/0xdd0 fs/read_write.c:584\n ksys_write+0x1ec/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fde3588c0d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9\nRDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a\nRBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000\n \n\nAllocated by task 7618:\n kasan_save_stack+0x22/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3398 [inline]\n slab_alloc mm/slub.c:3406 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3413 [inline]\n kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422\n dst_alloc+0x14a/0x1f0 net/core/dst.c:92\n ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344\n ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]\n rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]\n ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254\n pol_lookup_func include/net/ip6_fib.h:582 [inline]\n fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625\n ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638\n ip6_route_output include/net/ip6_route.h:98 [inline]\n ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092\n ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222\n ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260\n udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec n\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: evitar el use after free en ip6_fragment(). el commit culpable afirmaba que rcu_read_lock() estaba retenido por los llamadores de ip6_fragment(). Parece que no siempre es cierto, al menos para la pila UDP. syzbot inform\u00f3: ERROR: KASAN: use after free en ip6_dst_idev include/net/ip6_fib.h:245 [en l\u00ednea] ERROR: KASAN: use after free en ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88801d403e80 por la tarea syz-executor.3/7618 CPU: 1 PID: 7618 Comm: syz-executor.3 No contaminado 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 imprimir_descripci\u00f3n_de_direcci\u00f3n mm/kasan/report.c:284 [en l\u00ednea] imprimir_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 ip6_dst_idev include/net/ip6_fib.h:245 [en l\u00ednea] ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 __ip6_finish_output net/ipv6/ip6_output.c:193 [en l\u00ednea] ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206 NF_HOOK_COND incluir/linux/netfilter.h:291 [en l\u00ednea] ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227 dst_output incluir/net/dst.h:445 [en l\u00ednea] ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161 ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966 udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286 udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313 udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606 inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665 sock_sendmsg_nosec net/socket.c:714 [en l\u00ednea] sock_sendmsg+0xd3/0x120 net/socket.c:734 sock_write_iter+0x295/0x3d0 net/socket.c:1108 call_write_iter include/linux/fs.h:2191 [en l\u00ednea] new_sync_write fs/read_write.c:491 [en l\u00ednea] vfs_write+0x9ed/0xdd0 fs/read_write.c:584 ksys_write+0x1ec/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fde3588c0d9 C\u00f3digo: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9 RDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a RBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000 R13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000 Asignado por la tarea 7618: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325 kasan_slab_alloc include/linux/kasan.h:201 [en l\u00ednea] gancho_alloc_poste_losa mm/slab.h:737 [en l\u00ednea] nodo_alloc_losa mm/slub.c:3398 [en l\u00ednea] losa_alloc mm/slub.c:3406 [en l\u00ednea] __kmem_cache_alloc_lru mm/slub.c:3413 [en l\u00ednea] kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422 dst_alloc+0x14a/0x1f0 net/core/dst.c:92 ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344 ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [en l\u00ednea] rt6_make_pcpu_route net/ipv6/route.c:1417 [en l\u00ednea] ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254 pol_lookup_func include/net/ip6_fib.h:582 [en l\u00ednea] fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625 banderas de salida de ruta ip6+0x76/0x320 red/ipv6/route.c:2638 salida de ruta ip6 incluir/red/ip6_route.h:98 [en l\u00ednea] cola de b\u00fasqueda de dst ip6+0x5ab/0x1620 red/ipv6/ip6_output.c:1092 flujo de b\u00fasqueda de dst ip6+0x90/0x1d0 red/ipv6/ip6_output.c:1222 flujo de b\u00fasqueda de dst ip6_sk+0x553/0x980 red/ipv6/ip6_output.c:1260 env\u00edo de mensajes de env\u00edo udpv6+0x151d/0x2c80 red/ipv6/udp.c:1554 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json index 78ddd9cbf27..50e18636f0a 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48957.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48957", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:07.090", - "lastModified": "2024-10-21T20:15:07.090", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()\n\nThe cmd_buff needs to be freed when error happened in\ndpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dpaa2-switch: corrige p\u00e9rdida de memoria en dpaa2_switch_acl_entry_add() y dpaa2_switch_acl_entry_remove(). Es necesario liberar cmd_buff cuando ocurre un error en dpaa2_switch_acl_entry_add() y dpaa2_switch_acl_entry_remove()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json index 47941e0b694..9278880ce8c 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48958.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48958", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:07.270", - "lastModified": "2024-10-21T20:15:07.270", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: aeroflex: fix potential skb leak in greth_init_rings()\n\nThe greth_init_rings() function won't free the newly allocated skb when\ndma_mapping_error() returns error, so add dev_kfree_skb() to fix it.\n\nCompile tested only." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethernet: aeroflex: se corrige una posible fuga de skb en greth_init_rings() La funci\u00f3n greth_init_rings() no liberar\u00e1 el skb reci\u00e9n asignado cuando dma_mapping_error() devuelva un error, por lo que se debe agregar dev_kfree_skb() para corregirlo. Solo se prob\u00f3 la compilaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json index 28d2fe32b8d..18be2bf9e98 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48959.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48959", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:07.460", - "lastModified": "2024-10-21T20:15:07.460", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()\n\nWhen dsa_devlink_region_create failed in sja1105_setup_devlink_regions(),\npriv->regions is not released." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: sja1105: se corrige una p\u00e9rdida de memoria en sja1105_setup_devlink_regions() Cuando dsa_devlink_region_create fallo en sja1105_setup_devlink_regions(), priv->regions no se libera." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json index 056080142cd..13c8804c99e 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48960.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48960", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:07.663", - "lastModified": "2024-10-21T20:15:07.663", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hix5hd2_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hisilicon: Se corrige un posible use after free en hix5hd2_rx() El skb se env\u00eda a napi_gro_receive() que puede liberarlo; despu\u00e9s de llamarlo, desreferenciar skb puede desencadenar un use after free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json index 43220a9883a..418751c00c8 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48961.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48961", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:07.887", - "lastModified": "2024-10-21T20:15:07.887", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix unbalanced fwnode reference count in mdio_device_release()\n\nThere is warning report about of_node refcount leak\nwhile probing mdio device:\n\nOF: ERROR: memory leak, expected refcount 1 instead of 2,\nof_node_get()/of_node_put() unbalanced - destroy cset entry:\nattach overlay node /spi/soc@0/mdio@710700c0/ethernet@4\n\nIn of_mdiobus_register_device(), we increase fwnode refcount\nby fwnode_handle_get() before associating the of_node with\nmdio device, but it has never been decreased in normal path.\nSince that, in mdio_device_release(), it needs to call\nfwnode_handle_put() in addition instead of calling kfree()\ndirectly.\n\nAfter above, just calling mdio_device_free() in the error handle\npath of of_mdiobus_register_device() is enough to keep the\nrefcount balanced." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mdio: arregla el recuento de referencias de fwnode no balanceado en mdio_device_release() Hay un informe de advertencia sobre una fuga de recuento de referencias de of_node mientras se sondea el dispositivo mdio: OF: ERROR: fuga de memoria, se esperaba un recuento de referencias de 1 en lugar de 2, of_node_get()/of_node_put() no balanceado - destruye la entrada de cset: adjunta el nodo superpuesto /spi/soc@0/mdio@710700c0/ethernet@4 En of_mdiobus_register_device(), aumentamos el recuento de referencias de fwnode mediante fwnode_handle_get() antes de asociar el of_node con el dispositivo mdio, pero nunca se ha reducido en la ruta normal. Desde entonces, en mdio_device_release(), necesita llamar a fwnode_handle_put() adem\u00e1s en lugar de llamar a kfree() directamente. Despu\u00e9s de lo anterior, simplemente llamar a mdio_device_free() en la ruta del controlador de errores de of_mdiobus_register_device() es suficiente para mantener el recuento de referencias equilibrado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json index 18ccf9777d2..ff8c4fb509b 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48962.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48962", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.117", - "lastModified": "2024-10-21T20:15:08.117", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hisilicon: Se corrige un posible use after free en hisi_femac_rx() El skb se env\u00eda a napi_gro_receive() que puede liberarlo; despu\u00e9s de llamarlo, desreferenciar skb puede desencadenar un use after free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json index 2fdb0b17fd0..7c14c368953 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48963.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48963", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.273", - "lastModified": "2024-10-21T20:15:08.273", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_mux_init()\n\nWhen failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux\nis not released." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: corrige p\u00e9rdida de memoria en ipc_mux_init() Cuando no se puede asignar ipc_mux->ul_adb.pp_qlt en ipc_mux_init(), ipc_mux no se libera." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json index 26bd23e399b..298668e73ed 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48964.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48964", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.377", - "lastModified": "2024-10-21T20:15:08.377", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix potential use-after-free in ravb_rx_gbeth()\n\nThe skb is delivered to napi_gro_receive() which may free it, after calling this,\ndereferencing skb may trigger use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ravb: Se corrige el posible use after free en ravb_rx_gbeth() El skb se entrega a napi_gro_receive() que puede liberarlo; despu\u00e9s de llamarlo, desreferenciar skb puede desencadenar el use after free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json index 88cbe4cfdcd..28fef1e5563 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48965.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48965", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.470", - "lastModified": "2024-10-21T20:15:08.470", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio/rockchip: fix refcount leak in rockchip_gpiolib_register()\n\nThe node returned by of_get_parent() with refcount incremented,\nof_node_put() needs be called when finish using it. So add it in the\nend of of_pinctrl_get()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio/rockchip: se corrige la p\u00e9rdida de recuento de referencias en rockchip_gpiolib_register(). El nodo devuelto por of_get_parent() con el recuento de referencias incrementado, se debe llamar a of_node_put() cuando se termina de usarlo. Por lo tanto, agr\u00e9guelo al final de of_pinctrl_get()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json index abebcbfb43f..67d00b46c60 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48966.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48966", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.573", - "lastModified": "2024-10-21T20:15:08.573", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\n\nThe pp->indir[0] value comes from the user. It is passed to:\n\n\tif (cpu_online(pp->rxq_def))\n\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\nto ensure that it is not beyond the end of the cpu bitmap." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mvneta: Impedir lectura fuera de los l\u00edmites en mvneta_config_rss() El valor pp->indir[0] proviene del usuario. Se pasa a: if (cpu_online(pp->rxq_def)) dentro de la funci\u00f3n mvneta_percpu_elect(). Necesita una comprobaci\u00f3n de los l\u00edmites para garantizar que no est\u00e9 m\u00e1s all\u00e1 del final del mapa de bits de la CPU." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json index ea44181e6a4..f71d2e00d62 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48967.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48967", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.757", - "lastModified": "2024-10-21T20:15:08.757", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Bounds check struct nfc_target arrays\n\nWhile running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:\n\n memcpy: detected field-spanning write (size 129) of single field \"target->sensf_res\" at net/nfc/nci/ntf.c:260 (size 18)\n\nThis appears to be a legitimate lack of bounds checking in\nnci_add_new_protocol(). Add the missing checks." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFC: nci: Comprobaci\u00f3n de los l\u00edmites de matrices struct nfc_target Mientras se ejecutaba bajo CONFIG_FORTIFY_SOURCE=y, syzkaller inform\u00f3: memcpy: se detect\u00f3 una escritura que abarcaba campos (tama\u00f1o 129) de un solo campo \"target->sensf_res\" en net/nfc/nci/ntf.c:260 (tama\u00f1o 18) Esto parece ser una falta leg\u00edtima de comprobaci\u00f3n de los l\u00edmites en nci_add_new_protocol(). Agregue las comprobaciones faltantes." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json index ea9ab2af414..069fe29fa59 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48968.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48968", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:08.897", - "lastModified": "2024-10-21T20:15:08.897", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: corrige una posible p\u00e9rdida de memoria en otx2_init_tc(). En otx2_init_tc(), si rhashtable_init() fallo, no libera tc->tc_entries_bitmap que est\u00e1 asignado en otx2_tc_alloc_ent_bitmap()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json index fa18b68365c..7e07ddc7637 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48969.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48969", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.037", - "lastModified": "2024-10-21T20:15:09.037", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Fix NULL sring after live migration\n\nA NAPI is setup for each network sring to poll data to kernel\nThe sring with source host is destroyed before live migration and\nnew sring with target host is setup after live migration.\nThe NAPI for the old sring is not deleted until setup new sring\nwith target host after migration. With busy_poll/busy_read enabled,\nthe NAPI can be polled before got deleted when resume VM.\n\nBUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\nIP: xennet_poll+0xae/0xd20\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCall Trace:\n finish_task_switch+0x71/0x230\n timerqueue_del+0x1d/0x40\n hrtimer_try_to_cancel+0xb5/0x110\n xennet_alloc_rx_buffers+0x2a0/0x2a0\n napi_busy_loop+0xdb/0x270\n sock_poll+0x87/0x90\n do_sys_poll+0x26f/0x580\n tracing_map_insert+0x1d4/0x2f0\n event_hist_trigger+0x14a/0x260\n\n finish_task_switch+0x71/0x230\n __schedule+0x256/0x890\n recalc_sigpending+0x1b/0x50\n xen_sched_clock+0x15/0x20\n __rb_reserve_next+0x12d/0x140\n ring_buffer_lock_reserve+0x123/0x3d0\n event_triggers_call+0x87/0xb0\n trace_event_buffer_commit+0x1c4/0x210\n xen_clocksource_get_cycles+0x15/0x20\n ktime_get_ts64+0x51/0xf0\n SyS_ppoll+0x160/0x1a0\n SyS_ppoll+0x160/0x1a0\n do_syscall_64+0x73/0x130\n entry_SYSCALL_64_after_hwframe+0x41/0xa6\n...\nRIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900\nCR2: 0000000000000008\n---[ end trace f8601785b354351c ]---\n\nxen frontend should remove the NAPIs for the old srings before live\nmigration as the bond srings are destroyed\n\nThere is a tiny window between the srings are set to NULL and\nthe NAPIs are disabled, It is safe as the NAPI threads are still\nfrozen at that time" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen-netfront: Reparar sring NULL despu\u00e9s de la migraci\u00f3n en vivo Se configura un NAPI para cada sring de red para sondear los datos al kernel El sring con el host de origen se destruye antes de la migraci\u00f3n en vivo y se configura el nuevo sring con el host de destino despu\u00e9s de la migraci\u00f3n en vivo. El NAPI para el sring antiguo no se elimina hasta que se configura el nuevo sring con el host de destino despu\u00e9s de la migraci\u00f3n. Con busy_poll/busy_read habilitado, el NAPI se puede sondear antes de que se elimine cuando se reanuda la VM. ERROR: no se puede manejar la desreferencia del puntero NULL del n\u00facleo en 0000000000000008 IP: xennet_poll+0xae/0xd20 PGD 0 P4D 0 Oops: 0000 [#1] Seguimiento de llamadas PTI de SMP: finish_task_switch+0x71/0x230 timerqueue_del+0x1d/0x40 hrtimer_try_to_cancel+0xb5/0x110 xennet_alloc_rx_buffers+0x2a0/0x2a0 napi_busy_loop+0xdb/0x270 sock_poll+0x87/0x90 do_sys_poll+0x26f/0x580 tracing_map_insert+0x1d4/0x2f0 evento_hist_trigger+0x14a/0x260 finalizar_cambio_tarea+0x71/0x230 __schedule+0x256/0x890 recalc_sigping+0x1b/0x50 xen_sched_clock+0x15/0x20 __rb_reserve_next+0x12d/0x140 reserva_bloqueo_buffer_anillo+0x123/0x3d0 llamada_activadores_evento+0x87/0xb0 confirmaci\u00f3n_buffer_evento_trace+0x1c4/0x210 xen_clocksource_get_cycles+0x15/0x20 ktime_get_ts64+0x51/0xf0 SyS_ppoll+0x160/0x1a0 SyS_ppoll+0x160/0x1a0 do_syscall_64+0x73/0x130 entry_SYSCALL_64_after_hwframe+0x41/0xa6 ... RIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900 CR2: 0000000000000008 ---[ fin del seguimiento f8601785b354351c ]--- la interfaz de xen debe eliminar las NAPI de los antiguos srings antes de la migraci\u00f3n en vivo, ya que los srings de enlace se destruyen. Hay una peque\u00f1a ventana entre los srings que se establecen en NULL y los NAPI que se deshabilitan. Es seguro ya que los subprocesos NAPI todav\u00eda est\u00e1n congelados en ese momento." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json index 58fa955ae6b..6f49c3f8b54 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48970.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48970", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.177", - "lastModified": "2024-10-21T20:15:09.177", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Get user_ns from in_skb in unix_diag_get_exact().\n\nWei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed\nthe root cause: in unix_diag_get_exact(), the newly allocated skb does not\nhave sk. [2]\n\nWe must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to\nsk_diag_fill().\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000270\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:sk_user_ns include/net/sock.h:920 [inline]\nRIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline]\nRIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170\nCode: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8\n54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b\n9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d\nRSP: 0018:ffffc90000d67968 EFLAGS: 00010246\nRAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d\nRDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270\nRBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000\nR10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800\nR13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940\nFS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n unix_diag_get_exact net/unix/diag.c:285 [inline]\n unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317\n __sock_diag_cmd net/core/sock_diag.c:235 [inline]\n sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266\n netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2476\n ___sys_sendmsg net/socket.c:2530 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2559\n __do_sys_sendmsg net/socket.c:2568 [inline]\n __se_sys_sendmsg net/socket.c:2566 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x4697f9\nCode: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9\nRDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003\nRBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80\nR13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0\n \nModules linked in:\nCR2: 0000000000000270\n\n[1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/\n[2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: af_unix: Obtener user_ns de in_skb en unix_diag_get_exact(). Wei Chen inform\u00f3 una desreferencia NULL en sk_user_ns() [0][1], y Paolo diagnostic\u00f3 la causa ra\u00edz: en unix_diag_get_exact(), el skb reci\u00e9n asignado no tiene sk. [2] Debemos obtener el user_ns de NETLINK_CB(in_skb).sk y pasarlo a sk_diag_fill(). [0]: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000270 #PF: acceso de lectura del supervisor en modo n\u00facleo #PF: error_code(0x0000) - p\u00e1gina no presente PGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 27942 Comm: syz-executor.0 No contaminado 6.1.0-rc5-next-20221118 #2 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014 RIP: 0010:sk_user_ns include/net/sock.h:920 [en l\u00ednea] RIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [en l\u00ednea] RIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170 C\u00f3digo: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8 54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b 9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d RSP: 0018:ffffc90000d67968 EFLAGS: 00010246 RAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ff840d481d RDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270 RBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000 R10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800 R13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940 FS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: unix_diag_get_exact net/unix/diag.c:285 [en l\u00ednea] unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317 __sock_diag_cmd net/core/sock_diag.c:235 [en l\u00ednea] sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266 netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [en l\u00ednea] netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [en l\u00ednea] sock_sendmsg net/socket.c:734 [en l\u00ednea] ____sys_sendmsg+0x38f/0x500 net/socket.c:2476 ___sys_sendmsg net/socket.c:2530 [en l\u00ednea] __sys_sendmsg+0x197/0x230 net/socket.c:2559 __do_sys_sendmsg net/socket.c:2568 [en l\u00ednea] __se_sys_sendmsg net/socket.c:2566 [en l\u00ednea] __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x4697f9 C\u00f3digo: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9 RDX: 000000000000000 RSI: 00000000200001c0 RDI: 000000000000003 RBP: 00000000004d29e9 R08: 0000000000000000 R09: 000000000000000 R10: 00000000000000000 R11: 0000000000000246 R12: 000000000077bf80 R13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0 M\u00f3dulos vinculados en: CR2: 0000000000000270 [1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/ [2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json index 28d5894b231..3b6b1f6e3dc 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48971.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48971", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.260", - "lastModified": "2024-10-21T20:15:09.260", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n \n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Se solucion\u00f3 el problema de no limpiar el led cuando bt_init fallo bt_init() llama a bt_leds_init() para registrar el led, pero si falla m\u00e1s tarde, no se llama a bt_leds_cleanup() para anular su registro. Esto puede causar p\u00e1nico si se libera el argumento \"bluetooth-power\" en el texto y luego otro led_trigger_register() intenta acceder a \u00e9l: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Seguimiento de llamadas: led_trigger_register+0x10d/0x4f0 led_trigger_register_simple+0x7d/0x100 bt_init+0x39/0xf7 [bluetooth] do_one_initcall+0xd0/0x4e0" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json index 33edfa2c882..8afda4df14c 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48972.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48972", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.343", - "lastModified": "2024-10-21T20:15:09.343", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()\n\nKernel fault injection test reports null-ptr-deref as follows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114\nCall Trace:\n \n raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87\n call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944\n unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982\n unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879\n register_netdevice+0x9a8/0xb90 net/core/dev.c:10083\n ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659\n ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229\n mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316\n\nieee802154_if_add() allocates wpan_dev as netdev's private data, but not\ninit the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage\nthe list when device register/unregister, and may lead to null-ptr-deref.\n\nUse INIT_LIST_HEAD() on it to initialize it correctly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mac802154: se corrige el INIT_LIST_HEAD faltante en ieee802154_if_add(). La prueba de inyecci\u00f3n de errores del kernel informa null-ptr-deref de la siguiente manera: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Seguimiento de llamadas: raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() asigna wpan_dev como datos privados de netdev, pero No inicializa la lista en la estructura wpan_dev. cfg802154_netdev_notifier_call() administra la lista cuando se registra o cancela el registro del dispositivo y puede generar una desreferencia de PTR nula. Use INIT_LIST_HEAD() para inicializarla correctamente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json index 31eabb6fae4..9315fccd9f4 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48973.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48973", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.430", - "lastModified": "2024-10-21T20:15:09.430", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: amd8111: Fix PCI device reference count leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL\ninput parameter, there is no problem for the 'Device not found' branch.\nFor the normal path, add pci_dev_put() in amd_gpio_exit()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: amd8111: Se solucion\u00f3 la fuga de recuento de referencia del dispositivo PCI. for_each_pci_dev() se implementa mediante pci_get_device(). El comentario de pci_get_device() dice que aumentar\u00e1 el recuento de referencia para el pci_dev devuelto y tambi\u00e9n disminuir\u00e1 el recuento de referencia para el pci_dev de entrada @from si no es NULL. Si interrumpimos el bucle for_each_pci_dev() con pdev no NULL, debemos llamar a pci_dev_put() para disminuir el recuento de referencia. Agregue el pci_dev_put() faltante despu\u00e9s de la etiqueta 'out'. Dado que pci_dev_put() puede manejar el par\u00e1metro de entrada NULL, no hay ning\u00fan problema para la rama 'Dispositivo no encontrado'. Para la ruta normal, agregue pci_dev_put() en amd_gpio_exit()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json index 94c02584ca9..8d12765f2ab 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48974.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48974", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.517", - "lastModified": "2024-10-21T20:15:09.517", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix using __this_cpu_add in preemptible\n\nCurrently in nf_conntrack_hash_check_insert(), when it fails in\nnf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the\npreemptible context, a call trace can be triggered:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636\n caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n Call Trace:\n \n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]\n ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]\n nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]\n netlink_rcv_skb+0x50/0x100\n nfnetlink_rcv+0x65/0x144 [nfnetlink]\n netlink_unicast+0x1ae/0x290\n netlink_sendmsg+0x257/0x4f0\n sock_sendmsg+0x5f/0x70\n\nThis patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for\nnf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),\nas well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().\n\nNote that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is\nsafe to use NF_CT_STAT_INC(), as it's under local_bh_disable()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: conntrack: correcci\u00f3n al usar __this_cpu_add en preemptible Actualmente en nf_conntrack_hash_check_insert(), cuando fallo en nf_ct_ext_valid_pre/post(), se llamar\u00e1 a NF_CT_STAT_INC() en el contexto preemptible, se puede activar un seguimiento de llamada: ERROR: uso de __this_cpu_add() en preemptible [00000000] c\u00f3digo: conntrack/1636 el llamador es nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack] Seguimiento de llamada: dump_stack_lvl+0x33/0x46 check_preemption_disabled+0xc3/0xf0 Este parche es para solucionarlo cambiando para usar NF_CT_STAT_INC_ATOMIC() para la comprobaci\u00f3n de nf_ct_ext_valid_pre/post() en nf_conntrack_hash_check_insert(), as\u00ed como nf_ct_ext_valid_post() en __nf_conntrack_confirm(). Tenga en cuenta que la comprobaci\u00f3n de nf_ct_ext_valid_pre() en __nf_conntrack_confirm() es segura para usar NF_CT_STAT_INC(), ya que se encuentra bajo local_bh_disable()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json index 0d09546a2e4..586ebb149bf 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48975.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48975", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.597", - "lastModified": "2024-10-21T20:15:09.597", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() & gcdev_unregister() would call device_add() &\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc->ngpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It's not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev->descs variable." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpiolib: reparar p\u00e9rdida de memoria en gpiochip_setup_dev() Aqu\u00ed hay un informe de seguimiento sobre la p\u00e9rdida de memoria detectada en gpiochip_setup_dev(): objeto sin referencia 0xffff88810b406400 (tama\u00f1o 512): comm \"python3\", pid 1682, jiffies 4295346908 (edad 24.090s) seguimiento: kmalloc_trace device_add device_private_init en drivers/base/core.c:3361 (en l\u00ednea por) device_add en drivers/base/core.c:3411 cdev_device_add gpiolib_cdev_register gpiochip_setup_dev gpiochip_add_data_with_key gcdev_register() y gcdev_unregister() llamar\u00edan device_add() y device_del() (sin importar si CONFIG_GPIO_CDEV est\u00e1 habilitado o no) para registrar/anular el registro del dispositivo. Sin embargo, si device_add() tiene \u00e9xito, alg\u00fan recurso (como la estructura device_private asignada por device_private_init()) no es liberado por device_del(). Por lo tanto, despu\u00e9s de que device_add() tenga \u00e9xito por gcdev_register(), necesita llamar a put_device() para liberar el recurso en la ruta del controlador de error. Aqu\u00ed avanzamos el registro de la funci\u00f3n de liberaci\u00f3n y dejamos que libere cada pieza de recurso por put_device() en lugar de kfree(). Mientras lo hacemos, solucionamos otro problema sutil, es decir, cuando gc->ngpio es igual a 0, todav\u00eda llamamos a kcalloc() y, en caso de un error adicional, a kfree() en el puntero ZERO_PTR, que no es NULL. No es un error en s\u00ed, sino m\u00e1s bien un desperdicio de recursos y una expectativa potencialmente err\u00f3nea sobre el contenido de la variable gdev->descs." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json index 54f09206773..aa48350667b 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48976.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48976", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.680", - "lastModified": "2024-10-21T20:15:09.680", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable_offload: fix using __this_cpu_add in preemptible\n\nflow_offload_queue_work() can be called in workqueue without\nbh disabled, like the call trace showed in my act_ct testing,\ncalling NF_FLOW_TABLE_STAT_INC() there would cause a call\ntrace:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560\n caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct]\n Call Trace:\n \n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n nf_flow_table_iterate+0x138/0x170 [nf_flow_table]\n nf_flow_table_free+0x140/0x1a0 [nf_flow_table]\n tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct]\n process_one_work+0x6a3/0x1030\n worker_thread+0x8a/0xdf0\n\nThis patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC()\ninstead in flow_offload_queue_work().\n\nNote that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(),\nit may not be called in preemptible path, but it's good to use\nNF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in\nflow_offload_queue_work()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: flowtable_offload: correcci\u00f3n al usar __this_cpu_add en preemptible flow_offload_queue_work() se puede llamar en workqueue sin bh deshabilitado, como el seguimiento de llamadas que mostr\u00f3 en mi prueba act_ct, llamar a NF_FLOW_TABLE_STAT_INC() all\u00ed causar\u00eda un seguimiento de llamadas: ERROR: usar __this_cpu_add() en preemptible [00000000] c\u00f3digo: kworker/u4:0/138560 el llamador es flow_offload_queue_work+0xec/0x1b0 [nf_flow_table] Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct] Seguimiento de llamadas: dump_stack_lvl+0x33/0x46 check_preemption_disabled+0xc3/0xf0 Este parche lo corrige al usar NF_FLOW_TABLE_STAT_INC_ATOMIC() en lugar de flow_offload_queue_work(). Tenga en cuenta que para la rama FLOW_CLS_REPLACE en flow_offload_queue_work(), es posible que no se la llame en una ruta preemptible, pero es bueno usar NF_FLOW_TABLE_STAT_INC_ATOMIC() para todos los casos en flow_offload_queue_work()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json index 9af76360416..5468b59b8c8 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48977.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48977", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.763", - "lastModified": "2024-10-21T20:15:09.763", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev->type to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: af_can: fix NULL pointer dereference in can_rcv_filter De manera an\u00e1loga a el commit 8aa59e355949 (\"can: af_can: fix NULL pointer dereference in can_rx_register()\"), debemos comprobar si falta una inicializaci\u00f3n de ml_priv en la ruta de recepci\u00f3n de los marcos CAN. Desde el commit 4e096a18867a (\"net: introduce CAN specific pointer in the struct net_device\"), la comprobaci\u00f3n de que dev->type sea ARPHRD_CAN ya no es suficiente, ya que los netdevices bonding o tun afirman ser dispositivos CAN pero no inicializan ml_priv en consecuencia." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json index 18ece4fe136..5068bbad56f 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48978.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48978", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.850", - "lastModified": "2024-10-21T20:15:09.850", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type 'int'\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type 'int', resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: se corrige un desplazamiento fuera de los l\u00edmites en hid_report_raw_event Syzbot inform\u00f3 un desplazamiento fuera de los l\u00edmites en hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() llamado con n (128) > 32! (swapper/0) ========================================================================== UBSAN: cambio fuera de los l\u00edmites en drivers/hid/hid-core.c:1323:20 el exponente de cambio 127 es demasiado grande para el tipo de 32 bits 'int' CPU: 0 PID: 0 Comm: swapper/0 No contaminado 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Rastreo de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [en l\u00ednea] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 snto32 drivers/hid/hid-core.c:1323 [en l\u00ednea] hid_input_fetch_field drivers/hid/hid-core.c:1572 [en l\u00ednea] hid_process_report drivers/hid/hid-core.c:1665 [en l\u00ednea] hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998 hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066 hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [en l\u00ednea] __run_timers+0x76a/0x980 kernel/time/timer.c:1790 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803 __do_softirq+0x277/0x75b kernel/softirq.c:571 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107 ================================================================================== Si el tama\u00f1o del entero (n sin signo) es mayor que 32 en snto32(), el exponente de desplazamiento ser\u00e1 demasiado grande para 32 bits. Tipo 'int', lo que genera un error de desplazamiento fuera de los l\u00edmites. Solucione este problema agregando una verificaci\u00f3n del tama\u00f1o del entero (n sin signo) en snto32(). Para agregar compatibilidad con n mayor que 32 bits, configure n en 32, si n es mayor que 32." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json index a6f070c99d8..c7d1d61f0d2 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48979.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48979", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:09.947", - "lastModified": "2024-10-21T20:15:09.947", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix array index out of bound error in DCN32 DML\n\n[Why&How]\nLinkCapacitySupport array is indexed with the number of voltage states and\nnot the number of max DPPs. Fix the error by changing the array\ndeclaration to use the correct (larger) array size of total number of\nvoltage states." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: se corrige el error de \u00edndice de matriz fuera de l\u00edmite en DCN32 DML [Por qu\u00e9 y c\u00f3mo] La matriz LinkCapacitySupport est\u00e1 indexada con la cantidad de estados de voltaje y no con la cantidad m\u00e1xima de DPP. Corrija el error modificando la declaraci\u00f3n de la matriz para utilizar el tama\u00f1o de matriz correcto (m\u00e1s grande) de la cantidad total de estados de voltaje." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json index 844feaf5ef7..e3c69fc49e1 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48980.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48980", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.037", - "lastModified": "2024-10-21T20:15:10.037", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()\n\nThe SJA1105 family has 45 L2 policing table entries\n(SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110\n(SJA1110_MAX_L2_POLICING_COUNT). Keeping the table structure but\naccounting for the difference in port count (5 in SJA1105 vs 10 in\nSJA1110) does not fully explain the difference. Rather, the SJA1110 also\nhas L2 ingress policers for multicast traffic. If a packet is classified\nas multicast, it will be processed by the policer index 99 + SRCPORT.\n\nThe sja1105_init_l2_policing() function initializes all L2 policers such\nthat they don't interfere with normal packet reception by default. To have\na common code between SJA1105 and SJA1110, the index of the multicast\npolicer for the port is calculated because it's an index that is out of\nbounds for SJA1105 but in bounds for SJA1110, and a bounds check is\nperformed.\n\nThe code fails to do the proper thing when determining what to do with the\nmulticast policer of port 0 on SJA1105 (ds->num_ports = 5). The \"mcast\"\nindex will be equal to 45, which is also equal to\ntable->ops->max_entry_count (SJA1105_MAX_L2_POLICING_COUNT). So it passes\nthrough the check. But at the same time, SJA1105 doesn't have multicast\npolicers. So the code programs the SHARINDX field of an out-of-bounds\nelement in the L2 Policing table of the static config.\n\nThe comparison between index 45 and 45 entries should have determined the\ncode to not access this policer index on SJA1105, since its memory wasn't\neven allocated.\n\nWith enough bad luck, the out-of-bounds write could even overwrite other\nvalid kernel data, but in this case, the issue was detected using KASAN.\n\nKernel log:\n\nsja1105 spi5.0: Probed switch chip: SJA1105Q\n==================================================================\nBUG: KASAN: slab-out-of-bounds in sja1105_setup+0x1cbc/0x2340\nWrite of size 8 at addr ffffff880bd57708 by task kworker/u8:0/8\n...\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n...\nsja1105_setup+0x1cbc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n...\nAllocated by task 8:\n...\nsja1105_setup+0x1bcc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: sja1105: evitar acceso fuera de los l\u00edmites en sja1105_init_l2_policing() La familia SJA1105 tiene 45 entradas de tabla de control de L2 (SJA1105_MAX_L2_POLICING_COUNT) y SJA1110 tiene 110 (SJA1110_MAX_L2_POLICING_COUNT). Mantener la estructura de la tabla pero tener en cuenta la diferencia en el recuento de puertos (5 en SJA1105 frente a 10 en SJA1110) no explica completamente la diferencia. En cambio, SJA1110 tambi\u00e9n tiene controladores de ingreso de L2 para tr\u00e1fico de multidifusi\u00f3n. Si un paquete se clasifica como de multidifusi\u00f3n, ser\u00e1 procesado por el \u00edndice de controlador 99 + SRCPORT. La funci\u00f3n sja1105_init_l2_policing() inicializa todos los controladores de L2 de modo que no interfieran con la recepci\u00f3n normal de paquetes de forma predeterminada. Para tener un c\u00f3digo com\u00fan entre SJA1105 y SJA1110, se calcula el \u00edndice del controlador de multidifusi\u00f3n para el puerto porque es un \u00edndice que est\u00e1 fuera de los l\u00edmites para SJA1105 pero dentro de los l\u00edmites para SJA1110, y se realiza una comprobaci\u00f3n de los l\u00edmites. El c\u00f3digo no hace lo correcto al determinar qu\u00e9 hacer con el controlador de multidifusi\u00f3n del puerto 0 en SJA1105 (ds->num_ports = 5). El \u00edndice \"mcast\" ser\u00e1 igual a 45, que tambi\u00e9n es igual a table->ops->max_entry_count (SJA1105_MAX_L2_POLICING_COUNT). Por lo tanto, pasa por la comprobaci\u00f3n. Pero al mismo tiempo, SJA1105 no tiene controladores de multidifusi\u00f3n. Por lo tanto, el c\u00f3digo programa el campo SHARINDX de un elemento fuera de los l\u00edmites en la tabla de control L2 de la configuraci\u00f3n est\u00e1tica. La comparaci\u00f3n entre las entradas del \u00edndice 45 y 45 deber\u00eda haber determinado que el c\u00f3digo no accediera a este \u00edndice de control en SJA1105, ya que su memoria ni siquiera estaba asignada. Con suficiente mala suerte, la escritura fuera de los l\u00edmites podr\u00eda incluso sobrescribir otros datos v\u00e1lidos del kernel, pero en este caso, el problema se detect\u00f3 mediante KASAN. Registro del n\u00facleo: sja1105 spi5.0: Chip conmutador sondeado: SJA1105Q ===================================================================== ERROR: KASAN: slab fuera de los l\u00edmites en sja1105_setup+0x1cbc/0x2340 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffffff880bd57708 por la tarea kworker/u8:0/8 ... Cola de trabajo: events_unbound deferred_probe_work_func Rastreo de llamadas: ... sja1105_setup+0x1cbc/0x2340 dsa_register_switch+0x1284/0x18d0 sja1105_probe+0x748/0x840 ... Asignado por la tarea 8: ... sja1105_setup+0x1bcc/0x2340 dsa_register_switch+0x1284/0x18d0 sja1105_probe+0x748/0x840 ..." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json index 9547df6957e..d9a0bbfc513 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48981.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48981", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.130", - "lastModified": "2024-10-21T20:15:10.130", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM\nobject getting prematurely freed leading to a later use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/shmem-helper: eliminar una ubicaci\u00f3n errada en la ruta de error drm_gem_shmem_mmap() no posee esta referencia, lo que provoca que el objeto GEM se libere prematuramente y lleve a un use after free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json index 798d7dcac27..22abb6b2d5d 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48982.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48982", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.210", - "lastModified": "2024-10-21T20:15:10.210", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix crash when replugging CSR fake controllers\n\nIt seems fake CSR 5.0 clones can cause the suspend notifier to be\nregistered twice causing the following kernel panic:\n\n[ 71.986122] Call Trace:\n[ 71.986124] \n[ 71.986125] blocking_notifier_chain_register+0x33/0x60\n[ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]\n[ 71.986154] btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]\n[ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300\n[ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90\n[ 71.986167] usb_probe_interface+0xe3/0x2b0\n[ 71.986171] really_probe+0xdb/0x380\n[ 71.986174] ? pm_runtime_barrier+0x54/0x90\n[ 71.986177] __driver_probe_device+0x78/0x170\n[ 71.986180] driver_probe_device+0x1f/0x90\n[ 71.986183] __device_attach_driver+0x89/0x110\n[ 71.986186] ? driver_allows_async_probing+0x70/0x70\n[ 71.986189] bus_for_each_drv+0x8c/0xe0\n[ 71.986192] __device_attach+0xb2/0x1e0\n[ 71.986195] bus_probe_device+0x92/0xb0\n[ 71.986198] device_add+0x422/0x9a0\n[ 71.986201] ? sysfs_merge_group+0xd4/0x110\n[ 71.986205] usb_set_configuration+0x57a/0x820\n[ 71.986208] usb_generic_driver_probe+0x4f/0x70\n[ 71.986211] usb_probe_device+0x3a/0x110\n[ 71.986213] really_probe+0xdb/0x380\n[ 71.986216] ? pm_runtime_barrier+0x54/0x90\n[ 71.986219] __driver_probe_device+0x78/0x170\n[ 71.986221] driver_probe_device+0x1f/0x90\n[ 71.986224] __device_attach_driver+0x89/0x110\n[ 71.986227] ? driver_allows_async_probing+0x70/0x70\n[ 71.986230] bus_for_each_drv+0x8c/0xe0\n[ 71.986232] __device_attach+0xb2/0x1e0\n[ 71.986235] bus_probe_device+0x92/0xb0\n[ 71.986237] device_add+0x422/0x9a0\n[ 71.986239] ? _dev_info+0x7d/0x98\n[ 71.986242] ? blake2s_update+0x4c/0xc0\n[ 71.986246] usb_new_device.cold+0x148/0x36d\n[ 71.986250] hub_event+0xa8a/0x1910\n[ 71.986255] process_one_work+0x1c4/0x380\n[ 71.986259] worker_thread+0x51/0x390\n[ 71.986262] ? rescuer_thread+0x3b0/0x3b0\n[ 71.986264] kthread+0xdb/0x110\n[ 71.986266] ? kthread_complete_and_exit+0x20/0x20\n[ 71.986268] ret_from_fork+0x1f/0x30\n[ 71.986273] \n[ 71.986274] ---[ end trace 0000000000000000 ]---\n[ 71.986284] btusb: probe of 2-1.6:1.0 failed with error -17" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Se soluciona el fallo al volver a conectar controladores falsos de CSR Parece que los clones falsos de CSR 5.0 pueden provocar que el notificador de suspensi\u00f3n se registre dos veces, lo que provoca el siguiente p\u00e1nico del kernel: [ 71.986122] Seguimiento de llamadas: [ 71.986124] [ 71.986125] blocking_notifier_chain_register+0x33/0x60 [ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da] [ 71.986154] btusb_probe+0x979/0xd85 [btusb es: e1e0605a4f4c01984a4b9c8ac58c3666ae287477] [ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300 [ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90 [ 71.986167] interfaz_sonda_usb+0xe3/0x2b0 [ 71.986171] realmente_sonda+0xdb/0x380 [ 71.986174] ? pm_runtime_barrier+0x54/0x90 [ 71.986177] __driver_probe_device+0x78/0x170 [ 71.986180] __driver_probe_device+0x1f/0x90 [ 71.986183] __device_attach_driver+0x89/0x110 [ 71.986186] ? driver_allows_async_probing+0x70/0x70 [ 71.986189] bus_para_cada_unidad+0x8c/0xe0 [ 71.986192] __dispositivo_adjunto+0xb2/0x1e0 [ 71.986195] bus_sondeo_dispositivo+0x92/0xb0 [ 71.986198] dispositivo_agregado+0x422/0x9a0 [ 71.986201] ? usb_probe_device+0x3a/0x110 [ 71.986213] realmente_probe+0xdb/0x380 [ 71.986216] ? pm_runtime_barrier+0x54/0x90 [ 71.986219] __driver_probe_device+0x78/0x170 [ 71.986221] driver_probe_device+0x1f/0x90 [ 71.986224] __device_attach_driver+0x89/0x110 [ 71.986227] ? driver_allows_async_probing+0x70/0x70 [ 71.986230] bus_para_cada_unidad+0x8c/0xe0 [ 71.986232] __device_attach+0xb2/0x1e0 [ 71.986235] bus_probe_device+0x92/0xb0 [ 71.986237] device_add+0x422/0x9a0 [ 71.986239] ? _dev_info+0x7d/0x98 [ 71.986242] ? subproceso de rescate+0x3b0/0x3b0 [ 71.986264] kthread+0xdb/0x110 [ 71.986266] ? kthread_complete_and_exit+0x20/0x20 [ 71.986268] ret_from_fork+0x1f/0x30 [ 71.986273] [ 71.986274] ---[ fin de seguimiento 000000000000000 ]--- [ 71.986284] btusb: la sonda de 2-1.6:1.0 fall\u00f3 con el error -17" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json index 0b3c078d62d..ac6b94abbae 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48983.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48983", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.283", - "lastModified": "2024-10-21T20:15:10.283", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: Fix a null-ptr-deref in io_tctx_exit_cb()\n\nSyzkaller reports a NULL deref bug as follows:\n\n BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3\n Read of size 4 at addr 0000000000000138 by task file1/1955\n\n CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0xcd/0x134\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_report+0xbb/0x1f0\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_check_range+0x140/0x190\n io_tctx_exit_cb+0x53/0xd3\n task_work_run+0x164/0x250\n ? task_work_cancel+0x30/0x30\n get_signal+0x1c3/0x2440\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_downgrade+0x6e0/0x6e0\n ? exit_signals+0x8b0/0x8b0\n ? do_raw_read_unlock+0x3b/0x70\n ? do_raw_spin_unlock+0x50/0x230\n arch_do_signal_or_restart+0x82/0x2470\n ? kmem_cache_free+0x260/0x4b0\n ? putname+0xfe/0x140\n ? get_sigframe_size+0x10/0x10\n ? do_execveat_common.isra.0+0x226/0x710\n ? lockdep_hardirqs_on+0x79/0x100\n ? putname+0xfe/0x140\n ? do_execveat_common.isra.0+0x238/0x710\n exit_to_user_mode_prepare+0x15f/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0023:0x0\n Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n Kernel panic - not syncing: panic_on_warn set ...\n\nThis happens because the adding of task_work from io_ring_exit_work()\nisn't synchronized with canceling all work items from eg exec. The\nexecution of the two are ordered in that they are both run by the task\nitself, but if io_tctx_exit_cb() is queued while we're canceling all\nwork items off exec AND gets executed when the task exits to userspace\nrather than in the main loop in io_uring_cancel_generic(), then we can\nfind current->io_uring == NULL and hit the above crash.\n\nIt's safe to add this NULL check here, because the execution of the two\npaths are done by the task itself.\n\n[axboe: add code comment and also put an explanation in the commit msg]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: Se corrige un null-ptr-deref en io_tctx_exit_cb() Syzkaller informa un error de desreferencia NULL de la siguiente manera: ERROR: KASAN: null-ptr-deref en io_tctx_exit_cb+0x53/0xd3 Lectura de tama\u00f1o 4 en la direcci\u00f3n 0000000000000138 por la tarea file1/1955 CPU: 1 PID: 1955 Comm: file1 No contaminado 6.1.0-rc7-00103-gef4d3ea40565 #75 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Seguimiento de llamadas: nivel_pila_volcado+0xcd/0x134 ? io_tctx_salir_cb+0x53/0xd3 informe_kasan+0xbb/0x1f0 ? io_tctx_salir_cb+0x53/0xd3 rango_comprobaci\u00f3n_kasan+0x140/0x190 io_tctx_salir_cb+0x53/0xd3 ejecuci\u00f3n_trabajo_tarea+0x164/0x250 ? cancelaci\u00f3n_trabajo_tarea+0x30/0x30 obtener_se\u00f1al+0x1c3/0x2440 ? degradaci\u00f3n_bloqueo+0x6e0/0x6e0 ? degradaci\u00f3n_bloqueo+0x6e0/0x6e0 ? se\u00f1ales_salida+0x8b0/0x8b0 ? desbloqueo_lectura_sin_datos+0x3b/0x70 ? obtener_sigframe_size+0x10/0x10 ? bloquear_hardirqs_on+0x79/0x100 ? poner_nombre+0xfe/0x140 ? do_execveat_common.isra.0+0x238/0x710 exit_to_user_mode_prepare+0x15f/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0023:0x0 C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0xffffffffffffffd6. RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000000000000000 RDI: 000000000000000 RBP: 000000000000000 R08: 0000000000000000 R09: 00000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 P\u00e1nico del kernel: no se sincroniza: panic_on_warn establecido ... Esto sucede porque la adici\u00f3n de task_work desde io_ring_exit_work() no est\u00e1 sincronizada con la cancelaci\u00f3n de todos los elementos de trabajo, por ejemplo, de exec. La ejecuci\u00f3n de los dos est\u00e1 ordenada de manera que ambos son ejecutados por la propia tarea, pero si io_tctx_exit_cb() est\u00e1 en cola mientras cancelamos todos los elementos de trabajo de exec Y se ejecuta cuando la tarea sale al espacio de usuario en lugar de en el bucle principal en io_uring_cancel_generic(), entonces podemos encontrar current->io_uring == NULL y alcanzar el bloqueo anterior. Es seguro agregar esta verificaci\u00f3n NULL aqu\u00ed, porque la ejecuci\u00f3n de las dos rutas las realiza la propia tarea. [axboe: agregue un comentario de c\u00f3digo y tambi\u00e9n coloque una explicaci\u00f3n en el mensaje de confirmaci\u00f3n]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json index 5ed2738db16..0c522ec6995 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48984.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48984", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.360", - "lastModified": "2024-10-21T20:15:10.360", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: slcan: fix freed work crash\n\nThe LTP test pty03 is causing a crash in slcan:\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n Workqueue: 0x0 (events)\n RIP: 0010:process_one_work (/home/rich/kernel/linux/kernel/workqueue.c:706 /home/rich/kernel/linux/kernel/workqueue.c:2185)\n Code: 49 89 ff 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 10 48 8b 06 48 8b 6f 48 49 89 c4 45 30 e4 a8 04 b8 00 00 00 00 4c 0f 44 e0 <49> 8b 44 24 08 44 8b a8 00 01 00 00 41 83 e5 20 f6 45 10 04 75 0e\n RSP: 0018:ffffaf7b40f47e98 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffff9d644e1b8b48 RCX: ffff9d649e439968\n RDX: 00000000ffff8455 RSI: ffff9d644e1b8b48 RDI: ffff9d64764aa6c0\n RBP: ffff9d649e4335c0 R08: 0000000000000c00 R09: ffff9d64764aa734\n R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000\n R13: ffff9d649e4335e8 R14: ffff9d64490da780 R15: ffff9d64764aa6c0\n FS: 0000000000000000(0000) GS:ffff9d649e400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 0000000036424000 CR4: 00000000000006f0\n Call Trace:\n \n worker_thread (/home/rich/kernel/linux/kernel/workqueue.c:2436)\n kthread (/home/rich/kernel/linux/kernel/kthread.c:376)\n ret_from_fork (/home/rich/kernel/linux/arch/x86/entry/entry_64.S:312)\n\nApparently, the slcan's tx_work is freed while being scheduled. While\nslcan_netdev_close() (netdev side) calls flush_work(&sl->tx_work),\nslcan_close() (tty side) does not. So when the netdev is never set UP,\nbut the tty is stuffed with bytes and forced to wakeup write, the work\nis scheduled, but never flushed.\n\nSo add an additional flush_work() to slcan_close() to be sure the work\nis flushed under all circumstances.\n\nThe Fixes commit below moved flush_work() from slcan_close() to\nslcan_netdev_close(). What was the rationale behind it? Maybe we can\ndrop the one in slcan_netdev_close()?\n\nI see the same pattern in can327. So it perhaps needs the very same fix." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: slcan: fix freed work crash La prueba LTP pty03 est\u00e1 provocando un fallo en slcan: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 01/04/2014 Cola de trabajo: 0x0 (eventos) RIP: 0010:process_one_work (/home/rich/kernel/linux/kernel/workqueue.c:706 /home/rich/kernel/linux/kernel/workqueue.c:2185) C\u00f3digo: 49 89 ff 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 10 48 8b 06 48 8b 6f 48 49 89 c4 45 30 e4 a8 04 b8 00 00 00 00 4c 0f 44 e0 <49> 8b 44 24 08 44 8b a8 00 01 00 00 41 83 e5 20 f6 45 10 04 75 0e RSP: 0018:ffffaf7b40f47e98 EFLAGS: 00010046 RAX: 000000000000000 RBX: ffff9d644e1b8b48 RCX: ffff9d649e439968 RDX: 00000000ffff8455 RSI: ffff9d644e1b8b48 RDI: ffff9d64764aa6c0 RBP: ffff9d649e4335c0 R08: 0000000000000c00 R09: ffff9d64764aa734 R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000 R13: ffff9d649e4335e8 R14: ffff9d64490da780 R15: ffff9d64764aa6c0 FS: 000000000000000(0000) GS:ffff9d649e400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000036424000 CR4: 00000000000006f0 Seguimiento de llamadas: worker_thread (/home/rich/kernel/linux/kernel/workqueue.c:2436) kthread (/home/rich/kernel/linux/kernel/kthread.c:376) ret_from_fork (/home/rich/kernel/linux/arch/x86/entry/entry_64.S:312) Aparentemente, el tx_work de slcan se libera mientras se programa. Mientras que slcan_netdev_close() (lado netdev) llama a flush_work(&sl->tx_work), slcan_close() (lado tty) no lo hace. Entonces, cuando el netdev nunca se configura, pero el tty est\u00e1 lleno de bytes y se lo obliga a activar la escritura, el trabajo se programa, pero nunca se vac\u00eda. Por lo tanto, agregue un flush_work() adicional a slcan_close() para asegurarse de que el trabajo se vac\u00eda en todas las circunstancias. el commit de correcciones a continuaci\u00f3n movi\u00f3 flush_work() de slcan_close() a slcan_netdev_close(). \u00bfCu\u00e1l fue la raz\u00f3n detr\u00e1s de esto? \u00bfQuiz\u00e1s podamos eliminar el que est\u00e1 en slcan_netdev_close()? Veo el mismo patr\u00f3n en can327. Entonces, tal vez necesite la misma correcci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json index e562ace2f3c..5d2ba3e8e10 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48985.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48985", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.463", - "lastModified": "2024-10-21T20:15:10.463", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix race on per-CQ variable napi work_done\n\nAfter calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be\ncleared, and another CPU can start napi thread and access per-CQ variable,\ncq->work_done. If the other thread (for example, from busy_poll) sets\nit to a value >= budget, this thread will continue to run when it should\nstop, and cause memory corruption and panic.\n\nTo fix this issue, save the per-CQ work_done variable in a local variable\nbefore napi_complete_done(), so it won't be corrupted by a possible\nconcurrent thread after napi_complete_done().\n\nAlso, add a flag bit to advertise to the NIC firmware: the NAPI work_done\nvariable race is fixed, so the driver is able to reliably support features\nlike busy_poll." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: Corregir ejecuci\u00f3n en la variable per-CQ napi work_done Despu\u00e9s de llamar a napi_complete_done(), el bit NAPIF_STATE_SCHED puede borrarse, y otra CPU puede iniciar el hilo napi y acceder a la variable per-CQ, cq->work_done. Si el otro hilo (por ejemplo, desde busy_poll) lo establece en un valor >= budget, este hilo seguir\u00e1 ejecut\u00e1ndose cuando deber\u00eda detenerse, y provocar\u00e1 corrupci\u00f3n de memoria y p\u00e1nico. Para solucionar este problema, guarde la variable per-CQ work_done en una variable local antes de napi_complete_done(), para que no se corrompa por un posible hilo concurrente despu\u00e9s de napi_complete_done(). Adem\u00e1s, agregue un bit de bandera para anunciar al firmware NIC: la ejecuci\u00f3n de la variable NAPI work_done est\u00e1 fija, por lo que el controlador puede soportar de forma fiable funciones como busy_poll." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json index 2c24d62fd5f..b8d8999293d 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48986.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48986", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.527", - "lastModified": "2024-10-21T20:15:10.527", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix gup_pud_range() for dax\n\nFor dax pud, pud_huge() returns true on x86. So the function works as long\nas hugetlb is configured. However, dax doesn't depend on hugetlb.\nCommit 414fd080d125 (\"mm/gup: fix gup_pmd_range() for dax\") fixed\ndevmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as\nwell.\n\nThis fixes the below kernel panic:\n\ngeneral protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP\n\t< snip >\nCall Trace:\n\nget_user_pages_fast+0x1f/0x40\niov_iter_get_pages+0xc6/0x3b0\n? mempool_alloc+0x5d/0x170\nbio_iov_iter_get_pages+0x82/0x4e0\n? bvec_alloc+0x91/0xc0\n? bio_alloc_bioset+0x19a/0x2a0\nblkdev_direct_IO+0x282/0x480\n? __io_complete_rw_common+0xc0/0xc0\n? filemap_range_has_page+0x82/0xc0\ngeneric_file_direct_write+0x9d/0x1a0\n? inode_update_time+0x24/0x30\n__generic_file_write_iter+0xbd/0x1e0\nblkdev_write_iter+0xb4/0x150\n? io_import_iovec+0x8d/0x340\nio_write+0xf9/0x300\nio_issue_sqe+0x3c3/0x1d30\n? sysvec_reschedule_ipi+0x6c/0x80\n__io_queue_sqe+0x33/0x240\n? fget+0x76/0xa0\nio_submit_sqes+0xe6a/0x18d0\n? __fget_light+0xd1/0x100\n__x64_sys_io_uring_enter+0x199/0x880\n? __context_tracking_enter+0x1f/0x70\n? irqentry_exit_to_user_mode+0x24/0x30\n? irqentry_exit+0x1d/0x30\n? __context_tracking_exit+0xe/0x70\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fc97c11a7be\n\t< snip >\n\n---[ end trace 48b2e0e67debcaeb ]---\nRIP: 0010:internal_get_user_pages_fast+0x340/0x990\n\t< snip >\nKernel panic - not syncing: Fatal exception\nKernel Offset: disabled" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/gup: fix gup_pud_range() for dax Para dax pud, pud_huge() devuelve true en x86. Por lo tanto, la funci\u00f3n funciona siempre que hugetlb est\u00e9 configurado. Sin embargo, dax no depende de hugetlb. el commit 414fd080d125 (\"mm/gup: fix gup_pmd_range() for dax\") corrigi\u00f3 los PMD enormes respaldados por devmap, pero omiti\u00f3 los PUD enormes respaldados por devmap. Corrija esto tambi\u00e9n. Esto corrige el siguiente p\u00e1nico del kernel: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0x69e7c000cc478: 0000 [#1] SMP < snip > Call Trace: get_user_pages_fast+0x1f/0x40 iov_iter_get_pages+0xc6/0x3b0 ? mempool_alloc+0x5d/0x170 bio_iov_iter_get_pages+0x82/0x4e0 ? bvec_alloc+0x91/0xc0 ? bio_alloc_bioset+0x19a/0x2a0 blkdev_direct_IO+0x282/0x480 ? __io_complete_rw_common+0xc0/0xc0 ? rango_mapa_archivo_tiene_p\u00e1gina+0x82/0xc0 escritura_directa_archivo_gen\u00e9rico+0x9d/0x1a0 ? tiempo_actualizaci\u00f3n_inodo+0x24/0x30 __iter_escritura_archivo_gen\u00e9rico+0xbd/0x1e0 blkdev_write_iter+0xb4/0x150 ? io_import_iovec+0x8d/0x340 io_write+0xf9/0x300 io_issue_sqe+0x3c3/0x1d30 ? sysvec_reschedule_ipi+0x6c/0x80 __io_queue_sqe+0x33/0x240 ? fget+0x76/0xa0 io_submit_sqes+0xe6a/0x18d0 ? __fget_light+0xd1/0x100 __x64_sys_io_uring_enter+0x199/0x880 ? __context_tracking_enter+0x1f/0x70 ? irqentry_exit_to_user_mode+0x24/0x30 ? irqentry_exit+0x1d/0x30 ? __context_tracking_exit+0xe/0x70 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fc97c11a7be < snip > ---[ fin del seguimiento 48b2e0e67debcaeb ]--- RIP: 0010:internal_get_user_pages_fast+0x340/0x990 < snip > P\u00e1nico del n\u00facleo: no se sincroniza: Excepci\u00f3n fatal Desplazamiento del n\u00facleo: deshabilitado" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json index 5156b32a7f4..b88524bd3fe 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48987.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48987", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.617", - "lastModified": "2024-10-21T20:15:10.617", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-dv-timings.c: fix too strict blanking sanity checks\n\nSanity checks were added to verify the v4l2_bt_timings blanking fields\nin order to avoid integer overflows when userspace passes weird values.\n\nBut that assumed that userspace would correctly fill in the front porch,\nbackporch and sync values, but sometimes all you know is the total\nblanking, which is then assigned to just one of these fields.\n\nAnd that can fail with these checks.\n\nSo instead set a maximum for the total horizontal and vertical\nblanking and check that each field remains below that.\n\nThat is still sufficient to avoid integer overflows, but it also\nallows for more flexibility in how userspace fills in these fields." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: v4l2-dv-timings.c: se corrigen comprobaciones de cordura de borrado demasiado estrictas Se a\u00f1adieron comprobaciones de cordura para verificar los campos de borrado de v4l2_bt_timings para evitar desbordamientos de enteros cuando el espacio de usuario pasa valores extra\u00f1os. Pero eso supon\u00eda que el espacio de usuario rellenar\u00eda correctamente los valores de front porch, back porch y sync, pero a veces todo lo que sabes es el borrado total, que luego se asigna a solo uno de estos campos. Y eso puede fallar con estas comprobaciones. As\u00ed que, en su lugar, establece un m\u00e1ximo para el borrado horizontal y vertical total y comprueba que cada campo permanezca por debajo de eso. Eso sigue siendo suficiente para evitar desbordamientos de enteros, pero tambi\u00e9n permite m\u00e1s flexibilidad en c\u00f3mo el espacio de usuario rellena estos campos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json index 84498ee4979..910d036c49d 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48988.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48988", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.710", - "lastModified": "2024-10-21T20:15:10.710", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: fix possible use-after-free in memcg_write_event_control()\n\nmemcg_write_event_control() accesses the dentry->d_name of the specified\ncontrol fd to route the write call. As a cgroup interface file can't be\nrenamed, it's safe to access d_name as long as the specified file is a\nregular cgroup file. Also, as these cgroup interface files can't be\nremoved before the directory, it's safe to access the parent too.\n\nPrior to 347c4a874710 (\"memcg: remove cgroup_event->cft\"), there was a\ncall to __file_cft() which verified that the specified file is a regular\ncgroupfs file before further accesses. The cftype pointer returned from\n__file_cft() was no longer necessary and the commit inadvertently dropped\nthe file type check with it allowing any file to slip through. With the\ninvarients broken, the d_name and parent accesses can now race against\nrenames and removals of arbitrary files and cause use-after-free's.\n\nFix the bug by resurrecting the file type check in __file_cft(). Now that\ncgroupfs is implemented through kernfs, checking the file operations needs\nto go through a layer of indirection. Instead, let's check the superblock\nand dentry type." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memcg: corregir posible use after free en memcg_write_event_control() memcg_write_event_control() accede a dentry->d_name del fd de control especificado para enrutar la llamada de escritura. Como no se puede cambiar el nombre de un archivo de interfaz de cgroup, es seguro acceder a d_name siempre que el archivo especificado sea un archivo cgroup normal. Adem\u00e1s, como estos archivos de interfaz de cgroup no se pueden eliminar antes del directorio, tambi\u00e9n es seguro acceder al padre. Antes de 347c4a874710 (\"memcg: eliminar cgroup_event->cft\"), hab\u00eda una llamada a __file_cft() que verificaba que el archivo especificado es un archivo cgroupfs normal antes de futuros accesos. El puntero cftype devuelto desde __file_cft() ya no era necesario y el commit elimin\u00f3 inadvertidamente la verificaci\u00f3n del tipo de archivo, lo que permiti\u00f3 que cualquier archivo se deslizara. Con las invariantes rotas, los accesos a d_name y a los padres ahora pueden competir contra los cambios de nombre y las eliminaciones de archivos arbitrarios y causar use-after-free. Corrija el error resucitando la comprobaci\u00f3n del tipo de archivo en __file_cft(). Ahora que cgroupfs est\u00e1 implementado a trav\u00e9s de kernfs, la comprobaci\u00f3n de las operaciones de archivo debe pasar por una capa de indirecci\u00f3n. En su lugar, verifiquemos el tipo de superbloque y dentry." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json index 42c6d03463a..e09def4c02d 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48989.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48989", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.820", - "lastModified": "2024-10-21T20:15:10.820", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix oops due to race with cookie_lru and use_cookie\n\nIf a cookie expires from the LRU and the LRU_DISCARD flag is set, but\nthe state machine has not run yet, it's possible another thread can call\nfscache_use_cookie and begin to use it.\n\nWhen the cookie_worker finally runs, it will see the LRU_DISCARD flag\nset, transition the cookie->state to LRU_DISCARDING, which will then\nwithdraw the cookie. Once the cookie is withdrawn the object is removed\nthe below oops will occur because the object associated with the cookie\nis now NULL.\n\nFix the oops by clearing the LRU_DISCARD bit if another thread uses the\ncookie before the cookie_worker runs.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n ...\n CPU: 31 PID: 44773 Comm: kworker/u130:1 Tainted: G E 6.0.0-5.dneg.x86_64 #1\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022\n Workqueue: events_unbound netfs_rreq_write_to_cache_work [netfs]\n RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles]\n ...\n Call Trace:\n netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs]\n process_one_work+0x217/0x3e0\n worker_thread+0x4a/0x3b0\n kthread+0xd6/0x100" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscache: Corregir oops debido a ejecuci\u00f3n con cookie_lru y use_cookie Si una cookie caduca desde la LRU y el indicador LRU_DISCARD est\u00e1 configurado, pero la m\u00e1quina de estado a\u00fan no se ha ejecutado, es posible que otro hilo pueda llamar a fscache_use_cookie y comenzar a usarlo. Cuando finalmente se ejecuta cookie_worker, ver\u00e1 el indicador LRU_DISCARD configurado, har\u00e1 la transici\u00f3n de cookie->state a LRU_DISCARDING, que luego retirar\u00e1 la cookie. Una vez que se retira la cookie, se elimina el objeto, se producir\u00e1n los siguientes oops porque el objeto asociado con la cookie ahora es NULL. Corrija los oops borrando el bit LRU_DISCARD si otro hilo usa la cookie antes de que se ejecute cookie_worker. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 ... CPU: 31 PID: 44773 Comm: kworker/u130:1 Contaminado: GE 6.0.0-5.dneg.x86_64 #1 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 26/08/2022 Cola de trabajo: events_unbound netfs_rreq_write_to_cache_work [netfs] RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles] ... Seguimiento de llamadas: netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs] process_one_work+0x217/0x3e0 worker_thread+0x4a/0x3b0 hilo+0xd6/0x100" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json index f3655e07e47..8a169dd6116 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48990.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48990", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:10.910", - "lastModified": "2024-10-21T20:15:10.910", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free during gpu recovery\n\n[Why]\n [ 754.862560] refcount_t: underflow; use-after-free.\n [ 754.862898] Call Trace:\n [ 754.862903] \n [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu]\n [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched]\n\n[How]\n The fw_fence may be not init, check whether dma_fence_init\n is performed before job free" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corregir el use after free durante la recuperaci\u00f3n de la GPU [Por qu\u00e9] [ 754.862560] refcount_t: desbordamiento; use after free. [ 754.862898] Seguimiento de llamadas: [ 754.862903] [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [C\u00f3mo] Es posible que fw_fence no se inicialice, verifique si dma_fence_init se realiza antes de la liberaci\u00f3n del trabajo" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json index b1337f94cc8..6d198719496 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48991.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48991", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.000", - "lastModified": "2024-10-21T20:15:11.000", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/khugepaged: invoke MMU notifiers in shmem/file collapse paths\n\nAny codepath that zaps page table entries must invoke MMU notifiers to\nensure that secondary MMUs (like KVM) don't keep accessing pages which\naren't mapped anymore. Secondary MMUs don't hold their own references to\npages that are mirrored over, so failing to notify them can lead to page\nuse-after-free.\n\nI'm marking this as addressing an issue introduced in commit f3f0e1d2150b\n(\"khugepaged: add support of collapse for tmpfs/shmem pages\"), but most of\nthe security impact of this only came in commit 27e1f8273113 (\"khugepaged:\nenable collapse pmd for pte-mapped THP\"), which actually omitted flushes\nfor the removal of present PTEs, not just for the removal of empty page\ntables." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/khugepaged: invocar notificadores MMU en rutas de colapso de shmem/archivo Cualquier ruta de c\u00f3digo que elimine las entradas de la tabla de p\u00e1ginas debe invocar notificadores MMU para garantizar que las MMU secundarias (como KVM) no sigan accediendo a p\u00e1ginas que ya no est\u00e1n asignadas. Las MMU secundarias no mantienen sus propias referencias a p\u00e1ginas que se reflejan, por lo que no notificarlas puede provocar el use-after-free de la p\u00e1gina. Estoy marcando esto como una soluci\u00f3n a un problema introducido en el commit f3f0e1d2150b (\"khugepaged: agregar compatibilidad con el colapso para p\u00e1ginas tmpfs/shmem\"), pero la mayor parte del impacto de seguridad de esto solo se produjo en el commit 27e1f8273113 (\"khugepaged: habilitar el colapso pmd para THP asignado a pte\"), que en realidad omiti\u00f3 los vaciados para la eliminaci\u00f3n de PTE actuales, no solo para la eliminaci\u00f3n de tablas de p\u00e1ginas vac\u00edas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json index 9bcff4f5987..b3387f8cf85 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48992.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48992", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.067", - "lastModified": "2024-10-21T20:15:11.067", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-pcm: Add NULL check in BE reparenting\n\nAdd NULL check in dpcm_be_reparent API, to handle\nkernel NULL pointer dereference error.\nThe issue occurred in fuzzing test." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: soc-pcm: Agregar comprobaci\u00f3n NULL en la reparentalizaci\u00f3n de BE Agregar comprobaci\u00f3n NULL en la API dpcm_be_reparent para manejar el error de desreferencia de puntero NULL del kernel. El problema se produjo en la prueba de fuzzing." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json index 149b66507b1..d379ed340a2 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48994.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48994", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.257", - "lastModified": "2024-10-21T20:15:11.257", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed.\n\nseq_copy_in_user() and seq_copy_in_kernel() did not have prototypes\nmatching snd_seq_dump_func_t. Adjust this and remove the casts. There\nare not resulting binary output differences.\n\nThis was found as a result of Clang's new -Wcast-function-type-strict\nflag, which is more sensitive than the simpler -Wcast-function-type,\nwhich only checks for type width mismatches." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: seq: Fix function prototipo desajuste en snd_seq_expand_var_event Con la integridad del flujo de control del kernel de clang (kCFI, CONFIG_CFI_CLANG), los objetivos de llamada indirecta se validan contra el prototipo de puntero de funci\u00f3n esperado para asegurarse de que el objetivo de llamada sea v\u00e1lido para ayudar a mitigar los ataques ROP. Si no son id\u00e9nticos, hay un error en el tiempo de ejecuci\u00f3n, que se manifiesta como un p\u00e1nico del kernel o la muerte del hilo. seq_copy_in_user() y seq_copy_in_kernel() no ten\u00edan prototipos que coincidieran con snd_seq_dump_func_t. Aj\u00fastelo y elimine las conversiones. No hay diferencias de salida binaria resultantes. Esto se encontr\u00f3 como resultado del nuevo indicador -Wcast-function-type-strict de Clang, que es m\u00e1s sensible que el m\u00e1s simple -Wcast-function-type, que solo verifica los desajustes de ancho de tipo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json index 055ef112fc1..df592768627 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48995.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48995", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.343", - "lastModified": "2024-10-21T20:15:11.343", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raydium_ts_i2c - fix memory leak in raydium_i2c_send()\n\nThere is a kmemleak when test the raydium_i2c_ts with bpf mock device:\n\n unreferenced object 0xffff88812d3675a0 (size 8):\n comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s)\n hex dump (first 8 bytes):\n 11 0e 10 c0 01 00 04 00 ........\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n unreferenced object 0xffff88812d3675c8 (size 8):\n comm \"python3\", pid 349, jiffies 4294741070 (age 95.692s)\n hex dump (first 8 bytes):\n 22 00 36 2d 81 88 ff ff \".6-....\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n\nAfter BANK_SWITCH command from i2c BUS, no matter success or error\nhappened, the tx_buf should be freed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: raydium_ts_i2c - arregla p\u00e9rdida de memoria en raydium_i2c_send() Hay una p\u00e9rdida de kmem cuando se prueba raydium_i2c_ts con bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8): comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] dispositivo_de_sonda_de_controlador+0x49/0x120 [<00000000264fe082>] __controlador_de_adjuntar_dispositivo+0xf7/0x150 [<00000000f919423c>] bus_para_cada_unidad+0x114/0x180 [<00000000e067feca>] __adjuntar_dispositivo+0x1e5/0x2d0 [<0000000054301fc2>] dispositivo_de_sonda_de_bus+0x126/0x140 [<00000000aad93b22>] dispositivo_agregar+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 objeto sin referencia 0xffff88812d3675c8 (tama\u00f1o 8): comm \"python3\", pid 349, jiffies 4294741070 (antig\u00fcedad 95,692 s) volcado hexadecimal (primeros 8 bytes): 22 00 36 2d 81 88 ff ff \".6-.... traza inversa: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] realmente_sondeo+0x17c/0x3f0 [<00000000096ba499>] __dispositivo_de_sonda_de_controlador+0xe3/0x170 [<00000000c5acb4d9>] dispositivo_de_sonda_de_controlador+0x49/0x120 [<00000000264fe082>] __dispositivo_adjunto_controlador+0xf7/0x150 [<00000000f919423c>] bus_para_cada_unidad+0x114/0x180 [<00000000e067feca>] __dispositivo_adjunto+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 Despu\u00e9s del comando BANK_SWITCH del BUS i2c, sin importar si se produjo un \u00e9xito o un error, se debe liberar el tx_buf." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json index 5e6856aa061..f7292bc27be 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48996.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48996", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.423", - "lastModified": "2024-10-21T20:15:11.423", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()\n\nCommit da87878010e5 (\"mm/damon/sysfs: support online inputs update\") made\n'damon_sysfs_set_schemes()' to be called for running DAMON context, which\ncould have schemes. In the case, DAMON sysfs interface is supposed to\nupdate, remove, or add schemes to reflect the sysfs files. However, the\ncode is assuming the DAMON context wouldn't have schemes at all, and\ntherefore creates and adds new schemes. As a result, the code doesn't\nwork as intended for online schemes tuning and could have more than\nexpected memory footprint. The schemes are all in the DAMON context, so\nit doesn't leak the memory, though.\n\nRemove the wrong asssumption (the DAMON context wouldn't have schemes) in\n'damon_sysfs_set_schemes()' to fix the bug." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/sysfs: se corrige la suposici\u00f3n incorrecta de esquemas vac\u00edos durante el ajuste en l\u00ednea en damon_sysfs_set_schemes(). el commit da87878010e5 (\"mm/damon/sysfs: soporte para la actualizaci\u00f3n de entradas en l\u00ednea\") hizo que se llamara a 'damon_sysfs_set_schemes()' para ejecutar el contexto DAMON, que podr\u00eda tener esquemas. En este caso, se supone que la interfaz sysfs de DAMON actualiza, elimina o agrega esquemas para reflejar los archivos sysfs. Sin embargo, el c\u00f3digo asume que el contexto DAMON no tendr\u00eda esquemas en absoluto y, por lo tanto, crea y agrega nuevos esquemas. Como resultado, el c\u00f3digo no funciona como se esperaba para el ajuste de esquemas en l\u00ednea y podr\u00eda tener una huella de memoria mayor a la esperada. Todos los esquemas est\u00e1n en el contexto DAMON, por lo que no pierde memoria. Elimine la suposici\u00f3n incorrecta (el contexto DAMON no tendr\u00eda esquemas) en 'damon_sysfs_set_schemes()' para corregir el error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json index c30f7475c21..66119122d33 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48997.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48997", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.503", - "lastModified": "2024-10-21T20:15:11.503", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: tpm: Protect tpm_pm_suspend with locks\n\nCurrently tpm transactions are executed unconditionally in\ntpm_pm_suspend() function, which may lead to races with other tpm\naccessors in the system.\n\nSpecifically, the hw_random tpm driver makes use of tpm_get_random(),\nand this function is called in a loop from a kthread, which means it's\nnot frozen alongside userspace, and so can race with the work done\nduring system suspend:\n\n tpm tpm0: tpm_transmit: tpm_recv: error -52\n tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics\n CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n Call Trace:\n tpm_tis_status.cold+0x19/0x20\n tpm_transmit+0x13b/0x390\n tpm_transmit_cmd+0x20/0x80\n tpm1_pm_suspend+0xa6/0x110\n tpm_pm_suspend+0x53/0x80\n __pnp_bus_suspend+0x35/0xe0\n __device_suspend+0x10f/0x350\n\nFix this by calling tpm_try_get_ops(), which itself is a wrapper around\ntpm_chip_start(), but takes the appropriate mutex.\n\n[Jason: reworked commit message, added metadata]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: char: tpm: Proteger tpm_pm_suspend con bloqueos Actualmente, las transacciones tpm se ejecutan incondicionalmente en la funci\u00f3n tpm_pm_suspend(), lo que puede generar ejecuciones con otros accesores tpm en el sistema. Espec\u00edficamente, el controlador tpm hw_random hace uso de tpm_get_random(), y esta funci\u00f3n se llama en un bucle desde un kthread, lo que significa que no est\u00e1 congelada junto con el espacio de usuario, y por lo tanto puede competir con el trabajo realizado durante la suspensi\u00f3n del sistema: tpm tpm0: tpm_transmit: tpm_recv: error -52 tpm tpm0: TPM_STS.x 0xff no v\u00e1lido, volcando pila para an\u00e1lisis forense CPU: 0 PID: 1 Comm: init No contaminado 6.1.0-rc5+ #135 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Rastreo de llamadas: tpm_tis_status.cold+0x19/0x20 tpm_transmit+0x13b/0x390 tpm_transmit_cmd+0x20/0x80 tpm1_pm_suspend+0xa6/0x110 tpm_pm_suspend+0x53/0x80 __pnp_bus_suspend+0x35/0xe0 __device_suspend+0x10f/0x350 Solucione este problema llamando a tpm_try_get_ops(), que es un contenedor de tpm_chip_start(), pero toma el mutex apropiado. [Jason: mensaje de confirmaci\u00f3n redise\u00f1ado, metadatos agregados]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json index 9fcf0162db9..4ea556b0158 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48998.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48998", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.570", - "lastModified": "2024-10-21T20:15:11.570", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf/32: Fix Oops on tail call tests\n\ntest_bpf tail call tests end up as:\n\n test_bpf: #0 Tail call leaf jited:1 85 PASS\n test_bpf: #1 Tail call 2 jited:1 111 PASS\n test_bpf: #2 Tail call 3 jited:1 145 PASS\n test_bpf: #3 Tail call 4 jited:1 170 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 190 PASS\n test_bpf: #5 Tail call load/store jited:1\n BUG: Unable to handle kernel data access on write at 0xf1b4e000\n Faulting instruction address: 0xbe86b710\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K MMU=Hash PowerMac\n Modules linked in: test_bpf(+)\n CPU: 0 PID: 97 Comm: insmod Not tainted 6.1.0-rc4+ #195\n Hardware name: PowerMac3,1 750CL 0x87210 PowerMac\n NIP: be86b710 LR: be857e88 CTR: be86b704\n REGS: f1b4df20 TRAP: 0300 Not tainted (6.1.0-rc4+)\n MSR: 00009032 CR: 28008242 XER: 00000000\n DAR: f1b4e000 DSISR: 42000000\n GPR00: 00000001 f1b4dfe0 c11d2280 00000000 00000000 00000000 00000002 00000000\n GPR08: f1b4e000 be86b704 f1b4e000 00000000 00000000 100d816a f2440000 fe73baa8\n GPR16: f2458000 00000000 c1941ae4 f1fe2248 00000045 c0de0000 f2458030 00000000\n GPR24: 000003e8 0000000f f2458000 f1b4dc90 3e584b46 00000000 f24466a0 c1941a00\n NIP [be86b710] 0xbe86b710\n LR [be857e88] __run_one+0xec/0x264 [test_bpf]\n Call Trace:\n [f1b4dfe0] [00000002] 0x2 (unreliable)\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThis is a tentative to write above the stack. The problem is encoutered\nwith tests added by commit 38608ee7b690 (\"bpf, tests: Add load store\ntest case for tail call\")\n\nThis happens because tail call is done to a BPF prog with a different\nstack_depth. At the time being, the stack is kept as is when the caller\ntail calls its callee. But at exit, the callee restores the stack based\non its own properties. Therefore here, at each run, r1 is erroneously\nincreased by 32 - 16 = 16 bytes.\n\nThis was done that way in order to pass the tail call count from caller\nto callee through the stack. As powerpc32 doesn't have a red zone in\nthe stack, it was necessary the maintain the stack as is for the tail\ncall. But it was not anticipated that the BPF frame size could be\ndifferent.\n\nLet's take a new approach. Use register r4 to carry the tail call count\nduring the tail call, and save it into the stack at function entry if\nrequired. This means the input parameter must be in r3, which is more\ncorrect as it is a 32 bits parameter, then tail call better match with\nnormal BPF function entry, the down side being that we move that input\nparameter back and forth between r3 and r4. That can be optimised later.\n\nDoing that also has the advantage of maximising the common parts between\ntail calls and a normal function exit.\n\nWith the fix, tail call tests are now successfull:\n\n test_bpf: #0 Tail call leaf jited:1 53 PASS\n test_bpf: #1 Tail call 2 jited:1 115 PASS\n test_bpf: #2 Tail call 3 jited:1 154 PASS\n test_bpf: #3 Tail call 4 jited:1 165 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 101 PASS\n test_bpf: #5 Tail call load/store jited:1 141 PASS\n test_bpf: #6 Tail call error path, max count reached jited:1 994 PASS\n test_bpf: #7 Tail call count preserved across function calls jited:1 140975 PASS\n test_bpf: #8 Tail call error path, NULL target jited:1 110 PASS\n test_bpf: #9 Tail call error path, index out of range jited:1 69 PASS\n test_bpf: test_tail_calls: Summary: 10 PASSED, 0 FAILED, [10/10 JIT'ed]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/bpf/32: Se ha corregido el error Oops en las pruebas de llamadas de cola. Las pruebas de llamadas de cola test_bpf terminan como: test_bpf: #0 Tail call leaf jited:1 85 PASS test_bpf: #1 Tail call 2 jited:1 111 PASS test_bpf: #2 Tail call 3 jited:1 145 PASS test_bpf: #3 Tail call 4 jited:1 170 PASS test_bpf: #4 Tail call load/store leaf jited:1 190 PASS test_bpf: #5 Tail call load/store jited:1 ERROR: No se puede manejar el acceso a los datos del kernel en escritura en 0xf1b4e000 Direcci\u00f3n de instrucci\u00f3n err\u00f3nea: 0xbe86b710 Oops: Acceso al kernel de un \u00e1rea defectuosa, firma: 11 [#1] BE PAGE_SIZE=4K MMU=Hash M\u00f3dulos PowerMac vinculados en: test_bpf(+) CPU: 0 PID: 97 Comm: insmod No contaminado 6.1.0-rc4+ #195 Nombre del hardware: PowerMac3,1 750CL 0x87210 PowerMac NIP: be86b710 LR: be857e88 CTR: be86b704 REGS: f1b4df20 TRAP: 0300 No contaminado (6.1.0-rc4+) MSR: 00009032 CR: 28008242 XER: 00000000 DAR: f1b4e000 DSISR: 42000000 GPR00: 00000001 f1b4dfe0 c11d2280 00000000 00000000 00000000 00000002 00000000 GPR08: f1b4e000 be86b704 f1b4e000 00000000 00000000 100d816a f2440000 fe73baa8 GPR16: f2458000 00000000 c1941ae4 f1fe2248 00000045 c0de0000 f2458030 00000000 GPR24: 000003e8 0000000f f2458000 f1b4dc90 3e584b46 00000000 f24466a0 c1941a00 NIP [be86b710] 0xbe86b710 LR [be857e88] __run_one+0xec/0x264 [test_bpf] Seguimiento de llamada: [f1b4dfe0] [00000002] 0x2 (no confiable) Volcado de instrucci\u00f3n: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX ---[ fin del seguimiento 000000000000000 ]--- Esto es una tentativa de escribir sobre la pila. El problema se encuentra con las pruebas agregadas por el commit 38608ee7b690 (\"bpf, pruebas: Agregar caso de prueba de almacenamiento de carga para llamada de cola\") Esto sucede porque la llamada de cola se realiza a un programa BPF con una profundidad de pila diferente. En ese momento, la pila se mantiene como est\u00e1 cuando el llamador llama a la cola de su llamado. Pero al salir, el llamado restaura la pila en funci\u00f3n de sus propias propiedades. Por lo tanto, aqu\u00ed, en cada ejecuci\u00f3n, r1 se incrementa err\u00f3neamente en 32 - 16 = 16 bytes. Esto se hizo de esa manera para pasar el recuento de llamadas de cola del llamador al llamado a trav\u00e9s de la pila. Como powerpc32 no tiene una zona roja en la pila, fue necesario mantener la pila como est\u00e1 para la llamada de cola. Pero no se anticip\u00f3 que el tama\u00f1o del marco BPF podr\u00eda ser diferente. Tomemos un nuevo enfoque. Use el registro r4 para llevar el recuento de llamadas de cola durante la llamada de cola y gu\u00e1rdelo en la pila en la entrada de la funci\u00f3n si es necesario. Esto significa que el par\u00e1metro de entrada debe estar en r3, lo cual es m\u00e1s correcto ya que es un par\u00e1metro de 32 bits, por lo que la llamada de cola coincide mejor con la entrada de la funci\u00f3n BPF normal, la desventaja es que movemos ese par\u00e1metro de entrada de ida y vuelta entre r3 y r4. Esto se puede optimizar m\u00e1s adelante. Hacer eso tambi\u00e9n tiene la ventaja de maximizar las partes comunes entre las llamadas de cola y una salida de funci\u00f3n normal. Con la correcci\u00f3n, las pruebas de llamadas de cola ahora son exitosas: test_bpf: #0 Hoja de llamada de cola jited:1 53 PASS test_bpf: #1 Llamada de cola 2 jited:1 115 PASS test_bpf: #2 Llamada de cola 3 jited:1 154 PASS test_bpf: #3 Llamada de cola 4 jited:1 165 PASS test_bpf: #4 Hoja de carga/almacenamiento de llamadas de cola jited:1 101 PASS test_bpf: #5 Carga/almacenamiento de llamadas de cola jited:1 141 PASS test_bpf: #6 Ruta de error de llamada de cola, recuento m\u00e1ximo alcanzado jited:1 994 PASS test_bpf: #7 Recuento de llamadas de cola conservado en todas las llamadas de funci\u00f3n jited:1 140975 PASS test_bpf: #8 Ruta de error de llamada de cola, objetivo NULL jited:1 110 PASS test_bpf: #9 --- truncado ----" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json b/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json index 781b46dab30..420740a2839 100644 --- a/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json +++ b/CVE-2022/CVE-2022-489xx/CVE-2022-48999.json @@ -2,13 +2,17 @@ "id": "CVE-2022-48999", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.630", - "lastModified": "2024-10-21T20:15:11.630", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv4: Controlar el intento de eliminar una ruta multipath cuando fib_info contiene una referencia nh Gwangun Jung inform\u00f3 un acceso fuera de los l\u00edmites en fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Los objetos de siguiente salto separados son mutuamente excluyentes con la especificaci\u00f3n multipath heredada. Arreglar fib_nh_match para que regrese si la configuraci\u00f3n de la ruta que se va a eliminar contiene una especificaci\u00f3n de rutas m\u00faltiples mientras fib_info usa un objeto nexthop." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json index 3fc4103908d..21f50f6192b 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49000.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49000", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.710", - "lastModified": "2024-10-21T20:15:11.710", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in has_external_pci()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() before 'return true' to avoid reference count leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se soluciona la fuga de recuento de referencias del dispositivo PCI en has_external_pci(). for_each_pci_dev() se implementa mediante pci_get_device(). El comentario de pci_get_device() dice que aumentar\u00e1 el recuento de referencias para el pci_dev devuelto y tambi\u00e9n disminuir\u00e1 el recuento de referencias para el pci_dev de entrada @from si no es NULL. Si interrumpimos el bucle for_each_pci_dev() con pdev no NULL, debemos llamar a pci_dev_put() para disminuir el recuento de referencias. Agregue el pci_dev_put() faltante antes de 'return true' para evitar la fuga del recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json index 3228c0b3bf4..383836727f9 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49001.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49001", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.773", - "lastModified": "2024-10-21T20:15:11.773", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fix race when vmap stack overflow\n\nCurrently, when detecting vmap stack overflow, riscv firstly switches\nto the so called shadow stack, then use this shadow stack to call the\nget_overflow_stack() to get the overflow stack. However, there's\na race here if two or more harts use the same shadow stack at the same\ntime.\n\nTo solve this race, we introduce spin_shadow_stack atomic var, which\nwill be swap between its own address and 0 in atomic way, when the\nvar is set, it means the shadow_stack is being used; when the var\nis cleared, it means the shadow_stack isn't being used.\n\n[Palmer: Add AQ to the swap, and also some comments.]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: arregla la ejecuci\u00f3n cuando se desborda la pila de vmap Actualmente, al detectar un desbordamiento de la pila de vmap, riscv primero cambia a la llamada pila de sombra, luego usa esta pila de sombra para llamar a get_overflow_stack() para obtener la pila de desbordamiento. Sin embargo, aqu\u00ed hay una ejecuci\u00f3n si dos o m\u00e1s harts usan la misma pila de sombra al mismo tiempo. Para resolver esta ejecuci\u00f3n, introducimos la variable at\u00f3mica spin_shadow_stack, que se intercambiar\u00e1 entre su propia direcci\u00f3n y 0 de forma at\u00f3mica, cuando la variable est\u00e1 configurada, significa que se est\u00e1 usando shadow_stack; cuando la variable se borra, significa que no se est\u00e1 usando shadow_stack. [Palmer: Agrega AQ al intercambio y tambi\u00e9n algunos comentarios]." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json index 0b60354bb45..ceb623dc644 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49002.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49002", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.853", - "lastModified": "2024-10-21T20:15:11.853", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the error path to avoid reference count leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige la p\u00e9rdida de recuento de referencias del dispositivo PCI en dmar_dev_scope_init(). for_each_pci_dev() se implementa mediante pci_get_device(). El comentario de pci_get_device() dice que aumentar\u00e1 el recuento de referencias para el pci_dev devuelto y tambi\u00e9n disminuir\u00e1 el recuento de referencias para el pci_dev de entrada @from si no es NULL. Si interrumpimos el bucle for_each_pci_dev() con pdev no NULL, debemos llamar a pci_dev_put() para disminuir el recuento de referencias. Agregue el pci_dev_put() faltante para la ruta de error para evitar la p\u00e9rdida del recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json index c6541b1429d..badfec8803e 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49003.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49003", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.920", - "lastModified": "2024-10-21T20:15:11.920", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix SRCU protection of nvme_ns_head list\n\nWalking the nvme_ns_head siblings list is protected by the head's srcu\nin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().\nRemoving namespaces from the list also fails to synchronize the srcu.\nConcurrent scan work can therefore cause use-after-frees.\n\nHold the head's srcu lock in nvme_mpath_revalidate_paths() and\nsynchronize with the srcu, not the global RCU, in nvme_ns_remove().\n\nObserved the following panic when making NVMe/RDMA connections\nwith native multipath on the Rocky Linux 8.6 kernel\n(it seems the upstream kernel has the same race condition).\nDisassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;\ncomputing capacity != get_capacity(ns->disk).\nAddress 0x50 is dereferenced because ns->disk is NULL.\nThe NULL disk appears to be the result of concurrent scan work\nfreeing the namespace (note the log line in the middle of the panic).\n\n[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050\n[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064\n[37314.299753] PGD 0 P4D 0\n[37314.299756] Oops: 0000 [#1] SMP PTI\n[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1\n[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018\n[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]\n[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]\n[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3\n[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202\n[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000\n[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800\n[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff\n[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000\n[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000\n[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000\n[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0\n[37315.799267] Call Trace:\n[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]\n[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]\n[37315.961871] ? __blk_mq_free_request+0x6b/0x90\n[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]\n[37316.073371] process_one_work+0x1a7/0x360\n[37316.121318] ? create_worker+0x1a0/0x1a0\n[37316.168227] worker_thread+0x30/0x390\n[37316.212024] ? create_worker+0x1a0/0x1a0\n[37316.258939] kthread+0x10a/0x120\n[37316.297557] ? set_kthread_struct+0x50/0x50\n[37316.347590] ret_from_fork+0x35/0x40\n[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme: se corrige la protecci\u00f3n SRCU de la lista nvme_ns_head El recorrido por la lista de hermanos nvme_ns_head est\u00e1 protegido por el srcu del cabezal en nvme_ns_head_submit_bio() pero no por nvme_mpath_revalidate_paths(). La eliminaci\u00f3n de espacios de nombres de la lista tambi\u00e9n fallo al sincronizar el srcu. Por lo tanto, el trabajo de escaneo simult\u00e1neo puede causar use-after-free. Mantenga el bloqueo del srcu del cabezal en nvme_mpath_revalidate_paths() y sincronice con el srcu, no con el RCU global, en nvme_ns_remove(). Se observ\u00f3 el siguiente p\u00e1nico al realizar conexiones NVMe/RDMA con multipath nativo en el kernel Rocky Linux 8.6 (parece que el kernel ascendente tiene la misma condici\u00f3n de ejecuci\u00f3n). El desensamblaje muestra que la instrucci\u00f3n que fallo es cmp 0x50(%rdx),%rcx; capacidad de c\u00f3mputo != get_capacity(ns->disk). La direcci\u00f3n 0x50 est\u00e1 desreferenciada porque ns->disk es NULL. El disco NULL parece ser el resultado de un trabajo de escaneo simult\u00e1neo que libera el espacio de nombres (observe la l\u00ednea de registro en el medio del p\u00e1nico). [37314.206036] ERROR: no se puede manejar la desreferencia del puntero NULL del n\u00facleo en 0000000000000050 [37314.206036] nvme0n3: se detect\u00f3 un cambio de capacidad de 0 a 11811160064 [37314.299753] PGD 0 P4D 0 [37314.299756] Oops: 0000 [#1] SMP PTI [37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: cargado Tainted: GWX --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1 [37314.299762] Nombre del hardware: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 23/05/2018 [37314.299763] Cola de trabajo: nvme-wq nvme_scan_work [nvme_core] [37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core] [37314.299790] C\u00f3digo: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3 [37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202 [37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000 [37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800 [37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff [37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 000000000000000 [37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000 [37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000 [37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 [37315.713871] CR2: 000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0 [37315.799267] Seguimiento de llamadas: [37315.828515] nvme_update_ns_info+0x1ac/0x250 [n\u00facleo_nvme] [37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [n\u00facleo_nvme] [37315.961871] ? __blk_mq_free_request+0x6b/0x90 [37316.015021] nvme_scan_work+0x151/0x240 [n\u00facleo_nvme] [37316.073371] process_one_work+0x1a7/0x360 [37316.121318] ? crear_trabajador+0x1a0/0x1a0 [37316.168227] subproceso_trabajador+0x30/0x390 [37316.212024] ? crear_trabajador+0x1a0/0x1a0 [37316.258939] kthread+0x10a/0x120 [37316.297557] ? M\u00f3dulos vinculados en: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc superposici\u00f3n nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json index f14fb953314..81f40112ccf 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49004.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49004", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:11.990", - "lastModified": "2024-10-21T20:15:11.990", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sync efi page table's kernel mappings before switching\n\nThe EFI page table is initially created as a copy of the kernel page table.\nWith VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area:\nif the stack is allocated in a new PGD (one that was not present at the\nmoment of the efi page table creation or not synced in a previous vmalloc\nfault), the kernel will take a trap when switching to the efi page table\nwhen the vmalloc kernel stack is accessed, resulting in a kernel panic.\n\nFix that by updating the efi kernel mappings before switching to the efi\npage table." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Sincronizar las asignaciones de kernel de la tabla de p\u00e1ginas efi antes de cambiar La tabla de p\u00e1ginas efi se crea inicialmente como una copia de la tabla de p\u00e1ginas del kernel. Con VMAP_STACK habilitado, las pilas del kernel se asignan en el \u00e1rea vmalloc: si la pila se asigna en un nuevo PGD (uno que no estaba presente en el momento de la creaci\u00f3n de la tabla de p\u00e1ginas efi o no se sincroniz\u00f3 en un error vmalloc anterior), el kernel tomar\u00e1 una trampa al cambiar a la tabla de p\u00e1ginas efi cuando se accede a la pila del kernel vmalloc, lo que resulta en un p\u00e1nico del kernel. Solucione eso actualizando las asignaciones de kernel efi antes de cambiar a la tabla de p\u00e1ginas efi." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json index 436ef927fa4..02ab23c07b0 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49005.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49005", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.040", - "lastModified": "2024-10-21T20:15:12.040", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Fix bounds check for _sx controls\n\nFor _sx controls the semantics of the max field is not the usual one, max\nis the number of steps rather than the maximum value. This means that our\ncheck in snd_soc_put_volsw_sx() needs to just check against the maximum\nvalue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Fix bounds check for _sx controls Para los controles _sx, la sem\u00e1ntica del campo max no es la habitual, max es el n\u00famero de pasos en lugar del valor m\u00e1ximo. Esto significa que nuestra comprobaci\u00f3n en snd_soc_put_volsw_sx() solo debe comprobarse con el valor m\u00e1ximo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json index 104194936fc..5e87e599fcf 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49006.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49006", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.103", - "lastModified": "2024-10-21T20:15:12.103", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free buffers when a used dynamic event is removed\n\nAfter 65536 dynamic events have been added and removed, the \"type\" field\nof the event then uses the first type number that is available (not\ncurrently used by other events). A type number is the identifier of the\nbinary blobs in the tracing ring buffer (known as events) to map them to\nlogic that can parse the binary blob.\n\nThe issue is that if a dynamic event (like a kprobe event) is traced and\nis in the ring buffer, and then that event is removed (because it is\ndynamic, which means it can be created and destroyed), if another dynamic\nevent is created that has the same number that new event's logic on\nparsing the binary blob will be used.\n\nTo show how this can be an issue, the following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # for i in `seq 65536`; do\n echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events\n # done\n\nFor every iteration of the above, the writing to the kprobe_events will\nremove the old event and create a new one (with the same format) and\nincrease the type number to the next available on until the type number\nreaches over 65535 which is the max number for the 16 bit type. After it\nreaches that number, the logic to allocate a new number simply looks for\nthe next available number. When an dynamic event is removed, that number\nis then available to be reused by the next dynamic event created. That is,\nonce the above reaches the max number, the number assigned to the event in\nthat loop will remain the same.\n\nNow that means deleting one dynamic event and created another will reuse\nthe previous events type number. This is where bad things can happen.\nAfter the above loop finishes, the kprobes/foo event which reads the\ndo_sys_openat2 function call's first parameter as an integer.\n\n # echo 1 > kprobes/foo/enable\n # cat /etc/passwd > /dev/null\n # cat trace\n cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n # echo 0 > kprobes/foo/enable\n\nNow if we delete the kprobe and create a new one that reads a string:\n\n # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events\n\nAnd now we can the trace:\n\n # cat trace\n sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\n---truncated---" + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free buffers when a used dynamic event is removed\n\nAfter 65536 dynamic events have been added and removed, the \"type\" field\nof the event then uses the first type number that is available (not\ncurrently used by other events). A type number is the identifier of the\nbinary blobs in the tracing ring buffer (known as events) to map them to\nlogic that can parse the binary blob.\n\nThe issue is that if a dynamic event (like a kprobe event) is traced and\nis in the ring buffer, and then that event is removed (because it is\ndynamic, which means it can be created and destroyed), if another dynamic\nevent is created that has the same number that new event's logic on\nparsing the binary blob will be used.\n\nTo show how this can be an issue, the following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # for i in `seq 65536`; do\n echo 'p:kprobes/foo do_sys_openat2 $arg1:u32' > kprobe_events\n # done\n\nFor every iteration of the above, the writing to the kprobe_events will\nremove the old event and create a new one (with the same format) and\nincrease the type number to the next available on until the type number\nreaches over 65535 which is the max number for the 16 bit type. After it\nreaches that number, the logic to allocate a new number simply looks for\nthe next available number. When an dynamic event is removed, that number\nis then available to be reused by the next dynamic event created. That is,\nonce the above reaches the max number, the number assigned to the event in\nthat loop will remain the same.\n\nNow that means deleting one dynamic event and created another will reuse\nthe previous events type number. This is where bad things can happen.\nAfter the above loop finishes, the kprobes/foo event which reads the\ndo_sys_openat2 function call's first parameter as an integer.\n\n # echo 1 > kprobes/foo/enable\n # cat /etc/passwd > /dev/null\n # cat trace\n cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n # echo 0 > kprobes/foo/enable\n\nNow if we delete the kprobe and create a new one that reads a string:\n\n # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events\n\nAnd now we can the trace:\n\n # cat trace\n sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????????????????????????????????????????????????????????\"\n cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????????????????????????????????????????????????????????\"\n cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????????????????????????????????????????????????????????\"\n cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1=\"???????????????????????????????????????\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: B\u00faferes libres cuando se elimina un evento din\u00e1mico usado Despu\u00e9s de que se hayan agregado y eliminado 65536 eventos din\u00e1micos, el campo \"tipo\" del evento usa el primer n\u00famero de tipo que est\u00e1 disponible (no usado actualmente por otros eventos). Un n\u00famero de tipo es el identificador de los blobs binarios en el b\u00fafer de anillo de rastreo (conocidos como eventos) para mapearlos a la l\u00f3gica que puede analizar el blob binario. El problema es que si se rastrea un evento din\u00e1mico (como un evento kprobe) y est\u00e1 en el b\u00fafer de anillo, y luego ese evento se elimina (porque es din\u00e1mico, lo que significa que se puede crear y destruir), si se crea otro evento din\u00e1mico que tenga el mismo n\u00famero, se usar\u00e1 la l\u00f3gica de ese nuevo evento al analizar el blob binario. Para mostrar c\u00f3mo esto puede ser un problema, lo siguiente puede bloquear el kernel: # cd /sys/kernel/tracing # for i in `seq 65536`; Para cada iteraci\u00f3n de lo anterior, la escritura en kprobe_events eliminar\u00e1 el evento anterior y crear\u00e1 uno nuevo (con el mismo formato) y aumentar\u00e1 el n\u00famero de tipo al siguiente disponible hasta que el n\u00famero de tipo alcance m\u00e1s de 65535, que es el n\u00famero m\u00e1ximo para el tipo de 16 bits. Despu\u00e9s de que alcanza ese n\u00famero, la l\u00f3gica para asignar un nuevo n\u00famero simplemente busca el siguiente n\u00famero disponible. Cuando se elimina un evento din\u00e1mico, ese n\u00famero est\u00e1 disponible para ser reutilizado por el pr\u00f3ximo evento din\u00e1mico creado. Es decir, una vez que lo anterior alcanza el n\u00famero m\u00e1ximo, el n\u00famero asignado al evento en ese bucle seguir\u00e1 siendo el mismo. Ahora, eso significa que eliminar un evento din\u00e1mico y crear otro reutilizar\u00e1 el n\u00famero de tipo de eventos anteriores. Aqu\u00ed es donde pueden suceder cosas malas. Despu\u00e9s de que finaliza el bucle anterior, el evento kprobes/foo que lee el primer par\u00e1metro de la llamada a la funci\u00f3n do_sys_openat2 como un entero. # echo 1 > kprobes/foo/enable # cat /etc/passwd > /dev/null # cat seguimiento cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196 # echo 0 > kprobes/foo/enable Ahora si borramos el kprobe y creamos uno nuevo que lea una cadena: # echo 'p:kprobes/foo do_sys_openat2 +0($arg2):string' > kprobe_events Y ahora podemos hacer el trace: # cat trace sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????? ????????????????????????????????????????????????????????????????\" cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????\" cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????????? ??????????????????????????????????????????????????\" cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1=\"????????????????????????????????????????? ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json index fb01532b59a..740c8ab3601 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49007.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49007", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.197", - "lastModified": "2024-10-21T20:15:12.197", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()\n\nSyzbot reported a null-ptr-deref bug:\n\n NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP\n frequency < 30 seconds\n general protection fault, probably for non-canonical address\n 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 1 PID: 3603 Comm: segctord Not tainted\n 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google\n 10/11/2022\n RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0\n fs/nilfs2/alloc.c:608\n Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00\n 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02\n 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7\n RSP: 0018:ffffc90003dff830 EFLAGS: 00010212\n RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d\n RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010\n RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f\n R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158\n R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004\n FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0\n Call Trace:\n \n nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline]\n nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193\n nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236\n nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940\n nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline]\n nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline]\n nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088\n nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337\n nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568\n nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018\n nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067\n nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline]\n nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline]\n nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045\n nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]\n nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570\n kthread+0x2e4/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \n ...\n\nIf DAT metadata file is corrupted on disk, there is a case where\nreq->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during\na b-tree operation that cascadingly updates ancestor nodes of the b-tree,\nbecause nilfs_dat_commit_alloc() for a lower level block can initialize\nthe blocknr on the same DAT entry between nilfs_dat_prepare_end() and\nnilfs_dat_commit_end().\n\nIf this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free()\nwithout valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and\ncauses the NULL pointer dereference above in\nnilfs_palloc_commit_free_entry() function, which leads to a crash.\n\nFix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh\nbefore nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free().\n\nThis also calls nilfs_error() in that case to notify that there is a fatal\nflaw in the filesystem metadata and prevent further operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrige la desreferencia de puntero NULL en nilfs_palloc_commit_free_entry() Syzbot inform\u00f3 un error de desreferencia de puntero nulo: NILFS (loop0): segctord iniciando. Intervalo de construcci\u00f3n = 5 segundos, frecuencia de CP < 30 segundos. fallo de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en rango [0x000000000000010-0x0000000000000017] CPU: 1 PID: 3603 Comm: segctord No contaminado 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0 fs/nilfs2/alloc.c:608 C\u00f3digo: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 ser a6 00 00 00 48 c7 c7 RSP: 0018:ffffc90003dff830 EFLAGS: 00010212 RAX: dffffc00000000000 RBX: ffff88802594e218 RCX: 000000000000000d RDX: 00000000000000002 RSI: 0000000000002000 RDI: 0000000000000010 RBP: ffff888071880222 R08: 000000000000005 R09: 000000000000003f R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158 R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004 FS: 000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0 Seguimiento de llamadas: nilfs_dat_commit_free fs/nilfs2/dat.c:114 [en l\u00ednea] nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193 nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236 nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940 nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [en l\u00ednea] nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [en l\u00ednea] nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088 nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337 nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568 nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018 nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067 nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [en l\u00ednea] nilfs_segctor_collect fs/nilfs2/segment.c:1503 [en l\u00ednea] nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045 nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [en l\u00ednea] nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 ... Si el archivo de metadatos DAT est\u00e1 da\u00f1ado en el disco, existe un caso en el que req->pr_desc_bh es NULL y blocknr es 0 en nilfs_dat_commit_end() durante una operaci\u00f3n de \u00e1rbol b que actualiza en cascada los nodos ancestros del \u00e1rbol b, porque nilfs_dat_commit_alloc() para un bloque de nivel inferior puede inicializar el blocknr en la misma entrada DAT entre nilfs_dat_prepare_end() y nilfs_dat_commit_end(). Si esto sucede, nilfs_dat_commit_end() llama a nilfs_dat_commit_free() sin encabezados de b\u00fafer v\u00e1lidos en req->pr_desc_bh y req->pr_bitmap_bh, y provoca la desreferencia del puntero NULL anterior en la funci\u00f3n nilfs_palloc_commit_free_entry(), lo que provoca un bloqueo. Solucione este problema agregando una comprobaci\u00f3n NULL en req->pr_desc_bh y req->pr_bitmap_bh antes de nilfs_palloc_commit_free_entry() en nilfs_dat_commit_free(). Esto tambi\u00e9n llama a nilfs_error() en ese caso para notificar que hay un fallo fatal en los metadatos del sistema de archivos y evitar operaciones futuras." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json index 619359df74a..d9611bfd9cd 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49008.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49008", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.290", - "lastModified": "2024-10-21T20:15:12.290", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down\n\nIn can327_feed_frame_to_netdev(), it did not free the skb when netdev\nis down, and all callers of can327_feed_frame_to_netdev() did not free\nallocated skb too. That would trigger skb leak.\n\nFix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev\nis down. Not tested, just compiled." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: can327: can327_feed_frame_to_netdev(): corrige una posible fuga de skb cuando netdev est\u00e1 inactivo En can327_feed_frame_to_netdev(), no liberaba el skb cuando netdev estaba inactivo, y todos los que llamaban a can327_feed_frame_to_netdev() tampoco liberaban el skb asignado. Eso desencadenar\u00eda una fuga de skb. Arr\u00e9glelo a\u00f1adiendo kfree_skb() en can327_feed_frame_to_netdev() cuando netdev est\u00e9 inactivo. No probado, solo compilado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json index ac37f8a847b..dd6ed05dc80 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49009.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49009", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.373", - "lastModified": "2024-10-21T20:15:12.373", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (asus-ec-sensors) Agregar comprobaciones para devm_kcalloc Como devm_kcalloc puede devolver NULL, se debe comprobar el valor de retorno para evitar la desreferencia del puntero NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json index e57f0679dc0..f61bc0a203b 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49010.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49010", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.433", - "lastModified": "2024-10-21T20:15:12.433", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Check for null before removing sysfs attrs\n\nIf coretemp_add_core() gets an error then pdata->core_data[indx]\nis already NULL and has been kfreed. Don't pass that to\nsysfs_remove_group() as that will crash in sysfs_remove_group().\n\n[Shortened for readability]\n[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'\n\n[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188\n[91855.165103] #PF: supervisor read access in kernel mode\n[91855.194506] #PF: error_code(0x0000) - not-present page\n[91855.224445] PGD 0 P4D 0\n[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI\n...\n[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80\n...\n[91855.796571] Call Trace:\n[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]\n[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]\n[91855.871107] cpuhp_invoke_callback+0x105/0x4b0\n[91855.893432] cpuhp_thread_fun+0x8e/0x150\n...\n\nFix this by checking for NULL first." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (coretemp) Verificar si hay valores nulos antes de eliminar los atributos de sysfs Si coretemp_add_core() obtiene un error, entonces pdata->core_data[indx] ya es NULL y se ha liberado. No pase eso a sysfs_remove_group() ya que eso bloquear\u00e1 sysfs_remove_group(). [Abreviado para facilitar la lectura] [91854.020159] sysfs: no se puede crear un nombre de archivo duplicado '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label' [91855.126115] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000188 [91855.165103] #PF: acceso de lectura del supervisor en modo kernel [91855.194506] #PF: error_code(0x0000) - p\u00e1gina no presente [91855.224445] PGD 0 P4D 0 [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI ... [91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80 ... [91855.796571] Seguimiento de llamadas: [91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp] [91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp] [91855.871107] cpuhp_invoke_callback+0x105/0x4b0 [91855.893432] cpuhp_thread_fun+0x8e/0x150 ... Solucione esto comprobando primero si es NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json index 5091621e056..2f44140efe4 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49011.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49011", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.500", - "lastModified": "2024-10-21T20:15:12.500", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it after using to avoid refcount leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (coretemp) corrige la p\u00e9rdida de recuento de referencias del dispositivo pci en nv1a_ram_new() Como dice el comentario de pci_get_domain_bus_and_slot(), devuelve un dispositivo pci con un incremento de recuento de referencias, cuando termina de usarlo, el llamador debe disminuir el recuento de referencias llamando a pci_dev_put(). Por lo tanto, ll\u00e1melo despu\u00e9s de usarlo para evitar la p\u00e9rdida de recuento de referencias." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json index 10c8d8019db..bc5e0a79195 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49012.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49012", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.573", - "lastModified": "2024-10-21T20:15:12.573", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix server->active leak in afs_put_server\n\nThe atomic_read was accidentally replaced with atomic_inc_return,\nwhich prevents the server from getting cleaned up and causes rmmod\nto hang with a warning:\n\n Can't purge s=00000001" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: Se corrige la fuga de server->active en afs_put_server. atomic_read se reemplaz\u00f3 accidentalmente con atomic_inc_return, lo que evita que se limpie el servidor y hace que rmmod se cuelgue con una advertencia: No se puede purgar s=00000001" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json index 176497f8781..4dc7e36801b 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49013.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49013", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.637", - "lastModified": "2024-10-21T20:15:12.637", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix memory leak in sctp_stream_outq_migrate()\n\nWhen sctp_stream_outq_migrate() is called to release stream out resources,\nthe memory pointed to by prio_head in stream out is not released.\n\nThe memory leak information is as follows:\n unreferenced object 0xffff88801fe79f80 (size 64):\n comm \"sctp_repo\", pid 7957, jiffies 4294951704 (age 36.480s)\n hex dump (first 32 bytes):\n 80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................\n 90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................\n backtrace:\n [] kmalloc_trace+0x26/0x60\n [] sctp_sched_prio_set+0x4cc/0x770\n [] sctp_stream_init_ext+0xd2/0x1b0\n [] sctp_sendmsg_to_asoc+0x1614/0x1a30\n [] sctp_sendmsg+0xda1/0x1ef0\n [] inet_sendmsg+0x9d/0xe0\n [] sock_sendmsg+0xd3/0x120\n [] __sys_sendto+0x23a/0x340\n [] __x64_sys_sendto+0xe1/0x1b0\n [] do_syscall_64+0x39/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: se corrige la p\u00e9rdida de memoria en sctp_stream_outq_migrate() Cuando se llama a sctp_stream_outq_migrate() para liberar recursos de salida de flujo, la memoria a la que apunta prio_head en salida de flujo no se libera. La informaci\u00f3n de p\u00e9rdida de memoria es la siguiente: objeto sin referencia 0xffff88801fe79f80 (tama\u00f1o 64): comm \"sctp_repo\", pid 7957, jiffies 4294951704 (edad 36.480s) volcado hexadecimal (primeros 32 bytes): 80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................ 90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................ backtrace: [] kmalloc_trace+0x26/0x60 [] sctp_sched_prio_set+0x4cc/0x770 [] sctp_stream_init_ext+0xd2/0x1b0 [] sctp_sendmsg_to_asoc+0x1614/0x1a30 [] sctp_sendmsg+0xda1/0x1ef0 [] inet_sendmsg+0x9d/0xe0 [] sock_sendmsg+0xd3/0x120 [] __sys_sendto+0x23a/0x340 [] __x64_sys_sendto+0xe1/0x1b0 [] hacer_llamada_al_sistema_64+0x39/0xb0 [] entrada_LLAMADA_AL_SISTEMA_64_despu\u00e9s_de_hwframe+0x63/0xcd" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json index ec5c2d573f7..32e09da9ccd 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49014.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49014", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.707", - "lastModified": "2024-10-21T20:15:12.707", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix use-after-free in tun_detach()\n\nsyzbot reported use-after-free in tun_detach() [1]. This causes call\ntrace like below:\n\n==================================================================\nBUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\nRead of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673\n\nCPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x461 mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\n call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10237 [inline]\n netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351\n tun_detach drivers/net/tun.c:704 [inline]\n tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467\n __fput+0x27c/0xa90 fs/file_table.c:320\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xb3d/0x2a30 kernel/exit.c:820\n do_group_exit+0xd4/0x2a0 kernel/exit.c:950\n get_signal+0x21b1/0x2440 kernel/signal.c:2858\n arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869\n exit_to_user_mode_loop kernel/entry/common.c:168 [inline]\n exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296\n do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that sock_put() from __tun_detach() drops\nlast reference count for struct net, and then notifier_call_chain()\nfrom netdev_state_change() accesses that struct net.\n\nThis patch fixes the issue by calling sock_put() from tun_detach()\nafter all necessary accesses for the struct net has done." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tun: Se corrige el use after free en tun_detach() syzbot inform\u00f3 use after free en tun_detach() [1]. Esto provoca un seguimiento de llamadas como el siguiente: ==================================================================== ERROR: KASAN: use after free en notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88807324e2a8 por la tarea syz-executor.0/3673 CPU: 0 PID: 3673 Comm: syz-executor.0 No contaminado 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x15e/0x461 mm/kasan/report.c:395 kasan_report+0xbf/0x1f0 mm/kasan/report.c:495 notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75 call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942 call_netdevice_notifiers_extack net/core/dev.c:1983 [en l\u00ednea] llamar_notificadores_dispositivos_de_red net/core/dev.c:1997 [en l\u00ednea] netdev_wait_allrefs_any net/core/dev.c:10237 [en l\u00ednea] netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351 tun_detach drivers/net/tun.c:704 [en l\u00ednea] tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467 __fput+0x27c/0xa90 fs/file_table.c:320 tarea_trabajo_ejecutar+0x16f/0x270 kernel/tarea_trabajo.c:179 salir_tarea_trabajo incluir/linux/tarea_trabajo.h:38 [en l\u00ednea] hacer_salir+0xb3d/0x2a30 kernel/exit.c:820 hacer_grupo_salir+0xd4/0x2a0 kernel/exit.c:950 obtener_se\u00f1al+0x21b1/0x2440 kernel/se\u00f1al.c:2858 arch_hacer_se\u00f1al_o_reiniciar+0x86/0x2300 arch/x86/kernel/signal.c:869 bucle_salir_a_modo_usuario kernel/entry/common.c:168 [en l\u00ednea] preparar_salir_a_modo_usuario+0x15f/0x250 kernel/entry/common.c:203 __syscall_salir_a_modo_usuario_trabajo kernel/entry/common.c:285 [en l\u00ednea] syscall_salir_a_modo_usuario+0x1d/0x50 kernel/entry/common.c:296 La causa del problema es que sock_put() de __tun_detach() descarta el \u00faltimo recuento de referencias para struct net y luego notifier_call_chain() de netdev_state_change() accede a ese struct net. Este parche corrige el problema llamando a sock_put() desde tun_detach() despu\u00e9s de que se hayan realizado todos los accesos necesarios para struct net." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json index c4d924aa02f..8165178377f 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49015.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49015", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.787", - "lastModified": "2024-10-21T20:15:12.787", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: Fix potential use-after-free\n\nThe skb is delivered to netif_rx() which may free it, after calling this,\ndereferencing skb may trigger use-after-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net:hsr: Se corrige un posible use after free. El skb se entrega a netif_rx() que puede liberarlo; despu\u00e9s de llamarlo, desreferenciar skb puede desencadenar un use after free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json index 0ef08c9f6fd..37eaf408d56 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49016.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49016", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.840", - "lastModified": "2024-10-21T20:15:12.840", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdiobus: fix unbalanced node reference count\n\nI got the following report while doing device(mscc-miim) load test\nwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 2,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0\n\nIf the 'fwnode' is not an acpi node, the refcount is get in\nfwnode_mdiobus_phy_device_register(), but it has never been\nput when the device is freed in the normal path. So call\nfwnode_handle_put() in phy_device_release() to avoid leak.\n\nIf it's an acpi node, it has never been get, but it's put\nin the error path, so call fwnode_handle_get() before\nphy_device_register() to keep get/put operation balanced." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mdiobus: arregla el recuento de referencias de nodos desequilibrados Obtuve el siguiente informe mientras realizaba la prueba de carga del dispositivo (mscc-miim) con CONFIG_OF_UNITTEST y CONFIG_OF_DYNAMIC habilitados: OF: ERROR: p\u00e9rdida de memoria, se esperaba un recuento de referencias 1 en lugar de 2, of_node_get()/of_node_put() desequilibrado - destruye la entrada cset: adjuntar un nodo superpuesto /spi/soc@0/mdio@7107009c/ethernet-phy@0 Si el 'fwnode' no es un nodo acpi, el recuento de referencias se obtiene en fwnode_mdiobus_phy_device_register(), pero nunca se ha colocado cuando el dispositivo se libera en la ruta normal. Entonces llama a fwnode_handle_put() en phy_device_release() para evitar la p\u00e9rdida. Si es un nodo acpi, nunca se ha obtenido, pero se coloca en la ruta de error, por lo que se llama a fwnode_handle_get() antes de phy_device_register() para mantener equilibrada la operaci\u00f3n de obtenci\u00f3n/colocaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json index 40b25f6f2bd..6ab9894de67 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49017.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49017", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.910", - "lastModified": "2024-10-21T20:15:12.910", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: re-fetch skb cb after tipc_msg_validate\n\nAs the call trace shows, the original skb was freed in tipc_msg_validate(),\nand dereferencing the old skb cb would cause an use-after-free crash.\n\n BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n Call Trace:\n \n tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n ...\n Allocated by task 47078:\n kmem_cache_alloc_node+0x158/0x4d0\n __alloc_skb+0x1c1/0x270\n tipc_buf_acquire+0x1e/0xe0 [tipc]\n tipc_msg_create+0x33/0x1c0 [tipc]\n tipc_link_build_proto_msg+0x38a/0x2100 [tipc]\n tipc_link_timeout+0x8b8/0xef0 [tipc]\n tipc_node_timeout+0x2a1/0x960 [tipc]\n call_timer_fn+0x2d/0x1c0\n ...\n Freed by task 47078:\n tipc_msg_validate+0x7b/0x440 [tipc]\n tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n\nThis patch fixes it by re-fetching the skb cb from the new allocated skb\nafter calling tipc_msg_validate()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: volver a obtener el skb cb despu\u00e9s de tipc_msg_validate Como muestra el seguimiento de la llamada, el skb original se liber\u00f3 en tipc_msg_validate(), y desreferenciar el antiguo skb cb causar\u00eda un bloqueo por use after free. ERROR: KASAN: use after free en tipc_crypto_rcv_complete+0x1835/0x2240 [tipc] Seguimiento de llamadas: tipc_crypto_rcv_complete+0x1835/0x2240 [tipc] tipc_crypto_rcv+0xd32/0x1ec0 [tipc] tipc_rcv+0x744/0x1150 [tipc] ... Asignado por la tarea 47078: kmem_cache_alloc_node+0x158/0x4d0 __alloc_skb+0x1c1/0x270 tipc_buf_acquire+0x1e/0xe0 [tipc] tipc_msg_create+0x33/0x1c0 [tipc] tipc_link_build_proto_msg+0x38a/0x2100 [tipc] tipc_link_timeout+0x8b8/0xef0 [tipc] tipc_node_timeout+0x2a1/0x960 [tipc] call_timer_fn+0x2d/0x1c0 ... Liberado por la tarea 47078: tipc_msg_validate+0x7b/0x440 [tipc] tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc] tipc_crypto_rcv+0xd32/0x1ec0 [tipc] tipc_rcv+0x744/0x1150 [tipc] Este parche lo corrige volviendo a obtener el cb skb del nuevo skb asignado despu\u00e9s de llamar a tipc_msg_validate()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json index 0ea1fdff4dd..41d4e7a8974 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49018.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49018", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:12.973", - "lastModified": "2024-10-21T20:15:12.973", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix sleep in atomic at close time\n\nMatt reported a splat at msk close time:\n\n BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\n preempt_count: 201, expected: 0\n RCU nest depth: 0, expected: 0\n 4 locks held by packetdrill/155:\n #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\n #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\n #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\n Preemption disabled at:\n 0x0\n CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Call Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n __might_resched.cold (kernel/sched/core.c:9891)\n __mptcp_destroy_sock (include/linux/kernel.h:110)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_subflow_queue_clean (include/net/sock.h:1777)\n __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n mptcp_destroy_common (net/mptcp/protocol.c:3170)\n mptcp_destroy (include/net/sock.h:1495)\n __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_close (net/mptcp/protocol.c:2974)\n inet_release (net/ipv4/af_inet.c:432)\n __sock_release (net/socket.c:651)\n sock_close (net/socket.c:1367)\n __fput (fs/file_table.c:320)\n task_work_run (kernel/task_work.c:181 (discriminator 1))\n exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\n syscall_exit_to_user_mode (kernel/entry/common.c:130)\n do_syscall_64 (arch/x86/entry/common.c:87)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nWe can't call mptcp_close under the 'fast' socket lock variant, replace\nit with a sock_lock_nested() as the relevant code is already under the\nlistening msk socket lock protection." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: se corrige la suspensi\u00f3n en atomic en el momento del cierre Matt inform\u00f3 un splat en el momento del cierre de msk: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 Profundidad de anidaci\u00f3n de RCU: 0, expected: 0 4 bloqueos mantenidos por packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, en: __sock_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, en: mptcp_close (net/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, en: __mptcp_close_ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, en: __lock_sock_fast (include/net/sock.h:1820) Preempci\u00f3n deshabilitada en: 0x0 CPU: 1 PID: 155 Comm: packetdrill No contaminado 6.1.0-rc5 #365 Nombre del hardware: QEMU PC est\u00e1ndar (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 Seguimiento de llamadas: dump_stack_lvl (lib/dump_stack.c:107 (discriminador 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminador 1)) salir_a_modo_usuario_preparar (include/linux/reanudar_modo_usuario.h:49) No podemos llamar a mptcp_close bajo la variante de bloqueo de socket 'r\u00e1pido', reempl\u00e1celo con sock_lock_nested() ya que el c\u00f3digo relevante ya est\u00e1 bajo la protecci\u00f3n de bloqueo de socket msk de escucha." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json index 8a5aa48f677..3e8c75c2bba 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49019.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49019", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.040", - "lastModified": "2024-10-21T20:15:13.040", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: nixge: fix NULL dereference\n\nIn function nixge_hw_dma_bd_release() dereference of NULL pointer\npriv->rx_bd_v is possible for the case of its allocation failure in\nnixge_hw_dma_bd_init().\n\nMove for() loop with priv->rx_bd_v dereference under the check for\nits validity.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: nixge: fix NULL dereference En la funci\u00f3n nixge_hw_dma_bd_release(), es posible desreferenciar el puntero NULL priv->rx_bd_v en caso de que falle su asignaci\u00f3n en nixge_hw_dma_bd_init(). Mueva el bucle for() con la desreferencia priv->rx_bd_v bajo la verificaci\u00f3n de su validez. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json index 53fa7578de0..3d0e35c2bec 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49020.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49020", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.100", - "lastModified": "2024-10-21T20:15:13.100", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/9p: Se soluciona una posible fuga de socket en p9_socket_open Tanto p9_fd_create_tcp() como p9_fd_create_unix() llamar\u00e1n a p9_socket_open(). Si la creaci\u00f3n de p9_trans_fd fallo, p9_fd_create_tcp() y p9_fd_create_unix() devolver\u00e1n un error directamente en lugar de liberar el cscoket, lo que provocar\u00e1 una fuga de socket. Este parche agrega sock_release() para solucionar el problema de la fuga." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json index aae7a39b2d5..e366d225ba1 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49021.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49021", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.163", - "lastModified": "2024-10-21T20:15:13.163", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix null-ptr-deref while probe() failed\n\nI got a null-ptr-deref report as following when doing fault injection test:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000058\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:klist_put+0x2d/0xd0\nCall Trace:\n \n klist_remove+0xf1/0x1c0\n device_release_driver_internal+0x23e/0x2d0\n bus_remove_device+0x1bd/0x240\n device_del+0x357/0x770\n phy_device_remove+0x11/0x30\n mdiobus_unregister+0xa5/0x140\n release_nodes+0x6a/0xa0\n devres_release_all+0xf8/0x150\n device_unbind_cleanup+0x19/0xd0\n\n//probe path:\nphy_device_register()\n device_add()\n\nphy_connect\n phy_attach_direct() //set device driver\n probe() //it's failed, driver is not bound\n device_bind_driver() // probe failed, it's not called\n\n//remove path:\nphy_device_remove()\n device_del()\n device_release_driver_internal()\n __device_release_driver() //dev->drv is not NULL\n klist_remove() <- knode_driver is not added yet, cause null-ptr-deref\n\nIn phy_attach_direct(), after setting the 'dev->driver', probe() fails,\ndevice_bind_driver() is not called, so the knode_driver->n_klist is not\nset, then it causes null-ptr-deref in __device_release_driver() while\ndeleting device. Fix this by setting dev->driver to NULL in the error\npath in phy_attach_direct()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: fix null-ptr-deref while probe() failed Obtuve un informe null-ptr-deref como el siguiente al realizar la prueba de inyecci\u00f3n de fallos: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000058 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: GBN 6.1.0-rc3+ Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:klist_put+0x2d/0xd0 Rastreo de llamadas: klist_remove+0xf1/0x1c0 device_release_driver_internal+0x23e/0x2d0 bus_remove_device+0x1bd/0x240 device_del+0x357/0x770 phy_device_remove+0x11/0x30 mdiobus_unregister+0xa5/0x140 release_nodes+0x6a/0xa0 devres_release_all+0xf8/0x150 device_unbind_cleanup+0x19/0xd0 //ruta de la sonda: phy_device_register() device_add() phy_connect phy_attach_direct() //establecer el controlador del dispositivo probe() //ha fallodo, el controlador no est\u00e1 vinculado device_bind_driver() //la sonda ha fallodo, no se llama //ruta de eliminaci\u00f3n: phy_device_remove() device_del() device_release_driver_internal() __device_release_driver() //dev->drv no es NULL klist_remove() <- knode_driver a\u00fan no se agreg\u00f3, causa null-ptr-deref En phy_attach_direct(), despu\u00e9s de configurar 'dev->driver', probe() fallo, device_bind_driver() no se llama, por lo que knode_driver->n_klist no est\u00e1 configurado, luego causa null-ptr-deref en __device_release_driver() mientras se elimina el dispositivo. Solucione esto configurando dev->driver en NULL en la ruta de error en phy_attach_direct()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json index d7395c293c2..996ff0c0eae 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49022.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49022", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.233", - "lastModified": "2024-10-21T20:15:13.233", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\n\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type 'u16 [12]'\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n \n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x43\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\n ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\n ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\n mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\n mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\n mt76u_tx_status_data+0x67/0xd0 [mt76_usb]\n process_one_work+0x225/0x400\n worker_thread+0x50/0x3e0\n ? process_one_work+0x400/0x400\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac8021: se corrige un posible acceso fuera de los l\u00edmites en ieee80211_get_rate_duration Se corrige un posible acceso fuera de los l\u00edmites en la rutina ieee80211_get_rate_duration seg\u00fan lo informado por el siguiente informe de UBSAN: UBSAN: array-index-out-of-bounds en net/mac80211/airtime.c:455:47 el \u00edndice 15 est\u00e1 fuera de rango para el tipo 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 No contaminado 6.1.0-060100rc3-generic Nombre del hardware: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 18/07/2017 Cola de trabajo: mt76 mt76u_tx_status_data [mt76_usb] Seguimiento de llamadas: show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x43 __ubsan_handle_out_of_bounds.cold+0x42/0x47 ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211] ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211] ieee80211_calc_rx_airtime+0xda/0x120 [mac80211] ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211] mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib] mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib] mt76u_tx_status_data+0x67/0xd0 [mt76_usb] proceso_uno_trabajo+0x225/0x400 subproceso_de_trabajo+0x50/0x3e0 ? proceso_uno_trabajo+0x400/0x400 subproceso_k+0xe9/0x110 ? subproceso_k_completo_y_salida+0x20/0x20 ret_de_la_bifurcaci\u00f3n+0x22/0x30" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json index fe4edaacb30..57f3684a3f1 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49023.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49023", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.290", - "lastModified": "2024-10-21T20:15:13.290", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix buffer overflow in elem comparison\n\nFor vendor elements, the code here assumes that 5 octets\nare present without checking. Since the element itself is\nalready checked to fit, we only need to check the length." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: cfg80211: se corrige el desbordamiento de b\u00fafer en la comparaci\u00f3n de elementos. Para los elementos del proveedor, el c\u00f3digo aqu\u00ed supone que hay 5 octetos presentes sin verificaci\u00f3n. Dado que el elemento en s\u00ed ya est\u00e1 verificado para que encaje, solo necesitamos verificar la longitud." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json index 5886979fd99..b58933ba000 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49024.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49024", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.367", - "lastModified": "2024-10-21T20:15:13.367", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods\n\nIn m_can_pci_remove() and error handling path of m_can_pci_probe(),\nm_can_class_free_dev() should be called to free resource allocated by\nm_can_class_allocate_dev(), otherwise there will be memleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: m_can: pci: agregar m_can_class_free_dev() faltante en los m\u00e9todos probe/remove En m_can_pci_remove() y la ruta de manejo de errores de m_can_pci_probe(), se debe llamar a m_can_class_free_dev() para liberar el recurso asignado por m_can_class_allocate_dev(), de lo contrario habr\u00e1 una fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json index ea8973a4e10..a146963da69 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49025.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49025", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.427", - "lastModified": "2024-10-21T20:15:13.427", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free when reverting termination table\n\nWhen having multiple dests with termination tables and second one\nor afterwards fails the driver reverts usage of term tables but\ndoesn't reset the assignment in attr->dests[num_vport_dests].termtbl\nwhich case a use-after-free when releasing the rule.\nFix by resetting the assignment of termtbl to null." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Se corrige el use after free al revertir la tabla de terminaci\u00f3n Cuando se tienen varios destinos con tablas de terminaci\u00f3n y fallo el segundo o posteriores, el controlador revierte el uso de las tablas de t\u00e9rminos, pero no restablece la asignaci\u00f3n en attr->dests[num_vport_dests].termtbl, en cuyo caso se produce un use after free al liberar la regla. Se soluciona restableciendo la asignaci\u00f3n de termtbl a nulo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json index 24461de209a..93d3a17b505 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49026.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49026", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.490", - "lastModified": "2024-10-21T20:15:13.490", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne100: Fix possible use after free in e100_xmit_prepare\n\nIn e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so\ne100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will\nresend the skb. But the skb is already freed, which will cause UAF bug\nwhen the upper layer resends the skb.\n\nRemove the harmful free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: e100: Se corrige el posible use after free en e100_xmit_prepare En e100_xmit_prepare(), si no podemos mapear el skb, entonces devolvemos -ENOMEM, por lo que e100_xmit_frame() devolver\u00e1 NETDEV_TX_BUSY y la capa superior reenviar\u00e1 el skb. Pero el skb ya est\u00e1 liberado, lo que provocar\u00e1 un error UAF cuando la capa superior reenv\u00ede el skb. Elimine la liberaci\u00f3n da\u00f1ina." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json index 57860f31515..74205aeb462 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49027.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49027", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.563", - "lastModified": "2024-10-21T20:15:13.563", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix error handling in iavf_init_module()\n\nThe iavf_init_module() won't destroy workqueue when pci_register_driver()\nfailed. Call destroy_workqueue() when pci_register_driver() failed to\nprevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: Se ha corregido el manejo de errores en iavf_init_module(). iavf_init_module() no destruir\u00e1 workqueue cuando falle pci_register_driver(). Se llama a destroy_workqueue() cuando falle pci_register_driver() para evitar la p\u00e9rdida de recursos. Similar al manejo de u132_hcd_init en el commit f276e002793c (\"usb: u132-hcd: fix resource leak\")" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json index d3944cf63d0..6456c38bb4f 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49028.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49028", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.627", - "lastModified": "2024-10-21T20:15:13.627", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: Fix resource leak in ixgbevf_init_module()\n\nixgbevf_init_module() won't destroy the workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed. Add\ndestroy_workqueue() in fail path to prevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ixgbevf: Se solucion\u00f3 la p\u00e9rdida de recursos en ixgbevf_init_module() ixgbevf_init_module() no destruir\u00e1 la cola de trabajo creada por create_singlethread_workqueue() cuando pci_register_driver() fall\u00f3. Agregue destroy_workqueue() en la ruta de error para evitar la p\u00e9rdida de recursos. Similar al manejo de u132_hcd_init en el commit f276e002793c (\"usb: u132-hcd: fix resource leak\")" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json index ee187c46e3a..635ba3b9fb6 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49029.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49029", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.690", - "lastModified": "2024-10-21T20:15:13.690", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails\n\nSmatch report warning as follows:\n\ndrivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:\n '&data->list' not removed from list\n\nIf ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will\nbe freed, but data->list will not be removed from driver_data.bmc_data,\nthen list traversal may cause UAF.\n\nFix by removeing it from driver_data.bmc_data before free()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (ibmpex) Se corrige un posible UAF cuando fallo ibmpex_register_bmc() Advertencia de informe de Smatch de la siguiente manera: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' no se elimin\u00f3 de la lista Si ibmpex_find_sensors() fallo en ibmpex_register_bmc(), se liberar\u00e1n los datos, pero data->list no se eliminar\u00e1 de driver_data.bmc_data, entonces el recorrido de la lista puede causar UAF. Se soluciona elimin\u00e1ndolo de driver_data.bmc_data antes de free()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json index 76d7df9d3e5..b22b474242b 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49030.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49030", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.747", - "lastModified": "2024-10-21T20:15:13.747", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Handle size overflow for ringbuf mmap\n\nThe maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries\nwill overflow u32 when mapping producer page and data pages. Only\ncasting max_entries to size_t is not enough, because for 32-bits\napplication on 64-bits kernel the size of read-only mmap region\nalso could overflow size_t.\n\nSo fixing it by casting the size of read-only mmap region into a __u64\nand checking whether or not there will be overflow during mmap." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libbpf: desbordamiento de tama\u00f1o del controlador para ringbuf mmap El tama\u00f1o m\u00e1ximo de ringbuf es de 2 GB en un host x86-64, por lo que 2 * max_entries desbordar\u00e1n u32 al asignar la p\u00e1gina del productor y las p\u00e1ginas de datos. Solo convertir max_entries a size_t no es suficiente, porque para la aplicaci\u00f3n de 32 bits en un kernel de 64 bits, el tama\u00f1o de la regi\u00f3n mmap de solo lectura tambi\u00e9n podr\u00eda desbordar size_t. Entonces, arr\u00e9glelo convirtiendo el tama\u00f1o de la regi\u00f3n mmap de solo lectura en __u64 y verificando si habr\u00e1 o no desbordamiento durante mmap." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json index 304f526225c..7647ab6c201 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49031.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49031", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.807", - "lastModified": "2024-10-21T20:15:13.807", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4403: Fix oob read in afe4403_read_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0\nRead of size 4 at addr ffffffffc02ac638 by task cat/279\n\nCall Trace:\n afe4403_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4403_channel_leds+0x18/0xffffffffffffe9e0\n\nThis issue can be reproduced by singe command:\n\n $ cat /sys/bus/spi/devices/spi0.0/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4403_channel_leds is less than channels, so access\nwith chan->address cause OOB read in afe4403_read_raw. Fix it by moving\naccess before use it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: health: afe4403: Se corrige la lectura oob en el informe de KASAN afe4403_read_raw que indica que la lectura est\u00e1 fuera de los l\u00edmites de la siguiente manera: ERROR: KASAN: global-out-of-bounds en afe4403_read_raw+0x42e/0x4c0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffffffc02ac638 por la tarea cat/279 Seguimiento de llamadas: afe4403_read_raw iio_read_channel_info dev_attr_show La direcci\u00f3n con errores pertenece a la variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 Este problema se puede reproducir con un solo comando: $ cat /sys/bus/spi/devices/spi0.0/iio\\:device0/in_intensity6_raw El tama\u00f1o de la matriz de afe4403_channel_leds es menor que channels, por lo que el acceso con chan->address provoca una lectura OOB en afe4403_read_raw. Solucione el problema moviendo el acceso antes de usarlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json index 645536edbf8..be57b74520e 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49032.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49032", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.877", - "lastModified": "2024-10-21T20:15:13.877", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan->address cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: health: afe4404: Se corrige la lectura oob en el informe de KASAN afe4404_[read|write]_raw de la siguiente manera: ERROR: KASAN: global-out-of-bounds en afe4404_read_raw+0x2ce/0x380 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffffffc00e4658 por la tarea cat/278 Rastreo de llamadas: afe4404_read_raw iio_read_channel_info dev_attr_show La direcci\u00f3n con errores pertenece a la variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 Este problema se puede reproducir con un solo comando: $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw El tama\u00f1o de la matriz de afe4404_channel_leds y afe4404_channel_offdacs son menores que los canales, por lo que el acceso con chan->address provoca una lectura OOB en afe4404_[read|write]_raw. Solucione este problema moviendo el acceso antes de usarlos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json b/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json index b9cb7a376cf..8daf109b870 100644 --- a/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json +++ b/CVE-2022/CVE-2022-490xx/CVE-2022-49033.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49033", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:13.943", - "lastModified": "2024-10-21T20:15:13.943", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()\n\nSyzkaller reported BUG as follows:\n\n BUG: sleeping function called from invalid context at\n include/linux/sched/mm.h:274\n Call Trace:\n \n dump_stack_lvl+0xcd/0x134\n __might_resched.cold+0x222/0x26b\n kmem_cache_alloc+0x2e7/0x3c0\n update_qgroup_limit_item+0xe1/0x390\n btrfs_qgroup_inherit+0x147b/0x1ee0\n create_subvol+0x4eb/0x1710\n btrfs_mksubvol+0xfe5/0x13f0\n __btrfs_ioctl_snap_create+0x2b0/0x430\n btrfs_ioctl_snap_create_v2+0x25a/0x520\n btrfs_ioctl+0x2a1c/0x5ce0\n __x64_sys_ioctl+0x193/0x200\n do_syscall_64+0x35/0x80\n\nFix this by calling qgroup_dirty() on @dstqgroup, and update limit item in\nbtrfs_run_qgroups() later outside of the spinlock context." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: qgroup: correcci\u00f3n del error de suspensi\u00f3n desde un contexto no v\u00e1lido en btrfs_qgroup_inherit() Syzkaller inform\u00f3 de un ERROR como el siguiente: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en include/linux/sched/mm.h:274 Seguimiento de llamadas: dump_stack_lvl+0xcd/0x134 __might_resched.cold+0x222/0x26b kmem_cache_alloc+0x2e7/0x3c0 update_qgroup_limit_item+0xe1/0x390 btrfs_qgroup_inherit+0x147b/0x1ee0 create_subvol+0x4eb/0x1710 btrfs_mksubvol+0xfe5/0x13f0 __btrfs_ioctl_snap_create+0x2b0/0x430 btrfs_ioctl_snap_create_v2+0x25a/0x520 btrfs_ioctl+0x2a1c/0x5ce0 __x64_sys_ioctl+0x193/0x200 do_syscall_64+0x35/0x80 Solucione esto llamando a qgroup_dirty() en @dstqgroup y actualice el elemento de l\u00edmite en btrfs_run_qgroups() m\u00e1s tarde fuera del contexto de spinlock." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-206xx/CVE-2023-20677.json b/CVE-2023/CVE-2023-206xx/CVE-2023-20677.json index f02731f11f1..a6325e4988f 100644 --- a/CVE-2023/CVE-2023-206xx/CVE-2023-20677.json +++ b/CVE-2023/CVE-2023-206xx/CVE-2023-20677.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20677", "sourceIdentifier": "security@mediatek.com", "published": "2023-04-06T18:15:09.357", - "lastModified": "2023-04-12T19:41:24.083", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:08.200", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-125" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26269.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26269.json index ef9488e5e5f..93890f701ac 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26269.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26269.json @@ -2,7 +2,7 @@ "id": "CVE-2023-26269", "sourceIdentifier": "security@apache.org", "published": "2023-04-03T08:15:07.087", - "lastModified": "2023-04-18T03:15:07.593", + "lastModified": "2024-10-23T15:35:10.417", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28707.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28707.json index 352386c0ea0..589de6423cf 100644 --- a/CVE-2023/CVE-2023-287xx/CVE-2023-28707.json +++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28707.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28707", "sourceIdentifier": "security@apache.org", "published": "2023-04-07T15:15:08.067", - "lastModified": "2023-05-22T14:25:13.693", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:10.927", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-289xx/CVE-2023-28935.json b/CVE-2023/CVE-2023-289xx/CVE-2023-28935.json index 0543d6e5180..bd19aea914b 100644 --- a/CVE-2023/CVE-2023-289xx/CVE-2023-28935.json +++ b/CVE-2023/CVE-2023-289xx/CVE-2023-28935.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28935", "sourceIdentifier": "security@apache.org", "published": "2023-03-30T10:15:07.310", - "lastModified": "2023-11-07T04:10:58.823", + "lastModified": "2024-10-23T15:35:11.167", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32418.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32418.json index eee7139349e..69806e19dab 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32418.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32418.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32418", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T01:15:28.293", - "lastModified": "2023-08-01T18:55:34.673", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T14:35:07.963", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json index 69c95eee53c..2f2af8656b1 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33745.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33745", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-27T21:15:13.850", - "lastModified": "2023-08-03T14:01:54.033", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:12.013", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38410.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38410.json index 0a1c1fd6d0b..6e38ec670eb 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38410.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38410.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38410", "sourceIdentifier": "product-security@apple.com", "published": "2023-07-27T00:15:15.767", - "lastModified": "2023-08-01T19:54:15.847", - "vulnStatus": "Analyzed", + "lastModified": "2024-10-23T15:35:13.280", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40154.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40154.json index 43637098a9f..ec104f54cef 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40154.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40154.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40154", "sourceIdentifier": "secure@intel.com", "published": "2024-02-14T14:16:04.627", - "lastModified": "2024-02-14T15:01:46.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:07:44.730", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:system_usage_report:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.1901", + "matchCriteriaId": "1AC422AA-1D3B-4BA4-BB2A-D4A11FB6A708" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01004.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40161.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40161.json index 7423b9871b2..eb37bd5a8a2 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40161.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40161.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40161", "sourceIdentifier": "secure@intel.com", "published": "2024-02-14T14:16:05.137", - "lastModified": "2024-02-14T15:01:46.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:39:39.910", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:unite:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.2.35041", + "matchCriteriaId": "9925A16F-67D5-4E94-9AE1-5097236269D6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00981.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41090.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41090.json index 6acf2d2b014..a725dce700b 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41090.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41090.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41090", "sourceIdentifier": "secure@intel.com", "published": "2024-02-14T14:16:05.373", - "lastModified": "2024-02-14T15:01:46.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:36:17.703", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:memory_and_storage_tool:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3", + "matchCriteriaId": "8ACDA2E9-F0F1-4059-A3DF-7C94C73D16F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00967.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46186.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46186.json index 19efe95a829..e0d16840839 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46186.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46186.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46186", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-14T15:15:08.220", - "lastModified": "2024-02-14T16:13:22.177", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:43:32.647", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -51,14 +71,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.20:*:*:*:*:*:*:*", + "matchCriteriaId": "6F9A0ED2-AF7C-40E0-9178-C63DDDD92763" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269929", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://www.ibm.com/support/pages/node/7116830", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50310.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50310.json index 75a7332937b..95583a8ecd2 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50310.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50310.json @@ -2,13 +2,17 @@ "id": "CVE-2023-50310", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-23T11:15:12.600", - "lastModified": "2024-10-23T11:15:12.600", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval." + }, + { + "lang": "es", + "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 y 9.3 transmite o almacena credenciales de autenticaci\u00f3n, pero utiliza un m\u00e9todo inseguro que es susceptible a la interceptaci\u00f3n y/o recuperaci\u00f3n no autorizadas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5122.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5122.json index 551b4fa38a9..14d4f6dabe4 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5122.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5122.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5122", "sourceIdentifier": "security@grafana.com", "published": "2024-02-14T15:15:08.437", - "lastModified": "2024-05-03T13:15:20.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:50:43.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@grafana.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "security@grafana.com", "type": "Secondary", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.6.13", + "matchCriteriaId": "69CFB8EE-4993-4F22-8A94-AE0000243671" + } + ] + } + ] + } + ], "references": [ { "url": "https://grafana.com/security/security-advisories/cve-2023-5122/", - "source": "security@grafana.com" + "source": "security@grafana.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20240503-0002/", - "source": "security@grafana.com" + "source": "security@grafana.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-529xx/CVE-2023-52918.json b/CVE-2023/CVE-2023-529xx/CVE-2023-52918.json index e4687c13c8d..62d7cd8ecce 100644 --- a/CVE-2023/CVE-2023-529xx/CVE-2023-52918.json +++ b/CVE-2023/CVE-2023-529xx/CVE-2023-52918.json @@ -2,13 +2,17 @@ "id": "CVE-2023-52918", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-22T08:15:02.277", - "lastModified": "2024-10-22T08:15:02.277", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: check cx23885_vdev_init() return\n\ncx23885_vdev_init() can return a NULL pointer, but that pointer\nis used in the next line without a check.\n\nAdd a NULL pointer check and go to the error unwind if it is NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() puede devolver un puntero NULL, pero ese puntero se utiliza en la siguiente l\u00ednea sin una comprobaci\u00f3n. Agregue una comprobaci\u00f3n de puntero NULL y vaya al desenrollado de error si es NULL." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-529xx/CVE-2023-52919.json b/CVE-2023/CVE-2023-529xx/CVE-2023-52919.json index 56b7132d3d9..4d5f348e8e7 100644 --- a/CVE-2023/CVE-2023-529xx/CVE-2023-52919.json +++ b/CVE-2023/CVE-2023-529xx/CVE-2023-52919.json @@ -2,13 +2,17 @@ "id": "CVE-2023-52919", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-22T08:15:02.623", - "lastModified": "2024-10-22T08:15:02.623", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nci: corrige posible desreferencia de puntero NULL en send_acknowledge() Manejar el error de asignaci\u00f3n de memoria de nci_skb_alloc() (llamando a alloc_skb()) para evitar una posible desreferencia de puntero NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10002.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10002.json index a20c3d5b1f0..de63fedabf2 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10002.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10002.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10002", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T05:15:03.513", - "lastModified": "2024-10-22T05:15:03.513", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906." + }, + { + "lang": "es", + "value": "El complemento Rover IDX para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 3.0.0.2905 incluida. Esto se debe a una validaci\u00f3n y comprobaci\u00f3n de capacidad insuficientes en la funci\u00f3n 'rover_idx_refresh_social_callback'. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, inicien sesi\u00f3n en el administrador. La vulnerabilidad est\u00e1 parcialmente corregida en la versi\u00f3n 3.0.0.2905 y completamente corregida en la versi\u00f3n 3.0.0.2906." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10003.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10003.json index 88636ab9346..a163234918d 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10003.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10003.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10003", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T05:15:05.163", - "lastModified": "2024-10-22T05:15:05.163", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options." + }, + { + "lang": "es", + "value": "El complemento Rover IDX para WordPress es vulnerable al acceso no autorizado, la modificaci\u00f3n y la p\u00e9rdida de datos debido a la falta de una comprobaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 3.0.0.2903 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, agreguen, modifiquen o eliminen opciones del complemento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json new file mode 100644 index 00000000000..6a5770ec002 --- /dev/null +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10041.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-10041", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-10-23T14:15:03.970", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-10041", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319212", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10045.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10045.json index 6336a775498..bd5703336fd 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10045.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10045.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10045", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T08:15:02.380", - "lastModified": "2024-10-23T08:15:02.380", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Transients Manager para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.0.6 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n process_actions. Esto hace posible que atacantes no autenticados eliminen transitorios a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10125.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10125.json index 5326f2e7347..4e95e9870af 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10125.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10125.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10125", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-10-22T00:15:02.457", - "lastModified": "2024-10-22T00:15:02.457", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET http://asp.net/ Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets." + }, + { + "lang": "es", + "value": "El repositorio Amazon.ApplicationLoadBalancer.Identity.AspNetCore https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contiene middleware que se puede utilizar junto con la integraci\u00f3n de OpenId Connect de Application Load Balancer (ALB) y se puede utilizar en cualquier escenario de implementaci\u00f3n de ASP.NET http://asp.net/ Core, incluidos Fargate, EKS, ECS, EC2 y Lambda. En el c\u00f3digo de manejo de JWT, realiza la validaci\u00f3n de la firma, pero no puede validar la identidad del emisor y el firmante de JWT. La omisi\u00f3n del firmante, si se combina con un escenario en el que el propietario de la infraestructura permite el tr\u00e1fico de Internet a los destinos de ALB (no es una configuraci\u00f3n recomendada), puede permitir la firma de JWT por parte de una entidad no confiable y un actor puede imitar sesiones federadas de OIDC v\u00e1lidas a los destinos de ALB." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10169.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10169.json index 54812107431..8539ae9f5d9 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10169.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10169.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10169", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-20T04:15:02.600", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-23T15:01:58.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fabianros:hospital_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7FD44159-7FA3-4BA5-AD83-C1D439EEF374" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/RainFo666/cve/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.280954", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.280954", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.425745", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10183.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10183.json index 8f3f31eb12e..2d54584140b 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10183.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10183", "sourceIdentifier": "67325c3f-c596-46c5-a235-e1a1e73abe4e", "published": "2024-10-22T18:15:03.827", - "lastModified": "2024-10-22T18:15:03.827", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la herramienta Jamf Remote Assist de Jamf Pro permite que un usuario local sin privilegios aumente sus privilegios a root en sistemas MacOS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json index 2a12c2884f9..807fe6c2ed6 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10189", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T10:15:03.610", - "lastModified": "2024-10-22T10:15:03.610", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Anchor Episodes Index (Spotify para podcasters) para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo abreviado anchor_episodes del complemento en todas las versiones hasta la 2.1.10 incluida, debido a una limpieza de entrada y a un escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10196.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10196.json index 189b3b18f75..69a443772a0 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10196.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10196", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-21T01:15:02.230", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:15:16.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9943605C-820A-4C9A-8A5E-1BA71F57F048" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.281021", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.281021", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.426862", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10197.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10197.json index 97acc82d7a6..0bb2a61d8f3 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10197.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10197", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-21T01:15:02.687", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:14:52.420", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,26 +140,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9943605C-820A-4C9A-8A5E-1BA71F57F048" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.281022", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.281022", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.426884", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10229.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10229.json index 08b5f4d9001..c35ff6f07e0 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10229.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10229.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10229", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-10-22T22:15:03.180", - "lastModified": "2024-10-22T22:15:03.180", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en extensiones de Google Chrome anterior a la versi\u00f3n 130.0.6723.69 permiti\u00f3 que un atacante remoto evitara el aislamiento del sitio mediante una extensi\u00f3n de Chrome manipulada. (Gravedad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10230.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10230.json index 5fbf3877111..b3ad37903f2 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10230.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10230.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10230", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-10-22T22:15:03.960", - "lastModified": "2024-10-22T22:15:03.960", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": " La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 130.0.6723.69 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10231.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10231.json index d71187f0378..4c698e50248 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10231.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10231.json @@ -2,16 +2,43 @@ "id": "CVE-2024-10231", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-10-22T22:15:04.130", - "lastModified": "2024-10-22T22:15:04.130", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:35:19.003", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": " La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 130.0.6723.69 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "chrome-cve-admin@google.com", @@ -22,6 +49,16 @@ "value": "CWE-843" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10234.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10234.json index 4526471aaad..c6973e10efe 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10234.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10234.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10234", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-22T14:15:14.573", - "lastModified": "2024-10-22T14:15:14.573", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Wildfly, donde un usuario puede ejecutar cross-site scripting en el sistema de implementaci\u00f3n de Wildfly. Este fallo permite que un atacante o un usuario interno ejecute una implementaci\u00f3n con un payload, que podr\u00eda desencadenar un comportamiento no deseado contra el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10250.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10250.json new file mode 100644 index 00000000000..4b12dfa225a --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10250.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10250", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-23T14:15:04.197", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://themeforest.net/item/nioland-saas-software-startup-tech-wordpress-theme/47895474#item-description__change-log", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e13c6d97-873a-4067-846d-92e54514645d?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10276.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10276.json index 1164d45d318..ecf27cf5246 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10276.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10276.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10276", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T11:15:13.137", - "lastModified": "2024-10-23T11:15:13.137", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Tektronix Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Tektronix Sentry 6.0.9 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /?page=reports del componente Reports Page. La manipulaci\u00f3n del argumento z conduce a cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor primeramente sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10277.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10277.json index fe3f579ae9f..3506253db10 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10277.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10277.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10277", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T12:15:02.403", - "lastModified": "2024-10-23T12:15:02.403", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5 y se ha clasificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /com/esafenet/servlet/ajax/UsbKeyAjax.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor primeramente sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10278.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10278.json index 96a40998ab8..93cfae443ea 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10278.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10278.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10278", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T13:15:12.157", - "lastModified": "2024-10-23T13:15:12.157", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10279.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10279.json index 174a25b2fc1..f90c4d2e060 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10279.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10279.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10279", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-23T13:15:12.877", - "lastModified": "2024-10-23T13:15:12.877", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10280.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10280.json new file mode 100644 index 00000000000..9a47f5c144c --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10280.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10280", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-23T14:15:04.500", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 6.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281555", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281555", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.426417", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10281.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10281.json new file mode 100644 index 00000000000..1f7b04a6509 --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10281.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10281", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-23T14:15:04.773", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281556", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281556", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.427065", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json new file mode 100644 index 00000000000..4ffd2487fac --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10282.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10282", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-23T15:15:29.590", + "lastModified": "2024-10-23T15:15:29.590", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281557", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281557", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.427066", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json new file mode 100644 index 00000000000..0f71c04dbff --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10283.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10283", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-23T15:15:29.850", + "lastModified": "2024-10-23T15:15:29.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281558", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281558", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.427064", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10286.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10286.json index d0486e09675..563861e4520 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10286.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10286", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-10-23T12:15:02.770", - "lastModified": "2024-10-23T12:15:02.770", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) que afecta a LocalServer 1.0.9 y que podr\u00eda permitir a un usuario remoto enviar una consulta especialmente manipulada a un usuario autenticado y robar sus detalles de sesi\u00f3n a trav\u00e9s del par\u00e1metro /testmail/index.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10287.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10287.json index ef78f5a9996..542e6c92f42 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10287.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10287", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-10-23T12:15:03.010", - "lastModified": "2024-10-23T12:15:03.010", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) que afecta a LocalServer 1.0.9 y que podr\u00eda permitir a un usuario remoto enviar una consulta especialmente manipulada a un usuario autenticado y robar sus detalles de sesi\u00f3n a trav\u00e9s de /mlss/ForgotPassword, par\u00e1metro ListName." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10288.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10288.json index 7e5922ae896..91b6861e742 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10288.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10288.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10288", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-10-23T12:15:03.220", - "lastModified": "2024-10-23T12:15:03.220", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) que afecta a LocalServer 1.0.9 y que podr\u00eda permitir a un usuario remoto enviar una consulta especialmente manipulada a un usuario autenticado y robar sus detalles de sesi\u00f3n a trav\u00e9s de /mlss/SubscribeToList, par\u00e1metro ListName." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10289.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10289.json index 20349ee87a9..16294e5a115 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10289.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10289.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10289", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-10-23T12:15:03.423", - "lastModified": "2024-10-23T12:15:03.423", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json new file mode 100644 index 00000000000..2375c90ea77 --- /dev/null +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10290.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-10290", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-23T15:15:30.110", + "lastModified": "2024-10-23T15:15:30.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/LvZCh/zzcms2023/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.281559", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.281559", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.427069", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26271.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26271.json index a357d00752f..0bb237dda15 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26271.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26271.json @@ -2,13 +2,17 @@ "id": "CVE-2024-26271", "sourceIdentifier": "security@liferay.com", "published": "2024-10-22T15:15:05.523", - "lastModified": "2024-10-22T15:15:05.523", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el widget Mi cuenta en Liferay Portal 7.4.3.75 a 7.4.3.111, y Liferay DXP 2023.Q4.0 a 2023.Q4.2, 2023.Q3.1 a 2023.Q3.5, 7.4 actualizaci\u00f3n 75 a 92 y 7.3 actualizaci\u00f3n 32 a 36 permite a atacantes remotos (1) cambiar las contrase\u00f1as de los usuarios, (2) apagar el servidor, (3) ejecutar c\u00f3digo arbitrario en la consola de scripts, (4) y realizar otras acciones administrativas a trav\u00e9s del par\u00e1metro _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26272.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26272.json index c514e445af6..ccbc3335dbf 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26272.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26272.json @@ -2,13 +2,17 @@ "id": "CVE-2024-26272", "sourceIdentifier": "security@liferay.com", "published": "2024-10-22T15:15:05.740", - "lastModified": "2024-10-22T15:15:05.740", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter." + }, + { + "lang": "es", + "value": " La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el editor de p\u00e1ginas de contenido en Liferay Portal 7.3.2 a 7.4.3.107, y Liferay DXP 2023.Q4.0 a 2023.Q4.2, 2023.Q3.1 a 2023.Q3.5, 7.4 GA a la actualizaci\u00f3n 92 y 7.3 GA a la actualizaci\u00f3n 35 permite a atacantes remotos (1) cambiar las contrase\u00f1as de los usuarios, (2) apagar el servidor, (3) ejecutar c\u00f3digo arbitrario en la consola de scripts, (4) y realizar otras acciones administrativas a trav\u00e9s del par\u00e1metro p_l_back_url." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26273.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26273.json index 2fe678f0055..4ba3ebf5685 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26273.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26273.json @@ -2,13 +2,17 @@ "id": "CVE-2024-26273", "sourceIdentifier": "security@liferay.com", "published": "2024-10-22T15:15:05.937", - "lastModified": "2024-10-22T15:15:05.937", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el editor de p\u00e1ginas de contenido en Liferay Portal 7.4.0 a 7.4.3.103, y Liferay DXP 2023.Q4.0 a 2023.Q4.2, 2023.Q3.1 a 2023.Q3.5, 7.4 GA a la actualizaci\u00f3n 92 y 7.3 actualizaci\u00f3n 29 a la actualizaci\u00f3n 35 permite a atacantes remotos (1) cambiar las contrase\u00f1as de los usuarios, (2) apagar el servidor, (3) ejecutar c\u00f3digo arbitrario en la consola de scripts, (4) y realizar otras acciones administrativas a trav\u00e9s del par\u00e1metro _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26519.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26519.json index f15f5fa55e0..b9cac7bf7e8 100644 --- a/CVE-2024/CVE-2024-265xx/CVE-2024-26519.json +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26519.json @@ -2,13 +2,17 @@ "id": "CVE-2024-26519", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:04.220", - "lastModified": "2024-10-22T22:15:04.220", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component." + }, + { + "lang": "es", + "value": " Un problema en Casa Systems NTC-221 versi\u00f3n 2.0.99.0 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el componente /www/cgi-bin/nas.cgi." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json new file mode 100644 index 00000000000..530761785db --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30122.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-30122", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-10-23T15:15:30.390", + "lastModified": "2024-10-23T15:15:30.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json index f700c41965f..52c6003b9cf 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30157.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30157", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:04.620", - "lastModified": "2024-10-21T21:15:04.620", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente Suite Applications Services de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice un ataque de inyecci\u00f3n SQL debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute operaciones arbitrarias de administraci\u00f3n y base de datos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json index 35c87eaf428..3ff39a53e0b 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30158.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30158", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:04.860", - "lastModified": "2024-10-22T14:35:11.397", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice un ataque de inyecci\u00f3n SQL debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute operaciones arbitrarias de administraci\u00f3n y base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json index 9a7f944e554..5b44e359258 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30159.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30159", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.073", - "lastModified": "2024-10-21T21:15:05.073", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice un ataque de Cross Site Scripting (XSS) almacenado debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute secuencias de comandos arbitrarias." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json index 6355f04fc7c..d7be6c2e561 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30160.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30160", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.190", - "lastModified": "2024-10-21T21:15:05.190", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente Suite Applications Services de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice un ataque de Cross Site Scripting (XSS) Almacenado debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute secuencias de comandos arbitrarias." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json index c2f52c73e70..19c633036f7 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31007", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.400", - "lastModified": "2024-10-21T21:35:02.513", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll." + }, + { + "lang": "es", + "value": "La vulnerabilidad de desbordamiento de b\u00fafer en IrfanView 32bit v.4.66 permite que un atacante local provoque una denegaci\u00f3n de servicio mediante un archivo creado a medida. El componente afectado es IrfanView 32bit 4.66 con el complemento forms.dll." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-310xx/CVE-2024-31029.json b/CVE-2024/CVE-2024-310xx/CVE-2024-31029.json index 4a805d29ef9..5b313977443 100644 --- a/CVE-2024/CVE-2024-310xx/CVE-2024-31029.json +++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31029.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31029", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:04.313", - "lastModified": "2024-10-22T22:15:04.313", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets." + }, + { + "lang": "es", + "value": "Un problema en la funci\u00f3n server_handle_regular del archivo test_coap_server.c dentro del proyecto FreeCoAP permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de paquetes especialmente manipulados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json index 5d7499e07ec..28aa96455c3 100644 --- a/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31880.json @@ -2,13 +2,17 @@ "id": "CVE-2024-31880", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-23T02:15:07.167", - "lastModified": "2024-10-23T02:15:07.167", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user." + }, + { + "lang": "es", + "value": " IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegaci\u00f3n de servicio, en configuraciones espec\u00edficas, ya que el servidor puede bloquearse al utilizar una declaraci\u00f3n SQL especialmente manipulada por un usuario autenticado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json index 81ae9188d4e..5552aa69dd6 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3166", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.817", - "lastModified": "2024-06-07T14:56:05.647", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-23T15:25:16.403", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -51,14 +73,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm_desktop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.2", + "matchCriteriaId": "C0D2A007-0DC9-4038-8A27-3317D8A755CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mintplexlabs:anythingllm_webapp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "22980892-AB2A-4C53-8681-06AA724B50D7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mintplex-labs/anything-llm/commit/fa27103d032c58904c49b92ee13fabc19a20a5ce", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/af288bd3-8824-4216-a294-ae9fb444e5db", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json index 7bb8dcd282e..f292173d297 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35285.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35285", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.307", - "lastModified": "2024-10-22T20:35:08.223", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en NuPoint Messenger (NPM) de Mitel MiCollab hasta 9.8.0.33 permite a un atacante no autenticado realizar un ataque de inyecci\u00f3n de comandos debido a una desinfecci\u00f3n insuficiente de par\u00e1metros." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json index 5c66fc8d409..c68550c99e9 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35286", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.367", - "lastModified": "2024-10-22T14:35:13.583", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en NuPoint Messenger (NPM) de Mitel MiCollab hasta la versi\u00f3n 9.8.0.33 permite a un atacante no autenticado realizar un ataque de inyecci\u00f3n SQL debido a una desinfecci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante acceder a informaci\u00f3n confidencial y ejecutar operaciones arbitrarias de administraci\u00f3n y bases de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json index f4241f3999f..8c4c37c8ce4 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35287", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.450", - "lastModified": "2024-10-22T14:35:14.367", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente NuPoint Messenger (NPM) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 (9.8.1.5) podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice un ataque de escalada de privilegios debido a la ejecuci\u00f3n de un recurso con privilegios innecesarios. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute comandos arbitrarios con privilegios elevados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35308.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35308.json index a144e7ecd17..a914cc0980e 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35308.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35308.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35308", "sourceIdentifier": "security@pandorafms.com", "published": "2024-10-22T09:15:02.927", - "lastModified": "2024-10-22T09:15:02.927", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature.\u00a0This issue affects Pandora FMS: from 700 through <777.3." + }, + { + "lang": "es", + "value": " Vulnerabilidad de lectura arbitraria de archivos posterior a la autenticaci\u00f3n en la secci\u00f3n de complementos del servidor de la funci\u00f3n de edici\u00f3n de complementos. Este problema afecta a Pandora FMS: desde la versi\u00f3n 700 hasta la versi\u00f3n <777.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json index a42eda3bd3f..e9e0f4125d2 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35314.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35314", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.533", - "lastModified": "2024-10-22T14:35:15.233", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el cliente de escritorio de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 y en MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 podr\u00eda permitir que un atacante no autenticado realice un ataque de inyecci\u00f3n de comandos debido a una desinfecci\u00f3n insuficiente de los par\u00e1metros. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute scripts arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json index caf12abc705..92901166be4 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35315.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35315", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.613", - "lastModified": "2024-10-21T21:15:05.613", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el cliente de escritorio de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 y en MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 podr\u00eda permitir que un atacante autenticado realice un ataque de escalada de privilegios debido a una validaci\u00f3n incorrecta de archivos. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario con privilegios elevados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-380xx/CVE-2024-38002.json b/CVE-2024/CVE-2024-380xx/CVE-2024-38002.json index 0f355982ec5..71ac4aedfce 100644 --- a/CVE-2024/CVE-2024-380xx/CVE-2024-38002.json +++ b/CVE-2024/CVE-2024-380xx/CVE-2024-38002.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38002", "sourceIdentifier": "security@liferay.com", "published": "2024-10-22T15:15:06.277", - "lastModified": "2024-10-22T15:15:06.277", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API." + }, + { + "lang": "es", + "value": " El componente workflow en Liferay Portal 7.3.2 a 7.4.3.111, y Liferay DXP 2023.Q4.0 a 2023.Q4.5, 2023.Q3.1 a 2023.Q3.8, 7.4 GA a la actualizaci\u00f3n 92 y 7.3 GA a la actualizaci\u00f3n 36 no verifica correctamente los permisos de usuario antes de actualizar una definici\u00f3n de workflow, lo que permite a los usuarios autenticados remotos modificar las definiciones de workflow y ejecutar c\u00f3digo arbitrario (RCE) a trav\u00e9s de la API sin interfaz gr\u00e1fica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39753.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39753.json index f33cf35ac90..8ad3803ecde 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39753.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39753.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39753", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:04.790", - "lastModified": "2024-10-22T20:35:09.860", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": " Una vulnerabilidad de inyecci\u00f3n SQL de modOSCE en Trend Micro Apex One podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en las instalaciones afectadas. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json index 647e5102b23..b724d398c42 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40083.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40083", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.703", - "lastModified": "2024-10-22T17:35:03.297", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n local_app_set_router_token de Vilo 5 Mesh WiFi System <= 5.16.1.33 permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de sscanf leyendo los campos JSON de token y zona horaria en un b\u00fafer de longitud fija." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json index 44a1f92efbe..764cbee8bc4 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40084.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40084", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.770", - "lastModified": "2024-10-22T17:35:04.057", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths." + }, + { + "lang": "es", + "value": "Un desbordamiento de b\u00fafer en el servidor web Boa del sistema WiFi en malla Vilo 5 <= 5.16.1.33 permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de m\u00e9todos o rutas HTTP excepcionalmente largos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json index 2cc5f1e498a..17202a70604 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40085.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40085", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.853", - "lastModified": "2024-10-22T17:35:04.843", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n local_app_set_router_wan del sistema WiFi en malla Vilo 5 <= 5.16.1.33 permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de los campos pppoe_username y pppoe_password que tienen m\u00e1s de 128 bytes de longitud." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json index 50d11a6d7e7..6fd09823920 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40086.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40086", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:05.923", - "lastModified": "2024-10-22T17:35:05.600", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n local_app_set_router_wifi_SSID_PWD del sistema WiFi en malla Vilo 5 <= 5.16.1.33 permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo de contrase\u00f1a de m\u00e1s de 64 bytes de longitud." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json index 09ffb2b70e0..9dbc9d3f0af 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40087.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40087", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.003", - "lastModified": "2024-10-22T17:35:06.420", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router." + }, + { + "lang": "es", + "value": "El sistema WiFi en malla Vilo 5 <= 5.16.1.33 es vulnerable a permisos inseguros. La falta de autenticaci\u00f3n en el servicio TCP personalizado en el puerto 5432 permite que atacantes remotos no autenticados obtengan acceso administrativo al enrutador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json index a0ac1bf5da1..fe4afb383fc 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40088.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40088", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.080", - "lastModified": "2024-10-22T14:35:16.010", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de recorrido de directorio en el servidor web Boa del sistema WiFi Mesh Vilo 5 <= 5.16.1.33 permite a atacantes remotos no autenticados enumerar la existencia y la longitud de cualquier archivo en el sistema de archivos colocando cargas \u00fatiles maliciosas en la ruta de cualquier solicitud HTTP." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json index 238a7797dbd..ce626df7627 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40089.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40089", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.150", - "lastModified": "2024-10-22T17:35:07.167", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el sistema WiFi Mesh Vilo 5 <= 5.16.1.33 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario inyectando comandos de shell en el nombre del dispositivo Vilo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json index 9e20eaa43ed..76494b11786 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40090.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40090", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.223", - "lastModified": "2024-10-22T17:35:07.957", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page." + }, + { + "lang": "es", + "value": "El sistema WiFi en malla Vilo 5 <= 5.16.1.33 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n. Una fuga de informaci\u00f3n en el servidor web Boa permite a atacantes remotos no autenticados filtrar direcciones de memoria de uClibc y la pila mediante el env\u00edo de una solicitud GET a la p\u00e1gina de \u00edndice." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json index 0253d7e42a7..87acae71f58 100644 --- a/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json +++ b/CVE-2024/CVE-2024-400xx/CVE-2024-40091.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40091", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.313", - "lastModified": "2024-10-22T17:35:08.760", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system." + }, + { + "lang": "es", + "value": "El sistema WiFi en malla Vilo 5 <= 5.16.1.33 carece de autenticaci\u00f3n en el servidor web Boa, lo que permite a atacantes remotos no autenticados recuperar registros con informaci\u00f3n confidencial del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40493.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40493.json index cc2c8a29fc1..20428e23b2b 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40493.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40493.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40493", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:04.407", - "lastModified": "2024-10-22T22:15:04.407", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`." + }, + { + "lang": "es", + "value": " La desreferencia de puntero nulo en la funci\u00f3n `coap_client_exchange_blockwise2` en Keith Cullen FreeCoAP 1.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y potencialmente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete CoAP especialmente manipulado que hace que `coap_msg_get_payload(resp)` devuelva un puntero nulo, que luego se desreferencia en una llamada a `memcpy`." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40494.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40494.json index 9a7a2e08692..3a4962345cc 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40494.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40494.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40494", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:04.493", - "lastModified": "2024-10-22T22:15:04.493", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet." + }, + { + "lang": "es", + "value": " El desbordamiento de b\u00fafer en coap_msg.c en FreeCoAP permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria ) a trav\u00e9s de un paquete manipulado espec\u00edficamente para ello." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40746.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40746.json index 840e08b1b5a..34d06a2f314 100644 --- a/CVE-2024/CVE-2024-407xx/CVE-2024-40746.json +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40746.json @@ -2,13 +2,17 @@ "id": "CVE-2024-40746", "sourceIdentifier": "security@joomla.org", "published": "2024-10-21T17:15:03.330", - "lastModified": "2024-10-21T17:15:03.330", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en el componente HikaShop Joomla anterior a la versi\u00f3n 5.1.1 permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario en el navegador web de un usuario, mediante la inclusi\u00f3n de una carga maliciosa en el par\u00e1metro `description` de cualquier producto. El par\u00e1metro `description` no se desinfecta en el backend." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41183.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41183.json index 8505650048b..ddb8daeae58 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41183.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41183", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:05.413", - "lastModified": "2024-10-22T19:15:05.413", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges." + }, + { + "lang": "es", + "value": " Trend Micro VPN, versi\u00f3n 5.8.1012 y anteriores es vulnerable a una sobrescritura de archivos arbitraria en condiciones espec\u00edficas que pueden llevar a la elevaci\u00f3n de privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json index 4a11e2f7af4..d1229419bc5 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41712.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41712", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.387", - "lastModified": "2024-10-21T21:15:06.387", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versi\u00f3n 9.8.1.5 podr\u00eda permitir que un atacante autenticado realice un ataque de inyecci\u00f3n de comandos, debido a una validaci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute comandos arbitrarios en el sistema dentro del contexto del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json index a27fcee46f0..a99c823fd07 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41713.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41713", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.470", - "lastModified": "2024-10-22T14:35:16.817", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente NuPoint Unified Messaging (NPM) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 FP2 (9.8.1.201) podr\u00eda permitir que un atacante no autenticado realice un ataque de cruce de ruta debido a una validaci\u00f3n de entrada insuficiente. Una explotaci\u00f3n exitosa podr\u00eda permitir el acceso no autorizado, lo que permitir\u00eda al atacante ver, corromper o eliminar los datos y las configuraciones del sistema de los usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json index 2ef8cdc56c0..a9f18b89025 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41714.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41714", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.547", - "lastModified": "2024-10-22T14:35:17.650", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente de interfaz web de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 (9.8.1.5) y MiVoice Business Solution Virtual Instance (MiVB SVI) hasta la versi\u00f3n 1.0.0.27 podr\u00eda permitir que un atacante autenticado realice un ataque de inyecci\u00f3n de comandos, debido a una desinfecci\u00f3n insuficiente de los par\u00e1metros. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute comandos arbitrarios con privilegios elevados dentro del contexto del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41717.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41717.json index 8c3a4783f79..f872ffe2547 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41717.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41717.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41717", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-10-22T22:15:04.580", - "lastModified": "2024-10-22T22:15:04.580", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kieback & Peter's DDC4000 series\u00a0is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system." + }, + { + "lang": "es", + "value": " La serie DDC4000 de Kieback & Peter es vulnerable a una vulnerabilidad de path traversal, que puede permitir que un atacante no autenticado lea archivos en el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41902.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41902.json index 8ebe03af758..bd1eba1d466 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41902.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41902.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41902", "sourceIdentifier": "productcert@siemens.com", "published": "2024-10-08T09:15:11.453", - "lastModified": "2024-10-10T12:56:30.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:16:24.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "productcert@siemens.com", "type": "Secondary", @@ -85,8 +105,18 @@ }, "weaknesses": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -95,10 +125,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2406.0003", + "matchCriteriaId": "7D4A6B06-D9D2-4DCE-9D6B-03057CBB8ADF" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-626178.html", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42643.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42643.json index fbf368eda11..3b3308db3e8 100644 --- a/CVE-2024/CVE-2024-426xx/CVE-2024-42643.json +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42643.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42643", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:04.860", - "lastModified": "2024-10-22T22:15:04.860", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access." + }, + { + "lang": "es", + "value": "El desbordamiento de entero en fast_ping.c en SmartDNS Release46 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un acceso a memoria desalineada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43173.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43173.json index eff257215bf..8cfcd2c77d1 100644 --- a/CVE-2024/CVE-2024-431xx/CVE-2024-43173.json +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43173.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43173", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-22T15:15:06.800", - "lastModified": "2024-10-22T15:15:06.800", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute." + }, + { + "lang": "es", + "value": " IBM Concert 1.0.0 y 1.0.1 son vulnerables a ataques que se basan en el uso de cookies sin el atributo SameSite." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-431xx/CVE-2024-43177.json b/CVE-2024/CVE-2024-431xx/CVE-2024-43177.json index 517aa534b97..55931a9e4c9 100644 --- a/CVE-2024/CVE-2024-431xx/CVE-2024-43177.json +++ b/CVE-2024/CVE-2024-431xx/CVE-2024-43177.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43177", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-10-22T15:15:07.020", - "lastModified": "2024-10-22T15:15:07.020", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute." + }, + { + "lang": "es", + "value": " IBM Concert 1.0.0 y 1.0.1 son vulnerables a ataques que se basan en el uso de cookies sin el atributo SameSite." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43698.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43698.json index 94814ae7c43..b6aa39d2635 100644 --- a/CVE-2024/CVE-2024-436xx/CVE-2024-43698.json +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43698.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43698", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-10-22T22:15:04.943", - "lastModified": "2024-10-22T22:15:04.943", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kieback & Peter's DDC4000 series\u00a0uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system." + }, + { + "lang": "es", + "value": " La serie DDC4000 de Kieback & Peter utiliza credenciales d\u00e9biles, lo que puede permitir que un atacante no autenticado obtenga derechos de administrador completos en el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-438xx/CVE-2024-43812.json b/CVE-2024/CVE-2024-438xx/CVE-2024-43812.json index e63ba21527f..48279209295 100644 --- a/CVE-2024/CVE-2024-438xx/CVE-2024-43812.json +++ b/CVE-2024/CVE-2024-438xx/CVE-2024-43812.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43812", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-10-22T22:15:05.180", - "lastModified": "2024-10-22T22:15:05.180", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kieback & Peter's DDC4000 series\u00a0has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system." + }, + { + "lang": "es", + "value": " La serie DDC4000 de Kieback & Peter tiene una vulnerabilidad de credenciales insuficientemente protegidas, que puede permitir que un atacante no autenticado con acceso a /etc/passwd lea los hashes de contrase\u00f1as de todos los usuarios del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json index aa3effe0466..87a0fdf0ff9 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43924", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-23T08:15:03.453", - "lastModified": "2024-10-23T08:15:03.453", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7." + }, + { + "lang": "es", + "value": " La vulnerabilidad de autorizaci\u00f3n faltante en dFactory Responsive Lightbox permite acceder a funcionalidades que no est\u00e1n correctamente restringidas por las ACL. Este problema afecta a Responsive Lightbox: desde n/a hasta 2.4.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44000.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44000.json index e867bfa0596..2bd3dbc50ed 100644 --- a/CVE-2024/CVE-2024-440xx/CVE-2024-44000.json +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44000.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44000", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-20T12:15:03.287", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:16:02.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,14 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:litespeedtech:litespeed_cache:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.5.0.1", + "matchCriteriaId": "A32A6B26-348B-4D85-9D6E-1A29B8B488C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-0-1-unauthenticated-account-takeover-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-443xx/CVE-2024-44331.json b/CVE-2024/CVE-2024-443xx/CVE-2024-44331.json index 1f82804f2db..a6d430cc447 100644 --- a/CVE-2024/CVE-2024-443xx/CVE-2024-44331.json +++ b/CVE-2024/CVE-2024-443xx/CVE-2024-44331.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44331", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.463", - "lastModified": "2024-10-22T22:15:05.463", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests." + }, + { + "lang": "es", + "value": " El control de acceso incorrecto en el servidor RTSP de GStreamer 1.25.0 en gst-rtsp-server/rtsp-media.c permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una serie de solicitudes hexstream especialmente manipuladas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44812.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44812.json index 2ab607bb0cb..dd0419975cf 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44812.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44812.json @@ -2,16 +2,55 @@ "id": "CVE-2024-44812", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.543", - "lastModified": "2024-10-22T22:15:05.543", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:35:20.023", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component." + }, + { + "lang": "es", + "value": " La vulnerabilidad de inyecci\u00f3n SQL en Online Complaint Site v.1.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de los par\u00e1metros username y password en el componente /admin.index.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/b1u3st0rm/CVE-2024-44812-PoC", diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45334.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45334.json index 888db144d71..f2370475698 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45334.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45334.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45334", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:05.670", - "lastModified": "2024-10-22T19:15:05.670", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions." + }, + { + "lang": "es", + "value": "Trend Micro Antivirus One versiones 3.10.4 y anteriores (Consumidor) son vulnerables a una actualizaci\u00f3n de configuraci\u00f3n arbitraria que podr\u00eda permitir el acceso no autorizado a las configuraciones y funciones del producto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45335.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45335.json index 5cd19627d91..40969991e27 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45335.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45335.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45335", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:05.840", - "lastModified": "2024-10-22T19:15:05.840", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection." + }, + { + "lang": "es", + "value": " Trend Micro Antivirus One, versi\u00f3n 3.10.4 y anteriores contiene una vulnerabilidad que podr\u00eda permitir a un atacante utilizar un virus espec\u00edficamente manipulado para poder omitir y evadir la detecci\u00f3n de un an\u00e1lisis de virus." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45518.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45518.json index d28e42087a1..e197de0c3ac 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45518.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45518.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45518", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:03.837", - "lastModified": "2024-10-22T18:35:04.347", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE)." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 10.1.x anterior a 10.1.1, 10.0.x anterior a 10.0.9, 9.0.0 anterior al parche 41 y 8.8.15 anterior al parche 46. Permite a los usuarios autenticados explotar Server-Side Request Forgery (SSRF) debido a una desinfecci\u00f3n de entrada incorrecta y una lista blanca de dominios mal configurada. Este problema permite que se env\u00eden solicitudes HTTP no autorizadas a servicios internos, lo que puede provocar una ejecuci\u00f3n de c\u00f3digo remoto (RCE) al encadenar la inyecci\u00f3n de comandos dentro del servicio interno. Cuando se combina con las vulnerabilidades XSS existentes, este problema de SSRF puede facilitar a\u00fan m\u00e1s la ejecuci\u00f3n de c\u00f3digo remoto (RCE)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45519.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45519.json index 44692b642b2..e5e1b325ff7 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45519.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45519.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45519", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-02T22:15:02.770", - "lastModified": "2024-10-22T21:15:06.543", - "vulnStatus": "Modified", + "lastModified": "2024-10-23T15:39:23.220", + "vulnStatus": "Analyzed", "cveTags": [], "cisaExploitAdd": "2024-10-03", "cisaActionDue": "2024-10-24", @@ -70,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-863" + "value": "NVD-CWE-Other" } ] }, @@ -520,19 +520,31 @@ }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45526.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45526.json index 6a460ec52e6..c69763f1b2d 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45526.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45526.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45526", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T21:15:06.720", - "lastModified": "2024-10-22T21:15:06.720", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en OPC Foundation OPCFoundation/UA-.NETStandard hasta la versi\u00f3n 1.5.374.78. Un atacante remoto puede enviar solicitudes con credenciales no v\u00e1lidas y provocar que el rendimiento del servidor se degrade gradualmente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46236.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46236.json index 106279bca59..4f7c2c0dc2e 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46236.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46236.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46236", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.207", - "lastModified": "2024-10-21T19:35:03.590", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php." + }, + { + "lang": "es", + "value": "CodeAstro Membership Management System v1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro de direcci\u00f3n en add_members.php y edit_member.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json index a174e252b4f..b7932b34b67 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46238.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46238", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.363", - "lastModified": "2024-10-21T21:35:03.580", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php" + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de Cross Site Scripting (XSS) en PHPGurukul Hospital Management System 4.0 a trav\u00e9s del par\u00e1metro docname en /admin/add-doctor.php y /admin/edit-doctor.php" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json index 7ba2cb66a45..9c692a15962 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46239.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46239", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.413", - "lastModified": "2024-10-21T21:35:04.510", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de Cross Site Scripting en PHPGurukul Hospital Management System 4.0 a trav\u00e9s del par\u00e1metro docname en /doctor/edit-profile.php y el par\u00e1metro adminremark en /admin/query-details.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-462xx/CVE-2024-46240.json b/CVE-2024/CVE-2024-462xx/CVE-2024-46240.json index 0258959bc40..f78ec206e3c 100644 --- a/CVE-2024/CVE-2024-462xx/CVE-2024-46240.json +++ b/CVE-2024/CVE-2024-462xx/CVE-2024-46240.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46240", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T16:15:07.407", - "lastModified": "2024-10-22T18:35:05.950", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file." + }, + { + "lang": "es", + "value": "Collabtive 3.1 es vulnerable a cross-site scripting (XSS) a trav\u00e9s del par\u00e1metro name en action=system y los par\u00e1metros company/contact en action=addcust dentro del archivo admin.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json b/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json index 71287170022..227eadf866e 100644 --- a/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json +++ b/CVE-2024/CVE-2024-463xx/CVE-2024-46326.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46326", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.637", - "lastModified": "2024-10-22T18:35:06.717", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function." + }, + { + "lang": "es", + "value": "Public Knowledge Project pkp-lib 3.4.0-7 y versiones anteriores es vulnerable a la redirecci\u00f3n abierta debido a una falta de desinfecci\u00f3n de entrada en la funci\u00f3n de cierre de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46482.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46482.json index b8ac856e6c9..4fbeb2799c8 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46482.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46482.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46482", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.633", - "lastModified": "2024-10-22T22:15:05.633", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n de generaci\u00f3n de tickets de Ladybird Web Solution Faveo-Helpdesk v2.0.3 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo .html o .svg manipulado espec\u00edficamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-464xx/CVE-2024-46483.json b/CVE-2024/CVE-2024-464xx/CVE-2024-46483.json index c2e10f9e454..a11c625e1c4 100644 --- a/CVE-2024/CVE-2024-464xx/CVE-2024-46483.json +++ b/CVE-2024/CVE-2024-464xx/CVE-2024-46483.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46483", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.720", - "lastModified": "2024-10-22T22:15:05.720", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content." + }, + { + "lang": "es", + "value": " El servidor FTP Xlight <3.9.4.3 tiene una vulnerabilidad de desbordamiento de enteros en la l\u00f3gica de an\u00e1lisis de paquetes del servidor SFTP, lo que puede provocar un desbordamiento de almacenamiento din\u00e1mico con contenido controlado por el atacante." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46538.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46538.json index 923354d098e..ebb5dfde413 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46538.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46538.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46538", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:03.950", - "lastModified": "2024-10-22T19:35:08.563", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site scripting (XSS) en pfsense v2.5.2 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado e inyectado en la variable $pconfig en interfaces_groups_edit.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46870.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46870.json index 6d56594f3ed..ec7d2e7d5b8 100644 --- a/CVE-2024/CVE-2024-468xx/CVE-2024-46870.json +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46870.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46870", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-09T14:15:07.463", - "lastModified": "2024-10-10T12:51:56.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:26:28.690", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,74 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Deshabilitar el tiempo de espera de DMCUB para DCN35 [Por qu\u00e9] DMCUB puede tardar intermitentemente m\u00e1s de lo esperado en procesar comandos. La antigua pol\u00edtica de ASIC era continuar mientras se registra un error de diagn\u00f3stico, lo que funciona bien para ASIC sin IPS, pero con IPS esto podr\u00eda llevar a una condici\u00f3n de ejecuci\u00f3n donde intentamos acceder al estado de DCN mientras es inaccesible, lo que lleva a un bloqueo del sistema cuando el puerto NIU no est\u00e1 deshabilitado o los accesos de registro agotan ese tiempo de espera y la configuraci\u00f3n de pantalla en un estado indefinido. [C\u00f3mo] Necesitamos investigar por qu\u00e9 estos accesos tardan m\u00e1s de lo esperado, pero por ahora debemos deshabilitar el tiempo de espera en DCN35 para evitar esta condici\u00f3n de ejecuci\u00f3n. Dado que las esperas ocurren solo en niveles de interrupci\u00f3n m\u00e1s bajos, el riesgo de tomar demasiado tiempo en IRQ m\u00e1s alto y causar un tiempo de espera del perro guardi\u00e1n del sistema es m\u00ednimo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "24175937-56EC-4F8D-B998-C00E8F09D4A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46902.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46902.json index 942ac8eb394..924324f8ab9 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46902.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46902.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46902", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:06.130", - "lastModified": "2024-10-22T19:35:09.313", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": " Una vulnerabilidad en Trend Micro Deep Discovery Inspector (DDI) versiones 5.8 y posteriores podr\u00eda permitir a un atacante divulgar informaci\u00f3n confidencial de las instalaciones afectadas. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con privilegios elevados (derechos de usuario administrador) en el sistema de destino para aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46903.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46903.json index 5449c79138f..1892205cf0e 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46903.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46903.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46903", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:06.283", - "lastModified": "2024-10-22T19:15:06.283", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": " Una vulnerabilidad en Trend Micro Deep Discovery Inspector (DDI) versiones 5.8 y posteriores podr\u00eda permitir a un atacante divulgar informaci\u00f3n confidencial de las instalaciones afectadas. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json index 5157bc574cd..356e70fce9d 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47189", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.697", - "lastModified": "2024-10-21T20:15:14.697", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands." + }, + { + "lang": "es", + "value": "La interfaz API del componente AWV (conferencias de audio, web y video) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 FP2 (9.8.1.201) podr\u00eda permitir que un atacante no autenticado realice una inyecci\u00f3n SQL debido a una desinfecci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante con conocimiento de detalles espec\u00edficos acceda a informaci\u00f3n no confidencial sobre el aprovisionamiento de usuarios y ejecute comandos de base de datos SQL arbitrarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json index 5aaac40162e..d2a9931a93e 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47223.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47223", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.770", - "lastModified": "2024-10-22T18:35:07.540", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente AWV (Audio, Web and Video Conferencing) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 FP2 (9.8.1.201) podr\u00eda permitir que un atacante no autenticado realice un ataque de inyecci\u00f3n SQL debido a una desinfecci\u00f3n insuficiente de la entrada del usuario. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante acceda a informaci\u00f3n no confidencial de aprovisionamiento de usuarios y ejecute comandos de base de datos SQL arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json index 7a3a97d7b9b..401557264c9 100644 --- a/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47224.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47224", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T21:15:06.650", - "lastModified": "2024-10-21T21:15:06.650", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente AWV (Audio, Web and Video Conferencing) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 FP2 (9.8.1.201) podr\u00eda permitir que un atacante no autenticado realice un ataque de inyecci\u00f3n CRLF debido a una codificaci\u00f3n inadecuada de la entrada del usuario en las URL. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante realice un ataque de phishing." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47459.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47459.json index 7a31ae5eab4..530513d66a6 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47459.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47459.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47459", "sourceIdentifier": "psirt@adobe.com", "published": "2024-10-17T15:15:13.400", - "lastModified": "2024-10-18T12:52:33.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:17:23.557", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_sampler:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5.1", + "matchCriteriaId": "38586BE1-3DA2-43A9-8E27-FAC72E7D3DEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47575.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47575.json new file mode 100644 index 00000000000..0bba03211e1 --- /dev/null +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47575.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-47575", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-10-23T15:15:30.707", + "lastModified": "2024-10-23T15:15:30.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47668.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47668.json index b1a0e3e18d6..f08e3b86e3b 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47668.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47668.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47668", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-09T15:15:15.513", - "lastModified": "2024-10-10T12:51:56.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:30:00.057", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,159 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib/generic-radix-tree.c: Se corrige una ejecuci\u00f3n poco frecuente en __genradix_ptr_alloc() Si necesitamos aumentar la profundidad del \u00e1rbol, asignar un nuevo nodo y luego competir con otro hilo que aument\u00f3 la profundidad del \u00e1rbol antes que nosotros, a\u00fan tendremos un nodo preasignado que podr\u00eda usarse m\u00e1s adelante. Si luego usamos ese nodo para un nuevo nodo que no sea ra\u00edz, a\u00fan tendr\u00e1 un puntero a la ra\u00edz anterior en lugar de estar a cero: solucione esto poni\u00e9ndolo a cero en la ruta de falla cmpxchg." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "B1C17E9C-479F-4AE4-8344-B7A213DE3E83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47679.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47679.json index bd851a651f2..155c106fda7 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47679.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47679.json @@ -2,44 +2,158 @@ "id": "CVE-2024-47679", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:04.920", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:49:48.763", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: fix race between evice_inodes() and find_inode()&iput()\n\nHi, all\n\nRecently I noticed a bug[1] in btrfs, after digged it into\nand I believe it'a race in vfs.\n\nLet's assume there's a inode (ie ino 261) with i_count 1 is\ncalled by iput(), and there's a concurrent thread calling\ngeneric_shutdown_super().\n\ncpu0: cpu1:\niput() // i_count is 1\n ->spin_lock(inode)\n ->dec i_count to 0\n ->iput_final() generic_shutdown_super()\n ->__inode_add_lru() ->evict_inodes()\n // cause some reason[2] ->if (atomic_read(inode->i_count)) continue;\n // return before // inode 261 passed the above check\n // list_lru_add_obj() // and then schedule out\n ->spin_unlock()\n// note here: the inode 261\n// was still at sb list and hash list,\n// and I_FREEING|I_WILL_FREE was not been set\n\nbtrfs_iget()\n // after some function calls\n ->find_inode()\n // found the above inode 261\n ->spin_lock(inode)\n // check I_FREEING|I_WILL_FREE\n // and passed\n ->__iget()\n ->spin_unlock(inode) // schedule back\n ->spin_lock(inode)\n // check (I_NEW|I_FREEING|I_WILL_FREE) flags,\n // passed and set I_FREEING\niput() ->spin_unlock(inode)\n ->spin_lock(inode)\t\t\t ->evict()\n // dec i_count to 0\n ->iput_final()\n ->spin_unlock()\n ->evict()\n\nNow, we have two threads simultaneously evicting\nthe same inode, which may trigger the BUG(inode->i_state & I_CLEAR)\nstatement both within clear_inode() and iput().\n\nTo fix the bug, recheck the inode->i_count after holding i_lock.\nBecause in the most scenarios, the first check is valid, and\nthe overhead of spin_lock() can be reduced.\n\nIf there is any misunderstanding, please let me know, thanks.\n\n[1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/\n[2]: The reason might be 1. SB_ACTIVE was removed or 2. mapping_shrinkable()\nreturn false when I reproduced the bug." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vfs: arregla la ejecuci\u00f3n entre evice_inodes() y find_inode()&iput() Hola a todos Recientemente not\u00e9 un error[1] en btrfs, despu\u00e9s de investigarlo y creo que es una ejecuci\u00f3n en vfs. Supongamos que hay un inodo (es decir, ino 261) con i_count 1 que es llamado por iput(), y hay un hilo concurrente que llama a generic_shutdown_super(). cpu0: cpu1: iput() // i_count es 1 ->spin_lock(inode) ->dec i_count a 0 ->iput_final() generic_shutdown_super() ->__inode_add_lru() ->evict_inodes() // por alguna raz\u00f3n[2] ->if (atomic_read(inode->i_count)) continue; // regresar antes // el inodo 261 pas\u00f3 la verificaci\u00f3n anterior // list_lru_add_obj() // y luego programar la salida ->spin_unlock() // nota aqu\u00ed: el inodo 261 // todav\u00eda estaba en la lista sb y la lista hash, // y I_FREEING|I_WILL_FREE no se hab\u00eda establecido btrfs_iget() // despu\u00e9s de algunas llamadas de funci\u00f3n ->find_inode() // encontr\u00f3 el inodo 261 anterior ->spin_lock(inode) // verific\u00f3 I_FREEING|I_WILL_FREE // y pas\u00f3 ->__iget() ->spin_unlock(inode) // program\u00f3 de regreso ->spin_lock(inode) // verific\u00f3 los indicadores (I_NEW|I_FREEING|I_WILL_FREE), // pas\u00f3 y estableci\u00f3 I_FREEING iput() ->spin_unlock(inode) ->spin_lock(inode) ->evict() // dec i_count a 0 ->iput_final() ->spin_unlock() ->evict() Ahora, tenemos dos subprocesos expulsando simult\u00e1neamente el mismo inodo, lo que puede activar la declaraci\u00f3n BUG(inode->i_state & I_CLEAR) tanto dentro de clear_inode() como de iput(). Para corregir el error, vuelva a verificar inode->i_count despu\u00e9s de mantener i_lock. Porque en la mayor\u00eda de los escenarios, la primera verificaci\u00f3n es v\u00e1lida y se puede reducir la sobrecarga de spin_lock(). Si hay alg\u00fan malentendido, h\u00e1gamelo saber, gracias. [1]: https://lore.kernel.org/linux-btrfs/000000000000eabe1d0619c48986@google.com/ [2]: La raz\u00f3n podr\u00eda ser 1. SB_ACTIVE fue eliminado o 2. mapping_shrinkable() devolvi\u00f3 falso cuando reproduje el error." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.37", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "205A6F87-4258-4528-8078-AC66AD2A7B07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/0eed942bc65de1f93eca7bda51344290f9c573bb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0f8a5b6d0dafa4f533ac82e98f8b812073a7c9d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3721a69403291e2514d13a7c3af50a006ea1153b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/47a68c75052a660e4c37de41e321582ec9496195", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/540fb13120c9eab3ef203f90c00c8e69f37449d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6c857fb12b9137fee574443385d53914356bbe11", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/88b1afbf0f6b221f6c5bb66cc80cd3b38d696687", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47682.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47682.json index 67259694319..af9aa0870dd 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47682.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47682.json @@ -2,36 +2,130 @@ "id": "CVE-2024-47682", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.143", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T14:57:12.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix off-by-one error in sd_read_block_characteristics()\n\nFf the device returns page 0xb1 with length 8 (happens with qemu v2.x, for\nexample), sd_read_block_characteristics() may attempt an out-of-bounds\nmemory access when accessing the zoned field at offset 8." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: sd: Se corrige el error de un byte en sd_read_block_characteristics() Si el dispositivo devuelve la p\u00e1gina 0xb1 con una longitud de 8 (sucede con qemu v2.x, por ejemplo), sd_read_block_characteristics() puede intentar un acceso a la memoria fuera de los l\u00edmites al acceder al campo zonificado en el desplazamiento 8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.19", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "7D848431-3C7A-4C40-BC35-515047E89ABE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/413df704f149dec585df07466d2401bbd1f490a0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/568c7c4c77eee6df7677bb861b7cee7398a3255d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/60312ae7392f9c75c6591a52fc359cf7f810d48f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a776050373893e4c847a49abeae2ccb581153df0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f81eaf08385ddd474a2f41595a7757502870c0eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47683.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47683.json index 7321fadbfeb..d6f8ad2d8bb 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47683.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47683.json @@ -2,48 +2,171 @@ "id": "CVE-2024-47683", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.210", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:02:12.800", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Omitir rec\u00e1lculo de par\u00e1metros DSC si no hay flujo en el enlace [por qu\u00e9] Se encuentra una desreferencia de puntero NULL en la configuraci\u00f3n de mst + dsc. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway No contaminado 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Nombre del hardware: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 28/07/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] C\u00f3digo: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 00000000000000224 RDX: ffff8afb9ee37c00 RSI: RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Seguimiento de llamadas: ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] configuraci\u00f3n_mst_dsc_compute_para_enlace+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? atributos de b\u00fafer de plano de relleno+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] configuraciones de c\u00e1lculo mst_dsc para estado+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] solo comprobaci\u00f3n at\u00f3mica drm+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 [c\u00f3mo] Se debe omitir el rec\u00e1lculo de dsc si no se detecta ning\u00fan cambio de modo en la nueva solicitud. Si se detecta, se debe seguir verificando si la transmisi\u00f3n ya est\u00e1 en el estado actual o no." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.105", + "matchCriteriaId": "ECB889E5-9368-4201-9049-7289757A0B8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "6.1.105", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "1CB82108-E759-406E-97B7-BFD46FF98DA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.46", + "matchCriteriaId": "FA11941E-81FB-484C-B583-881EEB488340" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "6.6.46", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "A7E41B53-C80E-4D14-A3B1-C2E393C0F619" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.5", + "matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "6.10.5", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "A2E05E26-74A7-4325-95D2-495773869F09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6f9c39e8169384d2a5ca9bf323a0c1b81b3d0f3a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7c887efda1201110211fed8921a92a713e0b6bcd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8151a6c13111b465dbabe07c19f572f7cbd16fef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a53841b074cc196c3caaa37e1f15d6bc90943b97", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d45c64d933586d409d3f1e0ecaca4da494b1d9c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47685.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47685.json index 9fe9a29d794..3e10a09d2c1 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47685.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47685.json @@ -2,44 +2,158 @@ "id": "CVE-2024-47685", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.397", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:19:05.983", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\n\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending\ngarbage on the four reserved tcp bits (th->res1)\n\nUse skb_put_zero() to clear the whole TCP header,\nas done in nf_reject_ip_tcphdr_put()\n\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\n __do_softirq+0x14/0x1a kernel/softirq.c:588\n do_softirq+0x9a/0x100 kernel/softirq.c:455\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\n neigh_output include/net/neighbour.h:542 [inline]\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\n __sys_connect_file net/socket.c:2061 [inline]\n __sys_connect+0x606/0x690 net/socket.c:2078\n __do_sys_connect net/socket.c:2088 [inline]\n __se_sys_connect net/socket.c:2085 [inline]\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_reject_ipv6: correcci\u00f3n de nf_reject_ip6_tcphdr_put() syzbot inform\u00f3 que nf_reject_ip6_tcphdr_put() posiblemente estaba enviando basura en los cuatro bits tcp reservados (th->res1) Utilice skb_put_zero() para borrar todo el encabezado TCP, como se hace en nf_reject_ip_tcphdr_put() ERROR: KMSAN: valor no inicializado en nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 evaluaci\u00f3n_operaciones_llamada_expr net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook incluye/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:312 [en l\u00ednea] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\u00ednea] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775 process_backlog+0x4ad/0xa50 net/core/dev.c:6108 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\u00ednea] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq+0x14/0x1a kernel/softirq.c:588 do_softirq+0x9a/0x100 kernel/softirq.c:455 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [en l\u00ednea] rcu_read_unlock_bh incluir/linux/rcupdate.h:908 [en l\u00ednea] __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450 dev_queue_xmit incluir/linux/netdevice.h:3105 [en l\u00ednea] neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565 neigh_output incluir/net/neighbour.h:542 [en l\u00ednea] ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [en l\u00ednea] ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226 NF_HOOK_COND incluye/linux/netfilter.h:303 [en l\u00ednea] ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247 dst_output incluye/net/dst.h:450 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:314 [en l\u00ednea] ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366 inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [en l\u00ednea] tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143 tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333 __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679 inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750 __sys_connect_file net/socket.c:2061 [en l\u00ednea] __sys_connect+0x606/0x690 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [en l\u00ednea] __se_sys_connect net/socket.c:2085 [en l\u00ednea] __x64_sys_connect+0x91/0xe0 net/socket.c:2085 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit se almacen\u00f3 en la memoria en: nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 evaluaci\u00f3n_operaciones_llamada_expr net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook incluye/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:312 [en l\u00ednea] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core ---truncado---" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.18", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "5C882E98-F19D-47B6-A807-73BB9ABA763C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/10210658f827ad45061581cbfc05924b723e8922", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7a7b5a27c53b55e91eecf646d1b204e73fa4af93", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/af4b8a704f26f38310655bad67fd8096293275a2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dcf48ab3ca2c55b09c8f9c8de0df01c1943bc4e5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fbff87d682e57ddbbe82abf6d0a1a4a36a98afcd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47686.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47686.json index bdade9ba259..49279487fc5 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47686.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47686.json @@ -2,36 +2,130 @@ "id": "CVE-2024-47686", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.497", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:34:50.460", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()\n\nThe psc->div[] array has psc->num_div elements. These values come from\nwhen we call clk_hw_register_div(). It's adc_divisors and\nARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be >=\ninstead of > to prevent an out of bounds read." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() La matriz psc->div[] tiene elementos psc->num_div. Estos valores provienen de cuando llamamos a clk_hw_register_div(). Son adc_divisors y ARRAY_SIZE(adc_divisors)) y as\u00ed sucesivamente. Por lo tanto, esta condici\u00f3n debe ser >= en lugar de > para evitar una lectura fuera de los l\u00edmites." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-193" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/27f493e141823db052586010c1532b70b164507c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/66e78ade976dbd9bea09166aa8d66afc0963cde4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7a5bd2fb92388c51d267f6ce57c40f1cca8af1e0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ae59eaf36a1ad396e9f657ec9b8b52da6206ed5f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c7f06284a6427475e3df742215535ec3f6cd9662", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47687.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47687.json index 89f7e799b9c..84b24931f93 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47687.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47687.json @@ -2,28 +2,102 @@ "id": "CVE-2024-47687", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.580", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:22:45.867", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: Fix invalid mr resource destroy\n\nCertain error paths from mlx5_vdpa_dev_add() can end up releasing mr\nresources which never got initialized in the first place.\n\nThis patch adds the missing check in mlx5_vdpa_destroy_mr_resources()\nto block releasing non-initialized mr resources.\n\nReference trace:\n\n mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned?\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 140216067 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 8 PID: 2700 Comm: vdpa Kdump: loaded Not tainted 5.14.0-496.el9.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n Code: [...]\n RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246\n RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000\n RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670\n R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000\n R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea\n FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000104d90001 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n ? __die_body.cold+0x8/0xd\n ? page_fault_oops+0x134/0x170\n ? __irq_work_queue_local+0x2b/0xc0\n ? irq_work_queue+0x2c/0x50\n ? exc_page_fault+0x62/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_mlx5_vdpa_free+0x10/0x10 [mlx5_vdpa]\n ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb]\n mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa]\n vdpa_release_dev+0x1e/0x50 [vdpa]\n device_release+0x31/0x90\n kobject_cleanup+0x37/0x130\n mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa]\n vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa]\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_family_rcv_msg+0x14d/0x220\n ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa]\n ? _copy_to_user+0x1a/0x30\n ? move_addr_to_user+0x4b/0xe0\n genl_rcv_msg+0x47/0xa0\n ? __import_iovec+0x46/0x150\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x245/0x370\n netlink_sendmsg+0x206/0x440\n __sys_sendto+0x1dc/0x1f0\n ? do_read_fault+0x10c/0x1d0\n ? do_pte_missing+0x10d/0x190\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x5c/0xf0\n ? __count_memcg_events+0x4f/0xb0\n ? mm_account_fault+0x6c/0x100\n ? handle_mm_fault+0x116/0x270\n ? do_user_addr_fault+0x1d6/0x6a0\n ? do_syscall_64+0x6b/0xf0\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n ? clear_bhb_loop+0x25/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0x80" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa/mlx5: Arreglar la destrucci\u00f3n de recursos mr no v\u00e1lida Ciertas rutas de error de mlx5_vdpa_dev_add() pueden terminar liberando recursos mr que nunca se inicializaron en primer lugar. Este parche agrega la comprobaci\u00f3n faltante en mlx5_vdpa_destroy_mr_resources() para bloquear la liberaci\u00f3n de recursos mr no inicializados. Rastreo de referencia: mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) advertencia: \u00bfNo se ha aprovisionado ninguna direcci\u00f3n MAC? ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 140216067 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 8 PID: 2700 Comm: vdpa Kdump: cargado No contaminado 5.14.0-496.el9.x86_64 #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] C\u00f3digo: [...] RSP: 0018:ff1c823ac23077f0 EFLAGS: 00010246 RAX: ffffffffc1a21a60 RBX: ffffffff899567a0 RCX: 0000000000000000 RDX: ffffffffffffffff RSI: 000000000000000 RDI: 000000000000000 RBP: ff1bda1f7c21e800 R08: 0000000000000000 R09: ff1c823ac2307670 R10: ff1c823ac2307668 R11: ffffffff8a9e7b68 R12: 0000000000000000 R13: 0000000000000000 R14: ff1bda1f43e341a0 R15: 00000000ffffffea FS: 00007f56eba7c740(0000) GS:ff1bda269f800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 CR2: 000000000000000 CR3: 0000000104d90001 CR4: 00000000000771ef0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] ? __die_body.cold+0x8/0xd ? error_p\u00e1gina_oops+0x134/0x170 ? __irq_work_queue_local+0x2b/0xc0 ? irq_work_queue+0x2c/0x50 ? error_p\u00e1gina_oops+0x62/0x150 ? error_p\u00e1gina_oops+0x134/0x170 ? vhost_iotlb_del_range+0xf/0xe0 [vhost_iotlb] mlx5_vdpa_free+0x3d/0x150 [mlx5_vdpa] vdpa_release_dev+0x1e/0x50 [vdpa] device_release+0x31/0x90 kobject_cleanup+0x37/0x130 mlx5_vdpa_dev_add+0x2d2/0x7a0 [mlx5_vdpa] vdpa_nl_cmd_dev_add_set_doit+0x277/0x4c0 [vdpa] genl_family_rcv_msg_doit+0xd9/0x130 genl_family_rcv_msg+0x14d/0x220 ? __pfx_vdpa_nl_cmd_dev_add_set_doit+0x10/0x10 [vdpa] ? _copiar_al_usuario+0x1a/0x30 ? mover_direcci\u00f3n_al_usuario+0x4b/0xe0 genl_rcv_msg+0x47/0xa0 ? __importar_iovec+0x46/0x150 ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x245/0x370 netlink_sendmsg+0x206/0x440 __sys_sendto+0x1dc/0x1f0 ? borrar_bucle_bhb+0x25/0x80 ? borrar_bucle_bhb+0x25/0x80 ? borrar_bucle_bhb+0x25/0x80 ? borrar_bucle_bhb+0x25/0x80 ? borrar_bucle_bhb+0x25/0x80 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x78/0x80" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-908" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/5fe351def237df1ad29aa8af574350bc5340b4cf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b6fbb1c7801f46a0e5461c02904eab0d7535c790", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dc12502905b7a3de9097ea6b98870470c2921e09", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47688.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47688.json index 010a4297a96..cf30d289c6f 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47688.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47688.json @@ -2,32 +2,123 @@ "id": "CVE-2024-47688", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.653", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:36:21.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix a potential null-ptr-deref in module_add_driver()\n\nInject fault while probing of-fpga-region, if kasprintf() fails in\nmodule_add_driver(), the second sysfs_remove_link() in exit path will cause\nnull-ptr-deref as below because kernfs_name_hash() will call strlen() with\nNULL driver_name.\n\nFix it by releasing resources based on the exit path sequence.\n\n\t KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t Mem abort info:\n\t ESR = 0x0000000096000005\n\t EC = 0x25: DABT (current EL), IL = 32 bits\n\t SET = 0, FnV = 0\n\t EA = 0, S1PTW = 0\n\t FSC = 0x05: level 1 translation fault\n\t Data abort info:\n\t ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n\t CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\t GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\t [dfffffc000000000] address between user and kernel address ranges\n\t Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n\t Dumping ftrace buffer:\n\t (ftrace buffer empty)\n\t Modules linked in: of_fpga_region(+) fpga_region fpga_bridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [last unloaded: of_fpga_region]\n\t CPU: 2 UID: 0 PID: 2036 Comm: modprobe Not tainted 6.11.0-rc2-g6a0e38264012 #295\n\t Hardware name: linux,dummy-virt (DT)\n\t pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n\t pc : strlen+0x24/0xb0\n\t lr : kernfs_name_hash+0x1c/0xc4\n\t sp : ffffffc081f97380\n\t x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0\n\t x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000\n\t x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000\n\t x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000001840\n\t x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42\n\t x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d\n\t x11: 1ffffff01812d61c x10: ffffffb01812d61c x9 : dfffffc000000000\n\t x8 : 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001\n\t x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 0000000000000000\n\t x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000\n\t Call trace:\n\t strlen+0x24/0xb0\n\t kernfs_name_hash+0x1c/0xc4\n\t kernfs_find_ns+0x118/0x2e8\n\t kernfs_remove_by_name_ns+0x80/0x100\n\t sysfs_remove_link+0x74/0xa8\n\t module_add_driver+0x278/0x394\n\t bus_add_driver+0x1f0/0x43c\n\t driver_register+0xf4/0x3c0\n\t __platform_driver_register+0x60/0x88\n\t of_fpga_region_init+0x20/0x1000 [of_fpga_region]\n\t do_one_initcall+0x110/0x788\n\t do_init_module+0x1dc/0x5c8\n\t load_module+0x3c38/0x4cac\n\t init_module_from_file+0xd4/0x128\n\t idempotent_init_module+0x2cc/0x528\n\t __arm64_sys_finit_module+0xac/0x100\n\t invoke_syscall+0x6c/0x258\n\t el0_svc_common.constprop.0+0x160/0x22c\n\t do_el0_svc+0x44/0x5c\n\t el0_svc+0x48/0xb8\n\t el0t_64_sync_handler+0x13c/0x158\n\t el0t_64_sync+0x190/0x194\n\t Code: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861)\n\t ---[ end trace 0000000000000000 ]---\n\t Kernel panic - not syncing: Oops: Fatal exception" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: n\u00facleo del controlador: se corrige un posible error de inyecci\u00f3n de ptr nulo en module_add_driver() mientras se sondea la regi\u00f3n de fpga. Si kasprintf() falla en module_add_driver(), el segundo sysfs_remove_link() en la ruta de salida provocar\u00e1 un error de ptr nulo como se muestra a continuaci\u00f3n, ya que kernfs_name_hash() llamar\u00e1 a strlen() con driver_name NULL. Se soluciona liberando recursos seg\u00fan la secuencia de la ruta de salida. KASAN: null-ptr-deref en el rango [0x0000000000000000-0x0000000000000007] Informaci\u00f3n de cancelaci\u00f3n de memoria: ESR = 0x0000000096000005 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: error de traducci\u00f3n de nivel 1 Informaci\u00f3n de cancelaci\u00f3n de datos: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfffffc000000000] direcci\u00f3n entre rangos de direcciones de usuario y kernel Error interno: Oops: 0000000096000005 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) M\u00f3dulos vinculados en: of_fpga_region(+) fpga_region fpga_bridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [\u00faltima descarga: of_fpga_region] CPU: 2 UID: 0 PID: 2036 Comm: modprobe No contaminado 6.11.0-rc2-g6a0e38264012 #295 Nombre del hardware: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : strlen+0x24/0xb0 lr : hash_nombre_kernfs+0x1c/0xc4 sp : ffffffc081f97380 x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0 x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000 x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000000 x19: 0000000000000000 x18: 00000000000001840 x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42 x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d x11: 1ffffff01812d61c x10: ffffffb01812d61c x9: dfffffc000000000 x8: 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001 x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 000000000000000 x2 : 000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000 Rastreo de llamadas: strlen+0x24/0xb0 kernfs_name_hash+0x1c/0xc4 kernfs_find_ns+0x118/0x2e8 kernfs_remove_by_name_ns+0x80/0x100 sysfs_remove_link+0x74/0xa8 m\u00f3dulo_agregar_controlador+0x278/0x394 bus_agregar_controlador+0x1f0/0x43c registro_controlador+0xf4/0x3c0 __registro_controlador_plataforma+0x60/0x88 de_regi\u00f3n_fpga_init+0x20/0x1000 [de_regi\u00f3n_fpga] hacer_una_llamada_inicio+0x110/0x788 hacer_m\u00f3dulo_inicio+0x1dc/0x5c8 cargar_m\u00f3dulo+0x3c38/0x4cac m\u00f3dulo_inicio_desde_archivo+0xd4/0x128 idempotent_init_module+0x2cc/0x528 __arm64_sys_finit_module+0xac/0x100 anybody_syscall+0x6c/0x258 el0_svc_common.constprop.0+0x160/0x22c do_el0_svc+0x44/0x5c el0_svc+0x48/0xb8 el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 C\u00f3digo: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861) ---[ fin del seguimiento 0000000000000000 ]--- P\u00e1nico del kernel: no se sincroniza: Ups: excepci\u00f3n fatal" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.33", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "EDE65514-BE18-441F-BC12-FD7B0412ACAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.4", + "versionEndExcluding": "6.10", + "matchCriteriaId": "1AD9A837-E824-444A-8442-914E09BE6199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "767D4D2D-C6E7-4B7D-9446-CFC8F8FF2FBB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/18ec12c97b39ff6aa15beb8d2b25d15cd44b87d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4b5d48b7a29cc6d508121a4b4e0c97a891e5273c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b8e45b910525704010d10c9dcbf2abf3005aa97c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dcb9d581dee4c23f2378b6650511ece80dda4e2f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-476xx/CVE-2024-47689.json b/CVE-2024/CVE-2024-476xx/CVE-2024-47689.json index f05aabc8a04..82d099f5716 100644 --- a/CVE-2024/CVE-2024-476xx/CVE-2024-47689.json +++ b/CVE-2024/CVE-2024-476xx/CVE-2024-47689.json @@ -2,32 +2,123 @@ "id": "CVE-2024-47689", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T12:15:05.733", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:53:06.410", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177\nCPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0\nWorkqueue: events destroy_super_work\nRIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177\nCall Trace:\n percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42\n destroy_super_work+0xec/0x130 fs/super.c:282\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd40 kernel/workqueue.c:3390\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nAs Christian Brauner pointed out [1]: the root cause is f2fs sets\nSB_RDONLY flag in internal function, rather than setting the flag\ncovered w/ sb->s_umount semaphore via remount procedure, then below\nrace condition causes this bug:\n\n- freeze_super()\n - sb_wait_write(sb, SB_FREEZE_WRITE)\n - sb_wait_write(sb, SB_FREEZE_PAGEFAULT)\n - sb_wait_write(sb, SB_FREEZE_FS)\n\t\t\t\t\t- f2fs_handle_critical_error\n\t\t\t\t\t - sb->s_flags |= SB_RDONLY\n- thaw_super\n - thaw_super_locked\n - sb_rdonly() is true, so it skips\n sb_freeze_unlock(sb, SB_FREEZE_FS)\n - deactivate_locked_super\n\nSince f2fs has almost the same logic as ext4 [2] when handling critical\nerror in filesystem if it mounts w/ errors=remount-ro option:\n- set CP_ERROR_FLAG flag which indicates filesystem is stopped\n- record errors to superblock\n- set SB_RDONLY falg\nOnce we set CP_ERROR_FLAG flag, all writable interfaces can detect the\nflag and stop any further updates on filesystem. So, it is safe to not\nset SB_RDONLY flag, let's remove the logic and keep in line w/ ext4 [3].\n\n[1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner\n[2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3\n[3] https://lore.kernel.org/linux-ext4/20240805201241.27286-1-jack@suse.cz" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para no establecer SB_RDONLY en f2fs_handle_critical_error() syzbot informa un error de f2fs como se muestra a continuaci\u00f3n: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 1 PID: 58 en kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 No contaminado 6.10.0-syzkaller-12562-g1722389b0d86 #0 Cola de trabajo: eventos destroy_super_work RIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 Rastreo de llamadas: percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42 destroy_super_work+0xec/0x130 fs/super.c:282 process_one_work kernel/workqueue.c:3231 [en l\u00ednea] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Como cristiano Brauner se\u00f1al\u00f3 [1]: la causa ra\u00edz es que f2fs establece el indicador SB_RDONLY en la funci\u00f3n interna, en lugar de establecer el indicador cubierto con el sem\u00e1foro sb->s_umount a trav\u00e9s del procedimiento de remontaje, luego la siguiente condici\u00f3n de ejecuci\u00f3n causa este error: - freeze_super() - sb_wait_write(sb, SB_FREEZE_WRITE) - sb_wait_write(sb, SB_FREEZE_PAGEFAULT) - sb_wait_write(sb, SB_FREEZE_FS) - f2fs_handle_critical_error - sb->s_flags |= SB_RDONLY - thaw_super - thaw_super_locked - sb_rdonly() es verdadero, por lo que omite sb_freeze_unlock(sb, SB_FREEZE_FS) - deactivate_locked_super Dado que f2fs tiene casi la misma l\u00f3gica que ext4 [2] al manejar error cr\u00edtico en el sistema de archivos si se monta con la opci\u00f3n errors=remount-ro: - establecer el indicador CP_ERROR_FLAG que indica que el sistema de archivos est\u00e1 detenido - registrar errores en el superbloque - establecer el indicador SB_RDONLY Una vez que establecemos el indicador CP_ERROR_FLAG, todas las interfaces escribibles pueden detectar el indicador y detener cualquier actualizaci\u00f3n futura en el sistema de archivos. Por lo tanto, es seguro no establecer el indicador SB_RDONLY, eliminemos la l\u00f3gica y sigamos en l\u00ednea con ext4 [3]. [1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner [2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3 [3] https://lore.kernel.org/linux-ext4/202408052 01241.27286-1-jack@suse.cz" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.4", + "versionEndExcluding": "6.5", + "matchCriteriaId": "3F74080D-0441-4EFD-AB4D-F8C72C720E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.54", + "matchCriteriaId": "533A887F-F2B4-4445-8C73-11A8013D0A01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.13", + "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.2", + "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/1f63f405c1a1a64b9c310388aad7055fb86b245c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/649ec8b30df113042588bd3d3cd4e98bcb1091e0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/930c6ab93492c4b15436524e704950b364b2930c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de43021c72993877a8f86f9fddfa0687609da5a4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47819.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47819.json index c3f583fc0cc..94a125c6354 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47819.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47819.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47819", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:07.500", - "lastModified": "2024-10-22T16:15:07.500", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users." + }, + { + "lang": "es", + "value": " Umbraco, un sistema de gesti\u00f3n de contenido .NET gratuito y de c\u00f3digo abierto, tiene una vulnerabilidad de cross-site scripting a partir de la versi\u00f3n 14.0.0 y anteriores a las versiones 14.3.1 y 15.0.0. Esto se puede aprovechar para obtener acceso a puntos finales con privilegios m\u00e1s altos, por ejemplo, si consigue que un usuario con privilegios de administrador ejecute el c\u00f3digo, puede elevar potencialmente a todos los usuarios y otorgarles privilegios de administrador o acceder a contenido protegido. Las versiones 14.3.1 y 15.0.0 contienen un parche. Como workaround, aseg\u00farese de que el acceso a la secci\u00f3n Diccionario solo se conceda a usuarios de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47825.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47825.json index 215e164f094..c69d06fc47d 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47825.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47825.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47825", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-21T19:15:03.500", - "lastModified": "2024-10-21T19:15:03.500", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) and this narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`. Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using `enableDefaultDeny: false` or that set `toEntities` to `all`, some workarounds are available. For users with policies using `enableDefaultDeny: false`, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify `toEntities: all`, use `toEntities: world`." + }, + { + "lang": "es", + "value": "Cilium es una soluci\u00f3n de redes, observabilidad y seguridad con un plano de datos basado en eBPF. A partir de la versi\u00f3n 1.14.0 y antes de las versiones 1.14.16 y 1.15.10, una regla de pol\u00edtica que deniegue un prefijo m\u00e1s amplio que `/32` puede ignorarse si hay una regla de pol\u00edtica que haga referencia a un prefijo m\u00e1s estrecho (`CIDRSet` o `toFQDN`) y esta regla de pol\u00edtica m\u00e1s estrecha especifica `enableDefaultDeny: false` o `- toEntities: all`. Tenga en cuenta que una regla que especifique `toEntities: world` o `toEntities: 0.0.0.0/0` no es suficiente, debe ser para la entidad `all`. Este problema se ha corregido en Cilium v1.14.16 y v1.15.10. Como este problema solo afecta a las pol\u00edticas que utilizan `enableDefaultDeny: false` o que establecen `toEntities` en `all`, hay algunas soluciones alternativas disponibles. Para los usuarios con pol\u00edticas que utilizan `enableDefaultDeny: false`, elimine esta opci\u00f3n de configuraci\u00f3n y defina expl\u00edcitamente las reglas de permiso requeridas. Para los usuarios con pol\u00edticas de salida que especifican expl\u00edcitamente `toEntities: all`, utilice `toEntities: world`." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47845.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47845.json index 4e4a138280d..99c8f078f51 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47845.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47845.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47845", "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "published": "2024-10-05T01:15:12.237", - "lastModified": "2024-10-07T17:48:28.117", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-23T15:00:11.853", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,9 +59,41 @@ "baseSeverity": "MEDIUM" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + }, { "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "type": "Secondary", @@ -73,18 +105,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wikimedia:wikimedia-extensions-css:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.39.0", + "versionEndExcluding": "1.39.9", + "matchCriteriaId": "8C84CC2C-175C-43B2-B687-1F3059E25426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wikimedia:wikimedia-extensions-css:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.41.0", + "versionEndExcluding": "1.41.3", + "matchCriteriaId": "3C653764-2F82-4DFA-8679-44040C0EB5CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wikimedia:wikimedia-extensions-css:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.42.0", + "versionEndExcluding": "1.42.2", + "matchCriteriaId": "38BB6671-A00E-418E-BAD8-BA54401F0E6A" + } + ] + } + ] + } + ], "references": [ { "url": "https://gerrit.wikimedia.org/r/q/I6f38f4a8fc1dcd690ab27b8f18ce6ca903bacc53", - "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "tags": [ + "Patch" + ] }, { "url": "https://phabricator.wikimedia.org/T368594", - "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://phabricator.wikimedia.org/T368628", - "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc" + "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47901.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47901.json new file mode 100644 index 00000000000..02cf7c2665c --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47901.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47901", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-10-23T15:15:30.930", + "lastModified": "2024-10-23T15:15:30.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-333468.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47902.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47902.json new file mode 100644 index 00000000000..b3b603da2bb --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47902.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47902", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-10-23T15:15:31.163", + "lastModified": "2024-10-23T15:15:31.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-333468.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47903.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47903.json new file mode 100644 index 00000000000..bef435ac653 --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47903.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47903", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-10-23T15:15:31.397", + "lastModified": "2024-10-23T15:15:31.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-333468.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47904.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47904.json new file mode 100644 index 00000000000..8b84ccf272a --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47904.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47904", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-10-23T15:15:31.687", + "lastModified": "2024-10-23T15:15:31.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.5, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-333468.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json index a5d93e82833..22eef44dc1e 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47912.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47912", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.877", - "lastModified": "2024-10-22T18:35:08.360", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente de conferencias AWV (audio, web y video) de Mitel MiCollab hasta la versi\u00f3n 9.8 SP1 FP2 (9.8.1.201) podr\u00eda permitir que un atacante no autenticado realice ataques de acceso a datos no autorizados debido a la falta de mecanismos de autenticaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante acceda y elimine informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-484xx/CVE-2024-48415.json b/CVE-2024/CVE-2024-484xx/CVE-2024-48415.json index d60e59c4953..ba44ab4cdcc 100644 --- a/CVE-2024/CVE-2024-484xx/CVE-2024-48415.json +++ b/CVE-2024/CVE-2024-484xx/CVE-2024-48415.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48415", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.890", - "lastModified": "2024-10-22T22:15:05.890", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page." + }, + { + "lang": "es", + "value": "itsourcecode Loan Management System v1.0 es vulnerable a cross-site scripting (XSS) a trav\u00e9s de un payload manipulado para los par\u00e1metros lastname, firstname, middlename, address, contact_no, email y tax_id en la funcionalidad de nuevos prestatarios en la p\u00e1gina Prestatarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json index 8363d59831b..98ca2a067e2 100644 --- a/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48509.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48509", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:14.943", - "lastModified": "2024-10-21T20:35:11.953", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands." + }, + { + "lang": "es", + "value": "Learning with Texts (LWT) 2.0.3 es vulnerable a la inyecci\u00f3n SQL. Esto ocurre cuando la aplicaci\u00f3n no logra depurar correctamente las entradas del usuario, lo que permite a los atacantes manipular las consultas SQL inyectando instrucciones SQL maliciosas en los par\u00e1metros de la URL. Al explotar esta vulnerabilidad, un atacante podr\u00eda obtener acceso no autorizado a la base de datos, recuperar informaci\u00f3n confidencial, modificar o eliminar datos y ejecutar comandos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48570.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48570.json index 53f4349a8c9..4e01a391835 100644 --- a/CVE-2024/CVE-2024-485xx/CVE-2024-48570.json +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48570.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48570", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:04.087", - "lastModified": "2024-10-22T19:35:10.083", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Client Management System 1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro Between Dates Reports en /admin/bwdates-reports-ds.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json index 86fe8dbd4d8..0a699637365 100644 --- a/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48597.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48597", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:15.010", - "lastModified": "2024-10-21T20:35:13.860", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit." + }, + { + "lang": "es", + "value": "Online Clinic Management System v1.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro id en /success/editp.php?action=edit." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48605.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48605.json index bc815b16b7d..28da45996c7 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48605.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48605.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48605", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T16:15:07.757", - "lastModified": "2024-10-22T18:35:09.113", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file." + }, + { + "lang": "es", + "value": " Un problema en la aplicaci\u00f3n de escritorio Helakuru v1.1 permite que un atacante local ejecute c\u00f3digo arbitrario a trav\u00e9s de la falta de validaci\u00f3n adecuada del archivo wow64log.dll." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48644.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48644.json index 8fe803419ae..6f698e4a557 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48644.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48644.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48644", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:05.970", - "lastModified": "2024-10-22T22:15:05.970", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames." + }, + { + "lang": "es", + "value": "La vulnerabilidad de enumeraci\u00f3n de cuentas en el componente de inicio de sesi\u00f3n de Reolink Duo 2 WiFi Camera (versi\u00f3n de firmware v3.0.0.1889_23031701) permite a atacantes remotos determinar cuentas de usuario v\u00e1lidas mediante intentos de inicio de sesi\u00f3n. Esto puede dar lugar a la enumeraci\u00f3n de cuentas de usuario y, potencialmente, facilitar otros ataques, como la fuerza bruta de contrase\u00f1as. La vulnerabilidad surge de que la aplicaci\u00f3n responde de forma diferente a los intentos de inicio de sesi\u00f3n con nombres de usuario v\u00e1lidos e inv\u00e1lidos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json index f56f3465f0f..c871252f231 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48645.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48645", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:15.070", - "lastModified": "2024-10-21T21:35:05.333", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Minecraft mod \"Command Block IDE\" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify \"function\" files used by the game when installed on a dedicated server." + }, + { + "lang": "es", + "value": "En el mod de Minecraft \"Command Block IDE\" hasta la versi\u00f3n 0.4.9 incluida, una autorizaci\u00f3n faltante (CWE-862) permite a cualquier usuario modificar archivos de \"funci\u00f3n\" utilizados por el juego cuando se instala en un servidor dedicado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48652.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48652.json index 173aebc2f1e..4050a3df6fe 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48652.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48652.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48652", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:06.057", - "lastModified": "2024-10-22T22:15:06.057", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field." + }, + { + "lang": "es", + "value": " La vulnerabilidad de cross-site scripting en camaleon-cms v.2.7.5 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del campo de group name de contenido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48656.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48656.json index f1201a4e2c3..e860d5740e9 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48656.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48656.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48656", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:06.147", - "lastModified": "2024-10-22T22:15:06.147", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": " Vulnerabilidad de cross-site scripting en el sistema de gesti\u00f3n de estudiantes en php con c\u00f3digo fuente v.1.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48657.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48657.json index 03054ab765b..6f4d8387906 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48657.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48657.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48657", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T22:15:06.233", - "lastModified": "2024-10-22T22:15:06.233", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": " Vulnerabilidad de inyecci\u00f3n SQL en el sistema de gesti\u00f3n hospitalaria en php con c\u00f3digo fuente v.1.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json index 6d27807de22..eecf54f6314 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48659.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48659", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T20:15:15.260", - "lastModified": "2024-10-22T18:35:09.947", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component." + }, + { + "lang": "es", + "value": "Un problema en DCME-320-L <=9.3.2.114 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente log_u_umount.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48706.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48706.json index c1b28468d60..bcad3026547 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48706.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48706.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48706", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:04.180", - "lastModified": "2024-10-22T19:35:10.843", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively." + }, + { + "lang": "es", + "value": " Collabtive 3.1 es vulnerable a cross-site scripting (XSS) a trav\u00e9s del par\u00e1metro title con action=add o action=editform dentro del archivo (a) managemessage.php y (b) managetask.php respectivamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48707.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48707.json index 3e892768a7f..de3c4c61192 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48707.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48707.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48707", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:04.273", - "lastModified": "2024-10-22T19:35:11.020", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file." + }, + { + "lang": "es", + "value": "Collabtive 3.1 es vulnerable a cross-site scripting (XSS) a trav\u00e9s del par\u00e1metro name en (a) action=add o action=edit dentro del archivo managemilestone.php y (b) action=addpro dentro del archivo admin.php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48708.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48708.json index 5af6c7b67c0..d04905129d9 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48708.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48708.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48708", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:04.370", - "lastModified": "2024-10-22T19:35:11.790", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser." + }, + { + "lang": "es", + "value": " Collabtive 3.1 es vulnerable a Cross-Site Scripting (XSS) a trav\u00e9s del par\u00e1metro name en (a) el archivo tasklist.php bajo action = add/edit y en (b) el archivo admin.php bajo action = adduser/edituser." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48709.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48709.json index f65d34f2a7f..9f71f919176 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48709.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48709.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48709", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-21T19:15:03.817", - "lastModified": "2024-10-21T19:35:07.443", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php" + }, + { + "lang": "es", + "value": "CodeAstro Membership Management System v1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro membershipType en edit_type.php" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48903.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48903.json index 1c89f0159b1..468f4404e96 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48903.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48903.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48903", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:06.590", - "lastModified": "2024-10-22T19:15:06.590", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security Agent 20 podr\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48904.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48904.json index 285f29895d5..30875dcf131 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48904.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48904.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48904", "sourceIdentifier": "security@trendmicro.com", "published": "2024-10-22T19:15:06.763", - "lastModified": "2024-10-22T19:35:12.560", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances.\r\n\r\nPlease note: authentication is not required in order to exploit this vulnerability." + }, + { + "lang": "es", + "value": " Una vulnerabilidad de inyecci\u00f3n de comandos en Trend Micro Cloud Edge podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en los dispositivos afectados. Tenga en cuenta que no se requiere autenticaci\u00f3n para explotar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48919.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48919.json index 27df8283962..1a5c8ddbb29 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48919.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48919.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48919", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T21:15:06.813", - "lastModified": "2024-10-22T21:15:06.813", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage.\n\nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts." + }, + { + "lang": "es", + "value": "Cursor es un editor de c\u00f3digo creado para programar con IA. Antes del 27 de septiembre de 2024, si un usuario generaba un comando de terminal a trav\u00e9s de la funci\u00f3n Cmd-K/Ctrl-K de la terminal de Cursor y si el usuario importaba expl\u00edcitamente una p\u00e1gina web maliciosa en el mensaje de aviso Cmd-K de la terminal, un atacante con control sobre la p\u00e1gina web a la que se hac\u00eda referencia pod\u00eda tener una posibilidad significativa de influir en un modelo de lenguaje para que generara comandos arbitrarios para su ejecuci\u00f3n en la terminal del usuario. Este escenario requerir\u00eda que el usuario optara expl\u00edcitamente por incluir el contenido de una p\u00e1gina web comprometida y que el atacante mostrara el texto de inyecci\u00f3n de mensajes en el contenido de la p\u00e1gina web comprometida. El 27 de septiembre de 2024, dentro de las dos horas posteriores a que se informara el problema, se lanz\u00f3 un parche del lado del servidor para no transmitir de vuelta las nuevas l\u00edneas o los caracteres de control. Adem\u00e1s, Cursor 0.42 incluye mitigaciones del lado del cliente para evitar que cualquier nueva l\u00ednea o car\u00e1cter de control se transmita directamente a la terminal. Tambi\u00e9n contiene una nueva configuraci\u00f3n, `\"cursor.terminal.usePreviewBox\"`, que, si se establece en true, transmite la respuesta a un cuadro de vista previa cuyo contenido debe aceptarse manualmente antes de insertarse en la terminal. Esta configuraci\u00f3n es \u00fatil si est\u00e1 trabajando en un entorno de shell donde los comandos se pueden ejecutar sin presionar Enter o cualquier car\u00e1cter de control. El parche se ha aplicado en el lado del servidor, por lo que no se necesita ninguna acci\u00f3n adicional, incluso en versiones anteriores de Cursor. Por otra parte, los mantenedores de Cursor tambi\u00e9n recomiendan, como mejor pr\u00e1ctica, incluir solo fragmentos de contexto confiables en los mensajes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48925.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48925.json index 3f2dc38ed3c..bf2cd3aa349 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48925.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48925.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48925", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:07.853", - "lastModified": "2024-10-22T16:15:07.853", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch." + }, + { + "lang": "es", + "value": "Umbraco, un sistema de gesti\u00f3n de contenido .NET gratuito y de c\u00f3digo abierto, tiene un problema de control de acceso incorrecto a partir de la versi\u00f3n 14.0.0 y anteriores a la versi\u00f3n 14.3.0. El problema permite que los usuarios con pocos privilegios accedan a la API de webhook y recuperen informaci\u00f3n que deber\u00eda estar restringida a los usuarios con acceso a la secci\u00f3n de configuraci\u00f3n. La versi\u00f3n 14.3.0 contiene un parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48926.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48926.json index 347df65e238..27f89a4fe20 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48926.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48926.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48926", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:08.090", - "lastModified": "2024-10-22T16:15:08.090", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue." + }, + { + "lang": "es", + "value": " Umbraco, un sistema de gesti\u00f3n de contenido .NET gratuito y de c\u00f3digo abierto, tiene un problema de caducidad de sesi\u00f3n insuficiente en las versiones de la rama 13.x anteriores a la 13.5.2, 10.x anteriores a la 10.8.7 y 8.x anteriores a la 8.18.15. El Backoffice muestra la p\u00e1gina de cierre de sesi\u00f3n con un mensaje de tiempo de espera de sesi\u00f3n antes de que la sesi\u00f3n del servidor haya caducado por completo, lo que hace que los usuarios crean que se ha cerrado la sesi\u00f3n aproximadamente 30 segundos antes de lo que realmente ocurre. Las versiones 13.5.2, 10.8.7 y 8.18.15 contienen un parche para el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48927.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48927.json index 71570e2a9b5..ed710de3d9e 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48927.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48927.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48927", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:08.360", - "lastModified": "2024-10-22T16:15:08.360", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they \u201cpreview\u201d SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process." + }, + { + "lang": "es", + "value": "Umbraco, un sistema de gesti\u00f3n de contenido .NET gratuito y de c\u00f3digo abierto, tiene un problema de ejecuci\u00f3n de c\u00f3digo remoto en las versiones de la rama 13.x anteriores a la 13.5.2, 10.x anteriores a la 10.8.7 y 8.x anteriores a la 8.18.15. Existe un riesgo potencial de ejecuci\u00f3n de c\u00f3digo para los usuarios de Backoffice cuando \"obtienen una vista previa\" de los archivos SVG en modo de pantalla completa. Las versiones 13.5.2, 10.8.7 y 8.18.15 contienen un parche para el problema. Como workaround, est\u00e1 disponible la validaci\u00f3n de archivos del lado derver para eliminar las etiquetas de script del contenido del archivo durante el proceso de carga del archivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48929.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48929.json index 546910ef9fb..7197189a811 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48929.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48929.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48929", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:08.617", - "lastModified": "2024-10-22T16:15:08.617", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue." + }, + { + "lang": "es", + "value": "Umbraco es un sistema de gesti\u00f3n de contenido .NET gratuito y de c\u00f3digo abierto. En las versiones de la rama 13.x anteriores a la 13.5.2 y en las versiones de la rama 10.x anteriores a la 10.8.7, durante un cierre de sesi\u00f3n expl\u00edcito, la sesi\u00f3n del servidor no finaliza por completo. Las versiones 13.5.2 y 10.8.7 contienen un parche para solucionar este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49208.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49208.json index 5dc9b80bced..c85fc11a021 100644 --- a/CVE-2024/CVE-2024-492xx/CVE-2024-49208.json +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49208.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49208", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:04.503", - "lastModified": "2024-10-22T17:15:04.503", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons." + }, + { + "lang": "es", + "value": " Archer Platform 2024.03 anterior a la versi\u00f3n 2024.08 se ve afectada por una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n relacionada con los archivos de aplicaciones de soporte. Un atacante remoto sin privilegios podr\u00eda aprovechar esta vulnerabilidad para elevar sus privilegios y eliminar los \u00edconos del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49209.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49209.json index 36a65be4757..27f2bde6b57 100644 --- a/CVE-2024/CVE-2024-492xx/CVE-2024-49209.json +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49209.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49209", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:05.763", - "lastModified": "2024-10-22T17:15:05.763", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons." + }, + { + "lang": "es", + "value": "Archer Platform 2024.03 anterior a la versi\u00f3n 2024.09 se ve afectada por una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n de API relacionada con los archivos de aplicaciones de soporte. Un atacante remoto sin privilegios podr\u00eda aprovechar esta vulnerabilidad para elevar sus privilegios y cargar \u00edconos de sistema adicionales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49210.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49210.json index 876859c860f..2eb008c334b 100644 --- a/CVE-2024/CVE-2024-492xx/CVE-2024-49210.json +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49210.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49210", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:05.970", - "lastModified": "2024-10-22T17:15:05.970", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 un XSS reflejado en una p\u00e1gina de la interfaz de usuario de Archer Platform de la lista iView en Archer Platform 6.x anterior a la versi\u00f3n 2024.09. Un atacante remoto no autenticado podr\u00eda aprovechar esto enga\u00f1ando al usuario de la aplicaci\u00f3n v\u00edctima para que proporcione c\u00f3digo HTML o JavaScript malicioso a la aplicaci\u00f3n web vulnerable; el c\u00f3digo malicioso se refleja luego de vuelta a la v\u00edctima y el navegador web lo ejecuta en el contexto de la aplicaci\u00f3n web vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49211.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49211.json index 816483e714e..81e8d734a3c 100644 --- a/CVE-2024/CVE-2024-492xx/CVE-2024-49211.json +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49211.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49211", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-22T17:15:06.193", - "lastModified": "2024-10-22T17:15:06.193", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un XSS reflejado en una p\u00e1gina de UX de Archer Platform que inclu\u00eda un listado de paneles en Archer Platform 6.x anterior a la versi\u00f3n 2024.08. Un atacante remoto no autenticado podr\u00eda aprovechar esto enga\u00f1ando al usuario de la aplicaci\u00f3n v\u00edctima para que proporcione c\u00f3digo HTML o JavaScript malicioso a la aplicaci\u00f3n web vulnerable; el c\u00f3digo malicioso se refleja luego de vuelta a la v\u00edctima y el navegador web lo ejecuta en el contexto de la aplicaci\u00f3n web vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49366.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49366.json index c3642748a0a..1b364554806 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49366.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49366.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49366", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-21T17:15:03.567", - "lastModified": "2024-10-21T17:15:03.567", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue." + }, + { + "lang": "es", + "value": "Nginx UI es una interfaz de usuario web para el servidor web Nginx. Nginx UI v2.0.0-beta.35 y anteriores obtienen el valor del campo json sin verificaci\u00f3n y pueden construir un valor en forma de `../../`. Se pueden escribir archivos arbitrarios en el servidor, lo que puede provocar la p\u00e9rdida de permisos. La versi\u00f3n 2.0.0-beta.26 corrige el problema." } ], "metrics": { @@ -30,7 +34,7 @@ "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", - "exploitMaturity": "PROOF-OF-CONCEPT", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49367.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49367.json index 59c3a353663..ff1746d70e2 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49367.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49367.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49367", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-21T17:15:03.783", - "lastModified": "2024-10-21T17:15:03.783", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue." + }, + { + "lang": "es", + "value": "Nginx UI es una interfaz de usuario web para el servidor web Nginx. Antes de la versi\u00f3n 2.0.0-beta.36, la ruta de registro de nginxui era controlable. Este problema se puede combinar con el recorrido del directorio en `/api/configs` para leer directorios y contenidos de archivos en el servidor. La versi\u00f3n 2.0.0-beta.36 soluciona el problema." } ], "metrics": { @@ -30,7 +34,7 @@ "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", - "exploitMaturity": "PROOF-OF-CONCEPT", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json index 34b570bf0e6..e342e8a5b47 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49368", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-21T17:15:03.960", - "lastModified": "2024-10-21T17:15:03.960", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue." + }, + { + "lang": "es", + "value": "Nginx UI es una interfaz de usuario web para el servidor web Nginx. Antes de la versi\u00f3n 2.0.0-beta.36, cuando Nginx UI configura logrotate, no verifica la entrada y la pasa directamente a exec.Command, lo que provoca la ejecuci\u00f3n arbitraria de comandos. La versi\u00f3n 2.0.0-beta.36 corrige este problema." } ], "metrics": { @@ -30,7 +34,7 @@ "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", - "exploitMaturity": "PROOF-OF-CONCEPT", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49370.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49370.json new file mode 100644 index 00000000000..3f795d96582 --- /dev/null +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49370.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-49370", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-10-23T15:15:31.987", + "lastModified": "2024-10-23T15:15:31.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and \"Use Pimcore Backend Password\" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-256" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49373.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49373.json index 93140081e13..049ce516c16 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49373.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49373.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49373", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-22T16:15:08.860", - "lastModified": "2024-10-22T16:15:08.860", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem." + }, + { + "lang": "es", + "value": " No Fuss Computing Centurion ERP es un software de planificaci\u00f3n de recursos empresariales (ERP) de c\u00f3digo abierto. Antes de la versi\u00f3n 1.2.1, un usuario autenticado pod\u00eda ver proyectos dentro de organizaciones de las que no formaba parte. La versi\u00f3n 1.2.1 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json index 292c6fbfd3c..110d9961c0a 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49604.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49604", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-20T08:15:04.117", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:49:25.567", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:najeebmedia:simple_user_registration:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.5", + "matchCriteriaId": "DFB9CD63-E0DB-4DB9-8AB3-81D249CC899B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-registration/wordpress-simple-user-registration-plugin-5-5-account-takeover-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json index ff0d0ee9654..0119a373d4f 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49606.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49606", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-20T08:15:04.323", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:49:41.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dotsquares:google_map_locations:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "DF8E260A-6C24-4946-B58C-9D50616F6D04" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/google-map-locations/wordpress-google-map-locations-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json index e6079f39893..cff1e7e2ae7 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49611.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49611", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-20T08:15:04.523", - "lastModified": "2024-10-21T17:09:45.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-10-23T15:49:58.247", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paxman:product_website_showcase:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "CF4C2797-701B-4524-BCC1-3D7A10201C9E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/product-websites-showcase/wordpress-product-website-showcase-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49675.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49675.json new file mode 100644 index 00000000000..9fe3929cb83 --- /dev/null +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49675.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-49675", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-10-23T15:15:32.120", + "lastModified": "2024-10-23T15:15:32.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-288" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ibryl-switch-user/wordpress-ibryl-switch-user-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49863.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49863.json index b8a980cd92b..adb87a25dc7 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49863.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49863.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49863", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.120", - "lastModified": "2024-10-21T18:15:06.120", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/scsi: null-ptr-dereference in vhost_scsi_get_req()\n\nSince commit 3f8ca2e115e5 (\"vhost/scsi: Extract common handling code\nfrom control queue handler\") a null pointer dereference bug can be\ntriggered when guest sends an SCSI AN request.\n\nIn vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with\n`&v_req.tmf.lun[1]` within a switch-case block and is then passed to\nvhost_scsi_get_req() which extracts `vc->req` and `tpg`. However, for\na `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is\nset to NULL in this branch. Later, in vhost_scsi_get_req(),\n`vc->target` is dereferenced without being checked, leading to a null\npointer dereference bug. This bug can be triggered from guest.\n\nWhen this bug occurs, the vhost_worker process is killed while holding\n`vq->mutex` and the corresponding tpg will remain occupied\nindefinitely.\n\nBelow is the KASAN report:\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS\n1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vhost_scsi_get_req+0x165/0x3a0\nCode: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 <0f> b6\n04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00\nRSP: 0018:ffff888017affb50 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8\nRBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000\nFS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0\nCall Trace:\n \n ? show_regs+0x86/0xa0\n ? die_addr+0x4b/0xd0\n ? exc_general_protection+0x163/0x260\n ? asm_exc_general_protection+0x27/0x30\n ? vhost_scsi_get_req+0x165/0x3a0\n vhost_scsi_ctl_handle_vq+0x2a4/0xca0\n ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10\n ? __switch_to+0x721/0xeb0\n ? __schedule+0xda5/0x5710\n ? __kasan_check_write+0x14/0x30\n ? _raw_spin_lock+0x82/0xf0\n vhost_scsi_ctl_handle_kick+0x52/0x90\n vhost_run_work_list+0x134/0x1b0\n vhost_task_fn+0x121/0x350\n...\n \n---[ end trace 0000000000000000 ]---\n\nLet's add a check in vhost_scsi_get_req.\n\n[whitespace fixes]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vhost/scsi: null-ptr-dereference en vhost_scsi_get_req() Desde el commit 3f8ca2e115e5 (\"vhost/scsi: Extraer c\u00f3digo de manejo com\u00fan del manejador de cola de control\"), se puede activar un error de desreferencia de puntero nulo cuando el invitado env\u00eda una solicitud SCSI AN. En vhost_scsi_ctl_handle_vq(), `vc.target` se asigna con `&v_req.tmf.lun[1]` dentro de un bloque switch-case y luego se pasa a vhost_scsi_get_req() que extrae `vc->req` y `tpg`. Sin embargo, para una solicitud `VIRTIO_SCSI_T_AN_*`, tpg no es necesario, por lo que `vc.target` se establece en NULL en esta rama. M\u00e1s adelante, en vhost_scsi_get_req(), `vc->target` se desreferencia sin comprobarlo, lo que genera un error de desreferencia de puntero nulo. Este error se puede activar desde el invitado. Cuando se produce este error, el proceso vhost_worker se elimina mientras mantiene `vq->mutex` y el tpg correspondiente permanecer\u00e1 ocupado indefinidamente. A continuaci\u00f3n se muestra el informe de KASAN: Oops: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x000000000000000-0x0000000000000007] CPU: 1 PID: 840 Comm: poc No contaminado 6.10.0+ #1 Nombre del hardware: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:vhost_scsi_get_req+0x165/0x3a0 C\u00f3digo: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 b6 04 4 c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00 RSP: 0018:ffff888017affb50 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 00000000000000000 RDX: 00000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8 RBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000 FS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0 Seguimiento de llamadas: ? show_regs+0x86/0xa0 ? die_addr+0x4b/0xd0 ? exc_general_protection+0x163/0x260 ? asm_exc_general_protection+0x27/0x30 ? vhost_scsi_get_req+0x165/0x3a0 vhost_scsi_ctl_handle_vq+0x2a4/0xca0 ? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10 ? __switch_to+0x721/0xeb0 ? __schedule+0xda5/0x5710 ? __kasan_check_write+0x14/0x30 ? _raw_spin_lock+0x82/0xf0 vhost_scsi_ctl_handle_kick+0x52/0x90 vhost_run_work_list+0x134/0x1b0 vhost_task_fn+0x121/0x350 ... ---[ fin del seguimiento 000000000000000 ]--- Agreguemos una comprobaci\u00f3n en vhost_scsi_get_req. [se corrigen los espacios en blanco]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49864.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49864.json index b29a097ecd6..63ec981f331 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49864.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49864.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49864", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.203", - "lastModified": "2024-10-21T18:15:06.203", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix a race between socket set up and I/O thread creation\n\nIn rxrpc_open_socket(), it sets up the socket and then sets up the I/O\nthread that will handle it. This is a problem, however, as there's a gap\nbetween the two phases in which a packet may come into rxrpc_encap_rcv()\nfrom the UDP packet but we oops when trying to wake the not-yet created I/O\nthread.\n\nAs a quick fix, just make rxrpc_encap_rcv() discard the packet if there's\nno I/O thread yet.\n\nA better, but more intrusive fix would perhaps be to rearrange things such\nthat the socket creation is done by the I/O thread." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rxrpc: Corrige una ejecuci\u00f3n entre la configuraci\u00f3n del socket y la creaci\u00f3n del hilo de E/S En rxrpc_open_socket(), configura el socket y luego configura el hilo de E/S que lo manejar\u00e1. Sin embargo, esto es un problema, ya que hay una brecha entre las dos fases en las que un paquete puede llegar a rxrpc_encap_rcv() desde el paquete UDP, pero fallo al intentar despertar el hilo de E/S a\u00fan no creado. Como soluci\u00f3n r\u00e1pida, simplemente haga que rxrpc_encap_rcv() descarte el paquete si a\u00fan no hay un hilo de E/S. Una soluci\u00f3n mejor, pero m\u00e1s intrusiva, tal vez ser\u00eda reorganizar las cosas de modo que la creaci\u00f3n del socket la realice el hilo de E/S." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49865.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49865.json index fa27d97fb8e..b7062544c9f 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49865.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49865.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49865", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.270", - "lastModified": "2024-10-21T18:15:06.270", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vm: move xa_alloc to prevent UAF\n\nEvil user can guess the next id of the vm before the ioctl completes and\nthen call vm destroy ioctl to trigger UAF since create ioctl is still\nreferencing the same vm. Move the xa_alloc all the way to the end to\nprevent this.\n\nv2:\n - Rebase\n\n(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/vm: mover xa_alloc para evitar UAF Un usuario malintencionado puede adivinar el siguiente id de la m\u00e1quina virtual antes de que se complete el ioctl y luego llamar a vm destroy ioctl para activar el UAF, ya que create ioctl sigue haciendo referencia a la misma m\u00e1quina virtual. Mueva xa_alloc hasta el final para evitar esto. v2: - Rebase (seleccionado de el commit dcfd3971327f3ee92765154baebbaece833d3ca9)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49866.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49866.json index 44b3fc1ab9a..5dda771c305 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49866.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49866.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49866", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.330", - "lastModified": "2024-10-21T18:15:06.330", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Fix a race during cpuhp processing\n\nThere is another found exception that the \"timerlat/1\" thread was\nscheduled on CPU0, and lead to timer corruption finally:\n\n```\nODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220\nWARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0\nModules linked in:\nCPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:debug_print_object+0x7d/0xb0\n...\nCall Trace:\n \n ? __warn+0x7c/0x110\n ? debug_print_object+0x7d/0xb0\n ? report_bug+0xf1/0x1d0\n ? prb_read_valid+0x17/0x20\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? debug_print_object+0x7d/0xb0\n ? debug_print_object+0x7d/0xb0\n ? __pfx_timerlat_irq+0x10/0x10\n __debug_object_init+0x110/0x150\n hrtimer_init+0x1d/0x60\n timerlat_main+0xab/0x2d0\n ? __pfx_timerlat_main+0x10/0x10\n kthread+0xb7/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n```\n\nAfter tracing the scheduling event, it was discovered that the migration\nof the \"timerlat/1\" thread was performed during thread creation. Further\nanalysis confirmed that it is because the CPU online processing for\nosnoise is implemented through workers, which is asynchronous with the\noffline processing. When the worker was scheduled to create a thread, the\nCPU may has already been removed from the cpu_online_mask during the offline\nprocess, resulting in the inability to select the right CPU:\n\nT1 | T2\n[CPUHP_ONLINE] | cpu_device_down()\nosnoise_hotplug_workfn() |\n | cpus_write_lock()\n | takedown_cpu(1)\n | cpus_write_unlock()\n[CPUHP_OFFLINE] |\n cpus_read_lock() |\n start_kthread(1) |\n cpus_read_unlock() |\n\nTo fix this, skip online processing if the CPU is already offline." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/timerlat: corrige una ejecuci\u00f3n durante el procesamiento de cpuhp. Se encontr\u00f3 otra excepci\u00f3n: el hilo \"timerlat/1\" se program\u00f3 en CPU0 y finalmente provoc\u00f3 la corrupci\u00f3n del temporizador: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 No contaminado 6.11.0-rc7+ #45 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 RIP: 0010:debug_print_object+0x7d/0xb0 ... Seguimiento de llamadas: ? __warn+0x7c/0x110 ? debug_print_object+0x7d/0xb0 ? report_bug+0xf1/0x1d0 ? prb_read_valid+0x17/0x20 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? debug_print_object+0x7d/0xb0 ? debug_print_object+0x7d/0xb0 ? ``` Despu\u00e9s de rastrear el evento de programaci\u00f3n, se descubri\u00f3 que la migraci\u00f3n del hilo \"timerlat/1\" se realiz\u00f3 durante la creaci\u00f3n del hilo. Un an\u00e1lisis posterior confirm\u00f3 que esto se debe a que el procesamiento en l\u00ednea de la CPU para osnoise se implementa a trav\u00e9s de trabajadores, que es asincr\u00f3nico con el procesamiento fuera de l\u00ednea. Cuando se program\u00f3 el trabajador para crear un hilo, es posible que la CPU ya se haya eliminado de cpu_online_mask durante el proceso fuera de l\u00ednea, lo que da como resultado la imposibilidad de seleccionar la CPU correcta: T1 | T2 [CPUHP_ONLINE] | cpu_device_down() osnoise_hotplug_workfn() | | cpus_write_lock() | takedown_cpu(1) | cpus_write_unlock() [CPUHP_OFFLINE] | cpus_read_lock() | start_kthread(1) | cpus_read_unlock() | Para solucionar esto, omita el procesamiento en l\u00ednea si la CPU ya est\u00e1 fuera de l\u00ednea." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49867.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49867.json index f9943435b26..b7d53ceb0eb 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49867.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49867.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49867", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.403", - "lastModified": "2024-10-21T18:15:06.403", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn't destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don't wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: esperar a los trabajadores de reparaci\u00f3n antes de detener el kthread del limpiador durante el desmontaje Durante el desmontaje, en close_ctree(), tenemos los siguientes pasos en este orden: 1) Aparcar el kthread del limpiador - esto no destruye el kthread, b\u00e1sicamente detiene su ejecuci\u00f3n (las reactivaciones contra \u00e9l funcionan pero no hacen nada); 2) Detenemos el kthread del limpiador - esto da como resultado la liberaci\u00f3n de la estructura respectiva task_struct; 3) Llamamos a btrfs_stop_all_workers() que espera a que se ejecuten trabajos en todas las colas de trabajo y luego libera las colas de trabajo. Syzbot inform\u00f3 de un caso en el que un trabajador de reparaci\u00f3n provoc\u00f3 un bloqueo al realizar una entrada retrasada en su inodo mientras intentaba despertar al limpiador en btrfs_add_delayed_iput(), porque la estructura task_struct del kthread del limpiador ya estaba liberada. Esto puede suceder durante el desmontaje porque no esperamos a que haya ning\u00fan trabajador de reparaci\u00f3n que a\u00fan est\u00e9 en ejecuci\u00f3n antes de llamar a kthread_stop() contra el kthread de limpieza, que se detiene y libera todos sus recursos. Solucione esto esperando a que haya alg\u00fan trabajador de reparaci\u00f3n en close_ctree() antes de llamar a kthread_stop() contra el kthread de limpieza y ejecutarlo en espera de entradas retrasadas. Los seguimientos de pila informados por syzbot fueron los siguientes: ERROR: KASAN: slab-use-after-free en __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880272a8a18 por la tarea kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 No contaminado 6.12.0-rc1-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: btrfs-fixup btrfs_work_helper Seguimiento de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 imprimir_direcci\u00f3n_descripci\u00f3n mm/kasan/report.c:377 [en l\u00ednea] imprimir_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave incluir/linux/spinlock_api_smp.h:110 [en l\u00ednea] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 constructor de guardado de irq de clase_sin procesar spinlock include/linux/spinlock.h:551 [en l\u00ednea] intento_de_activaci\u00f3n+0xb0/0x1480 kernel/sched/core.c:4154 btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842 btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314 proceso_un_trabajo kernel/workqueue.c:3229 [en l\u00ednea] proceso_trabajos_programados+0xa63/0x1850 kernel/workqueue.c:3310 subproceso_trabajador+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Asignado por la tarea 2: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [en l\u00ednea] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:247 [en l\u00ednea] slab_post_alloc_hook mm/slub.c:4086 [en l\u00ednea] slab_alloc_node mm/slub.c:4135 [en l\u00ednea] kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187 alloc_task_struct_node kernel/fork.c:180 [en l\u00ednea] dup_task_struct+0x57/0x8c0 kernel/fork.c:1107 copy_process+0x5d1/0x3d50 kernel/fork.c:2206 kernel_clone+0x223/0x880 kernel/fork.c:2787 kernel_thread+0x1bc/0x240 kernel/fork.c:2849 create_kthread kernel/kthread.c:412 [en l\u00ednea] kthreadd+0x60d/0x810 kernel/kthread.c:765 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Liberado por la tarea 61: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/k---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49868.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49868.json index a3d40bb1824..f941126fa48 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49868.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49868.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49868", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:06.623", - "lastModified": "2024-10-21T18:15:06.623", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a NULL pointer dereference when failed to start a new trasacntion\n\n[BUG]\nSyzbot reported a NULL pointer dereference with the following crash:\n\n FAULT_INJECTION: forcing a failure.\n start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676\n prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642\n relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678\n ...\n BTRFS info (device loop0): balance: ended with status: -12\n Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667]\n RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926\n Call Trace:\n \n commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496\n btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430\n del_balance_item fs/btrfs/volumes.c:3678 [inline]\n reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742\n btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574\n btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nThe allocation failure happens at the start_transaction() inside\nprepare_to_relocate(), and during the error handling we call\nunset_reloc_control(), which makes fs_info->balance_ctl to be NULL.\n\nThen we continue the error path cleanup in btrfs_balance() by calling\nreset_balance_state() which will call del_balance_item() to fully delete\nthe balance item in the root tree.\n\nHowever during the small window between set_reloc_contrl() and\nunset_reloc_control(), we can have a subvolume tree update and created a\nreloc_root for that subvolume.\n\nThen we go into the final btrfs_commit_transaction() of\ndel_balance_item(), and into btrfs_update_reloc_root() inside\ncommit_fs_roots().\n\nThat function checks if fs_info->reloc_ctl is in the merge_reloc_tree\nstage, but since fs_info->reloc_ctl is NULL, it results a NULL pointer\ndereference.\n\n[FIX]\nJust add extra check on fs_info->reloc_ctl inside\nbtrfs_update_reloc_root(), before checking\nfs_info->reloc_ctl->merge_reloc_tree.\n\nThat DEAD_RELOC_TREE handling is to prevent further modification to the\nreloc tree during merge stage, but since there is no reloc_ctl at all,\nwe do not need to bother that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige una desreferencia de puntero NULL cuando no se puede iniciar una nueva transacci\u00f3n [ERROR] Syzbot inform\u00f3 una desreferencia de puntero NULL con el siguiente bloqueo: FAULT_INJECTION: forzando un fallo. start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676 prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642 relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678 ... Informaci\u00f3n de BTRFS (dispositivo loop0): balance: finalizado con estado: -12 Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x000000000000660-0x0000000000000667] RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926 Seguimiento de llamadas: commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496 btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430 del_balance_item fs/btrfs/volumes.c:3678 [en l\u00ednea] reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742 btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574 btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSA] El fallo de asignaci\u00f3n ocurre en start_transaction() dentro de prepare_to_relocate(), y durante el manejo de errores llamamos a unset_reloc_control(), lo que hace que fs_info->balance_ctl sea NULL. Luego continuamos con la limpieza de la ruta de error en btrfs_balance() llamando a reset_balance_state() que llamar\u00e1 a del_balance_item() para eliminar por completo el elemento de balance en el \u00e1rbol ra\u00edz. Sin embargo, durante la peque\u00f1a ventana entre set_reloc_contrl() y unset_reloc_control(), podemos tener una actualizaci\u00f3n del \u00e1rbol de subvolumen y crear un reloc_root para ese subvolumen. Luego pasamos a la btrfs_commit_transaction() final de del_balance_item() y a btrfs_update_reloc_root() dentro de commit_fs_roots(). Esa funci\u00f3n verifica si fs_info->reloc_ctl est\u00e1 en la etapa merge_reloc_tree, pero dado que fs_info->reloc_ctl es NULL, da como resultado una desreferencia de puntero NULL. [SOLUCI\u00d3N] Solo hay que a\u00f1adir una comprobaci\u00f3n adicional en fs_info->reloc_ctl dentro de btrfs_update_reloc_root(), antes de comprobar fs_info->reloc_ctl->merge_reloc_tree. El manejo de DEAD_RELOC_TREE sirve para evitar modificaciones adicionales del \u00e1rbol de reubicaci\u00f3n durante la etapa de fusi\u00f3n, pero como no hay ning\u00fan reloc_ctl, no tenemos que preocuparnos por eso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49869.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49869.json index f593bf8ce1a..c12630ecde9 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49869.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49869.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49869", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.340", - "lastModified": "2024-10-21T18:15:08.340", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: fix buffer overflow detection when copying path to cache entry\n\nStarting with commit c0247d289e73 (\"btrfs: send: annotate struct\nname_cache_entry with __counted_by()\") we annotated the variable length\narray \"name\" from the name_cache_entry structure with __counted_by() to\nimprove overflow detection. However that alone was not correct, because\nthe length of that array does not match the \"name_len\" field - it matches\nthat plus 1 to include the NUL string terminator, so that makes a\nfortified kernel think there's an overflow and report a splat like this:\n\n strcpy: detected buffer overflow: 20 byte write of buffer size 19\n WARNING: CPU: 3 PID: 3310 at __fortify_report+0x45/0x50\n CPU: 3 UID: 0 PID: 3310 Comm: btrfs Not tainted 6.11.0-prnet #1\n Hardware name: CompuLab Ltd. sbc-ihsw/Intense-PC2 (IPC2), BIOS IPC2_3.330.7 X64 03/15/2018\n RIP: 0010:__fortify_report+0x45/0x50\n Code: 48 8b 34 (...)\n RSP: 0018:ffff97ebc0d6f650 EFLAGS: 00010246\n RAX: 7749924ef60fa600 RBX: ffff8bf5446a521a RCX: 0000000000000027\n RDX: 00000000ffffdfff RSI: ffff97ebc0d6f548 RDI: ffff8bf84e7a1cc8\n RBP: ffff8bf548574080 R08: ffffffffa8c40e10 R09: 0000000000005ffd\n R10: 0000000000000004 R11: ffffffffa8c70e10 R12: ffff8bf551eef400\n R13: 0000000000000000 R14: 0000000000000013 R15: 00000000000003a8\n FS: 00007fae144de8c0(0000) GS:ffff8bf84e780000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fae14691690 CR3: 00000001027a2003 CR4: 00000000001706f0\n Call Trace:\n \n ? __warn+0x12a/0x1d0\n ? __fortify_report+0x45/0x50\n ? report_bug+0x154/0x1c0\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x1a/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? __fortify_report+0x45/0x50\n __fortify_panic+0x9/0x10\n __get_cur_name_and_parent+0x3bc/0x3c0\n get_cur_path+0x207/0x3b0\n send_extent_data+0x709/0x10d0\n ? find_parent_nodes+0x22df/0x25d0\n ? mas_nomem+0x13/0x90\n ? mtree_insert_range+0xa5/0x110\n ? btrfs_lru_cache_store+0x5f/0x1e0\n ? iterate_extent_inodes+0x52d/0x5a0\n process_extent+0xa96/0x11a0\n ? __pfx_lookup_backref_cache+0x10/0x10\n ? __pfx_store_backref_cache+0x10/0x10\n ? __pfx_iterate_backrefs+0x10/0x10\n ? __pfx_check_extent_item+0x10/0x10\n changed_cb+0x6fa/0x930\n ? tree_advance+0x362/0x390\n ? memcmp_extent_buffer+0xd7/0x160\n send_subvol+0xf0a/0x1520\n btrfs_ioctl_send+0x106b/0x11d0\n ? __pfx___clone_root_cmp_sort+0x10/0x10\n _btrfs_ioctl_send+0x1ac/0x240\n btrfs_ioctl+0x75b/0x850\n __se_sys_ioctl+0xca/0x150\n do_syscall_64+0x85/0x160\n ? __count_memcg_events+0x69/0x100\n ? handle_mm_fault+0x1327/0x15c0\n ? __se_sys_rt_sigprocmask+0xf1/0x180\n ? syscall_exit_to_user_mode+0x75/0xa0\n ? do_syscall_64+0x91/0x160\n ? do_user_addr_fault+0x21d/0x630\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7fae145eeb4f\n Code: 00 48 89 (...)\n RSP: 002b:00007ffdf1cb09b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fae145eeb4f\n RDX: 00007ffdf1cb0ad0 RSI: 0000000040489426 RDI: 0000000000000004\n RBP: 00000000000078fe R08: 00007fae144006c0 R09: 00007ffdf1cb0927\n R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffdf1cb1ce8\n R13: 0000000000000003 R14: 000055c499fab2e0 R15: 0000000000000004\n \n\nFix this by not storing the NUL string terminator since we don't actually\nneed it for name cache entries, this way \"name_len\" corresponds to the\nactual size of the \"name\" array. This requires marking the \"name\" array\nfield with __nonstring and using memcpy() instead of strcpy() as\nrecommended by the guidelines at:\n\n https://github.com/KSPP/linux/issues/90" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: send: corrige la detecci\u00f3n de desbordamiento de b\u00fafer al copiar la ruta a la entrada de cach\u00e9 A partir de el commit c0247d289e73 (\"btrfs: send: annotate struct name_cache_entry with __counted_by()\"), anotamos la matriz de longitud variable \"name\" de la estructura name_cache_entry con __counted_by() para mejorar la detecci\u00f3n de desbordamiento. Sin embargo, eso solo no era correcto, porque la longitud de esa matriz no coincide con el campo \"name_len\" - coincide con eso m\u00e1s 1 para incluir el terminador de cadena NUL, por lo que hace que un kernel fortificado piense que hay un desbordamiento e informe un splat como este: strcpy: desbordamiento de b\u00fafer detectado: escritura de 20 bytes de tama\u00f1o de b\u00fafer 19 ADVERTENCIA: CPU: 3 PID: 3310 en __fortify_report+0x45/0x50 CPU: 3 UID: 0 PID: 3310 Comm: btrfs No contaminado 6.11.0-prnet #1 Nombre del hardware: CompuLab Ltd. sbc-ihsw/Intense-PC2 (IPC2), BIOS IPC2_3.330.7 X64 15/03/2018 RIP: 0010:__fortify_report+0x45/0x50 C\u00f3digo: 48 8b 34 (...) RSP: 0018:ffff97ebc0d6f650 EFLAGS: 00010246 RAX: 7749924ef60fa600 RBX: ffff8bf5446a521a RCX: 0000000000000027 RDX: 00000000ffffdfff RSI: ffff97ebc0d6f548 RDI: ffff8bf84e7a1cc8 RBP: ffff8bf548574080 R08: ffffffffa8c40e10 R09: 0000000000005ffd R10: 0000000000000004 R11: ffffffffa8c70e10 R12: ffff8bf551eef400 R13: 0000000000000000 R14: 0000000000000013 R15: 000000000000003a8 FS: 00007fae144de8c0(0000) GS:ffff8bf84e780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fae14691690 CR3: 00000001027a2003 CR4: 00000000001706f0 Seguimiento de llamadas: ? __warn+0x12a/0x1d0 ? __fortify_report+0x45/0x50 ? report_bug+0x154/0x1c0 ? handle_bug+0x42/0x70 ? exc_invalid_op+0x1a/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? __fortify_report+0x45/0x50 __fortify_panic+0x9/0x10 __get_cur_name_and_parent_+0x3bc/0x3c0 get_cur_path+0x207/0x3b0 send_extent_data+0x709/0x10d0 ? find_parent_nodes+0x22df/0x25d0 ? mas_nomem+0x13/0x90 ? mtree_insert_range+0xa5/0x110 ? btrfs_lru_cache_store+0x5f/0x1e0 ? iterate_extent_inodes+0x52d/0x5a0 process_extent+0xa96/0x11a0 ? __pfx_lookup_backref_cache+0x10/0x10 ? __pfx_store_backref_cache+0x10/0x10 ? __pfx_iterate_backrefs+0x10/0x10 ? __pfx_check_extent_item+0x10/0x10 changed_cb+0x6fa/0x930 ? tree_advance+0x362/0x390 ? __pfx___clone_root_cmp_sort+0x10/0x10 _btrfs_ioctl_send+0x1ac/0x240 btrfs_ioctl+0x75b/0x850 __se_sys_ioctl+0xca/0x150 do_syscall_64+0x85/0x160 ? __count_memcg_events+0x69/0x100 ? handle_mm_fault+0x1327/0x15c0 ? __se_sys_rt_sigprocmask+0xf1/0x180 ? syscall_exit_to_user_mode+0x75/0xa0 ? do_syscall_64+0x91/0x160 ? do_user_addr_fault+0x21d/0x630 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fae145eeb4f C\u00f3digo: 00 48 89 (...) RSP: 002b:00007ffdf1cb09b0 EFLAGS: 00000246 ORIG_RAX: 000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fae145eeb4f RDX: 00007ffdf1cb0ad0 RSI: 0000000040489426 RDI: 0000000000000004 RBP: 00000000000078fe R08: 00007fae144006c0 R09: 00007ffdf1cb0927 R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffdf1cb1ce8 R13: 000000000000003 R14: 000055c499fab2e0 R15: 000000000000004 Solucione esto al no almacenar el terminador de cadena NUL ya que en realidad no lo necesitamos para las entradas de cach\u00e9 de nombres, de esta manera \"name_len\" corresponde al tama\u00f1o real de la matriz \"name\". Esto requiere marcar el campo de matriz \"nombre\" con __nonstring y usar memcpy() en lugar de strcpy() como lo recomiendan las pautas en: https://github.com/KSPP/linux/issues/90" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49870.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49870.json index ef4d3e7676c..c7930ba8871 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49870.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49870.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49870", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.413", - "lastModified": "2024-10-21T18:15:08.413", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode->i_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode->i_flags & S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn't put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: se corrige la p\u00e9rdida de dentry en cachefiles_open_file(). Una p\u00e9rdida de dentry puede producirse cuando una cookie de b\u00fasqueda y un cull son concurrentes: P1 | P2 ----------------------------------------------------------- cachefiles_lookup_cookie cachefiles_look_up_object lookup_one_positive_unlocked // obtener dentry cachefiles_cull inode->i_flags |= S_KERNEL_FILE; cachefiles_open_file cachefiles_mark_inode_in_use __cachefiles_mark_inode_in_use can_use = false if (!(inode->i_flags & S_KERNEL_FILE)) can_use = true return false return false // Devuelve un error pero no coloca dentry Despu\u00e9s de eso, se activar\u00e1 la siguiente ADVERTENCIA cuando se desmonte la carpeta del backend: ===================================================================== ERROR: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} todav\u00eda en uso (1) [desmontaje de ext4 sda] ADVERTENCIA: CPU: 4 PID: 359261 en fs/dcache.c:1767 umount_check+0x5d/0x70 CPU: 4 PID: 359261 Comm: umount No contaminado 6.6.0-dirty #25 RIP: 0010:umount_check+0x5d/0x70 Rastreo de llamadas: d_walk+0xda/0x2b0 do_one_tree+0x20/0x40 shrink_dcache_for_umount+0x2c/0x90 generic_shutdown_super+0x20/0x160 kill_block_super+0x1a/0x40 ext4_kill_sb+0x22/0x40 deactivate_locked_super+0x35/0x80 cleanup_mnt+0x104/0x160 ==================================================================== Independientemente de si cachefiles_open_file() devuelve verdadero o falso, el recuento de referencias obtenido por lookup_positive_unlocked() en cachefiles_look_up_object() debe liberarse. Por lo tanto, libere ese recuento de referencias en cachefiles_look_up_object() para solucionar el problema anterior y simplificar el c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49871.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49871.json index 190135cfa77..b7fc82dd514 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49871.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49871.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49871", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.500", - "lastModified": "2024-10-21T18:15:08.500", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: adp5589-keys - fix NULL pointer dereference\n\nWe register a devm action to call adp5589_clear_config() and then pass\nthe i2c client as argument so that we can call i2c_get_clientdata() in\norder to get our device object. However, i2c_set_clientdata() is only\nbeing set at the end of the probe function which means that we'll get a\nNULL pointer dereference in case the probe function fails early." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: adp5589-keys - correcci\u00f3n de la desreferencia de puntero NULL Registramos una acci\u00f3n devm para llamar a adp5589_clear_config() y luego pasamos el cliente i2c como argumento para que podamos llamar a i2c_get_clientdata() para obtener nuestro objeto de dispositivo. Sin embargo, i2c_set_clientdata() solo se establece al final de la funci\u00f3n de sondeo, lo que significa que obtendremos una desreferencia de puntero NULL en caso de que la funci\u00f3n de sondeo falle antes." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49872.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49872.json index b10a006f857..e362b21ed0c 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49872.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49872.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49872", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.587", - "lastModified": "2024-10-21T18:15:08.587", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix memfd_pin_folios alloc race panic\n\nIf memfd_pin_folios tries to create a hugetlb page, but someone else\nalready did, then folio gets the value -EEXIST here:\n\n folio = memfd_alloc_folio(memfd, start_idx);\n if (IS_ERR(folio)) {\n ret = PTR_ERR(folio);\n if (ret != -EEXIST)\n goto err;\n\nthen on the next trip through the \"while start_idx\" loop we panic here:\n\n if (folio) {\n folio_put(folio);\n\nTo fix, set the folio to NULL on error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/gup: corregir p\u00e1nico en ejecuci\u00f3n de asignaci\u00f3n de memfd_pin_folios Si memfd_pin_folios intenta crear una p\u00e1gina hugetlb, pero alguien m\u00e1s ya lo hizo, entonces folio obtiene el valor -EEXIST aqu\u00ed: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; luego en el siguiente viaje a trav\u00e9s del bucle \"while start_idx\" entramos en p\u00e1nico aqu\u00ed: if (folio) { folio_put(folio); Para corregirlo, configure folio en NULL en caso de error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49873.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49873.json index 76c09101d4a..54d5ba0ff79 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49873.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49873.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49873", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.763", - "lastModified": "2024-10-21T18:15:08.763", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: fix filemap_get_folios_contig THP panic\n\nPatch series \"memfd-pin huge page fixes\".\n\nFix multiple bugs that occur when using memfd_pin_folios with hugetlb\npages and THP. The hugetlb bugs only bite when the page is not yet\nfaulted in when memfd_pin_folios is called. The THP bug bites when the\nstarting offset passed to memfd_pin_folios is not huge page aligned. See\nthe commit messages for details.\n\n\nThis patch (of 5):\n\nmemfd_pin_folios on memory backed by THP panics if the requested start\noffset is not huge page aligned:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000036\nRIP: 0010:filemap_get_folios_contig+0xdf/0x290\nRSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000002\n\nThe fault occurs here, because xas_load returns a folio with value 2:\n\n filemap_get_folios_contig()\n for (folio = xas_load(&xas); folio && xas.xa_index <= end;\n folio = xas_next(&xas)) {\n ...\n if (!folio_try_get(folio)) <-- BOOM\n\n\"2\" is an xarray sibling entry. We get it because memfd_pin_folios does\nnot round the indices passed to filemap_get_folios_contig to huge page\nboundaries for THP, so we load from the middle of a huge page range see a\nsibling. (It does round for hugetlbfs, at the is_file_hugepages test).\n\nTo fix, if the folio is a sibling, then return the next index as the\nstarting point for the next call to filemap_get_folios_contig." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/filemap: correcci\u00f3n de la serie de parches de p\u00e1nico de THP filemap_get_folios_contig \"memfd-pin huge page fixes\". Corrige varios errores que ocurren al usar memfd_pin_folios con p\u00e1ginas hugetlb y THP. Los errores de hugetlb solo afectan cuando la p\u00e1gina a\u00fan no tiene errores cuando se llama a memfd_pin_folios. El error de THP afecta cuando el desplazamiento inicial pasado a memfd_pin_folios no est\u00e1 alineado con la p\u00e1gina enorme. Consulte los mensajes de confirmaci\u00f3n para obtener m\u00e1s detalles. Este parche (de 5): memfd_pin_folios en la memoria respaldada por THP entra en p\u00e1nico si el desplazamiento de inicio solicitado no est\u00e1 alineado con una p\u00e1gina enorme: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000036 RIP: 0010:filemap_get_folios_contig+0xdf/0x290 RSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202 RAX: 000000000000002 RBX: 0000000000000002 RCX: 0000000000000002 El error ocurre aqu\u00ed porque xas_load devuelve un folio con el valor 2: filemap_get_folios_contig() para (folio = xas_load(&xas); folio && xas.xa_index <= end; folio = xas_next(&xas)) { ... if (!folio_try_get(folio)) <-- BOOM \"2\" es una entrada hermana de xarray. Lo obtenemos porque memfd_pin_folios no redondea los \u00edndices pasados a filemap_get_folios_contig a los l\u00edmites de p\u00e1ginas enormes para THP, por lo que cargamos desde el medio de un rango de p\u00e1ginas enormes para ver un hermano. (S\u00ed redondea para hugetlbfs, en la prueba is_file_hugepages). Para solucionarlo, si el folio es un hermano, entonces devuelva el siguiente \u00edndice como punto de inicio para la siguiente llamada a filemap_get_folios_contig." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49874.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49874.json index c2751eb8106..525cee62e7e 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49874.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49874.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49874", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:08.983", - "lastModified": "2024-10-21T18:15:08.983", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition\n\nIn the svc_i3c_master_probe function, &master->hj_work is bound with\nsvc_i3c_master_hj_work, &master->ibi_work is bound with\nsvc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the\nhj_work, svc_i3c_master_irq_handler can start the ibi_work.\n\nIf we remove the module which will call svc_i3c_master_remove to\nmake cleanup, it will free master->base through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | svc_i3c_master_hj_work\nsvc_i3c_master_remove |\ni3c_master_unregister(&master->base)|\ndevice_unregister(&master->dev) |\ndevice_release |\n//free master->base |\n | i3c_master_do_daa(&master->base)\n | //use master->base\n\nFix it by ensuring that the work is canceled before proceeding with the\ncleanup in svc_i3c_master_remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: master: svc: Se corrige la vulnerabilidad de use after free en el controlador svc_i3c_master debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n svc_i3c_master_probe, &master->hj_work est\u00e1 vinculado con svc_i3c_master_hj_work, &master->ibi_work est\u00e1 vinculado con svc_i3c_master_ibi_work. Y svc_i3c_master_ibi_work puede iniciar hj_work, svc_i3c_master_irq_handler puede iniciar ibi_work. Si eliminamos el m\u00f3dulo que llamar\u00e1 a svc_i3c_master_remove para realizar la limpieza, liberar\u00e1 master->base a trav\u00e9s de i3c_master_unregister mientras que el trabajo mencionado anteriormente se utilizar\u00e1. La secuencia de operaciones que pueden provocar un error de UAF es la siguiente: CPU0 CPU1 | Solucione el problema asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en svc_i3c_master_remove." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49875.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49875.json index 8283279f152..89af20b4a03 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49875.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49875.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49875", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:09.183", - "lastModified": "2024-10-21T18:15:09.183", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: map the EBADMSG to nfserr_io to avoid warning\n\nExt4 will throw -EBADMSG through ext4_readdir when a checksum error\noccurs, resulting in the following WARNING.\n\nFix it by mapping EBADMSG to nfserr_io.\n\nnfsd_buffered_readdir\n iterate_dir // -EBADMSG -74\n ext4_readdir // .iterate_shared\n ext4_dx_readdir\n ext4_htree_fill_tree\n htree_dirblock_to_tree\n ext4_read_dirblock\n __ext4_read_dirblock\n ext4_dirblock_csum_verify\n warn_no_space_for_csum\n __warn_no_space_for_csum\n return ERR_PTR(-EFSBADCRC) // -EBADMSG -74\n nfserrno // WARNING\n\n[ 161.115610] ------------[ cut here ]------------\n[ 161.116465] nfsd: non-standard errno: -74\n[ 161.117315] WARNING: CPU: 1 PID: 780 at fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0\n[ 161.118596] Modules linked in:\n[ 161.119243] CPU: 1 PID: 780 Comm: nfsd Not tainted 5.10.0-00014-g79679361fd5d #138\n[ 161.120684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe\nmu.org 04/01/2014\n[ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0\n[ 161.124676] Code: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6\n 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33\n[ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286\n[ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 RDI: fffff520001c5f2a\n[ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827\n[ 161.132664] R10: ffffed103ee18304 R11: 0000000000000001 R12: 0000000000000021\n[ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8\n[ 161.135244] FS: 0000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000\n[ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0\n[ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 161.141519] PKRU: 55555554\n[ 161.142076] Call Trace:\n[ 161.142575] ? __warn+0x9b/0x140\n[ 161.143229] ? nfserrno+0x9d/0xd0\n[ 161.143872] ? report_bug+0x125/0x150\n[ 161.144595] ? handle_bug+0x41/0x90\n[ 161.145284] ? exc_invalid_op+0x14/0x70\n[ 161.146009] ? asm_exc_invalid_op+0x12/0x20\n[ 161.146816] ? nfserrno+0x9d/0xd0\n[ 161.147487] nfsd_buffered_readdir+0x28b/0x2b0\n[ 161.148333] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.149258] ? nfsd_buffered_filldir+0xf0/0xf0\n[ 161.150093] ? wait_for_concurrent_writes+0x170/0x170\n[ 161.151004] ? generic_file_llseek_size+0x48/0x160\n[ 161.151895] nfsd_readdir+0x132/0x190\n[ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380\n[ 161.153516] ? nfsd_unlink+0x380/0x380\n[ 161.154256] ? override_creds+0x45/0x60\n[ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0\n[ 161.155850] ? nfsd4_encode_readlink+0x210/0x210\n[ 161.156731] ? write_bytes_to_xdr_buf+0x97/0xe0\n[ 161.157598] ? __write_bytes_to_xdr_buf+0xd0/0xd0\n[ 161.158494] ? lock_downgrade+0x90/0x90\n[ 161.159232] ? nfs4svc_decode_voidarg+0x10/0x10\n[ 161.160092] nfsd4_encode_operation+0x15a/0x440\n[ 161.160959] nfsd4_proc_compound+0x718/0xe90\n[ 161.161818] nfsd_dispatch+0x18e/0x2c0\n[ 161.162586] svc_process_common+0x786/0xc50\n[ 161.163403] ? nfsd_svc+0x380/0x380\n[ 161.164137] ? svc_printk+0x160/0x160\n[ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380\n[ 161.165808] ? nfsd_svc+0x380/0x380\n[ 161.166523] ? rcu_is_watching+0x23/0x40\n[ 161.167309] svc_process+0x1a5/0x200\n[ 161.168019] nfsd+0x1f5/0x380\n[ 161.168663] ? nfsd_shutdown_threads+0x260/0x260\n[ 161.169554] kthread+0x1c4/0x210\n[ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80\n[ 161.171246] ret_from_fork+0x1f/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: asignar EBADMSG a nfserr_io para evitar advertencias Ext4 arrojar\u00e1 -EBADMSG a trav\u00e9s de ext4_readdir cuando se produzca un error de suma de comprobaci\u00f3n, lo que dar\u00e1 como resultado la siguiente ADVERTENCIA. Solucione el problema asignando EBADMSG a nfserr_io. nfsd_buffered_readdir iterar_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdir ext4_htree_fill_tree htree_dirblock_to_tree ext4_read_dirblock __ext4_read_dirblock ext4_dirblock_csum_verify advertir_sin_espacio_para_csum __ advertir_sin_espacio_para_csum return ERR_PTR(-EFSBADCRC) // -EBADMSG -74 nfserrno // ADVERTENCIA [ 161.115610] ------------[ cortar aqu\u00ed ]------------ [ 161.116465] nfsd: no est\u00e1ndar errno: -74 [ 161.117315] ADVERTENCIA: CPU: 1 PID: 780 en fs/nfsd/nfsproc.c:878 nfserrno+0x9d/0xd0 [ 161.118596] M\u00f3dulos vinculados en: [ 161.119243] CPU: 1 PID: 780 Comm: nfsd No contaminado 5.10.0-00014-g79679361fd5d #138 [ 161.120684] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qe mu.org 04/01/2014 [ 161.123601] RIP: 0010:nfserrno+0x9d/0xd0 [ 161.124676] C\u00f3digo: 0f 87 da 30 dd 00 83 e3 01 b8 00 00 00 05 75 d7 44 89 ee 48 c7 c7 c0 57 24 98 89 44 24 04 c6 05 ce 2b 61 03 01 e8 99 20 d8 00 <0f> 0b 8b 44 24 04 eb b5 4c 89 e6 48 c7 c7 a0 6d a4 99 e8 cc 15 33 [ 161.127797] RSP: 0018:ffffc90000e2f9c0 EFLAGS: 00010286 [ 161.128794] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [161.130089] RDX: 1ffff1103ee16f6d RSI: 0000000000000008 fffff52000 1c5f2a [ 161.131379] RBP: 0000000000000022 R08: 0000000000000001 R09: ffff8881f70c1827 [ 161.132664] R10: ffffed103ee18304 R11: 00000000000000001 R12: 0000000000000021 [ 161.133949] R13: 00000000ffffffb6 R14: ffff8881317c0000 R15: ffffc90000e2fbd8 [ 161.135244] FS: 000000000000000(0000) GS:ffff8881f7080000(0000) knlGS:0000000000000000 [ 161.136695] CS: 0010 DS: 0000 ES: 0000 CR0: 000000080050033 [ 161.137761] CR2: 00007fcaad70b348 CR3: 0000000144256006 CR4: 0000000000770ee0 [ 161.139041] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000000000 [ 161.140291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 161.141519] PKRU: 55555554 [ [161.142076] Rastreo de llamadas: [161.142575] ? __warn+0x9b/0x140 [161.143229] ? nfserrno+0x9d/0xd0 [161.143872] ? report_bug+0x125/0x150 [161.144595] ? handle_bug+0x41/0x90 [161.145284] ? exc_invalid_op+0x14/0x70 [161.146009] ? asm_exc_invalid_op+0x12/0x20 [161.146816] ? nfsd_buffered_filldir+0xf0/0xf0 [ 161.150093] ? esperar_escrituras_concurrentes+0x170/0x170 [ 161.151004] ? tama\u00f1o_de_archivo_gen\u00e9rico_llseek+0x48/0x160 [ 161.151895] nfsd_readdir+0x132/0x190 [ 161.152606] ? nfsd4_encode_dirent_fattr+0x380/0x380 [ 161.153516] ? nfsd_unlink+0x380/0x380 [ 161.154256] ? override_creds+0x45/0x60 [ 161.155006] nfsd4_encode_readdir+0x21a/0x3d0 [ 161.155850] ? nfsd4_encode_readlink+0x210/0x210 [ 161.156731] ? escritura_bytes_en_xdr_buf+0x97/0xe0 [ 161.157598] ? __escritura_bytes_en_xdr_buf+0xd0/0xd0 [ 161.158494] ? bloqueo_downgrade+0x90/0x90 [ 161.159232] ? nfsd_svc+0x380/0x380 [ 161.164137] ? svc_printk+0x160/0x160 [ 161.164846] ? svc_xprt_do_enqueue.part.0+0x365/0x380 [ 161.165808] ? nfsd_svc+0x380/0x380 [ 161.166523] ? rcu_is_watching+0x23/0x40 [ 161.167309] svc_process+0x1a5/0x200 [ 161.168019] nfsd+0x1f5/0x380 [ 161.168663] ? nfsd_shutdown_threads+0x260/0x260 [ 161.169554] kthread+0x1c4/0x210 [ 161.170224] ? kthread_insert_work_sanity_check+0x80/0x80 [ 161.171246] ret_from_fork+0x1f/0x30" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49876.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49876.json index 8f20057ff86..8d78fc90c8d 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49876.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49876.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49876", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:09.450", - "lastModified": "2024-10-21T18:15:09.450", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: fix UAF around queue destruction\n\nWe currently do stuff like queuing the final destruction step on a\nrandom system wq, which will outlive the driver instance. With bad\ntiming we can teardown the driver with one or more work workqueue still\nbeing alive leading to various UAF splats. Add a fini step to ensure\nuser queues are properly torn down. At this point GuC should already be\nnuked so queue itself should no longer be referenced from hw pov.\n\nv2 (Matt B)\n - Looks much safer to use a waitqueue and then just wait for the\n xa_array to become empty before triggering the drain.\n\n(cherry picked from commit 861108666cc0e999cffeab6aff17b662e68774e3)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: corregir UAF en torno a la destrucci\u00f3n de cola Actualmente hacemos cosas como poner en cola el paso de destrucci\u00f3n final en un wq de sistema aleatorio, que sobrevivir\u00e1 a la instancia del controlador. Con un mal momento, podemos desmantelar el controlador con una o m\u00e1s colas de trabajo de trabajo a\u00fan activas, lo que genera varios splats de UAF. Agregue un paso fini para garantizar que las colas de usuario se desmantelen correctamente. En este punto, GuC ya deber\u00eda estar destruido, por lo que la cola en s\u00ed ya no deber\u00eda ser referenciada desde el punto de vista del hardware. v2 (Matt B): parece mucho m\u00e1s seguro usar una cola de espera y luego simplemente esperar a que xa_array se vac\u00ede antes de activar el drenaje. (seleccionado de el commit 861108666cc0e999cffeab6aff17b662e68774e3)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49877.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49877.json index ea289fe7eb4..ce060302124 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49877.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49877.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49877", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:09.657", - "lastModified": "2024-10-21T18:15:09.657", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: se corrige una posible desreferencia de puntero nulo en ocfs2_set_buffer_uptodate. Al realizar una limpieza, si hay indicadores sin OCFS2_BH_READAHEAD, puede provocar una desreferencia de puntero NULL en el siguiente ocfs2_set_buffer_uptodate() si bh es NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49878.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49878.json index 6f6d1b16b87..4180e4387fa 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49878.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49878.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49878", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:09.863", - "lastModified": "2024-10-21T18:15:09.863", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nresource: fix region_intersects() vs add_memory_driver_managed()\n\nOn a system with CXL memory, the resource tree (/proc/iomem) related to\nCXL memory may look like something as follows.\n\n490000000-50fffffff : CXL Window 0\n 490000000-50fffffff : region0\n 490000000-50fffffff : dax0.0\n 490000000-50fffffff : System RAM (kmem)\n\nBecause drivers/dax/kmem.c calls add_memory_driver_managed() during\nonlining CXL memory, which makes \"System RAM (kmem)\" a descendant of \"CXL\nWindow X\". This confuses region_intersects(), which expects all \"System\nRAM\" resources to be at the top level of iomem_resource. This can lead to\nbugs.\n\nFor example, when the following command line is executed to write some\nmemory in CXL memory range via /dev/mem,\n\n $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1\n dd: error writing '/dev/mem': Bad address\n 1+0 records in\n 0+0 records out\n 0 bytes copied, 0.0283507 s, 0.0 kB/s\n\nthe command fails as expected. However, the error code is wrong. It\nshould be \"Operation not permitted\" instead of \"Bad address\". More\nseriously, the /dev/mem permission checking in devmem_is_allowed() passes\nincorrectly. Although the accessing is prevented later because ioremap()\nisn't allowed to map system RAM, it is a potential security issue. During\ncommand executing, the following warning is reported in the kernel log for\ncalling ioremap() on system RAM.\n\n ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff\n WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d\n Call Trace:\n memremap+0xcb/0x184\n xlate_dev_mem_ptr+0x25/0x2f\n write_mem+0x94/0xfb\n vfs_write+0x128/0x26d\n ksys_write+0xac/0xfe\n do_syscall_64+0x9a/0xfd\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe details of command execution process are as follows. In the above\nresource tree, \"System RAM\" is a descendant of \"CXL Window 0\" instead of a\ntop level resource. So, region_intersects() will report no System RAM\nresources in the CXL memory region incorrectly, because it only checks the\ntop level resources. Consequently, devmem_is_allowed() will return 1\n(allow access via /dev/mem) for CXL memory region incorrectly. \nFortunately, ioremap() doesn't allow to map System RAM and reject the\naccess.\n\nSo, region_intersects() needs to be fixed to work correctly with the\nresource tree with \"System RAM\" not at top level as above. To fix it, if\nwe found a unmatched resource in the top level, we will continue to search\nmatched resources in its descendant resources. So, we will not miss any\nmatched resources in resource tree anymore.\n\nIn the new implementation, an example resource tree\n\n|------------- \"CXL Window 0\" ------------|\n|-- \"System RAM\" --|\n\nwill behave similar as the following fake resource tree for\nregion_intersects(, IORESOURCE_SYSTEM_RAM, ),\n\n|-- \"System RAM\" --||-- \"CXL Window 0a\" --|\n\nWhere \"CXL Window 0a\" is part of the original \"CXL Window 0\" that\nisn't covered by \"System RAM\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: recurso: corregir region_intersects() frente a add_memory_driver_managed() En un sistema con memoria CXL, el \u00e1rbol de recursos (/proc/iomem) relacionado con la memoria CXL puede parecerse a lo siguiente. 490000000-50fffffff: CXL Window 0 490000000-50fffffff: region0 490000000-50fffffff: dax0.0 490000000-50fffffff: RAM del sistema (kmem) Debido a que drivers/dax/kmem.c llama a add_memory_driver_managed() durante la conexi\u00f3n en l\u00ednea de la memoria CXL, lo que hace que \"System RAM (kmem)\" sea un descendiente de \"CXL Window X\". Esto confunde a region_intersects(), que espera que todos los recursos de \"RAM del sistema\" est\u00e9n en el nivel superior de iomem_resource. Esto puede provocar errores. Por ejemplo, cuando se ejecuta la siguiente l\u00ednea de comando para escribir algo de memoria en el rango de memoria CXL a trav\u00e9s de /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copies, 0.0283507 s, 0.0 kB/s el comando falla como se esperaba. Sin embargo, el c\u00f3digo de error es incorrecto. Deber\u00eda ser \"Operaci\u00f3n no permitida\" en lugar de \"Direcci\u00f3n incorrecta\". M\u00e1s grave a\u00fan, la comprobaci\u00f3n de permisos de /dev/mem en devmem_is_allowed() pasa incorrectamente. Aunque el acceso se impide m\u00e1s tarde porque ioremap() no tiene permiso para mapear la RAM del sistema, es un problema de seguridad potencial. Durante la ejecuci\u00f3n del comando, se informa la siguiente advertencia en el registro del n\u00facleo por llamar a ioremap() en la RAM del sistema. ioremap en RAM en 0x0000000490000000 - 0x0000000490000fff ADVERTENCIA: CPU: 2 PID: 416 en arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d Rastreo de llamadas: memremap+0xcb/0x184 xlate_dev_mem_ptr+0x25/0x2f write_mem+0x94/0xfb vfs_write+0x128/0x26d ksys_write+0xac/0xfe do_syscall_64+0x9a/0xfd entry_SYSCALL_64_after_hwframe+0x4b/0x53 Los detalles del proceso de ejecuci\u00f3n del comando son los siguientes. En el \u00e1rbol de recursos anterior, \"System RAM\" es un descendiente de \"CXL Window 0\" en lugar de un recurso de nivel superior. Por lo tanto, region_intersects() no informar\u00e1 de forma incorrecta ning\u00fan recurso de System RAM en la regi\u00f3n de memoria CXL, porque solo comprueba los recursos de nivel superior. En consecuencia, devmem_is_allowed() devolver\u00e1 1 (permitir\u00e1 el acceso a trav\u00e9s de /dev/mem) para la regi\u00f3n de memoria CXL de forma incorrecta. Afortunadamente, ioremap() no permite mapear System RAM y rechazar el acceso. Por lo tanto, es necesario corregir region_intersects() para que funcione correctamente con el \u00e1rbol de recursos con \"System RAM\" no en el nivel superior como se indica anteriormente. Para corregirlo, si encontramos un recurso no coincidente en el nivel superior, continuaremos buscando recursos coincidentes en sus recursos descendientes. Por lo tanto, ya no nos perderemos ning\u00fan recurso coincidente en el \u00e1rbol de recursos. En la nueva implementaci\u00f3n, un \u00e1rbol de recursos de ejemplo |------------- \"CXL Window 0\" ------------| |-- \"System RAM\" --| se comportar\u00e1 de manera similar al siguiente \u00e1rbol de recursos falso para region_intersects(, IORESOURCE_SYSTEM_RAM, ), |-- \"RAM del sistema\" --||-- \"Ventana CXL 0a\" --| Donde \"Ventana CXL 0a\" es parte de la \"Ventana CXL 0\" original que no est\u00e1 cubierta por la \"RAM del sistema\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49879.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49879.json index 46a17569954..a51e84d6b5f 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49879.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49879.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49879", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:10.147", - "lastModified": "2024-10-21T18:15:10.147", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: omapdrm: Add missing check for alloc_ordered_workqueue\n\nAs it may return NULL pointer and cause NULL pointer dereference. Add check\nfor the return value of alloc_ordered_workqueue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: omapdrm: Agregar comprobaci\u00f3n faltante para alloc_ordered_workqueue, ya que puede devolver un puntero NULL y provocar una desreferencia del puntero NULL. Agregar comprobaci\u00f3n para el valor de retorno de alloc_ordered_workqueue." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49880.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49880.json index 1714f222caa..3a8a5fe8cab 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49880.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49880.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49880", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:10.373", - "lastModified": "2024-10-21T18:15:10.373", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off by one issue in alloc_flex_gd()\n\nWesley reported an issue:\n\n==================================================================\nEXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks\n------------[ cut here ]------------\nkernel BUG at fs/ext4/resize.c:324!\nCPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27\nRIP: 0010:ext4_resize_fs+0x1212/0x12d0\nCall Trace:\n __ext4_ioctl+0x4e0/0x1800\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0x99/0xd0\n x64_sys_call+0x1206/0x20d0\n do_syscall_64+0x72/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nWhile reviewing the patch, Honza found that when adjusting resize_bg in\nalloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than\nflexbg_size.\n\nThe reproduction of the problem requires the following:\n\n o_group = flexbg_size * 2 * n;\n o_size = (o_group + 1) * group_size;\n n_group: [o_group + flexbg_size, o_group + flexbg_size * 2)\n o_size = (n_group + 1) * group_size;\n\nTake n=0,flexbg_size=16 as an example:\n\n last:15\n|o---------------|--------------n-|\no_group:0 resize to n_group:30\n\nThe corresponding reproducer is:\n\nimg=test.img\nrm -f $img\ntruncate -s 600M $img\nmkfs.ext4 -F $img -b 1024 -G 16 8M\ndev=`losetup -f --show $img`\nmkdir -p /tmp/test\nmount $dev /tmp/test\nresize2fs $dev 248M\n\nDelete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE()\nto prevent the issue from happening again.\n\n[ Note: another reproucer which this commit fixes is:\n\n img=test.img\n rm -f $img\n truncate -s 25MiB $img\n mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img\n truncate -s 3GiB $img\n dev=`losetup -f --show $img`\n mkdir -p /tmp/test\n mount $dev /tmp/test\n resize2fs $dev 3G\n umount $dev\n losetup -d $dev\n\n -- TYT ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de un problema en alloc_flex_gd() Wesley inform\u00f3 de un problema: ======================================================================= EXT4-fs (dm-5): cambio de tama\u00f1o del sistema de archivos de 7168 a 786432 bloques ------------[ corte aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs No contaminado 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Rastreo de llamadas: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e == ... Tome n=0,flexbg_size=16 como ejemplo: last:15 |o---------------|--------------n-| o_group:0 redimensionar a n_group:30 El reproductor correspondiente es: img=test.img rm -f $img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M Elimine el problema m\u00e1s 1 para solucionar el problema y agregue un WARN_ON_ONCE() para evitar que el problema vuelva a ocurrir. [ Nota: otro reprocesador que esta confirmaci\u00f3n corrige es: img=test.img rm -f $img truncate -s 25MiB $img mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img truncate -s 3GiB $img dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 3G umount $dev losetup -d $dev -- TYT ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49881.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49881.json index 7b69ef41a34..42635fda5f9 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49881.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49881.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49881", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:10.560", - "lastModified": "2024-10-21T18:15:10.560", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update orig_path in ext4_find_extent()\n\nIn ext4_find_extent(), if the path is not big enough, we free it and set\n*orig_path to NULL. But after reallocating and successfully initializing\nthe path, we don't update *orig_path, in which case the caller gets a\nvalid path but a NULL ppath, and this may cause a NULL pointer dereference\nor a path memory leak. For example:\n\next4_split_extent\n path = *ppath = 2000\n ext4_find_extent\n if (depth > path[0].p_maxdepth)\n kfree(path = 2000);\n *orig_path = path = NULL;\n path = kcalloc() = 3000\n ext4_split_extent_at(*ppath = NULL)\n path = *ppath;\n ex = path[depth].p_ext;\n // NULL pointer dereference!\n\n==================================================================\nBUG: kernel NULL pointer dereference, address: 0000000000000010\nCPU: 6 UID: 0 PID: 576 Comm: fsstress Not tainted 6.11.0-rc2-dirty #847\nRIP: 0010:ext4_split_extent_at+0x6d/0x560\nCall Trace:\n \n ext4_split_extent.isra.0+0xcb/0x1b0\n ext4_ext_convert_to_initialized+0x168/0x6c0\n ext4_ext_handle_unwritten_extents+0x325/0x4d0\n ext4_ext_map_blocks+0x520/0xdb0\n ext4_map_blocks+0x2b0/0x690\n ext4_iomap_begin+0x20e/0x2c0\n[...]\n==================================================================\n\nTherefore, *orig_path is updated when the extent lookup succeeds, so that\nthe caller can safely use path or *ppath." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: actualizaci\u00f3n de orig_path en ext4_find_extent() En ext4_find_extent(), si la ruta no es lo suficientemente grande, la liberamos y establecemos *orig_path en NULL. Pero despu\u00e9s de reasignar e inicializar correctamente la ruta, no actualizamos *orig_path, en cuyo caso el llamador obtiene una ruta v\u00e1lida pero un ppath NULL, y esto puede causar una desreferencia de puntero NULL o una p\u00e9rdida de memoria de ruta. Por ejemplo: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path = 2000); *orig_path = path = NULL; path = kcalloc() = 3000 ext4_split_extent_at(*ppath = NULL) path = *ppath; ex = path[depth].p_ext; // \u00a1Desreferencia de puntero NULL! ===================================================================== ERROR: Desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 000000000000010 CPU: 6 UID: 0 PID: 576 Comm: fsstress No contaminado 6.11.0-rc2-dirty #847 RIP: 0010:ext4_split_extent_at+0x6d/0x560 Rastreo de llamada: ext4_split_extent.isra.0+0xcb/0x1b0 ext4_ext_convert_to_initialized+0x168/0x6c0 ext4_ext_handle_unwritten_extents+0x325/0x4d0 ext4_ext_map_blocks+0x520/0xdb0 ext4_map_blocks+0x2b0/0x690 ext4_iomap_begin+0x20e/0x2c0 [...] ====================================================================== Por lo tanto, *orig_path se actualiza cuando la b\u00fasqueda de extensi\u00f3n tiene \u00e9xito, de modo que el llamador puede usar path o *ppath de forma segura." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49882.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49882.json index 8167a7903d1..6960c18ab37 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49882.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49882.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49882", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:10.790", - "lastModified": "2024-10-21T18:15:10.790", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double brelse() the buffer of the extents path\n\nIn ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been\nreleased, otherwise it may be released twice. An example of what triggers\nthis is as follows:\n\n split2 map split1\n|--------|-------|--------|\n\next4_ext_map_blocks\n ext4_ext_handle_unwritten_extents\n ext4_split_convert_extents\n // path->p_depth == 0\n ext4_split_extent\n // 1. do split1\n ext4_split_extent_at\n |ext4_ext_insert_extent\n | ext4_ext_create_new_leaf\n | ext4_ext_grow_indepth\n | le16_add_cpu(&neh->eh_depth, 1)\n | ext4_find_extent\n | // return -ENOMEM\n |// get error and try zeroout\n |path = ext4_find_extent\n | path->p_depth = 1\n |ext4_ext_try_to_merge\n | ext4_ext_try_to_merge_up\n | path->p_depth = 0\n | brelse(path[1].p_bh) ---> not set to NULL here\n |// zeroout success\n // 2. update path\n ext4_find_extent\n // 3. do split2\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n le16_add_cpu(&neh->eh_depth, 1)\n ext4_find_extent\n path[0].p_bh = NULL;\n path->p_depth = 1\n read_extent_tree_block ---> return err\n // path[1].p_bh is still the old value\n ext4_free_ext_path\n ext4_ext_drop_refs\n // path->p_depth == 1\n brelse(path[1].p_bh) ---> brelse a buffer twice\n\nFinally got the following WARRNING when removing the buffer from lru:\n\n============================================\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90\nCPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716\nRIP: 0010:__brelse+0x58/0x90\nCall Trace:\n \n __find_get_block+0x6e7/0x810\n bdev_getblk+0x2b/0x480\n __ext4_get_inode_loc+0x48a/0x1240\n ext4_get_inode_loc+0xb2/0x150\n ext4_reserve_inode_write+0xb7/0x230\n __ext4_mark_inode_dirty+0x144/0x6a0\n ext4_ext_insert_extent+0x9c8/0x3230\n ext4_ext_map_blocks+0xf45/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n============================================" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: corregir el doble brelse() del b\u00fafer de la ruta de las extensiones En ext4_ext_try_to_merge_up(), establezca path[1].p_bh en NULL despu\u00e9s de que se haya liberado, de lo contrario, puede liberarse dos veces. Un ejemplo de lo que desencadena esto es el siguiente: split2 map split1 |--------|-------|--------| ext4_ext_map_blocks ext4_ext_handle_unwritten_extents ext4_split_convert_extents // path->p_depth == 0 ext4_split_extent // 1. hacer split1 ext4_split_extent_at |ext4_ext_insert_extent | ext4_ext_create_new_leaf | ext4_ext_grow_indepth | le16_add_cpu(&neh->eh_depth, 1) | ext4_find_extent | // devuelve -ENOMEM |// obtiene el error e intenta poner a cero |path = ext4_find_extent | path->p_depth = 1 |ext4_ext_try_to_merge | ext4_ext_try_to_merge_up | path->p_depth = 0 | brelse(path[1].p_bh) ---> no establecido en NULL aqu\u00ed |// puesta a cero exitosa // 2. actualizar ruta ext4_find_extent // 3. hacer split2 ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth le16_add_cpu(&neh->eh_depth, 1) ext4_find_extent path[0].p_bh = NULL; path->p_depth = 1 read_extent_tree_block ---> return err // path[1].p_bh sigue siendo el valor anterior ext4_free_ext_path ext4_ext_drop_refs // path->p_depth == 1 brelse(path[1].p_bh) ---> brelse un buffer dos veces Finalmente obtuve la siguiente ADVERTENCIA al eliminar el buffer de lru: =============================================== VFS: brelse: Intentando liberar b\u00fafer libre ADVERTENCIA: CPU: 2 PID: 72 en fs/buffer.c:1241 __brelse+0x58/0x90 CPU: 2 PID: 72 Comm: kworker/u19:1 No contaminado 6.9.0-dirty #716 RIP: 0010:__brelse+0x58/0x90 Seguimiento de llamadas: __find_get_block+0x6e7/0x810 bdev_getblk+0x2b/0x480 __ext4_get_inode_loc+0x48a/0x1240 ext4_get_inode_loc+0xb2/0x150 ext4_reserve_inode_write+0xb7/0x230 __ext4_mark_inode_dirty+0x144/0x6a0 ext4_ext_insert_extent+0x9c8/0x3230 ext4_ext_map_blocks+0xf45/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ============================================" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49883.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49883.json index f2a873d825f..b3bf326f613 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49883.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49883.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49883", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.060", - "lastModified": "2024-10-21T18:15:11.060", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: aovid use-after-free in ext4_ext_insert_extent()\n\nAs Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is\nreallocated in ext4_ext_create_new_leaf(), we'll use the stale path and\ncause UAF. Below is a sample trace with dummy values:\n\next4_ext_insert_extent\n path = *ppath = 2000\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(ppath)\n path = *ppath = 2000\n if (depth > path[0].p_maxdepth)\n kfree(path = 2000);\n *ppath = path = NULL;\n path = kcalloc() = 3000\n *ppath = 3000;\n return path;\n /* here path is still 2000, UAF! */\n eh = path[depth].p_hdr\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330\nRead of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179\nCPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866\nCall Trace:\n \n ext4_ext_insert_extent+0x26d4/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n[...]\n\nAllocated by task 179:\n ext4_find_extent+0x81c/0x1f70\n ext4_ext_map_blocks+0x146/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n\nFreed by task 179:\n kfree+0xcb/0x240\n ext4_find_extent+0x7c0/0x1f70\n ext4_ext_insert_extent+0xa26/0x3330\n ext4_ext_map_blocks+0xe22/0x2d40\n ext4_map_blocks+0x71e/0x1700\n ext4_do_writepages+0x1290/0x2800\n ext4_writepages+0x26d/0x4e0\n do_writepages+0x175/0x700\n[...]\n==================================================================\n\nSo use *ppath to update the path to avoid the above problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar use-after-free en ext4_ext_insert_extent() Como mencion\u00f3 Ojaswin en Link, en ext4_ext_insert_extent(), si la ruta se reasigna en ext4_ext_create_new_leaf(), usaremos la ruta obsoleta y causaremos UAF. A continuaci\u00f3n, se muestra un seguimiento de muestra con valores ficticios: ext4_ext_insert_extent path = *ppath = 2000 ext4_ext_create_new_leaf(ppath) ext4_find_extent(ppath) path = *ppath = 2000 if (depth > path[0].p_maxdepth) kfree(path = 2000); *ppath = path = NULL; path = kcalloc() = 3000 *ppath = 3000; return path; /* aqu\u00ed la ruta sigue siendo 2000, UAF! */ eh = path[depth].p_hdr ===================================================================== ERROR: KASAN: slab-use-after-free en ext4_ext_insert_extent+0x26d4/0x3330 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8881027bf7d0 por la tarea kworker/u36:1/179 CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 No contaminado 6.11.0-rc2-dirty #866 Seguimiento de llamadas: ext4_ext_insert_extent+0x26d4/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 [...] Asignado por la tarea 179: ext4_find_extent+0x81c/0x1f70 ext4_ext_map_blocks+0x146/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...] Liberado por la tarea 179: kfree+0xcb/0x240 ext4_find_extent+0x7c0/0x1f70 ext4_ext_insert_extent+0xa26/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...]================================================================== As\u00ed que use *ppath para actualizar el path para evitar el problema de arriba" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49884.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49884.json index dcd715ba8d2..32b2434978b 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49884.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49884.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49884", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.130", - "lastModified": "2024-10-21T18:15:11.130", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path->p_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de slab-use-after-free en ext4_split_extent_at() Nos topamos con el siguiente use after free: ====================================================================== ERROR: KASAN: slab-use-after-free en ext4_split_extent_at+0xba8/0xcc0 Lectura de tama\u00f1o 2 en la direcci\u00f3n ffff88810548ed08 por la tarea kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 No contaminado 6.9.0-dirty #724 Seguimiento de llamadas: kasan_report+0x93/0xc0 ext4_split_extent_at+0xba8/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Asignado por la tarea 40: __kmalloc_noprof+0x1ac/0x480 ext4_find_extent+0xf3b/0x1e70 ext4_ext_map_blocks+0x188/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Liberado por la tarea 40: kfree+0xf1/0x2b0 ext4_find_extent+0xa71/0x1e70 ext4_ext_insert_extent+0xa22/0x3260 ext4_split_extent_at+0x3ef/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ==================================================================== El flujo de activaci\u00f3n del problema es el siguiente: ext4_split_extent_at path = *ppath ext4_ext_insert_extent(ppath) ext4_ext_create_new_leaf(ppath) ext4_find_extent(orig_path) path = *orig_path read_extent_tree_block // devuelve -ENOMEM o -EIO ext4_free_ext_path(path) kfree(path) *orig_path = NULL a. Si err es -ENOMEM: ext4_ext_dirty(path + path->p_depth) // \u00a1\u00a1\u00a1path use after free!!! b. Si err es -EIO y tenemos EXT_DEBUG definido: ext4_ext_show_leaf(path) eh = path[depth].p_hdr // \u00a1\u00a1\u00a1La ruta tambi\u00e9n es use after free!!! Por lo tanto, cuando intente poner a cero o corregir la longitud de la extensi\u00f3n, llame a ext4_find_extent() para actualizar la ruta. Adem\u00e1s, usamos *ppath directamente como una entrada de ext4_ext_show_leaf() para evitar un posible use after free cuando se define EXT_DEBUG y para evitar actualizaciones de ruta innecesarias." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49885.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49885.json index 44c70a88de6..e5a960116b4 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49885.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49885.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49885", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.230", - "lastModified": "2024-10-21T18:15:11.230", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: avoid zeroing kmalloc redzone\n\nSince commit 946fa0dbf2d8 (\"mm/slub: extend redzone check to extra\nallocated kmalloc space than requested\"), setting orig_size treats\nthe wasted space (object_size - orig_size) as a redzone. However with\ninit_on_free=1 we clear the full object->size, including the redzone.\n\nAdditionally we clear the object metadata, including the stored orig_size,\nmaking it zero, which makes check_object() treat the whole object as a\nredzone.\n\nThese issues lead to the following BUG report with \"slub_debug=FUZ\ninit_on_free=1\":\n\n[ 0.000000] =============================================================================\n[ 0.000000] BUG kmalloc-8 (Not tainted): kmalloc Redzone overwritten\n[ 0.000000] -----------------------------------------------------------------------------\n[ 0.000000]\n[ 0.000000] 0xffff000010032858-0xffff00001003285f @offset=2136. First byte 0x0 instead of 0xcc\n[ 0.000000] FIX kmalloc-8: Restoring kmalloc Redzone 0xffff000010032858-0xffff00001003285f=0xcc\n[ 0.000000] Slab 0xfffffdffc0400c80 objects=36 used=23 fp=0xffff000010032a18 flags=0x3fffe0000000200(workingset|node=0|zone=0|lastcpupid=0x1ffff)\n[ 0.000000] Object 0xffff000010032858 @offset=2136 fp=0xffff0000100328c8\n[ 0.000000]\n[ 0.000000] Redzone ffff000010032850: cc cc cc cc cc cc cc cc ........\n[ 0.000000] Object ffff000010032858: cc cc cc cc cc cc cc cc ........\n[ 0.000000] Redzone ffff000010032860: cc cc cc cc cc cc cc cc ........\n[ 0.000000] Padding ffff0000100328b4: 00 00 00 00 00 00 00 00 00 00 00 00 ............\n[ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc3-next-20240814-00004-g61844c55c3f4 #144\n[ 0.000000] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 0.000000] Call trace:\n[ 0.000000] dump_backtrace+0x90/0xe8\n[ 0.000000] show_stack+0x18/0x24\n[ 0.000000] dump_stack_lvl+0x74/0x8c\n[ 0.000000] dump_stack+0x18/0x24\n[ 0.000000] print_trailer+0x150/0x218\n[ 0.000000] check_object+0xe4/0x454\n[ 0.000000] free_to_partial_list+0x2f8/0x5ec\n\nTo address the issue, use orig_size to clear the used area. And restore\nthe value of orig_size after clear the remaining area.\n\nWhen CONFIG_SLUB_DEBUG not defined, (get_orig_size()' directly returns\ns->object_size. So when using memset to init the area, the size can simply\nbe orig_size, as orig_size returns object_size when CONFIG_SLUB_DEBUG not\nenabled. And orig_size can never be bigger than object_size." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm, slub: evitar poner a cero la zona roja de kmalloc Desde el commit 946fa0dbf2d8 (\"mm/slub: extender la comprobaci\u00f3n de la zona roja a espacio de kmalloc asignado adicional al solicitado\"), al establecer orig_size se trata el espacio desperdiciado (object_size - orig_size) como una zona roja. Sin embargo, con init_on_free=1 borramos todo el objeto->size, incluida la zona roja. Adem\u00e1s, borramos los metadatos del objeto, incluido el orig_size almacenado, haci\u00e9ndolo cero, lo que hace que check_object() trate todo el objeto como una zona roja. Estos problemas conducen al siguiente informe de ERROR con \"slub_debug=FUZ init_on_free=1\": [ 0.000000] ===================================================================================== [ 0.000000] ERROR kmalloc-8 (no contaminado): kmalloc Redzone sobrescrito [ 0.000000] ----------------------------------------------------------------------------- [ 0.000000] [ 0.000000] 0xffff000010032858-0xffff00001003285f @offset=2136. Primer byte 0x0 en lugar de 0xcc [ 0.000000] CORREGIR kmalloc-8: Restaurando kmalloc Redzone 0xffff000010032858-0xffff00001003285f=0xcc [ 0.000000] Losa 0xfffffdffc0400c80 objetos=36 usados=23 fp=0xffff000010032a18 indicadores=0x3fffe0000000200(workingset|node=0|zone=0|lastcpupid=0x1ffff) [ 0.000000] Objeto 0xffff000010032858 @offset=2136 fp=0xffff0000100328c8 [ 0.000000] [ 0.000000] Redzone ffff000010032850: cc cc cc cc cc cc cc cc ........ [ 0.000000] Objeto ffff000010032858: cc cc cc cc cc cc cc cc cc ........ [ 0.000000] Redzone ffff000010032860: cc cc cc cc cc cc cc cc cc ........ [ 0.000000] Relleno ffff0000100328b4: 00 00 00 00 00 00 00 00 00 00 00 00 ............ [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: intercambiador/0 No contaminado 6.11.0-rc3-next-20240814-00004-g61844c55c3f4 #144 [ 0.000000] Nombre del hardware: Placa NXP i.MX95 19X19 (DT) [ 0.000000] Rastreo de llamadas: [ 0.000000] dump_backtrace+0x90/0xe8 [ 0.000000] show_stack+0x18/0x24 [ 0.000000] dump_stack_lvl+0x74/0x8c [ 0.000000] dump_stack+0x18/0x24 [ 0.000000] print_trailer+0x150/0x218 [ 0.000000] check_object+0xe4/0x454 [ 0.000000] free_to_partial_list+0x2f8/0x5ec Para solucionar el problema, use orig_size para limpiar el \u00e1rea usada. Y restaure el valor de orig_size despu\u00e9s de limpiar el \u00e1rea restante. Cuando CONFIG_SLUB_DEBUG no est\u00e1 definido, (get_orig_size()' retorna directamente s->object_size. Entonces, cuando se usa memset para inicializar el \u00e1rea, el tama\u00f1o puede ser simplemente orig_size, ya que orig_size retorna object_size cuando CONFIG_SLUB_DEBUG no est\u00e1 habilitado. Y orig_size nunca puede ser mayor que object_size." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49886.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49886.json index 39ddd6db4cf..6c1c1d38c6d 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49886.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49886.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49886", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.293", - "lastModified": "2024-10-21T18:15:11.293", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug\n\nAttaching SST PCI device to VM causes \"BUG: KASAN: slab-out-of-bounds\".\nkasan report:\n[ 19.411889] ==================================================================\n[ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113\n[ 19.417368]\n[ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10\n[ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 19.422687] Call Trace:\n[ 19.424091] \n[ 19.425448] dump_stack_lvl+0x5d/0x80\n[ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.428694] print_report+0x19d/0x52e\n[ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.433539] kasan_report+0xf0/0x170\n[ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common]\n[ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10\n[ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common]\n[ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common]\n[ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360\n[ 19.444797] cpuhp_invoke_callback+0x221/0xec0\n[ 19.446337] cpuhp_thread_fun+0x21b/0x610\n[ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10\n[ 19.449354] smpboot_thread_fn+0x2e7/0x6e0\n[ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 19.452405] kthread+0x29c/0x350\n[ 19.453817] ? __pfx_kthread+0x10/0x10\n[ 19.455253] ret_from_fork+0x31/0x70\n[ 19.456685] ? __pfx_kthread+0x10/0x10\n[ 19.458114] ret_from_fork_asm+0x1a/0x30\n[ 19.459573] \n[ 19.460853]\n[ 19.462055] Allocated by task 1198:\n[ 19.463410] kasan_save_stack+0x30/0x50\n[ 19.464788] kasan_save_track+0x14/0x30\n[ 19.466139] __kasan_kmalloc+0xaa/0xb0\n[ 19.467465] __kmalloc+0x1cd/0x470\n[ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common]\n[ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr]\n[ 19.471670] do_one_initcall+0xa4/0x380\n[ 19.472903] do_init_module+0x238/0x760\n[ 19.474105] load_module+0x5239/0x6f00\n[ 19.475285] init_module_from_file+0xd1/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.476506] idempotent_init_module+0x23b/0x650\n[ 19.477725] __x64_sys_finit_module+0xbe/0x130\n[ 19.478920] do_syscall_64+0x82/0x160\n[ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 19.481292]\n[ 19.482205] The buggy address belongs to the object at ffff888829e65000\n which belongs to the cache kmalloc-512 of size 512\n[ 19.484818] The buggy address is located 0 bytes to the right of\n allocated 512-byte region [ffff888829e65000, ffff888829e65200)\n[ 19.487447]\n[ 19.488328] The buggy address belongs to the physical page:\n[ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60\n[ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n[ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[ 19.493914] page_type: 0xffffffff()\n[ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001\n[ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000\n[ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff\n[ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000\n[ 19.503784] page dumped because: k\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: plataforma/x86: ISST: Se corrige el error de informe KASAN slab-out-of-bounds. Conectar un dispositivo PCI SST a una m\u00e1quina virtual provoca \"BUG: KASAN: slab-out-of-bounds\". informe de kasan: [ 19.411889] ======================================================================= [ 19.413702] ERROR: KASAN: slab fuera de los l\u00edmites en _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.415634] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888829e65200 por la tarea cpuhp/16/113 [ 19.417368] [ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Contaminado: GE 6.9.0 #10 [ 19.420435] Nombre del hardware: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 28/07/2022 [ 19.422687] Seguimiento de llamadas: [ 19.424091] [ 19.425448] dump_stack_lvl+0x5d/0x80 [ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.428694] print_report+0x19d/0x52e [ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.433539] kasan_report+0xf0/0x170 [ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common] [ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common] [ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360 [ 19.444797] cpuhp_invoke_callback+0x221/0xec0 [ 19.446337] cpuhp_thread_fun+0x21b/0x610 [ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10 [ 19.449354] smpboot_thread_fn+0x2e7/0x6e0 [ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 19.452405] kthread+0x29c/0x350 [ 19.453817] ? __pfx_kthread+0x10/0x10 [ 19.455253] ret_from_fork+0x31/0x70 [ 19.456685] ? __pfx_kthread+0x10/0x10 [ 19.458114] ret_from_fork_asm+0x1a/0x30 [ 19.459573] [ 19.460853] [ 19.462055] Asignado por la tarea 1198: [ 19.463410] kasan_save_stack+0x30/0x50 [ 19.464788] kasan_save_track+0x14/0x30 [ 19.466139] __kasan_kmalloc+0xaa/0xb0 [ 19.467465] __kmalloc+0x1cd/0x470 [ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common] [ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr] [ 19.471670] do_one_initcall+0xa4/0x380 [ 19.472903] do_init_module+0x238/0x760 [ 19.474105] load_module+0x5239/0x6f00 [ 19.475285] init_module_from_file+0xd1/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.478920] do_syscall_64+0x82/0x160 [ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 19.481292] [ 19.482205] La direcci\u00f3n con errores pertenece al objeto en ffff888829e65000 que pertenece a la cach\u00e9 kmalloc-512 de tama\u00f1o 512 [ 19.484818] La direcci\u00f3n con errores se encuentra 0 bytes a la derecha de la regi\u00f3n asignada de 512 bytes [ffff888829e65000, ffff888829e65200) [ 19.487447] [ 19.488328] La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: [ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60 [ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.492466] anon flags: 0x57ffffc0000840(losa|cabeza|nodo=1|zona=2|lastcpupid=0x1fffff) [ 19.493914] tipo_de_p\u00e1gina: 0xffffffff() [ 19.494988] sin procesar: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001 [ 19.496451] sin procesar: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.497906] cabeza: 0057ffffc0000840 ffff88810004cc80 0000000000000000 000000000000001 [ 19.499379] cabeza: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.500844] cabeza: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff [ 19.502316] cabeza: 0000000800000000 0000000000000000 00000000ffffffff 000000000000000 [ 19.503784] p\u00e1gina volcada porque: k ---truncada---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49887.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49887.json index 0288b495127..3606a024fd3 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49887.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49887.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49887", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.360", - "lastModified": "2024-10-21T18:15:11.360", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't panic system for no free segment fault injection\n\nf2fs: fix to don't panic system for no free segment fault injection\n\nsyzbot reports a f2fs bug as below:\n\nF2FS-fs (loop0): inject no free segment in get_new_segment of __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3167\nF2FS-fs (loop0): Stopped filesystem due to reason: 7\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2748!\nCPU: 0 UID: 0 PID: 5109 Comm: syz-executor304 Not tainted 6.11.0-rc6-syzkaller-00363-g89f5e14d05b4 #0\nRIP: 0010:get_new_segment fs/f2fs/segment.c:2748 [inline]\nRIP: 0010:new_curseg+0x1f61/0x1f70 fs/f2fs/segment.c:2836\nCall Trace:\n __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3167\n f2fs_allocate_new_section fs/f2fs/segment.c:3181 [inline]\n f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3195\n f2fs_expand_inode_data+0x5d6/0xbb0 fs/f2fs/file.c:1799\n f2fs_fallocate+0x448/0x960 fs/f2fs/file.c:1903\n vfs_fallocate+0x553/0x6c0 fs/open.c:334\n do_vfs_ioctl+0x2592/0x2e50 fs/ioctl.c:886\n __do_sys_ioctl fs/ioctl.c:905 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:get_new_segment fs/f2fs/segment.c:2748 [inline]\nRIP: 0010:new_curseg+0x1f61/0x1f70 fs/f2fs/segment.c:2836\n\nThe root cause is when we inject no free segment fault into f2fs,\nwe should not panic system, fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para que el sistema no entre en p\u00e1nico por falta de inyecci\u00f3n de segmento libre f2fs: correcci\u00f3n para que el sistema no entre en p\u00e1nico por falta de inyecci\u00f3n de segmento libre syzbot informa un error de f2fs como el siguiente: F2FS-fs (loop0): no inyecta ning\u00fan segmento libre en get_new_segment de __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3167 F2FS-fs (loop0): sistema de archivos detenido debido a la raz\u00f3n: 7 ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/f2fs/segment.c:2748! CPU: 0 UID: 0 PID: 5109 Comm: syz-executor304 No contaminado 6.11.0-rc6-syzkaller-00363-g89f5e14d05b4 #0 RIP: 0010:get_new_segment fs/f2fs/segment.c:2748 [en l\u00ednea] RIP: 0010:new_curseg+0x1f61/0x1f70 fs/f2fs/segment.c:2836 Rastreo de llamadas: __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3167 f2fs_allocate_new_section fs/f2fs/segment.c:3181 [en l\u00ednea] f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3195 f2fs_expand_inode_data+0x5d6/0xbb0 fs/f2fs/file.c:1799 f2fs_fallocate+0x448/0x960 fs/f2fs/file.c:1903 vfs_fallocate+0x553/0x6c0 fs/open.c:334 do_vfs_ioctl+0x2592/0x2e50 fs/ioctl.c:886 __do_sys_ioctl fs/ioctl.c:905 [en l\u00ednea] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:get_new_segment fs/f2fs/segment.c:2748 [en l\u00ednea] RIP: 0010:new_curseg+0x1f61/0x1f70 fs/f2fs/segment.c:2836 La causa ra\u00edz es cuando no inyectamos un fallo de segmento libre en f2fs, no deber\u00edamos hacer que el sistema entre en p\u00e1nico, arr\u00e9glelo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49888.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49888.json index 0532fea56cc..1d0e7417edb 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49888.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49888.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49888", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.443", - "lastModified": "2024-10-21T18:15:11.443", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -> [0, 1]\n if tmp >(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -> [0, 1]\n if tmp >(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: soluciona un problema de desbordamiento de sdiv Zac Ecob inform\u00f3 de un problema en el que un programa bpf puede provocar un fallo del kernel debido al siguiente error: Oops: error de divisi\u00f3n: 0000 [#1] PREEMPT SMP KASAN PTI El fallo se debe a la siguiente divisi\u00f3n con signo: LLONG_MIN/-1 donde LLONG_MIN equivale a -9.223.372.036.854.775.808. Se supone que LLONG_MIN/-1 da un n\u00famero positivo 9.223.372.036.854.775.808, pero es imposible ya que para sistemas de 64 bits, el n\u00famero positivo m\u00e1ximo es 9.223.372.036.854.775.807. En x86_64, LLONG_MIN/-1 provocar\u00e1 una excepci\u00f3n del kernel. En arm64, el resultado para LLONG_MIN/-1 es LLONG_MIN. Una investigaci\u00f3n m\u00e1s profunda encontr\u00f3 que todos los siguientes casos de sdiv/smod pueden activar una excepci\u00f3n cuando el programa bpf se ejecuta en la plataforma x86_64: - LLONG_MIN/-1 para operaci\u00f3n de 64 bits - INT_MIN/-1 para operaci\u00f3n de 32 bits - LLONG_MIN%-1 para operaci\u00f3n de 64 bits - INT_MIN%-1 para operaci\u00f3n de 32 bits donde -1 puede ser inmediato o en un registro. En arm64, no hay excepciones: - LLONG_MIN/-1 = LLONG_MIN - INT_MIN/-1 = INT_MIN - LLONG_MIN%-1 = 0 - INT_MIN%-1 = 0 donde -1 puede ser inmediato o en un registro. Se necesita aplicar un parche a Insn para manejar los casos anteriores y los c\u00f3digos parcheados produjeron resultados alineados con el resultado de arm64 anterior. Los siguientes son pseudoc\u00f3digos para manejar excepciones sdiv/smod incluyendo tanto el divisor -1 como el divisor 0 y el divisor se almacena en un registro. sdiv: tmp = rX tmp += 1 /* [-1, 0] -> [0, 1] if tmp >(unsigned) 1 goto L2 if tmp == 0 goto L1 rY = 0 L1: rY = -rY; goto L3 L2: rY /= rX L3: smod: tmp = rX tmp += 1 /* [-1, 0] -> [0, 1] if tmp >(unsigned) 1 goto L1 if tmp == 1 (is64 ? goto L2 : goto L3) rY = 0; goto L2 L1: rY %= rX L2: goto L4 // solo cuando !is64 L3: wY = wY // solo cuando !is64 L4: [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49889.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49889.json index b6a4996b787..5a16a009279 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49889.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49889.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49889", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.513", - "lastModified": "2024-10-21T18:15:11.513", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid use-after-free in ext4_ext_show_leaf()\n\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\nusing a previously saved *ppath may have been freed and thus may trigger\nuse-after-free, as follows:\n\next4_split_extent\n path = *ppath;\n ext4_split_extent_at(ppath)\n path = ext4_find_extent(ppath)\n ext4_split_extent_at(ppath)\n // ext4_find_extent fails to free path\n // but zeroout succeeds\n ext4_ext_show_leaf(inode, path)\n eh = path[depth].p_hdr\n // path use-after-free !!!\n\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\next4_ext_show_leaf(). Fix a spelling error by the way.\n\nSame problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only\nused in ext4_ext_show_leaf(), remove 'path' and use *ppath directly.\n\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\nnot affect functionality." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar use after free en ext4_ext_show_leaf() En ext4_find_extent(), path puede liberarse por error o reasignarse, por lo que el uso de un *ppath previamente guardado puede haberse liberado y, por lo tanto, puede activar el use after free, de la siguiente manera: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent no puede liberar path // pero la puesta a cero tiene \u00e9xito ext4_ext_show_leaf(inode, path) eh = path[depth].p_hdr // use after free de path !!! De manera similar a ext4_split_extent_at(), usamos *ppath directamente como entrada para ext4_ext_show_leaf(). Por cierto, corrige un error ortogr\u00e1fico. El mismo problema en ext4_ext_handle_unwritten_extents(). Dado que 'path' solo se usa en ext4_ext_show_leaf(), elimine 'path' y use *ppath directamente. Este problema se activa solo cuando se define EXT_DEBUG y, por lo tanto, no afecta la funcionalidad." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49890.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49890.json index 839f018e4c0..0659bb85685 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49890.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49890.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49890", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.580", - "lastModified": "2024-10-21T18:15:11.580", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:58.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: ensure the fw_info is not null before using it\n\nThis resolves the dereference null return value warning\nreported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: aseg\u00farese de que fw_info no sea nulo antes de usarlo Esto resuelve la advertencia de valor de retorno nulo desreferenciado informada por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49891.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49891.json index 5f9f870f4c1..8830603de0d 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49891.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49891.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49891", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.657", - "lastModified": "2024-10-21T18:15:11.657", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Validar punteros hdwq antes de desreferenciar en rutas de reinicio/errata Cuando el HBA est\u00e1 experimentando un reinicio o est\u00e1 manejando un evento de erratas, pueden ocurrir fallos de desreferencia de ptr NULL en rutinas como lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk() o lpfc_abort_handler(). Agregue verificaciones de ptr NULL antes de desreferenciar punteros hdwq que pueden haberse liberado debido a operaciones que colisionan con un controlador de eventos de reinicio o erratas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49892.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49892.json index 1f828d23428..62e236df0c8 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49892.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49892.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49892", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.757", - "lastModified": "2024-10-21T18:15:11.757", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize get_bytes_per_element's default to 1\n\nVariables, used as denominators and maybe not assigned to other values,\nshould not be 0. bytes_per_element_y & bytes_per_element_c are\ninitialized by get_bytes_per_element() which should never return 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: inicializar el valor predeterminado de get_bytes_per_element en 1. Las variables, utilizadas como denominadores y que quiz\u00e1s no se asignen a otros valores, no deben ser 0. bytes_per_element_y y bytes_per_element_c se inicializan mediante get_bytes_per_element(), que nunca debe devolver 0. Esto corrige 10 problemas de DIVIDE_BY_ZERO informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49893.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49893.json index 21856ec9ff7..d54e8932934 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49893.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49893.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49893", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.850", - "lastModified": "2024-10-21T18:15:11.850", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream_status before it is used\n\n[WHAT & HOW]\ndc_state_get_stream_status can return null, and therefore null must be\nchecked before stream_status is used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar stream_status antes de usarlo [QU\u00c9 Y C\u00d3MO] dc_state_get_stream_status puede devolver null y, por lo tanto, debe comprobarse null antes de usar stream_status. Esto soluciona 1 problema de NULL_RETURNS informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49894.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49894.json index d506e795796..3e905e4d27c 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49894.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49894.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49894", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.913", - "lastModified": "2024-10-21T18:15:11.913", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\n\nFixes index out of bounds issue in\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\ncould occur when the index 'i' exceeds the number of transfer function\npoints (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrige el \u00edndice fuera de los l\u00edmites en la traducci\u00f3n del formato de hardware degamma Corrige el problema del \u00edndice fuera de los l\u00edmites en la funci\u00f3n `cm_helper_translate_curve_to_degamma_hw_format`. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede el n\u00famero de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La correcci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, la funci\u00f3n devuelve falso para indicar un error. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.blue' 1025 <= s32max" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49895.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49895.json index 34a8df7b46d..d71b29f46b0 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49895.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49895.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49895", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:11.990", - "lastModified": "2024-10-21T18:15:11.990", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index 'i'\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se corrige el \u00edndice fuera de los l\u00edmites en la traducci\u00f3n del formato de hardware degamma de DCN30. Esta confirmaci\u00f3n aborda un posible problema de \u00edndice fuera de los l\u00edmites en la funci\u00f3n `cm3_helper_translate_curve_to_degamma_hw_format` en el m\u00f3dulo de administraci\u00f3n de color DCN30. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede la cantidad de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La correcci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, la funci\u00f3n devuelve falso para indicar un error. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.blue' 1025 <= s32max" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49896.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49896.json index 24927d05330..b1044962598 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49896.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49896.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49896", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.067", - "lastModified": "2024-10-21T18:15:12.067", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream before comparing them\n\n[WHAT & HOW]\namdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is\nnecessary to check for null before dereferencing them.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar el flujo antes de compararlo [QU\u00c9 Y C\u00d3MO] amdgpu_dm puede pasar un flujo nulo a dc_is_stream_unchanged. Es necesario comprobar si hay valores nulos antes de desreferenciarlos. Esto soluciona 1 problema FORWARD_NULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49897.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49897.json index aafe881b127..d5694ac2f8d 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49897.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49897.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49897", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.133", - "lastModified": "2024-10-21T18:15:12.133", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check phantom_stream before it is used\n\ndcn32_enable_phantom_stream can return null, so returned value\nmust be checked before used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar phantom_stream antes de usarlo dcn32_enable_phantom_stream puede devolver un valor nulo, por lo que se debe comprobar el valor devuelto antes de usarlo. Esto soluciona 1 problema de NULL_RETURNS informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49898.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49898.json index 342f10c6eb5..7c1f05f3aae 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49898.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49898.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49898", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.190", - "lastModified": "2024-10-21T18:15:12.190", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT & HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar variables inicializadas en valores nulos [QU\u00c9 Y C\u00d3MO] drr_timing y subvp_pipe se inicializan en valores nulos y no siempre se les asignan nuevos valores. Es necesario comprobar si hay valores nulos antes de desreferenciar. Esto soluciona 2 problemas de FORWARD_NULL informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49899.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49899.json index 69626e07145..ee417a0f316 100644 --- a/CVE-2024/CVE-2024-498xx/CVE-2024-49899.json +++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49899.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49899", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.253", - "lastModified": "2024-10-21T18:15:12.253", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators' default to 1\n\n[WHAT & HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Inicializar el valor predeterminado de los denominadores en 1 [QU\u00c9 Y C\u00d3MO] Las variables utilizadas como denominadores y que quiz\u00e1s no est\u00e9n asignadas a otros valores, no deben ser 0. Cambie su valor predeterminado a 1 para que nunca sean 0. Esto corrige 10 problemas de DIVIDE_BY_ZERO informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49900.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49900.json index e9764495ef8..aaa6422ffae 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49900.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49900.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49900", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.320", - "lastModified": "2024-10-21T18:15:12.320", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of new_ea in ea_buffer\n\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\n\n...\n\nUninit was stored to memory at:\n ea_put fs/jfs/xattr.c:639 [inline]\n\n...\n\nLocal variable ea_buf created at:\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\n\n=====================================================\n\nThe reason is ea_buf->new_ea is not initialized properly.\n\nFix this by using memset to empty its content at the beginning\nin ea_get()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: Se corrige el acceso a uninit-value de new_ea en ea_buffer syzbot informa que lzo1x_1_do_compress est\u00e1 usando uninit-value: ========================================================= ERROR: KMSAN: uninit-value en lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit se almacen\u00f3 en la memoria en: ea_put fs/jfs/xattr.c:639 [en l\u00ednea] ... La variable local ea_buf se cre\u00f3 en: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ========================================================== El motivo es que ea_buf->new_ea no se inicializa correctamente. Solucione esto usando memset para vaciar su contenido al principio en ea_get()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49901.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49901.json index 57401b8d2e3..89d38d9c99b 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49901.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49901.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49901", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.480", - "lastModified": "2024-10-21T18:15:12.480", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL);\n\nis called on gpu->pdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there's more than just the aforementioned path that\ncauses this to happen (e.g. the case when there's speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu->pdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/adreno: Asignar msm_gpu->pdev antes para evitar nullptrs Hay algunos casos, como el descubierto por Commit 46d4efcccc68 (\"drm/msm/a6xx: Evitar una desreferencia nullptr cuando fallo la configuraci\u00f3n de speedbin\") donde msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); se llama en gpu->pdev == NULL, ya que el dispositivo GPU a\u00fan no se ha inicializado por completo. Resulta que hay m\u00e1s que solo la ruta mencionada anteriormente que hace que esto suceda (por ejemplo, el caso cuando hay datos de speedbin en el cat\u00e1logo, pero opp-supported-hw falta en DT). Asignar msm_gpu->pdev antes parece ser la soluci\u00f3n menos dolorosa para esto, as\u00ed que hazlo. Parche: https://patchwork.freedesktop.org/patch/602742/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49902.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49902.json index 0ec7a46dd40..73627bad107 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49902.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49902.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49902", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.700", - "lastModified": "2024-10-21T18:15:12.700", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: check if leafidx greater than num leaves per dmap tree\n\nsyzbot report a out of bounds in dbSplit, it because dmt_leafidx greater\nthan num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.\n\nShaggy:\nModified sanity check to apply to control pages as well as leaf pages." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: comprobar si leafidx es mayor que la cantidad de hojas por \u00e1rbol dmap syzbot informa que dbSplit est\u00e1 fuera de los l\u00edmites, esto se debe a que dmt_leafidx es mayor que la cantidad de hojas por \u00e1rbol dmap, se agrega una verificaci\u00f3n para dmt_leafidx en dbFindLeaf. Shaggy: Se modific\u00f3 la verificaci\u00f3n de cordura para que se aplique a las p\u00e1ginas de control y a las p\u00e1ginas de hoja." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49903.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49903.json index 03f7d93fcd2..66701f55c3a 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49903.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49903.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49903", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.873", - "lastModified": "2024-10-21T18:15:12.873", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uaf in dbFreeBits\n\n[syzbot reported]\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\n\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n\nFreed by task 5218:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kfree+0x149/0x360 mm/slub.c:4594\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\n reconfigure_super+0x445/0x880 fs/super.c:1083\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[Analysis]\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race\ncondition when accessing bmap, which leads to the occurrence of uaf.\n\nUse the lock s_umount to synchronize them, in order to avoid uaf caused\nby race condition." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: Correcci\u00f3n de uaf en dbFreeBits [informado por syzbot] ====================================================================== ERROR: KASAN: slab-use-after-free en __mutex_lock_common kernel/locking/mutex.c:587 [en l\u00ednea] ERROR: KASAN: slab-use-after-free en __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880229254b0 por la tarea syz-executor357/5216 CPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 No contaminado 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/06/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 __mutex_lock_common kernel/locking/mutex.c:587 [en l\u00ednea] __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752 dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390 dbFreeDmap fs/jfs/jfs_dmap.c:2089 [en l\u00ednea] dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409 dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650 jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100 jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:907 [en l\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 Liberado por la tarea 5218: kasan_save_stack mm/kasan/common.c:47 [en l\u00ednea] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [en l\u00ednea] slab_free_hook mm/slub.c:2252 [en l\u00ednea] slab_free mm/slub.c:4473 [en l\u00ednea] kfree+0x149/0x360 mm/slub.c:4594 dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278 jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247 jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454 reconfigure_super+0x445/0x880 fs/super.c:1083 vfs_cmd_reconfigure fs/fsopen.c:263 [en l\u00ednea] vfs_fsconfig_locked fs/fsopen.c:292 [en l\u00ednea] __do_sys_fsconfig fs/fsopen.c:473 [en l\u00ednea] __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [An\u00e1lisis] Hay dos rutas (dbUnmount y jfs_ioc_trim) que generan una condici\u00f3n de ejecuci\u00f3n al acceder a bmap, lo que lleva a la ocurrencia de uaf. Utilice el bloqueo s_umount para sincronizarlas, a fin de evitar uaf causado por una condici\u00f3n de ejecuci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49904.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49904.json index 402ea38dd72..fe547adad97 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49904.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49904.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49904", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:12.960", - "lastModified": "2024-10-21T18:15:12.960", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add list empty check to avoid null pointer issue\n\nAdd list empty check to avoid null pointer issues in some corner cases.\n- list_for_each_entry_safe()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: agregar comprobaci\u00f3n de lista vac\u00eda para evitar problemas de puntero nulo Agrega comprobaci\u00f3n de lista vac\u00eda para evitar problemas de puntero nulo en algunos casos especiales. - list_for_each_entry_safe()" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49905.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49905.json index a95e9495b52..fe2fadfa5d3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49905.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49905.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49905", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.033", - "lastModified": "2024-10-21T18:15:13.033", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for 'afb' to the line where 'afb' is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para 'afb' en amdgpu_dm_plane_handle_cursor_update (v2) Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para la variable 'afb' en la funci\u00f3n amdgpu_dm_plane_handle_cursor_update. Anteriormente, se supon\u00eda que 'afb' era nulo, pero se us\u00f3 m\u00e1s adelante en el c\u00f3digo sin una comprobaci\u00f3n NULL. Esto podr\u00eda conducir potencialmente a una desreferencia de puntero nulo. Cambios desde v1: - Se movi\u00f3 la comprobaci\u00f3n NULL para 'afb' a la l\u00ednea donde se usa 'afb'. (Alex) Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 Error amdgpu_dm_plane_handle_cursor_update(): anteriormente asumimos que 'afb' pod\u00eda ser nulo (ver l\u00ednea 1252)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49906.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49906.json index b9346b9d0ce..d8df1ba50df 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49906.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49906.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49906", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.120", - "lastModified": "2024-10-21T18:15:13.120", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why & how]\nChange the order of the pipe_ctx->plane_state check to ensure that\nplane_state is not null before accessing it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Verificar el puntero nulo antes de intentar acceder a \u00e9l [por qu\u00e9 y c\u00f3mo] Cambie el orden de la verificaci\u00f3n pipe_ctx->plane_state para asegurarse de que plane_state no sea nulo antes de acceder a \u00e9l." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49907.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49907.json index 93bb3fe6a78..d9931658919 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49907.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49907.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49907", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.210", - "lastModified": "2024-10-21T18:15:13.210", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using dc->clk_mgr\n\n[WHY & HOW]\ndc->clk_mgr is null checked previously in the same function, indicating\nit might be null.\n\nPassing \"dc\" to \"dc->hwss.apply_idle_power_optimizations\", which\ndereferences null \"dc->clk_mgr\". (The function pointer resolves to\n\"dcn35_apply_idle_power_optimizations\".)\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar punteros nulos antes de usar dc->clk_mgr [POR QU\u00c9 Y C\u00d3MO] dc->clk_mgr se ha comprobado como nulo previamente en la misma funci\u00f3n, lo que indica que podr\u00eda ser nulo. Pasar \"dc\" a \"dc->hwss.apply_idle_power_optimizations\", lo que desreferencia el puntero nulo \"dc->clk_mgr\". (El puntero de funci\u00f3n se resuelve en \"dcn35_apply_idle_power_optimizations\"). Esto soluciona 1 problema FORWARD_NULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49908.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49908.json index 5d89cec585b..01985af1cd8 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49908.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49908.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49908", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.290", - "lastModified": "2024-10-21T18:15:13.290", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_update_cursor function. Previously, 'afb' was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for 'afb' to the line where 'afb' is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed 'afb' could be null (see line 8388)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para 'afb' en amdgpu_dm_update_cursor (v2) Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para la variable 'afb' en la funci\u00f3n amdgpu_dm_update_cursor. Anteriormente, se supon\u00eda que 'afb' era nulo en la l\u00ednea 8388, pero se us\u00f3 m\u00e1s adelante en el c\u00f3digo sin una comprobaci\u00f3n NULL. Esto podr\u00eda conducir potencialmente a una desreferencia de puntero nulo. Cambios desde la v1: - Se movi\u00f3 la comprobaci\u00f3n NULL para 'afb' a la l\u00ednea donde se usa 'afb'. (Alex) Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 Error de amdgpu_dm_update_cursor(): anteriormente asumimos que 'afb' podr\u00eda ser nulo (consulte la l\u00ednea 8388)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49909.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49909.json index 15980f45b80..52c80e3484a 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49909.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49909.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49909", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.357", - "lastModified": "2024-10-21T18:15:13.357", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn32_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para el puntero de funci\u00f3n en dcn32_set_output_transfer_func Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para el puntero de funci\u00f3n set_output_gamma en la funci\u00f3n dcn32_set_output_transfer_func. Anteriormente, se estaba comprobando que set_output_gamma no fuera nulo, pero luego se estaba desreferenciando sin ninguna comprobaci\u00f3n NULL. Esto podr\u00eda provocar una desreferencia de puntero nulo si set_output_gamma es nulo. Para solucionar esto, ahora nos aseguramos de que set_output_gamma no sea nulo antes de desreferenciarlo. Para ello, agregamos una comprobaci\u00f3n NULL para set_output_gamma antes de la llamada a set_output_gamma." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49910.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49910.json index c2bf8094f13..913a6636522 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49910.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49910.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49910", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.433", - "lastModified": "2024-10-21T18:15:13.433", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn401_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para el puntero de funci\u00f3n en dcn401_set_output_transfer_func Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para el puntero de funci\u00f3n set_output_gamma en la funci\u00f3n dcn401_set_output_transfer_func. Anteriormente, se estaba comprobando que set_output_gamma no fuera nulo, pero luego se estaba desreferenciando sin ninguna comprobaci\u00f3n NULL. Esto podr\u00eda llevar a una desreferencia de puntero nulo si set_output_gamma es nulo. Para solucionar esto, ahora nos aseguramos de que set_output_gamma no sea nulo antes de desreferenciarlo. Hacemos esto agregando una comprobaci\u00f3n NULL para set_output_gamma antes de la llamada a set_output_gamma." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49911.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49911.json index e7eed2d00ff..d8551eeab27 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49911.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49911.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49911", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.507", - "lastModified": "2024-10-21T18:15:13.507", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn20_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null at line 1030, but then it\nwas being dereferenced without any null check at line 1048. This could\npotentially lead to a null pointer dereference error if set_output_gamma\nis null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma at line 1048." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para el puntero de funci\u00f3n en dcn20_set_output_transfer_func Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para el puntero de funci\u00f3n set_output_gamma en la funci\u00f3n dcn20_set_output_transfer_func. Anteriormente, se estaba comprobando que set_output_gamma no fuera nulo en la l\u00ednea 1030, pero luego se estaba desreferenciando sin ninguna comprobaci\u00f3n NULL en la l\u00ednea 1048. Esto podr\u00eda conducir potencialmente a un error de desreferencia de puntero nulo si set_output_gamma es nulo. Para solucionar esto, ahora nos aseguramos de que set_output_gamma no sea nulo antes de desreferenciarlo. Hacemos esto agregando una comprobaci\u00f3n NULL para set_output_gamma antes de la llamada a set_output_gamma en la l\u00ednea 1048." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49912.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49912.json index 5d98cb13f63..370182bf665 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49912.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49912.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49912", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.593", - "lastModified": "2024-10-21T18:15:13.593", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'\n\nThis commit adds a null check for 'stream_status' in the function\n'planes_changed_for_existing_stream'. Previously, the code assumed\n'stream_status' could be null, but did not handle the case where it was\nactually null. This could lead to a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed 'stream_status' could be null (see line 3774)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Controlar 'stream_status' nulo en 'planes_changed_for_existing_stream' Esta confirmaci\u00f3n agrega una comprobaci\u00f3n NULL para 'stream_status' en la funci\u00f3n 'planes_changed_for_existing_stream'. Anteriormente, el c\u00f3digo asum\u00eda que 'stream_status' pod\u00eda ser nulo, pero no manejaba el caso en el que realmente era nulo. Esto podr\u00eda llevar a una desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 error planes_changed_for_existing_stream(): anteriormente asumimos que 'stream_status' pod\u00eda ser nulo (ver l\u00ednea 3774)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49913.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49913.json index 3eaa265df6e..9ec0a6e4ea4 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49913.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49913.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49913", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.657", - "lastModified": "2024-10-21T18:15:13.657", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream\n\nThis commit addresses a null pointer dereference issue in the\n`commit_planes_for_stream` function at line 4140. The issue could occur\nwhen `top_pipe_to_program` is null.\n\nThe fix adds a check to ensure `top_pipe_to_program` is not null before\naccessing its stream_res. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para top_pipe_to_program en commit_planes_for_stream Esta confirmaci\u00f3n soluciona un problema de desreferencia de puntero nulo en la funci\u00f3n `commit_planes_for_stream` en la l\u00ednea 4140. El problema podr\u00eda ocurrir cuando `top_pipe_to_program` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `top_pipe_to_program` no sea nulo antes de acceder a su stream_res. Esto evita una desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 Error de commit_planes_for_stream(): anteriormente asumimos que 'top_pipe_to_program' podr\u00eda ser nulo (consulte la l\u00ednea 3906)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49914.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49914.json index 04fb6984f5a..ae0def84651 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49914.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49914.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49914", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.723", - "lastModified": "2024-10-21T18:15:13.723", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in the\n`dcn20_program_pipe` function. The issue could occur when\n`pipe_ctx->plane_state` is null.\n\nThe fix adds a check to ensure `pipe_ctx->plane_state` is not null\nbefore accessing. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed 'pipe_ctx->plane_state' could be null (see line 1877)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para pipe_ctx->plane_state en dcn20_program_pipe Esta confirmaci\u00f3n soluciona un problema de desreferencia de puntero nulo en la funci\u00f3n `dcn20_program_pipe`. El problema podr\u00eda ocurrir cuando `pipe_ctx->plane_state` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `pipe_ctx->plane_state` no sea nulo antes de acceder. Esto evita una desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 Error de dcn20_program_pipe(): anteriormente asumimos que 'pipe_ctx->plane_state' podr\u00eda ser nulo (consulte la l\u00ednea 1877)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49915.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49915.json index 833c1386288..3411d879351 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49915.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49915.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49915", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.787", - "lastModified": "2024-10-21T18:15:13.787", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_init_hw` function. The issue could occur when `dc->clk_mgr` is\nnull.\n\nThe fix adds a check to ensure `dc->clk_mgr` is not null before\naccessing its functions. This prevents a potential null pointer\ndereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 782)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para clk_mgr en dcn32_init_hw Esta confirmaci\u00f3n soluciona un posible problema de desreferencia de puntero nulo en la funci\u00f3n `dcn32_init_hw`. El problema podr\u00eda ocurrir cuando `dc->clk_mgr` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `dc->clk_mgr` no sea nulo antes de acceder a sus funciones. Esto evita una posible desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 Error de dcn32_init_hw(): anteriormente asumimos que 'dc->clk_mgr' podr\u00eda ser nulo (consulte la l\u00ednea 782)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49916.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49916.json index 27aab98dd0a..2c2aa4e4169 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49916.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49916.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49916", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.877", - "lastModified": "2024-10-21T18:15:13.877", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn401_init_hw` function. The issue could occur when `dc->clk_mgr` or\n`dc->clk_mgr->funcs` is null.\n\nThe fix adds a check to ensure `dc->clk_mgr` and `dc->clk_mgr->funcs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn401/dcn401_hwseq.c:416 dcn401_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 225)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para clk_mgr y clk_mgr->funcs en dcn401_init_hw Esta confirmaci\u00f3n soluciona un posible problema de desreferencia de puntero nulo en la funci\u00f3n `dcn401_init_hw`. El problema podr\u00eda ocurrir cuando `dc->clk_mgr` o `dc->clk_mgr->funcs` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `dc->clk_mgr` y `dc->clk_mgr->funcs` no sean nulos antes de acceder a sus funciones. Esto evita una posible desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn401/dcn401_hwseq.c:416 Error dcn401_init_hw(): previamente asumimos que 'dc->clk_mgr' podr\u00eda ser nulo (ver l\u00ednea 225)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49917.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49917.json index d2d381f1e35..91df996e959 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49917.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49917.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49917", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:13.937", - "lastModified": "2024-10-21T18:15:13.937", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc->clk_mgr` or\n`dc->clk_mgr->funcs` is null.\n\nThe fix adds a check to ensure `dc->clk_mgr` and `dc->clk_mgr->funcs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc->clk_mgr' could be null (see line 628)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para clk_mgr y clk_mgr->funcs en dcn30_init_hw Esta confirmaci\u00f3n soluciona un posible problema de desreferencia de puntero nulo en la funci\u00f3n `dcn30_init_hw`. El problema podr\u00eda ocurrir cuando `dc->clk_mgr` o `dc->clk_mgr->funcs` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `dc->clk_mgr` y `dc->clk_mgr->funcs` no sean nulos antes de acceder a sus funciones. Esto evita una posible desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 Error dcn30_init_hw(): previamente asumimos que 'dc->clk_mgr' podr\u00eda ser nulo (ver l\u00ednea 628)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49918.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49918.json index 653c605d9c6..904b5874a0d 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49918.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49918.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49918", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.030", - "lastModified": "2024-10-21T18:15:14.030", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para head_pipe en dcn32_acquire_idle_pipe_for_head_pipe_in_layer Esta confirmaci\u00f3n soluciona un posible problema de desreferencia de puntero nulo en la funci\u00f3n `dcn32_acquire_idle_pipe_for_head_pipe_in_layer`. El problema podr\u00eda ocurrir cuando `head_pipe` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `head_pipe` no sea nulo antes de afirmarlo. Si `head_pipe` es nulo, la funci\u00f3n devuelve NULL para evitar una posible desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 Error de dcn32_acquire_idle_pipe_for_head_pipe_in_layer(): anteriormente asumimos que 'head_pipe' podr\u00eda ser nulo (ver l\u00ednea 2681)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49919.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49919.json index a324417b476..2dc908c1cd5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49919.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49919.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49919", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.117", - "lastModified": "2024-10-21T18:15:14.117", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn201_acquire_free_pipe_for_layer` function. The issue could occur\nwhen `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Agregar comprobaci\u00f3n NULL para head_pipe en dcn201_acquire_free_pipe_for_layer Esta confirmaci\u00f3n soluciona un posible problema de desreferencia de puntero nulo en la funci\u00f3n `dcn201_acquire_free_pipe_for_layer`. El problema podr\u00eda ocurrir cuando `head_pipe` es nulo. La correcci\u00f3n agrega una comprobaci\u00f3n para garantizar que `head_pipe` no sea nulo antes de confirmarlo. Si `head_pipe` es nulo, la funci\u00f3n devuelve NULL para evitar una posible desreferencia de puntero nulo. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 Error de dcn201_acquire_free_pipe_for_layer(): anteriormente asumimos que 'head_pipe' podr\u00eda ser nulo (ver l\u00ednea 1010)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49920.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49920.json index 365513226ff..52dac652050 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49920.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49920.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49920", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.180", - "lastModified": "2024-10-21T18:15:14.180", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT & HOW]\nPoniters, such as stream_enc and dc->bw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc->bw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar punteros nulos antes de m\u00faltiples usos [QU\u00c9 Y C\u00d3MO] Los punteros, como stream_enc y dc->bw_vbios, se comprueban como nulos previamente en la misma funci\u00f3n, por lo que Coverity advierte \"implica que stream_enc y dc->bw_vbios podr\u00edan ser nulos\". Se utilizan varias veces en el c\u00f3digo posterior y es necesario comprobarlos. Esto soluciona 10 problemas de FORWARD_NULL informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49921.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49921.json index b2bf83e47bd..6624604e621 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49921.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49921.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49921", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.260", - "lastModified": "2024-10-21T18:15:14.260", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT & HOW]\nPoniters, such as dc->clk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc->clk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar punteros nulos antes de usarlos [QU\u00c9 Y C\u00d3MO] Los punteros, como dc->clk_mgr, se comprueban antes en la misma funci\u00f3n, por lo que Coverity advierte que \"implica que \"dc->clk_mgr\" podr\u00eda ser nulo\". Como resultado, estos punteros deben comprobarse cuando se utilicen nuevamente. Esto soluciona 10 problemas de FORWARD_NULL informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49922.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49922.json index 8a1a6e49d34..1ccc09d2852 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49922.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49922.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49922", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.327", - "lastModified": "2024-10-21T18:15:14.327", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT & HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: comprobar punteros nulos antes de usarlos [QU\u00c9 Y C\u00d3MO] Estos punteros se comprobaron previamente en la misma funci\u00f3n, lo que indica que podr\u00edan ser nulos, como inform\u00f3 Coverity. Como resultado, deben comprobarse cuando se vuelvan a utilizar. Esto soluciona el problema 3 FORWARD_NULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49923.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49923.json index da6c7065040..adf24667e13 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49923.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49923.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49923", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.390", - "lastModified": "2024-10-21T18:15:14.390", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT & HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let's pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Pasar un valor distinto de nulo a dcn20_validate_apply_pipe_split_flags [QU\u00c9 Y C\u00d3MO] \"dcn20_validate_apply_pipe_split_flags\" desreferencia la combinaci\u00f3n y, por lo tanto, no puede ser un puntero nulo. Pasemos un puntero v\u00e1lido para evitar la desreferencia nula. Esto soluciona 2 problemas de FORWARD_NULL informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49924.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49924.json index 3a88ff447fa..e7ba8a731c4 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49924.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49924.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49924", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.450", - "lastModified": "2024-10-21T18:15:14.450", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which &fbi->task is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the &pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi->fb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi->fb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi->lcd_power(on, &fbi->fb.var)\n | //use fbi->fb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: pxafb: Arregla posible use after free en pxafb_task() En la funci\u00f3n pxafb_probe, llama a la funci\u00f3n pxafb_init_fbinfo, despu\u00e9s de lo cual &fbi->task se asocia con pxafb_task. Adem\u00e1s, dentro de esta funci\u00f3n pxafb_init_fbinfo, la funci\u00f3n pxafb_blank dentro de la estructura &pxafb_ops es capaz de programar trabajo. Si eliminamos el m\u00f3dulo que llamar\u00e1 a pxafb_remove para hacer la limpieza, llamar\u00e1 a la funci\u00f3n unregister_framebuffer que puede llamar a do_unregister_framebuffer para liberar fbi->fb a trav\u00e9s de put_fb_info(fb_info), mientras que se utilizar\u00e1 el trabajo mencionado anteriormente. La secuencia de operaciones que pueden llevar a un error de UAF es la siguiente: CPU0 CPU1 | pxafb_task pxafb_remove | unregister_framebuffer(info) | do_unregister_framebuffer(fb_info) | put_fb_info(fb_info) | // free fbi->fb | set_ctrlr_state(fbi, state) | __pxafb_lcd_power(fbi, 0) | fbi->lcd_power(on, &fbi->fb.var) | //use fbi->fb Solucione el problema asegur\u00e1ndose de cancelar el trabajo antes de continuar con la limpieza en pxafb_remove. Tenga en cuenta que solo el usuario root puede eliminar el controlador en tiempo de ejecuci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49925.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49925.json index ad208e09af2..6704276cdd5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49925.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49925.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49925", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.540", - "lastModified": "2024-10-21T18:15:14.540", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: efifb: Register sysfs groups through driver core\n\nThe driver core can register and cleanup sysfs groups already.\nMake use of that functionality to simplify the error handling and\ncleanup.\n\nAlso avoid a UAF race during unregistering where the sysctl attributes\nwere usable after the info struct was freed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: efifb: Registrar grupos sysfs a trav\u00e9s del n\u00facleo del controlador El n\u00facleo del controlador ya puede registrar y limpiar grupos sysfs. Utilice esa funcionalidad para simplificar el manejo y la limpieza de errores. Tambi\u00e9n evite una ejecuci\u00f3n UAF durante la anulaci\u00f3n del registro donde los atributos sysctl se pod\u00edan usar despu\u00e9s de que se liberara la estructura de informaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49926.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49926.json index cd57f01178b..9fc353596c8 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49926.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49926.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49926", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.623", - "lastModified": "2024-10-21T18:15:14.623", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()\n\nFor kernels built with CONFIG_FORCE_NR_CPUS=y, the nr_cpu_ids is\ndefined as NR_CPUS instead of the number of possible cpus, this\nwill cause the following system panic:\n\nsmpboot: Allowing 4 CPUs, 0 hotplug CPUs\n...\nsetup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:512 nr_node_ids:1\n...\nBUG: unable to handle page fault for address: ffffffff9911c8c8\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 0 PID: 15 Comm: rcu_tasks_trace Tainted: G W\n6.6.21 #1 5dc7acf91a5e8e9ac9dcfc35bee0245691283ea6\nRIP: 0010:rcu_tasks_need_gpcb+0x25d/0x2c0\nRSP: 0018:ffffa371c00a3e60 EFLAGS: 00010082\nCR2: ffffffff9911c8c8 CR3: 000000040fa20005 CR4: 00000000001706f0\nCall Trace:\n\n? __die+0x23/0x80\n? page_fault_oops+0xa4/0x180\n? exc_page_fault+0x152/0x180\n? asm_exc_page_fault+0x26/0x40\n? rcu_tasks_need_gpcb+0x25d/0x2c0\n? __pfx_rcu_tasks_kthread+0x40/0x40\nrcu_tasks_one_gp+0x69/0x180\nrcu_tasks_kthread+0x94/0xc0\nkthread+0xe8/0x140\n? __pfx_kthread+0x40/0x40\nret_from_fork+0x34/0x80\n? __pfx_kthread+0x40/0x40\nret_from_fork_asm+0x1b/0x80\n\n\nConsidering that there may be holes in the CPU numbers, use the\nmaximum possible cpu number, instead of nr_cpu_ids, for configuring\nenqueue and dequeue limits.\n\n[ neeraj.upadhyay: Fix htmldocs build error reported by Stephen Rothwell ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Se corrige el acceso a la variable rtpcp percpu inexistente en rcu_tasks_need_gpcb() Para kernels creados con CONFIG_FORCE_NR_CPUS=y, nr_cpu_ids se define como NR_CPUS en lugar del n\u00famero de CPU posibles, esto provocar\u00e1 el siguiente p\u00e1nico del sistema: smpboot: Permitiendo 4 CPU, 0 CPU hotplug ... setup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:512 nr_node_ids:1 ... ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffff9911c8c8 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 15 Comm: rcu_tasks_trace Tainted: GW 6.6.21 #1 5dc7acf91a5e8e9ac9dcfc35bee0245691283ea6 RIP: 0010:rcu_tasks_need_gpcb+0x25d/0x2c0 RSP: 0018:ffffa371c00a3e60 EFLAGS: 00010082 CR2: ffffffff9911c8c8 CR3: 000000040fa20005 CR4: 00000000001706f0 Rastreo de llamadas: ? __die+0x23/0x80 ? page_fault_oops+0xa4/0x180 ? exc_page_fault+0x152/0x180 ? asm_exc_page_fault+0x26/0x40 ? rcu_tasks_need_gpcb+0x25d/0x2c0 ? __pfx_rcu_tasks_kthread+0x40/0x40 rcu_tasks_one_gp+0x69/0x180 rcu_tasks_kthread+0x94/0xc0 kthread+0xe8/0x140 ? __pfx_kthread+0x40/0x40 ret_from_fork+0x34/0x80 ? __pfx_kthread+0x40/0x40 ret_from_fork_asm+0x1b/0x80 Teniendo en cuenta que puede haber agujeros en los n\u00fameros de CPU, utilice el n\u00famero m\u00e1ximo posible de CPU, en lugar de nr_cpu_ids, para configurar los l\u00edmites de encolado y desencolado. [ neeraj.upadhyay: Corregir error de compilaci\u00f3n de htmldocs informado por Stephen Rothwell ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49927.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49927.json index 222404ef728..dc8509181e8 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49927.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49927.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49927", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.737", - "lastModified": "2024-10-21T18:15:14.737", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/ioapic: Handle allocation failures gracefully\n\nBreno observed panics when using failslab under certain conditions during\nruntime:\n\n can not alloc irq_pin_list (-1,0,20)\n Kernel panic - not syncing: IO-APIC: failed to add irq-pin. Can not proceed\n\n panic+0x4e9/0x590\n mp_irqdomain_alloc+0x9ab/0xa80\n irq_domain_alloc_irqs_locked+0x25d/0x8d0\n __irq_domain_alloc_irqs+0x80/0x110\n mp_map_pin_to_irq+0x645/0x890\n acpi_register_gsi_ioapic+0xe6/0x150\n hpet_open+0x313/0x480\n\nThat's a pointless panic which is a leftover of the historic IO/APIC code\nwhich panic'ed during early boot when the interrupt allocation failed.\n\nThe only place which might justify panic is the PIT/HPET timer_check() code\nwhich tries to figure out whether the timer interrupt is delivered through\nthe IO/APIC. But that code does not require to handle interrupt allocation\nfailures. If the interrupt cannot be allocated then timer delivery fails\nand it either panics due to that or falls back to legacy mode.\n\nCure this by removing the panic wrapper around __add_pin_to_irq_node() and\nmaking mp_irqdomain_alloc() aware of the failure condition and handle it as\nany other failure in this function gracefully." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/ioapic: Manejar errores de asignaci\u00f3n con elegancia Breno observ\u00f3 p\u00e1nicos al usar failslab bajo ciertas condiciones durante el tiempo de ejecuci\u00f3n: no se puede asignar irq_pin_list (-1,0,20) P\u00e1nico del kernel: no se sincroniza: IO-APIC: no se pudo agregar irq-pin. No se puede continuar panic+0x4e9/0x590 mp_irqdomain_alloc+0x9ab/0xa80 irq_domain_alloc_irqs_locked+0x25d/0x8d0 __irq_domain_alloc_irqs+0x80/0x110 mp_map_pin_to_irq+0x645/0x890 acpi_register_gsi_ioapic+0xe6/0x150 hpet_open+0x313/0x480 Ese es un p\u00e1nico sin sentido que es un remanente del c\u00f3digo IO/APIC hist\u00f3rico que entr\u00f3 en p\u00e1nico durante el arranque temprano cuando fall\u00f3 la asignaci\u00f3n de interrupci\u00f3n. El \u00fanico lugar que podr\u00eda justificar el p\u00e1nico es el c\u00f3digo timer_check() de PIT/HPET que intenta averiguar si la interrupci\u00f3n del temporizador se entrega a trav\u00e9s de IO/APIC. Pero ese c\u00f3digo no requiere manejar fallos de asignaci\u00f3n de interrupciones. Si no se puede asignar la interrupci\u00f3n, la entrega del temporizador fallo y entra en p\u00e1nico debido a eso o vuelve al modo heredado. Solucione esto eliminando el contenedor de p\u00e1nico alrededor de __add_pin_to_irq_node() y haciendo que mp_irqdomain_alloc() sea consciente de la condici\u00f3n de fallo y la maneje como cualquier otra fallo en esta funci\u00f3n de manera elegante." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49928.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49928.json index 12bdb925a0b..41487203c26 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49928.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49928.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49928", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.813", - "lastModified": "2024-10-21T18:15:14.813", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid reading out of bounds when loading TX power FW elements\n\nBecause the loop-expression will do one more time before getting false from\ncond-expression, the original code copied one more entry size beyond valid\nregion.\n\nFix it by moving the entry copy to loop-body." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: evitar la lectura fuera de los l\u00edmites al cargar elementos FW de potencia TX Debido a que loop-expression lo har\u00e1 una vez m\u00e1s antes de obtener false de cond-expression, el c\u00f3digo original copi\u00f3 un tama\u00f1o de entrada m\u00e1s all\u00e1 de la regi\u00f3n v\u00e1lida. Solucione el problema moviendo la copia de la entrada a loop-body." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49929.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49929.json index 59c27117994..c3e53cc5707 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49929.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49929.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49929", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.907", - "lastModified": "2024-10-21T18:15:14.907", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn't either." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: evitar la desreferencia del puntero NULL iwl_mvm_tx_skb_sta() e iwl_mvm_tx_mpdu() verifican que el puntero mvmvsta no sea NULL. Recupera este puntero utilizando iwl_mvm_sta_from_mac80211, que est\u00e1 desreferenciando el puntero ieee80211_sta. Si sta es NULL, iwl_mvm_sta_from_mac80211 desreferenciar\u00e1 un puntero NULL. Solucione esto comprobando el puntero sta antes de recuperar el mvmsta de \u00e9l. Si sta no es NULL, entonces mvmsta tampoco lo es." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49930.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49930.json index 83edd67f3c3..038ccc73c4d 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49930.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49930.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49930", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:14.990", - "lastModified": "2024-10-21T18:15:14.990", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx()\nfunction access ath11k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To fix\nthis issue, modify ath11k_dp_process_rx() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath11k: arreglo de acceso fuera de los l\u00edmites a la matriz en las estad\u00edsticas de SoC Actualmente, la matriz ath11k_soc_dp_stats::hal_reo_error est\u00e1 definida con un tama\u00f1o m\u00e1ximo de DP_REO_DST_RING_MAX. Sin embargo, la funci\u00f3n ath11k_dp_process_rx() accede a ath11k_soc_dp_stats::hal_reo_error utilizando el ID de anillo SRNG de destino REO, lo cual es incorrecto. El ID de anillo SRNG difiere del ID de anillo normal, y este uso conduce a un acceso a la matriz fuera de los l\u00edmites. Para solucionar este problema, modifique ath11k_dp_process_rx() para utilizar el ID de anillo normal directamente en lugar del ID de anillo SRNG para evitar el acceso a la matriz fuera de los l\u00edmites. Probado en: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49931.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49931.json index 2777c1c0f44..b0e3c7657b6 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49931.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49931.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49931", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.080", - "lastModified": "2024-10-21T18:15:15.080", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: arreglo de acceso fuera de los l\u00edmites a la matriz en las estad\u00edsticas de SoC Actualmente, la matriz ath12k_soc_dp_stats::hal_reo_error est\u00e1 definida con un tama\u00f1o m\u00e1ximo de DP_REO_DST_RING_MAX. Sin embargo, la funci\u00f3n ath12k_dp_rx_process() accede a ath12k_soc_dp_stats::hal_reo_error utilizando el ID de anillo SRNG de destino REO, lo cual es incorrecto. El ID de anillo SRNG difiere del ID de anillo normal, y este uso conduce a un acceso a la matriz fuera de los l\u00edmites. Para solucionar este problema, modifique ath12k_dp_rx_process() para utilizar el ID de anillo normal directamente en lugar del ID de anillo SRNG para evitar el acceso a la matriz fuera de los l\u00edmites. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json index 2a17616aeea..f12ddd5e6c3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49932", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.140", - "lastModified": "2024-10-21T18:15:15.140", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't readahead the relocation inode on RST\n\nOn relocation we're doing readahead on the relocation inode, but if the\nfilesystem is backed by a RAID stripe tree we can get ENOENT (e.g. due to\npreallocated extents not being mapped in the RST) from the lookup.\n\nBut readahead doesn't handle the error and submits invalid reads to the\ndevice, causing an assertion in the scatter-gather list code:\n\n BTRFS info (device nvme1n1): balance: start -d -m -s\n BTRFS info (device nvme1n1): relocating block group 6480920576 flags data|raid0\n BTRFS error (device nvme1n1): cannot find raid-stripe for logical [6481928192, 6481969152] devid 2, profile raid0\n ------------[ cut here ]------------\n kernel BUG at include/linux/scatterlist.h:115!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 1012 Comm: btrfs Not tainted 6.10.0-rc7+ #567\n RIP: 0010:__blk_rq_map_sg+0x339/0x4a0\n RSP: 0018:ffffc90001a43820 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802\n RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000\n RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8\n R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000\n FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000002cd11000 CR3: 00000001109ea001 CR4: 0000000000370eb0\n Call Trace:\n \n ? __die_body.cold+0x14/0x25\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? __blk_rq_map_sg+0x339/0x4a0\n ? exc_invalid_op+0x50/0x70\n ? __blk_rq_map_sg+0x339/0x4a0\n ? asm_exc_invalid_op+0x1a/0x20\n ? __blk_rq_map_sg+0x339/0x4a0\n nvme_prep_rq.part.0+0x9d/0x770\n nvme_queue_rq+0x7d/0x1e0\n __blk_mq_issue_directly+0x2a/0x90\n ? blk_mq_get_budget_and_tag+0x61/0x90\n blk_mq_try_issue_list_directly+0x56/0xf0\n blk_mq_flush_plug_list.part.0+0x52b/0x5d0\n __blk_flush_plug+0xc6/0x110\n blk_finish_plug+0x28/0x40\n read_pages+0x160/0x1c0\n page_cache_ra_unbounded+0x109/0x180\n relocate_file_extent_cluster+0x611/0x6a0\n ? btrfs_search_slot+0xba4/0xd20\n ? balance_dirty_pages_ratelimited_flags+0x26/0xb00\n relocate_data_extent.constprop.0+0x134/0x160\n relocate_block_group+0x3f2/0x500\n btrfs_relocate_block_group+0x250/0x430\n btrfs_relocate_chunk+0x3f/0x130\n btrfs_balance+0x71b/0xef0\n ? kmalloc_trace_noprof+0x13b/0x280\n btrfs_ioctl+0x2c2e/0x3030\n ? kvfree_call_rcu+0x1e6/0x340\n ? list_lru_add_obj+0x66/0x80\n ? mntput_no_expire+0x3a/0x220\n __x64_sys_ioctl+0x96/0xc0\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7fcc04514f9b\n Code: Unable to access opcode bytes at 0x7fcc04514f71.\n RSP: 002b:00007ffeba923370 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc04514f9b\n RDX: 00007ffeba923460 RSI: 00000000c4009420 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000013 R09: 0000000000000001\n R10: 00007fcc043fbba8 R11: 0000000000000246 R12: 00007ffeba924fc5\n R13: 00007ffeba923460 R14: 0000000000000002 R15: 00000000004d4bb0\n \n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__blk_rq_map_sg+0x339/0x4a0\n RSP: 0018:ffffc90001a43820 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802\n RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000\n RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8\n R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000\n FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fcc04514f71 CR3: 00000001109ea001 CR4: 0000000000370eb0\n Kernel p\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: no leer con anticipaci\u00f3n el inodo de reubicaci\u00f3n en RST En la reubicaci\u00f3n, hacemos lectura anticipada en el inodo de reubicaci\u00f3n, pero si el sistema de archivos est\u00e1 respaldado por un \u00e1rbol de bandas RAID, podemos obtener ENOENT (por ejemplo, debido a que las extensiones preasignadas no se asignan en el RST) a partir de la b\u00fasqueda. Pero readahead no maneja el error y env\u00eda lecturas no v\u00e1lidas al dispositivo, lo que causa una afirmaci\u00f3n en el c\u00f3digo de la lista scatter-gather: BTRFS info (device nvme1n1): balance: start -d -m -s BTRFS info (device nvme1n1): relocating block group 6480920576 flags data|raid0 BTRFS error (device nvme1n1): cannot find raid-stripe for logical [6481928192, 6481969152] devid 2, profile raid0 ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en include/linux/scatterlist.h:115! Ups: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 1012 Comm: btrfs No contaminado 6.10.0-rc7+ #567 RIP: 0010:__blk_rq_map_sg+0x339/0x4a0 RSP: 0018:ffffc90001a43820 EFLAGS: 00010202 RAX: 000000000000000 RBX: 000000000000000 RCX: ffffea00045d4802 RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000 RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8 R13: ffffc90001a438f0 R14: 000000000000000 R15: 0000000000003000 FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002cd11000 CR3: 00000001109ea001 CR4: 0000000000370eb0 Seguimiento de llamadas: ? __die_body.cold+0x14/0x25 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __blk_rq_map_sg+0x339/0x4a0 ? exc_invalid_op+0x50/0x70 ? __blk_rq_map_sg+0x339/0x4a0 ? asm_exc_invalid_op+0x1a/0x20 ? __blk_rq_map_sg+0x339/0x4a0 nvme_prep_rq.part.0+0x9d/0x770 nvme_queue_rq+0x7d/0x1e0 __blk_mq_issue_directly+0x2a/0x90 ? blk_mq_get_budget_and_tag+0x61/0x90 blk_mq_try_issue_list_directly+0x56/0xf0 blk_mq_flush_plug_list.part.0+0x52b/0x5d0 __blk_flush_plug+0xc6/0x110 blk_finish_plug+0x28/0x40 read_pages+0x160/0x1c0 page_cache_ra_unbounded+0x109/0x180 relocate_file_extent_cluster+0x611/0x6a0 ? btrfs_search_slot+0xba4/0xd20 ? balance_dirty_pages_ratelimited_flags+0x26/0xb00 relocate_data_extent.constprop.0+0x134/0x160 relocate_block_group+0x3f2/0x500 btrfs_relocate_block_group+0x250/0x430 btrfs_relocate_chunk+0x3f/0x130 btrfs_balance+0x71b/0xef0 ? kmalloc_trace_noprof+0x13b/0x280 btrfs_ioctl+0x2c2e/0x3030 ? kvfree_call_rcu+0x1e6/0x340 ? list_lru_add_obj+0x66/0x80 ? mntput_no_expire+0x3a/0x220 __x64_sys_ioctl+0x96/0xc0 do_syscall_64+0x54/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fcc04514f9b C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7fcc04514f71. RSP: 002b:00007ffeba923370 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc04514f9b RDX: 00007ffeba923460 RSI: 00000000c4009420 RDI: 0000000000000003 RBP: 000000000000000 R08: 0000000000000013 R09: 0000000000000001 R10: 00007fcc043fbba8 R11: 0000000000000246 R12: 00007ffeba924fc5 R13: 00007ffeba923460 R14: 0000000000000002 R15: 00000000004d4bb0 M\u00f3dulos vinculados en: ---[ fin del seguimiento 000000000000000 ]--- RIP: 0010:__blk_rq_map_sg+0x339/0x4a0 RSP: 0018:ffffc90001a43820 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802 RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000 RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000001000 R12: ffff8881003d10b8 R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000 FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcc04514f71 CR3: 00000001109ea001 CR4: 0000000000370eb0 N\u00facleo p ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json index c4272a81d90..ab368105bfe 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49933", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.210", - "lastModified": "2024-10-21T18:15:15.210", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk_iocost: fix more out of bound shifts\n\nRecently running UBSAN caught few out of bound shifts in the\nioc_forgive_debts() function:\n\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:2144:30\nshift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long\nlong')\n...\nCall Trace:\n\ndump_stack_lvl+0xca/0x130\n__ubsan_handle_shift_out_of_bounds+0x22c/0x280\n? __lock_acquire+0x6441/0x7c10\nioc_timer_fn+0x6cec/0x7750\n? blk_iocost_init+0x720/0x720\n? call_timer_fn+0x5d/0x470\ncall_timer_fn+0xfa/0x470\n? blk_iocost_init+0x720/0x720\n__run_timer_base+0x519/0x700\n...\n\nActual impact of this issue was not identified but I propose to fix the\nundefined behaviour.\nThe proposed fix to prevent those out of bound shifts consist of\nprecalculating exponent before using it the shift operations by taking\nmin value from the actual exponent and maximum possible number of bits." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk_iocost: corrige m\u00e1s cambios fuera de los l\u00edmites Recientemente, la ejecuci\u00f3n de UBSAN detect\u00f3 algunos cambios fuera de los l\u00edmites en la funci\u00f3n ioc_forgive_debts(): UBSAN: cambio fuera de los l\u00edmites en block/blk-iocost.c:2142:38 el exponente de cambio 80 es demasiado grande para el tipo de 64 bits 'u64' (tambi\u00e9n conocido como 'unsigned long long') ... UBSAN: cambio fuera de los l\u00edmites en block/blk-iocost.c:2144:30 el exponente de cambio 80 es demasiado grande para el tipo de 64 bits 'u64' (tambi\u00e9n conocido como 'unsigned long long') ... Seguimiento de llamadas: dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 ... No se identific\u00f3 el impacto real de este problema, pero propongo corregir el comportamiento indefinido. La soluci\u00f3n propuesta para evitar esos cambios fuera de los l\u00edmites consiste en precalcular el exponente antes de usarlo en las operaciones de cambio tomando el valor m\u00ednimo del exponente real y la cantidad m\u00e1xima posible de bits." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json index 87d9d5bffbf..8664b8bb9dc 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49934", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.273", - "lastModified": "2024-10-21T18:15:15.273", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name\n\nIt's observed that a crash occurs during hot-remove a memory device,\nin which user is accessing the hugetlb. See calltrace as following:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 14045 at arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790\nModules linked in: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s\nmirror dm_region_hash dm_log dm_mod\nCPU: 1 PID: 14045 Comm: daxctl Not tainted 6.10.0-rc2-lizhijian+ #492\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:do_user_addr_fault+0x2a0/0x790\nCode: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff <0f> 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41\nRSP: 0000:ffffc90000a575f0 EFLAGS: 00010046\nRAX: ffff88800c303600 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a57658\nR13: 0000000000001000 R14: ffff88800bc2e040 R15: 0000000000000000\nFS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ? __warn+0x8d/0x190\n ? do_user_addr_fault+0x2a0/0x790\n ? report_bug+0x1c3/0x1d0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? do_user_addr_fault+0x2a0/0x790\n ? exc_page_fault+0x31/0x200\n exc_page_fault+0x68/0x200\n<...snip...>\nBUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n ---[ end trace 0000000000000000 ]---\n BUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 14045 Comm: daxctl Kdump: loaded Tainted: G W 6.10.0-rc2-lizhijian+ #492\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n RIP: 0010:dentry_name+0x1f4/0x440\n<...snip...>\n? dentry_name+0x2fa/0x440\nvsnprintf+0x1f3/0x4f0\nvprintk_store+0x23a/0x540\nvprintk_emit+0x6d/0x330\n_printk+0x58/0x80\ndump_mapping+0x10b/0x1a0\n? __pfx_free_object_rcu+0x10/0x10\n__dump_page+0x26b/0x3e0\n? vprintk_emit+0xe0/0x330\n? _printk+0x58/0x80\n? dump_page+0x17/0x50\ndump_page+0x17/0x50\ndo_migrate_range+0x2f7/0x7f0\n? do_migrate_range+0x42/0x7f0\n? offline_pages+0x2f4/0x8c0\noffline_pages+0x60a/0x8c0\nmemory_subsys_offline+0x9f/0x1c0\n? lockdep_hardirqs_on+0x77/0x100\n? _raw_spin_unlock_irqrestore+0x38/0x60\ndevice_offline+0xe3/0x110\nstate_store+0x6e/0xc0\nkernfs_fop_write_iter+0x143/0x200\nvfs_write+0x39f/0x560\nksys_write+0x65/0xf0\ndo_syscall_64+0x62/0x130\n\nPreviously, some sanity check have been done in dump_mapping() before\nthe print facility parsing '%pd' though, it's still possible to run into\nan invalid dentry.d_name.name.\n\nSince dump_mapping() only needs to dump the filename only, retrieve it\nby itself in a safer way to prevent an unnecessary crash.\n\nNote that either retrieving the filename with '%pd' or\nstrncpy_from_kernel_nofault(), the filename could be unreliable." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/inode: Evitar que dump_mapping() acceda a dentry.d_name.name no v\u00e1lido Se observa que se produce un bloqueo durante la eliminaci\u00f3n activa de un dispositivo de memoria, en el que el usuario est\u00e1 accediendo a hugetlb. Consulte el seguimiento de llamadas de la siguiente manera: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 1 PID: 14045 en arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790 M\u00f3dulos vinculados en: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s mirror dm_region_hash dm_log dm_mod CPU: 1 PID: 14045 Comm: daxctl No contaminado 6.10.0-rc2-lizhijian+ #492 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 01/04/2014 RIP: 0010:do_user_addr_fault+0x2a0/0x790 C\u00f3digo: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff <0f> 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41 RSP: 0000:ffffc90000a575f0 EFLAGS: 00010046 RAX: ffff88800c303600 RBX: 0000000000000000 RCX: 000000000000000 RDX: 00000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000000 R12: ffffc90000a57658 R13: 0000000000001000 R14: ffff88800bc2e040 R15: 000000000000000 FS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? __warn+0x8d/0x190 ? do_user_addr_fault+0x2a0/0x790 ? report_bug+0x1c3/0x1d0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? do_user_addr_fault+0x2a0/0x790 ? exc_page_fault+0x31/0x200 exc_page_fault+0x68/0x200 <...snip...> ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000001000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI ---[ fin del seguimiento 000000000000000 ]--- ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000001000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 14045 Comm: daxctl Kdump: cargado Tainted: GW 6.10.0-rc2-lizhijian+ #492 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:dentry_name+0x1f4/0x440 <...snip...> ? dentry_name+0x2fa/0x440 vsnprintf+0x1f3/0x4f0 vprintk_store+0x23a/0x540 vprintk_emit+0x6d/0x330 _printk+0x58/0x80 dump_mapping+0x10b/0x1a0 ? __pfx_free_object_rcu+0x10/0x10 __dump_page+0x26b/0x3e0 ? vprintk_emit+0xe0/0x330 ? _printk+0x58/0x80 ? dump_page+0x17/0x50 dump_page+0x17/0x50 do_migrate_range+0x2f7/0x7f0 ? do_migrate_range+0x42/0x7f0 ? offline_pages+0x2f4/0x8c0 offline_pages+0x60a/0x8c0 memory_subsys_offline+0x9f/0x1c0 ? lockdep_hardirqs_on+0x77/0x100 ? _raw_spin_unlock_irqrestore+0x38/0x60 device_offline+0xe3/0x110 state_store+0x6e/0xc0 kernfs_fop_write_iter+0x143/0x200 vfs_write+0x39f/0x560 ksys_write+0x65/0xf0 do_syscall_64+0x62/0x130 Anteriormente, se han realizado algunas comprobaciones de cordura en dump_mapping() antes de que la funci\u00f3n de impresi\u00f3n analice '%pd', aunque a\u00fan es posible encontrarse con un dentry.d_name.name no v\u00e1lido. Dado que dump_mapping() solo necesita volcar el nombre del archivo, recup\u00e9relo por s\u00ed mismo de una manera m\u00e1s segura para ----truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json index 5c3d3dae08e..88967161205 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49935", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.350", - "lastModified": "2024-10-21T18:15:15.350", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PAD: fix crash in exit_round_robin()\n\nThe kernel occasionally crashes in cpumask_clear_cpu(), which is called\nwithin exit_round_robin(), because when executing clear_bit(nr, addr) with\nnr set to 0xffffffff, the address calculation may cause misalignment within\nthe memory, leading to access to an invalid memory address.\n\n----------\nBUG: unable to handle kernel paging request at ffffffffe0740618\n ...\nCPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1\n ...\nRIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad]\nCode: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31\nRSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202\nRAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\nRBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8\nR10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e\nR13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e\nFS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ? acpi_pad_add+0x120/0x120 [acpi_pad]\n kthread+0x10b/0x130\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x40\n ...\nCR2: ffffffffe0740618\n\ncrash> dis -lr ffffffffc0726923\n ...\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114\n0xffffffffc0726918 :\tmov %r12d,%r12d\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325\n0xffffffffc072691b :\tmov -0x3f8d7de0(,%r12,4),%eax\n/usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80\n0xffffffffc0726923 :\tlock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 \n\ncrash> px tsk_in_cpu[14]\n$66 = 0xffffffff\n\ncrash> px 0xffffffffc072692c+0x19cf4\n$99 = 0xffffffffc0740620\n\ncrash> sym 0xffffffffc0740620\nffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad]\n\ncrash> px pad_busy_cpus_bits[0]\n$42 = 0xfffc0\n----------\n\nTo fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling\ncpumask_clear_cpu() in exit_round_robin(), just as it is done in\nround_robin_cpu().\n\n[ rjw: Subject edit, avoid updates to the same value ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: PAD: corrige fallo en exit_round_robin() El kernel ocasionalmente fallo en cpumask_clear_cpu(), que se llama dentro de exit_round_robin(), porque al ejecutar clear_bit(nr, addr) con nr establecido en 0xffffffff, el c\u00e1lculo de la direcci\u00f3n puede causar una desalineaci\u00f3n dentro de la memoria, lo que lleva al acceso a una direcci\u00f3n de memoria no v\u00e1lida. ---------- ERROR: no se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en ffffffffe0740618 ... CPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: cargado Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1 ... RIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad] C\u00f3digo: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31 RSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202 RAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 000000000000000 RDX: 000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000e R13: 0000000000000000 R1 4: ffffffffffffffff R15: 000000000000000e FS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Rastreo de llamadas: ? acpi_pad_add+0x120/0x120 [acpi_pad] kthread+0x10b/0x130 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x1f/0x40 ... CR2: ffffffffe0740618 crash> dis -lr ffffffffc0726923 ... /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114 0xffffffffc0726918 : mov %r12d,%r12d /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325 0xffffffffc072691b : mov -0x3f8d7de0(,%r12,4),%eax /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80 0xffffffffc0726923 : crash btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 crash> px tsk_in_cpu[14] $66 = 0xffffffff crash> px 0xffffffffc072692c+0x19cf4 $99 = 0xffffffffc0740620 crash> sym 0xffffffffc0740620 ffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad] crash> px pad_busy_cpus_bits[0] $42 = 0xfffc0 ---------- Para solucionar esto, aseg\u00farese de que tsk_in_cpu[tsk_index] != -1 antes de llamar cpumask_clear_cpu() en exit_round_robin(), tal como se hace en round_robin_cpu(). [ rjw: Edici\u00f3n del tema, evitar actualizaciones al mismo valor ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49936.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49936.json index 5069d672ed1..4fd458dc2f2 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49936.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49936.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49936", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.413", - "lastModified": "2024-10-21T18:15:15.413", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/xen-netback: prevent UAF in xenvif_flush_hash()\n\nDuring the list_for_each_entry_rcu iteration call of xenvif_flush_hash,\nkfree_rcu does not exist inside the rcu read critical section, so if\nkfree_rcu is called when the rcu grace period ends during the iteration,\nUAF occurs when accessing head->next after the entry becomes free.\n\nTherefore, to solve this, you need to change it to list_for_each_entry_safe." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/xen-netback: evitar UAF en xenvif_flush_hash() Durante la llamada de iteraci\u00f3n list_for_each_entry_rcu de xenvif_flush_hash, kfree_rcu no existe dentro de la secci\u00f3n cr\u00edtica de lectura de rcu, por lo que si se llama a kfree_rcu cuando finaliza el per\u00edodo de gracia de rcu durante la iteraci\u00f3n, se produce UAF al acceder a head->next despu\u00e9s de que la entrada se libera. Por lo tanto, para resolver esto, debe cambiarlo a list_for_each_entry_safe." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49937.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49937.json index 74e8d47d892..808d21d378e 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49937.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49937.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49937", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.477", - "lastModified": "2024-10-21T18:15:15.477", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Set correct chandef when starting CAC\n\nWhen starting CAC in a mode other than AP mode, it return a\n\"WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\"\ncaused by the chandef.chan being null at the end of CAC.\n\nSolution: Ensure the channel definition is set for the different modes\nwhen starting CAC to avoid getting a NULL 'chan' at the end of CAC.\n\n Call Trace:\n ? show_regs.part.0+0x14/0x16\n ? __warn+0x67/0xc0\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? report_bug+0xa7/0x130\n ? exc_overflow+0x30/0x30\n ? handle_bug+0x27/0x50\n ? exc_invalid_op+0x18/0x60\n ? handle_exception+0xf6/0xf6\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? exc_overflow+0x30/0x30\n ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\n ? regulatory_propagate_dfs_state.cold+0x1b/0x4c [cfg80211]\n ? cfg80211_propagate_cac_done_wk+0x1a/0x30 [cfg80211]\n ? process_one_work+0x165/0x280\n ? worker_thread+0x120/0x3f0\n ? kthread+0xc2/0xf0\n ? process_one_work+0x280/0x280\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x19/0x24\n\n[shorten subject, remove OCB, reorder cases to match previous list]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: cfg80211: Establecer chandef correcto al iniciar CAC Al iniciar CAC en un modo distinto del modo AP, devuelve un \"ADVERTENCIA: CPU: 0 PID: 63 en cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]\" causado por chandef.chan que es nulo al final de CAC. Soluci\u00f3n: Aseg\u00farese de que la definici\u00f3n del canal est\u00e9 configurada para los diferentes modos al iniciar CAC para evitar obtener un 'chan' NULL al final de CAC. Seguimiento de llamadas: ? show_regs.part.0+0x14/0x16 ? __warn+0x67/0xc0 ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211] ? report_bug+0xa7/0x130 ? exc_overflow+0x30/0x30 ? handle_bug+0x27/0x50 ? exc_invalid_op+0x18/0x60 ? handle_exception+0xf6/0xf6 ? exc_overflow+0x30/0x30 ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211] ? exc_overflow+0x30/0x30 ? cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211] ? regulatory_propagate_dfs_state.cold+0x1b/0x4c [cfg80211] ? cfg80211_propagate_cac_done_wk+0x1a/0x30 [cfg80211] ? process_one_work+0x165/0x280 ? worker_thread+0x120/0x3f0 ? kthread+0xc2/0xf0 ? process_one_work+0x280/0x280 ? kthread_complete_and_exit+0x20/0x20 ? ret_from_fork+0x19/0x24 [acortar asunto, eliminar OCB, reordenar casos para que coincidan con la lista anterior]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json index ba64ec214bf..cba6a2a22d3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49938", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.547", - "lastModified": "2024-10-21T18:15:15.547", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\n\nSyzbot points out that skb_trim() has a sanity check on the existing length of\nthe skb, which can be uninitialised in some error paths. The intent here is\nclearly just to reset the length to zero before resubmitting, so switch to\ncalling __skb_set_length(skb, 0) directly. In addition, __skb_set_length()\nalready contains a call to skb_reset_tail_pointer(), so remove the redundant\ncall.\n\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar\nusage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath9k_htc: Use __skb_set_length() para restablecer urb antes de volver a enviar Syzbot se\u00f1ala que skb_trim() tiene una comprobaci\u00f3n de cordura en la longitud existente del skb, que puede no inicializarse en algunas rutas de error. La intenci\u00f3n aqu\u00ed es claramente solo restablecer la longitud a cero antes de volver a enviar, as\u00ed que cambie a llamar a __skb_set_length(skb, 0) directamente. Adem\u00e1s, __skb_set_length() ya contiene una llamada a skb_reset_tail_pointer(), as\u00ed que elimine la llamada redundante. El informe de syzbot vino de ath9k_hif_usb_reg_in_cb(), pero hay un uso similar de skb_trim() en ath9k_hif_usb_rx_cb(), cambie ambos mientras estamos en eso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49939.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49939.json index fd2ac76804c..4d6b5699559 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49939.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49939.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49939", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.620", - "lastModified": "2024-10-21T18:15:15.620", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to add interface to list twice when SER\n\nIf SER L2 occurs during the WoWLAN resume flow, the add interface flow\nis triggered by ieee80211_reconfig(). However, due to\nrtw89_wow_resume() return failure, it will cause the add interface flow\nto be executed again, resulting in a double add list and causing a kernel\npanic. Therefore, we have added a check to prevent double adding of the\nlist.\n\nlist_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:37!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7\nHardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021\nWorkqueue: events_freezable ieee80211_restart_work [mac80211]\nRIP: 0010:__list_add_valid_or_report+0x5e/0xb0\nCode: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 <0f> 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12\nRSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900\nRDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0\nR10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060\nR13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010\nFS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0\nCall Trace:\n \n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? __list_add_valid_or_report+0x5e/0xb0\n ? do_error_trap+0x6d/0x90\n ? __list_add_valid_or_report+0x5e/0xb0\n ? handle_invalid_op+0x30/0x40\n ? __list_add_valid_or_report+0x5e/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x5e/0xb0\n rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f]\n drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ? finish_wait+0x3e/0x90\n ? synchronize_rcu_expedited+0x174/0x260\n ? sync_rcu_exp_done_unlocked+0x50/0x50\n ? wake_bit_function+0x40/0x40\n ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n process_scheduled_works+0x1e5/0x480\n worker_thread+0xea/0x1e0\n kthread+0xdb/0x110\n ? move_linked_works+0x90/0x90\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork+0x3b/0x50\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork_asm+0x11/0x20\n \nModules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev\ngsmi: Log Shutdown Reason 0x03\n---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: evitar agregar interfaz a la lista dos veces cuando SER Si SER L2 ocurre durante el flujo de reanudaci\u00f3n de WoWLAN, el flujo de agregar interfaz se activa mediante ieee80211_reconfig(). Sin embargo, debido al error de retorno de rtw89_wow_resume(), har\u00e1 que el flujo de agregar interfaz se ejecute nuevamente, lo que dar\u00e1 como resultado una lista de adici\u00f3n doble y provocar\u00e1 un p\u00e1nico del kernel. Por lo tanto, hemos agregado una verificaci\u00f3n para evitar la doble adici\u00f3n de la lista. list_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628. ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en lib/list_debug.c:37! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1 Contaminado: GWO 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7 Nombre del hardware: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 24/06/2021 Cola de trabajo: events_freezable ieee80211_restart_work [mac80211] RIP: 0010:__list_add_valid_or_report+0x5e/0xb0 C\u00f3digo: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 <0f> 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 0 0 00 0f 0b 48 c7 c7 c8 bc 12 RSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246 RAX: 00000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900 RDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001 RBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0 R10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060 R13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010 FS: 000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0 Seguimiento de llamadas: ? __die_body+0x1f/0x70 ? die+0x3d/0x60 ? do_trap+0xa4/0x110 ? __list_add_valid_or_report+0x5e/0xb0 ? do_error_trap+0x6d/0x90 ? __list_add_valid_or_report+0x5e/0xb0 ? handle_invalid_op+0x30/0x40 ? __list_add_valid_or_report+0x5e/0xb0 ? exc_invalid_op+0x3c/0x50 ? asm_exc_invalid_op+0x16/0x20 ? __list_add_valid_or_report+0x5e/0xb0 rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f] drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] ? finish_wait+0x3e/0x90 ? sincronizar_rcu_expedited+0x174/0x260 ? sync_rcu_exp_done_unlocked+0x50/0x50 ? wake_bit_function+0x40/0x40 ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc] process_scheduled_works+0x1e5/0x480 worker_thread+0xea/0x1e0 kthread+0xdb/0x110 ? move_linked_works+0x90/0x90 ? kthread_associate_blkcg+0xa0/0xa0 ret_from_fork+0x3b/0x50 ? M\u00f3dulos vinculados en: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev gsmi: Registrar motivo de apagado 0x03 ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49940.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49940.json index 6dba8e4768a..e6144d2a4c4 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49940.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49940.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49940", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.703", - "lastModified": "2024-10-21T18:15:15.703", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session->tunnel is non-NULL. However, session->tunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession->tunnel is non-NULL when the tunnel refcount hasn't been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession->tunnel to get the tunnel's encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session->tunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn't yet have session->tunnel set. Add a check for\nthis case." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: l2tp: evitar un posible desbordamiento del recuento de referencias del t\u00fanel Cuando se crea una sesi\u00f3n, establece un puntero hacia atr\u00e1s a su t\u00fanel. Cuando el recuento de referencias de la sesi\u00f3n cae a 0, l2tp_session_free descarta el recuento de referencias del t\u00fanel si session->tunnel no es NULL. Sin embargo, session->tunnel se establece en l2tp_session_create, antes de que el recuento de referencias del t\u00fanel se incremente mediante l2tp_session_register, lo que deja una peque\u00f1a ventana donde session->tunnel no es NULL cuando el recuento de referencias del t\u00fanel no se ha incrementado. Mover la asignaci\u00f3n a l2tp_session_register es trivial, pero l2tp_session_create llama a l2tp_session_set_header_len, que usa session->tunnel para obtener el encap del t\u00fanel. Agregue un argumento de encap a l2tp_session_set_header_len para evitar usar session->tunnel. Si las sesiones l2tpv3 tienen identificadores en conflicto, es posible que l2tp_v3_session_get compita con l2tp_session_register y obtenga una sesi\u00f3n que a\u00fan no tenga configurado session->tunnel. Agregue una verificaci\u00f3n para este caso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49941.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49941.json index 2b42bf55989..c451efc2801 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49941.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49941.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49941", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.780", - "lastModified": "2024-10-21T18:15:15.780", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: Fix potential NULL pointer dereference in gpiod_get_label()\n\nIn `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may\nreturn a NULL pointer, leading to a scenario where `label->str` is accessed\nwithout verifying if `label` itself is NULL.\n\nThis patch adds a proper NULL check for `label` before accessing\n`label->str`. The check for `label->str != NULL` is removed because\n`label->str` can never be NULL if `label` is not NULL.\n\nThis fixes the issue where the label name was being printed as `(efault)`\nwhen dumping the sysfs GPIO file when `label == NULL`." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpiolib: Corrige la posible desreferencia de puntero NULL en gpiod_get_label() En `gpiod_get_label()`, es posible que `srcu_dereference_check()` pueda devolver un puntero NULL, lo que lleva a un escenario en el que se accede a `label->str` sin verificar si `label` en s\u00ed es NULL. Este parche agrega una comprobaci\u00f3n NULL adecuada para `label` antes de acceder a `label->str`. La comprobaci\u00f3n para `label->str != NULL` se elimina porque `label->str` nunca puede ser NULL si `label` no es NULL. Esto corrige el problema en el que el nombre de la etiqueta se imprim\u00eda como `(efault)` al volcar el archivo GPIO de sysfs cuando `label == NULL`." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49942.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49942.json index f33ab881433..d1c3427dc73 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49942.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49942.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49942", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.843", - "lastModified": "2024-10-21T18:15:15.843", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Prevent null pointer access in xe_migrate_copy\n\nxe_migrate_copy designed to copy content of TTM resources. When source\nresource is null, it will trigger a NULL pointer dereference in\nxe_migrate_copy. To avoid this situation, update lacks source flag to\ntrue for this case, the flag will trigger xe_migrate_clear rather than\nxe_migrate_copy.\n\nIssue trace:\n<7> [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 14,\n sizes: 4194304 & 4194304\n<7> [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 15,\n sizes: 4194304 & 4194304\n<1> [317.128055] BUG: kernel NULL pointer dereference, address:\n 0000000000000010\n<1> [317.128064] #PF: supervisor read access in kernel mode\n<1> [317.128066] #PF: error_code(0x0000) - not-present page\n<6> [317.128069] PGD 0 P4D 0\n<4> [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n<4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Tainted:\n G U N 6.11.0-rc7-xe #1\n<4> [317.128078] Tainted: [U]=USER, [N]=TEST\n<4> [317.128080] Hardware name: Intel Corporation Lunar Lake Client\n Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024\n<4> [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe]\n<4> [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8\n fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31\n ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff\n<4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246\n<4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX:\n 0000000000000000\n<4> [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI:\n 0000000000000000\n<4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09:\n 0000000000000001\n<4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12:\n ffff88814e7b1f08\n<4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15:\n 0000000000000001\n<4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000)\n knlGS:0000000000000000\n<4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n<4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4:\n 0000000000770ef0\n<4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n 0000000000000000\n<4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7:\n 0000000000000400\n<4> [317.128184] PKRU: 55555554\n<4> [317.128185] Call Trace:\n<4> [317.128187] \n<4> [317.128189] ? show_regs+0x67/0x70\n<4> [317.128194] ? __die_body+0x20/0x70\n<4> [317.128196] ? __die+0x2b/0x40\n<4> [317.128198] ? page_fault_oops+0x15f/0x4e0\n<4> [317.128203] ? do_user_addr_fault+0x3fb/0x970\n<4> [317.128205] ? lock_acquire+0xc7/0x2e0\n<4> [317.128209] ? exc_page_fault+0x87/0x2b0\n<4> [317.128212] ? asm_exc_page_fault+0x27/0x30\n<4> [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe]\n<4> [317.128263] ? __lock_acquire+0xb9d/0x26f0\n<4> [317.128265] ? __lock_acquire+0xb9d/0x26f0\n<4> [317.128267] ? sg_free_append_table+0x20/0x80\n<4> [317.128271] ? lock_acquire+0xc7/0x2e0\n<4> [317.128273] ? mark_held_locks+0x4d/0x80\n<4> [317.128275] ? trace_hardirqs_on+0x1e/0xd0\n<4> [317.128278] ? _raw_spin_unlock_irqrestore+0x31/0x60\n<4> [317.128281] ? __pm_runtime_resume+0x60/0xa0\n<4> [317.128284] xe_bo_move+0x682/0xc50 [xe]\n<4> [317.128315] ? lock_is_held_type+0xaa/0x120\n<4> [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm]\n<4> [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm]\n<4> [317.128328] shrink_test_run_device+0x721/0xc10 [xe]\n<4> [317.128360] ? find_held_lock+0x31/0x90\n<4> [317.128363] ? lock_release+0xd1/0x2a0\n<4> [317.128365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10\n [kunit]\n<4> [317.128370] xe_bo_shrink_kunit+0x11/0x20 [xe]\n<4> [317.128397] kunit_try_run_case+0x6e/0x150 [kunit]\n<4> [317.128400] ? trace_hardirqs_on+0x1e/0xd0\n<4> [317.128402] ? _raw_spin_unlock_irqrestore+0x31/0x60\n<4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Impedir el acceso a puntero nulo en xe_migrate_copy xe_migrate_copy est\u00e1 dise\u00f1ado para copiar el contenido de los recursos de TTM. Cuando el recurso de origen es nulo, activar\u00e1 una desreferencia de puntero NULL en xe_migrate_copy. Para evitar esta situaci\u00f3n, actualice el indicador de origen a verdadero para este caso; el indicador activar\u00e1 xe_migrate_clear en lugar de xe_migrate_copy. Rastreo de problemas: <7> [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Paso 14, tama\u00f1os: 4194304 y 4194304 <7> [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Paso 15, tama\u00f1os: 4194304 y 4194304 <1> [317.128055] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000010 <1> [317.128064] #PF: acceso de lectura del supervisor en modo n\u00facleo <1> [317.128066] #PF: error_code(0x0000) - no presente p\u00e1gina <6> [317.128069] PGD 0 P4D 0 <4> [317.128071] Ups: Ups: 0000 [#1] PREEMPT SMP NOPTI <4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Contaminado: G U N 6.11.0-rc7-xe #1 <4> [317.128078] Contaminado: [U]=USUARIO, [N]=PRUEBA <4> [317.128080] Nombre del hardware: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 29/07/2024 <4> [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128158] C\u00f3digo: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8 fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31 ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff <4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246 <4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX: 0000000000000000 <4> [317.128166] X: ffff88813cb99c00 RSI: 0000000004000000 RDI: 0000000000000000 <4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09: 00000000000000001 <4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814e7b1f08 <4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15: 0000000000000001 <4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000) knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 <4> [317.128184] PKRU: 55555554 <4> [317.128185] Seguimiento de llamadas: <4> [317.128187] <4> [317.128189] ? show_regs+0x67/0x70 <4> [317.128194] ? __die_body+0x20/0x70 <4> [317.128196] ? __die+0x2b/0x40 <4> [317.128198] ? page_fault_oops+0x15f/0x4e0 <4> [317.128203] ? do_user_addr_fault+0x3fb/0x970 <4> [317.128205] ? lock_acquire+0xc7/0x2e0 <4> [317.128209]? exc_page_fault+0x87/0x2b0 <4> [317.128212] ? asm_exc_page_fault+0x27/0x30 <4> [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128263] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128265] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128267] ? sg_free_append_table+0x20/0x80 <4> [317.128271] ? lock_acquire+0xc7/0x2e0 <4> [317.128273] ? mark_held_locks+0x4d/0x80 <4> [317.128275] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128278] ? __pm_runtime_resume+0x60/0xa0 <4> [317.128284] xe_bo_move+0x682/0xc50 [xe] <4> [317.128315] ? lock_is_held_type+0xaa/0x120 <4> [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm] <4> [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm] <4> [317.128328] +0x721/0xc10 [xe] <" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49943.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49943.json index 4adbf7437d8..53827b80bf5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49943.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49943.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49943", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.920", - "lastModified": "2024-10-21T18:15:15.920", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc_submit: add missing locking in wedged_fini\n\nAny non-wedged queue can have a zero refcount here and can be running\nconcurrently with an async queue destroy, therefore dereferencing the\nqueue ptr to check wedge status after the lookup can trigger UAF if\nqueue is not wedged. Fix this by keeping the submission_state lock held\naround the check to postpone the free and make the check safe, before\ndropping again around the put() to avoid the deadlock.\n\n(cherry picked from commit d28af0b6b9580b9f90c265a7da0315b0ad20bbfd)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/guc_submit: agregar bloqueo faltante en wedged_fini Cualquier cola no en cu\u00f1a puede tener un recuento de referencias cero aqu\u00ed y puede ejecutarse simult\u00e1neamente con una destrucci\u00f3n de cola asincr\u00f3nica, por lo tanto, desreferenciar el ptr de la cola para verificar el estado de cu\u00f1a despu\u00e9s de la b\u00fasqueda puede activar UAF si la cola no est\u00e1 en cu\u00f1a. Solucione esto manteniendo el bloqueo submission_state en torno a la verificaci\u00f3n para posponer la liberaci\u00f3n y hacer que la verificaci\u00f3n sea segura, antes de volver a soltarlo en torno a put() para evitar el punto muerto. (seleccionado de el commit d28af0b6b9580b9f90c265a7da0315b0ad20bbfd)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49944.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49944.json index 2710e422120..662d3fce91d 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49944.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49944.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49944", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.993", - "lastModified": "2024-10-21T18:15:15.993", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: volver a establecer sk_state en CERRADO si fallo la vinculaci\u00f3n autom\u00e1tica en sctp_listen_start En sctp_listen_start() invocado por sctp_inet_listen(), deber\u00eda volver a establecer sk_state en CERRADO si sctp_autobind() falla por cualquier motivo. De lo contrario, la pr\u00f3xima vez que se llame a sctp_inet_listen(), si sctp_sk(sk)->reuse ya est\u00e1 establecido mediante setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash se desreferenciar\u00e1 ya que sk_state est\u00e1 ESCUCHANDO, lo que provoca un bloqueo ya que bind_hash es NULL. KASAN: null-ptr-deref en el rango [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Seguimiento de llamadas: __sys_listen_socket net/socket.c:1883 [en l\u00ednea] __sys_listen+0x1b7/0x230 net/socket.c:1894 __do_sys_listen net/socket.c:1902 [en l\u00ednea]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49945.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49945.json index 0068e09ab94..38e319588f3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49945.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49945.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49945", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.073", - "lastModified": "2024-10-21T18:15:16.073", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/ncsi: deshabilitar la funci\u00f3n work de ncsi antes de liberar la estructura asociada. La funci\u00f3n work puede ejecutarse despu\u00e9s de que se libera el dispositivo ncsi, lo que genera errores de use after free o p\u00e1nico del kernel." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49946.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49946.json index 007c3384bc9..a5307bad5ab 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49946.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49946.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49946", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.133", - "lastModified": "2024-10-21T18:15:16.133", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: do not assume bh is held in ppp_channel_bridge_input()\n\nNetworking receive path is usually handled from BH handler.\nHowever, some protocols need to acquire the socket lock, and\npackets might be stored in the socket backlog is the socket was\nowned by a user process.\n\nIn this case, release_sock(), __release_sock(), and sk_backlog_rcv()\nmight call the sk->sk_backlog_rcv() handler in process context.\n\nsybot caught ppp was not considering this case in\nppp_channel_bridge_input() :\n\nWARNING: inconsistent lock state\n6.11.0-rc7-syzkaller-g5f5673607153 #0 Not tainted\n--------------------------------\ninconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.\nksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] takes:\n ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]\n ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n{SOFTIRQ-ON-W} state was registered at:\n lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]\n ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv include/net/sock.h:1111 [inline]\n __release_sock+0x1a8/0x3d8 net/core/sock.c:3004\n release_sock+0x68/0x1b8 net/core/sock.c:3558\n pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x374/0x4f4 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nirq event stamp: 282914\n hardirqs last enabled at (282914): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]\n hardirqs last enabled at (282914): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194\n hardirqs last disabled at (282913): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]\n hardirqs last disabled at (282913): [] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162\n softirqs last enabled at (282904): [] softirq_handle_end kernel/softirq.c:400 [inline]\n softirqs last enabled at (282904): [] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582\n softirqs last disabled at (282909): [] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(&pch->downl);\n \n lock(&pch->downl);\n\n *** DEADLOCK ***\n\n1 lock held by ksoftirqd/1/24:\n #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:319\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:326\n __dump_sta\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppp: no asuma que bh se mantiene en ppp_channel_bridge_input() La ruta de recepci\u00f3n de red generalmente se maneja desde el controlador BH. Sin embargo, algunos protocolos necesitan adquirir el bloqueo del socket y los paquetes pueden almacenarse en el backlog del socket si el socket era propiedad de un proceso de usuario. En este caso, release_sock(), __release_sock() y sk_backlog_rcv() pueden llamar al controlador sk->sk_backlog_rcv() en el contexto del proceso. sybot captur\u00f3 que ppp no estaba considerando este caso en ppp_channel_bridge_input(): ADVERTENCIA: estado de bloqueo inconsistente 6.11.0-rc7-syzkaller-g5f5673607153 #0 No contaminado -------------------------------- uso inconsistente de {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W}. ksoftirqd/1/24 [HC0[0]:SC1[1]:HE1:SE0] toma: ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, en: spin_lock include/linux/spinlock.h:351 [en l\u00ednea] ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, en: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [en l\u00ednea] ffff0000db7f11e0 (&pch->downl){+.?.}-{2:2}, en: ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304 El estado {SOFTIRQ-ON-W} se registr\u00f3 en: lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5759 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [en l\u00ednea] _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [en l\u00ednea] ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [en l\u00ednea] ppp_input+0x16c/0x854 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0xfc/0x314 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv incluir/net/sock.h:1111 [en l\u00ednea] __release_sock+0x1a8/0x3d8 net/core/sock.c:3004 release_sock+0x68/0x1b8 net/core/sock.c:3558 pppoe_sendmsg+0xc8/0x5d8 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x374/0x4f4 net/socket.c:2204 __do_sys_sendto net/socket.c:2216 [en l\u00ednea] __se_sys_sendto net/socket.c:2212 [en l\u00ednea] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2212 __invoke_syscall arch/arm64/kernel/syscall.c:35 [en l\u00ednea] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 marca de evento de irq: 282914 hardirqs habilitados por \u00faltima vez en (282914): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [en l\u00ednea] hardirqs habilitados por \u00faltima vez en (282914): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194 hardirqs deshabilitados por \u00faltima vez en (282913): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [en l\u00ednea] hardirqs se desactiv\u00f3 por \u00faltima vez en (282913): [] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162 softirqs se activ\u00f3 por \u00faltima vez en (282904): [] softirq_handle_end kernel/softirq.c:400 [en l\u00ednea] softirqs se activ\u00f3 por \u00faltima vez en (282904): [] handle_softirqs+0xa3c/0xbfc kernel/softirq.c:582 softirqs se desactiv\u00f3 por \u00faltima vez en (282909): [] run_ksoftirqd+0x70/0x158 kernel/softirq.c:928 otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 ---- lock(&pch->downl); lock(&pch->downl); *** BLOQUEO INTERMEDIO *** 1 bloqueo mantenido por ksoftirqd/1/24: #0: ffff80008f74dfa0 (rcu_read_lock){....}-{1:2}, en: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:325 seguimiento de pila: CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 No contaminado 6.11.0-rc7-syzkaller-g5f5673607153 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas: dump_backtrace+0x1b8/0x1e4 arch/ar---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49947.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49947.json index 119bdd001aa..8fbadbd03a1 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49947.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49947.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49947", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.207", - "lastModified": "2024-10-21T18:15:16.207", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: test for not too small csum_start in virtio_net_hdr_to_skb()\n\nsyzbot was able to trigger this warning [1], after injecting a\nmalicious packet through af_packet, setting skb->csum_start and thus\nthe transport header to an incorrect value.\n\nWe can at least make sure the transport header is after\nthe end of the network header (with a estimated minimal size).\n\n[1]\n[ 67.873027] skb len=4096 headroom=16 headlen=14 tailroom=0\nmac=(-1,-1) mac_len=0 net=(16,-6) trans=10\nshinfo(txflags=0 nr_frags=1 gso(size=0 type=0 segs=0))\ncsum(0xa start=10 offset=0 ip_summed=3 complete_sw=0 valid=0 level=0)\nhash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0\npriority=0x0 mark=0x0 alloc_cpu=10 vlan_all=0x0\nencapsulation=0 inner(proto=0x0000, mac=0, net=0, trans=0)\n[ 67.877172] dev name=veth0_vlan feat=0x000061164fdd09e9\n[ 67.877764] sk family=17 type=3 proto=0\n[ 67.878279] skb linear: 00000000: 00 00 10 00 00 00 00 00 0f 00 00 00 08 00\n[ 67.879128] skb frag: 00000000: 0e 00 07 00 00 00 28 00 08 80 1c 00 04 00 00 02\n[ 67.879877] skb frag: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.880647] skb frag: 00000020: 00 00 02 00 00 00 08 00 1b 00 00 00 00 00 00 00\n[ 67.881156] skb frag: 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.881753] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882173] skb frag: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.882790] skb frag: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883171] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.883733] skb frag: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.884206] skb frag: 00000090: 00 00 00 00 00 00 00 00 00 00 69 70 76 6c 61 6e\n[ 67.884704] skb frag: 000000a0: 31 00 00 00 00 00 00 00 00 00 2b 00 00 00 00 00\n[ 67.885139] skb frag: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.885677] skb frag: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886042] skb frag: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.886408] skb frag: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887020] skb frag: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 67.887384] skb frag: 00000100: 00 00\n[ 67.887878] ------------[ cut here ]------------\n[ 67.887908] offset (-6) >= skb_headlen() (14)\n[ 67.888445] WARNING: CPU: 10 PID: 2088 at net/core/dev.c:3332 skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.889353] Modules linked in: macsec macvtap macvlan hsr wireguard curve25519_x86_64 libcurve25519_generic libchacha20poly1305 chacha_x86_64 libchacha poly1305_x86_64 dummy bridge sr_mod cdrom evdev pcspkr i2c_piix4 9pnet_virtio 9p 9pnet netfs\n[ 67.890111] CPU: 10 UID: 0 PID: 2088 Comm: b363492833 Not tainted 6.11.0-virtme #1011\n[ 67.890183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 67.890309] RIP: 0010:skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891043] Call Trace:\n[ 67.891173] \n[ 67.891274] ? __warn (kernel/panic.c:741)\n[ 67.891320] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891333] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 67.891348] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 67.891363] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 67.891372] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n[ 67.891388] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891399] ? skb_checksum_help (net/core/dev.c:3332 (discriminator 2))\n[ 67.891416] ip_do_fragment (net/ipv4/ip_output.c:777 (discriminator 1))\n[ 67.891448] ? __ip_local_out (./include/linux/skbuff.h:1146 ./include/net/l3mdev.h:196 ./include/net/l3mdev.h:213 ne\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: prueba de que csum_start no sea demasiado peque\u00f1o en virtio_net_hdr_to_skb() syzbot pudo activar esta advertencia [1], despu\u00e9s de inyectar un paquete malicioso a trav\u00e9s de af_packet, configurando skb->csum_start y, por lo tanto, el encabezado de transporte con un valor incorrecto. Al menos podemos asegurarnos de que el encabezado de transporte est\u00e9 despu\u00e9s del final del encabezado de red (con un tama\u00f1o m\u00ednimo estimado). [1] [ 67.873027] longitud skb=4096 espacio libre=16 longitud libre=14 espacio libre=0 mac=(-1,-1) longitud_mac=0 red=(16,-6) trans=10 shinfo(txflags=0 nr_frags=1 gso(tama\u00f1o=0 tipo=0 segmentos=0)) suma_c(0xa inicio=10 desplazamiento=0 suma_ip=3 software_completo=0 v\u00e1lido=0 nivel=0) hash(0x0 software=0 l4=0) proto=0x0800 tipo_paquete=0 iif=0 prioridad=0x0 marca=0x0 asignar_cpu=10 vlan_all=0x0 encapsulaci\u00f3n=0 interno(proto=0x0000, mac=0, red=0, trans=0) [ 67.877172] nombre_de_desarrollo=veth0_vlan haza\u00f1a=0x000061164fdd09e9 [ 67.877764] familia sk=17 tipo=3 proto=0 [ 67.878279] skb lineal: 00000000: 00 00 10 00 00 00 00 00 0f 00 00 00 08 00 [ 67.879128] fragmento skb: 00000000: 0e 00 07 00 00 00 28 00 08 80 1c 00 04 00 00 02 [ 67.879877] fragmento skb: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.880647] skb frag: 00000020: 00 00 02 00 00 00 08 00 1b 00 00 00 00 00 00 00 [ 67.881156] skb frag: 0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [67.881753] skb frag: 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [67.882173] fragmento de skb: 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [67.882790] fragmento de skb: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.883171] skb frag: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.883733] fragmento: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.884206] fragmento skb: 00000090: 00 00 00 00 00 00 00 00 00 00 69 70 76 6c 61 6e [ 67.884704] fragmento skb: 000000a0: 31 00 00 00 00 00 00 00 00 00 2b 00 00 00 00 00 [ 67.885139] fragmento skb: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.885677] fragmento de skb: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.886042] fragmento de skb: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.886408] fragmento de skb: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.887020] fragmento skb: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.887384] fragmento skb: 00000100: 00 00 [ 67.887878] ------------[ cortar aqu\u00ed ]------------ [ 67.887908] desplazamiento (-6) >= skb_headlen() (14) [ 67.888445] ADVERTENCIA: CPU: 10 PID: 2088 en net/core/dev.c:3332 skb_checksum_help (net/core/dev.c:3332 (discriminador 2)) [ 67.889353] M\u00f3dulos vinculados en: macsec macvtap macvlan hsr wireguard curve25519_x86_64 libcurve25519_generic libchacha20poly1305 chacha_x86_64 libchacha poly1305_x86_64 puente ficticio sr_mod cdrom evdev pcspkr i2c_piix4 9pnet_virtio 9p 9pnet netfs [ 67.890111] CPU: 10 UID: 0 PID: 2088 Comm: b363492833 No contaminado 6.11.0-virtme #1011 [ 67.890183] Nombre del hardware: QEMU PC est\u00e1ndar (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 [ 67.890309] RIP: 0010:skb_checksum_help (net/core/dev.c:3332 (discriminador 2)) [ 67.891043] Seguimiento de llamadas: [ 67.891173] [ 67.891274] ? __warn (kernel/panic.c:741) [ 67.891320] ? skb_checksum_help (net/core/dev.c:3332 (discriminador 2)) [ 67.891333] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 67.891348] ? handle_bug (arch/x86/kernel/traps.c:239) [ 67.891363] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminador 1)) [ ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49948.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49948.json index 713d7708c8a..024ef048845 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49948.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49948.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49948", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.260", - "lastModified": "2024-10-21T18:15:16.260", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: a\u00f1adir m\u00e1s comprobaciones de cordura a qdisc_pkt_len_init() Una ruta se encarga de SKB_GSO_DODGY, asumiendo que skb->len es m\u00e1s grande que hdr_len. virtio_net_hdr_to_skb() no disecciona completamente los encabezados TCP, solo se asegura de que tengan al menos 20 bytes. Es posible que un usuario proporcione un paquete 'GSO' malicioso, con una longitud total de 80 bytes. - 20 bytes de encabezado IPv4 - 60 bytes de encabezado TCP - un gso_size peque\u00f1o como 8 virtio_net_hdr_to_skb() declarar\u00eda este paquete como un paquete GSO normal, porque ver\u00eda 40 bytes de carga \u00fatil, m\u00e1s grande que gso_size. Necesitamos hacer que detecte este caso para no desbordar qdisc_skb_cb(skb)->pkt_len." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49949.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49949.json index b62ac420669..4725a9f25bc 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49949.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49949.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49949", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.323", - "lastModified": "2024-10-21T18:15:16.323", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential underflow in qdisc_pkt_len_init() with UFO\n\nAfter commit 7c6d2ecbda83 (\"net: be more gentle about silly gso\nrequests coming from user\") virtio_net_hdr_to_skb() had sanity check\nto detect malicious attempts from user space to cook a bad GSO packet.\n\nThen commit cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: count\ntransport header in UFO\") while fixing one issue, allowed user space\nto cook a GSO packet with the following characteristic :\n\nIPv4 SKB_GSO_UDP, gso_size=3, skb->len = 28.\n\nWhen this packet arrives in qdisc_pkt_len_init(), we end up\nwith hdr_len = 28 (IPv4 header + UDP header), matching skb->len\n\nThen the following sets gso_segs to 0 :\n\ngso_segs = DIV_ROUND_UP(skb->len - hdr_len,\n shinfo->gso_size);\n\nThen later we set qdisc_skb_cb(skb)->pkt_len to back to zero :/\n\nqdisc_skb_cb(skb)->pkt_len += (gso_segs - 1) * hdr_len;\n\nThis leads to the following crash in fq_codel [1]\n\nqdisc_pkt_len_init() is best effort, we only want an estimation\nof the bytes sent on the wire, not crashing the kernel.\n\nThis patch is fixing this particular issue, a following one\nadds more sanity checks for another potential bug.\n\n[1]\n[ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 70.724561] #PF: supervisor read access in kernel mode\n[ 70.724561] #PF: error_code(0x0000) - not-present page\n[ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0\n[ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991\n[ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel\n[ 70.724561] Code: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 <49> 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49\nAll code\n========\n 0:\t24 08 \tand $0x8,%al\n 2:\t49 c1 e1 06 \tshl $0x6,%r9\n 6:\t44 89 7c 24 18 \tmov %r15d,0x18(%rsp)\n b:\t45 31 ed \txor %r13d,%r13d\n e:\t45 31 c0 \txor %r8d,%r8d\n 11:\t31 ff \txor %edi,%edi\n 13:\t89 44 24 14 \tmov %eax,0x14(%rsp)\n 17:\t4c 03 8b 90 01 00 00 \tadd 0x190(%rbx),%r9\n 1e:\teb 04 \tjmp 0x24\n 20:\t39 ca \tcmp %ecx,%edx\n 22:\t73 37 \tjae 0x5b\n 24:\t4d 8b 39 \tmov (%r9),%r15\n 27:\t83 c7 01 \tadd $0x1,%edi\n 2a:*\t49 8b 17 \tmov (%r15),%rdx\t\t<-- trapping instruction\n 2d:\t49 89 11 \tmov %rdx,(%r9)\n 30:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n 34:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n 38:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 3f:\t49 \trex.WB\n\nCode starting with the faulting instruction\n===========================================\n 0:\t49 8b 17 \tmov (%r15),%rdx\n 3:\t49 89 11 \tmov %rdx,(%r9)\n 6:\t41 8b 57 28 \tmov 0x28(%r15),%edx\n a:\t45 8b 5f 34 \tmov 0x34(%r15),%r11d\n e:\t49 c7 07 00 00 00 00 \tmovq $0x0,(%r15)\n 15:\t49 \trex.WB\n[ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202\n[ 70.724561] RAX: 0000000002000000 RBX: ffff95ae841de000 RCX: 0000000000000000\n[ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001\n[ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000\n[ 70.724561] R10: 0000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58\n[ 70.724561] R13: 0000000000000000 R14: 0000000000000040 R15: 0000000000000000\n[ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000\n[ 70.724561] CS: 0010 DS: 0000 ES: 0000 C\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: evitar un posible desbordamiento en qdisc_pkt_len_init() con UFO Despu\u00e9s de el commit 7c6d2ecbda83 (\"net: sea m\u00e1s cuidadoso con las solicitudes gso tontas que vienen del usuario\"), virtio_net_hdr_to_skb() tuvo una verificaci\u00f3n de cordura para detectar intentos maliciosos desde el espacio del usuario de cocinar un paquete GSO defectuoso. Luego, confirma cf9acc90c80ec (\"net: virtio_net_hdr_to_skb: cuenta el encabezado de transporte en UFO\") mientras corrige un problema, permiti\u00f3 que el espacio de usuario cocinara un paquete GSO con la siguiente caracter\u00edstica: IPv4 SKB_GSO_UDP, gso_size=3, skb->len = 28. Cuando este paquete llega a qdisc_pkt_len_init(), terminamos con hdr_len = 28 (encabezado IPv4 + encabezado UDP), que coincide con skb->len. Luego, lo siguiente establece gso_segs en 0: gso_segs = DIV_ROUND_UP(skb->len - hdr_len, shinfo->gso_size); Luego, configuramos qdisc_skb_cb(skb)->pkt_len nuevamente a cero :/ qdisc_skb_cb(skb)->pkt_len += (gso_segs - 1) * hdr_len; Esto genera el siguiente bloqueo en fq_codel [1] qdisc_pkt_len_init() es el mejor esfuerzo, solo queremos una estimaci\u00f3n de los bytes enviados en la red, no bloquear el kernel. Este parche soluciona este problema en particular, el siguiente agrega m\u00e1s controles de cordura para otro error potencial. [1] [ 70.724101] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 [ 70.724561] #PF: acceso de lectura del supervisor en modo n\u00facleo [ 70.724561] #PF: error_code(0x0000) - p\u00e1gina no presente [ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0 [ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI [ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 No contaminado 6.11.0-virtme #991 [ 70.724561] Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 [ 70.724561] RIP: 0010:fq_codel_enqueue (net/sched/sch_fq_codel.c:120 net/sched/sch_fq_codel.c:168 net/sched/sch_fq_codel.c:230) sch_fq_codel [ 70.724561] C\u00f3digo: 24 08 49 c1 e1 06 44 89 7c 24 18 45 31 ed 45 31 c0 31 ff 89 44 24 14 4c 03 8b 90 01 00 00 eb 04 39 ca 73 37 4d 8b 39 83 c7 01 <49> 8b 17 49 89 11 41 8b 57 28 45 8b 5f 34 49 c7 07 00 00 00 00 49 Todo el c\u00f3digo ======== 0: 24 08 y $0x8,%al 2: 49 c1 e1 06 shl $0x6,%r9 6: 44 89 7c 24 18 mov %r15d,0x18(%rsp) b: 45 31 ed xor %r13d,%r13d e: 45 31 c0 xor %r8d,%r8d 11: 31 ff xor %edi,%edi 13: 89 44 24 14 mov %eax,0x14(%rsp) 17: 4c 03 8b 90 01 00 00 suma 0x190(%rbx),%r9 1e: eb 04 jmp 0x24 20: 39 ca cmp %ecx,%edx 22: 73 37 jae 0x5b 24: 4d 8b 39 mov (%r9),%r15 27: 83 c7 01 suma $0x1,%edi 2a:* 49 8b 17 mov (%r15),%rdx <-- instrucci\u00f3n de captura 2d: 49 89 11 mov %rdx,(%r9) 30: 41 8b 57 28 mov 0x28(%r15),%edx 34: 45 8b 5f 34 mov 0x34(%r15),%r11d 38: 49 c7 07 00 00 00 00 movq $0x0,(%r15) 3f: 49 rex.WB C\u00f3digo que comienza con la instrucci\u00f3n que fallo ============================================= 0: 49 8b 17 mov (%r15),%rdx 3: 49 89 11 mov %rdx,(%r9) 6: 41 8b 57 28 mov 0x28(%r15),%edx a: 45 8b 5f 34 mov 0x34(%r15),%r11d e: 49 c7 07 00 00 00 00 movq $0x0,(%r15) 15: 49 rex.WB [ 70.724561] RSP: 0018:ffff95ae85e6fb90 EFLAGS: 00000202 [ 70.724561] RAX: 000000000200000 RBX: ffff95ae841de000 RCX: 0000000000000000 [ 70.724561] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000000000001 [ 70.724561] RBP: ffff95ae85e6fbf8 R08: 0000000000000000 R09: ffff95b710a30000 [ 70.724561] R10: 000000000000000 R11: bdf289445ce31881 R12: ffff95ae85e6fc58 [ 70.724561] R13: 000000000000000 R14: 0000000000000040 R15: 0000000000000000 [ 70.724561] FS: 000000002c5c1380(0000) GS:ffff95bd7fcc0000(0000) knlGS:0000000000000000 [ 70.724561] CS: 0010 DS: 0000 ES: 0000 C ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49950.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49950.json index e1c2c7a7c87..5536b875c5d 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49950.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49950.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49950", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.417", - "lastModified": "2024-10-21T18:15:16.417", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: Fix uaf en l2cap_connect [Syzbot inform\u00f3] ERROR: KASAN: slab-use-after-free en l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880241e9800 por la tarea kworker/u9:0/54 CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 No contaminado 6.11.0-rc6-syzkaller-00268-g788220eee30d #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Cola de trabajo: hci2 hci_rx_work Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119 imprimir_direcci\u00f3n_descripci\u00f3n mm/kasan/report.c:377 [en l\u00ednea] imprimir_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [en l\u00ednea] l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [en l\u00ednea] l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [en l\u00ednea] l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825 l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514 hci_acldata_packet net/bluetooth/hci_core.c:3791 [en l\u00ednea] hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [en l\u00ednea] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 ... Liberado por la tarea 5245: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [en l\u00ednea] slab_free_hook mm/slub.c:2256 [en l\u00ednea] slab_free mm/slub.c:4477 [en l\u00ednea] kfree+0x12a/0x3b0 mm/slub.c:4598 l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [en l\u00ednea] kref_put include/linux/kref.h:65 [en l\u00ednea] l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [en l\u00ednea] l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802 l2cap_connect_cfm+0x9e6/0xf80 red/bluetooth/l2cap_core.c:7241 hci_connect_cfm include/red/bluetooth/hci_core.h:1960 [en l\u00ednea] hci_conn_failed+0x1c3/0x370 red/bluetooth/hci_conn.c:1265 hci_abort_conn_sync+0x75a/0xb50 red/bluetooth/hci_sync.c:5583 abort_conn_sync+0x197/0x360 red/bluetooth/hci_conn.c:2917 hci_cmd_sync_work+0x1a4/0x410 red/bluetooth/hci_sync.c:328 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [en l\u00ednea] worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49951.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49951.json index 9ecc4c59a04..1d207211d05 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49951.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49951.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49951", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.500", - "lastModified": "2024-10-21T18:15:16.500", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible crash on mgmt_index_removed\n\nIf mgmt_index_removed is called while there are commands queued on\ncmd_sync it could lead to crashes like the bellow trace:\n\n0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc\n0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth]\n0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth]\n0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth]\n\nSo while handling mgmt_index_removed this attempts to dequeue\ncommands passed as user_data to cmd_sync." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: MGMT: Se corrige un posible fallo en mgmt_index_removed Si se llama a mgmt_index_removed mientras hay comandos en cola en cmd_sync, podr\u00eda provocar fallos como el siguiente seguimiento: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] Entonces, mientras se maneja mgmt_index_removed, esto intenta quitar de la cola los comandos pasados como usuario_data a cmd_sync." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49952.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49952.json index 68e26d10505..153329401c2 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49952.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49952.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49952", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.590", - "lastModified": "2024-10-21T18:15:16.590", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prevent nf_skb_duplicated corruption\n\nsyzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write\nper-cpu variable nf_skb_duplicated in an unsafe way [1].\n\nDisabling preemption as hinted by the splat is not enough,\nwe have to disable soft interrupts as well.\n\n[1]\nBUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316\n caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\nCPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49\n nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87\n nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook+0x2c4/0x450 include/linux/netfilter.h:269\n NF_HOOK_COND include/linux/netfilter.h:302 [inline]\n ip_output+0x185/0x230 net/ipv4/ip_output.c:433\n ip_local_out net/ipv4/ip_output.c:129 [inline]\n ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495\n udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981\n udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737\n __do_sys_sendmmsg net/socket.c:2766 [inline]\n __se_sys_sendmmsg net/socket.c:2763 [inline]\n __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f4ce4f7def9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9\nRDX: 0000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006\nRBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: prevent nf_skb_duplicated democracy syzbot encontr\u00f3 que nf_dup_ipv4() o nf_dup_ipv6() podr\u00edan escribir la variable por CPU nf_skb_duplicated de una manera insegura [1]. Deshabilitar la preempci\u00f3n como lo sugiere el splat no es suficiente, tambi\u00e9n tenemos que deshabilitar las interrupciones suaves. [1] ERROR: uso de __this_cpu_write() en c\u00f3digo preemptible [00000000]: syz.4.282/6316 el llamador es nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 CPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 No contaminado 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 check_preemption_disabled+0x10e/0x120 lib/smp_processor_id.c:49 nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 nft_dup_ipv4_eval+0x1db/0x300 net/ipv4/netfilter/nft_dup_ipv4.c:30 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_ipv4+0x202/0x320 net/netfilter/nft_chain_filter.c:23 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook+0x2c4/0x450 incluye/linux/netfilter.h:269 NF_HOOK_COND incluye/linux/netfilter.h:302 [en l\u00ednea] ip_output+0x185/0x230 net/ipv4/ip_output.c:433 ip_local_out net/ipv4/ip_output.c:129 [en l\u00ednea] ip_send_skb+0x74/0x100 net/ipv4/ip_output.c:1495 udp_send_skb+0xacf/0x1650 net/ipv4/udp.c:981 udp_sendmsg+0x1c21/0x2a60 net/ipv4/udp.c:1269 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [en l\u00ednea] __sys_sendmmsg+0x3b2/0x740 net/socket.c:2737 __do_sys_sendmmsg net/socket.c:2766 [en l\u00ednea] __se_sys_sendmmsg net/socket.c:2763 [en l\u00ednea] __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2763 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4ce4f7def9 C\u00f3digo: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4ce5d4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f4ce5135f80 RCX: 00007f4ce4f7def9 RDX: 00000000000000001 RSI: 0000000020005d40 RDI: 0000000000000006 RBP: 00007f4ce4ff0b76 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f4ce5135f80 R15: 00007ffd4cbc6d68 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49953.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49953.json index 33c57075c33..24d7d6333b5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49953.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49953.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49953", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.673", - "lastModified": "2024-10-21T18:15:16.673", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice\n\nThe km.state is not checked in driver's delayed work. When\nxfrm_state_check_expire() is called, the state can be reset to\nXFRM_STATE_EXPIRED, even if it is XFRM_STATE_DEAD already. This\nhappens when xfrm state is deleted, but not freed yet. As\n__xfrm_state_delete() is called again in xfrm timer, the following\ncrash occurs.\n\nTo fix this issue, skip xfrm_state_check_expire() if km.state is not\nXFRM_STATE_VALID.\n\n Oops: general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n CPU: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 Not tainted 6.11.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core]\n RIP: 0010:__xfrm_state_delete+0x3d/0x1b0\n Code: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 <48> 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48\n RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246\n RAX: dead000000000122 RBX: ffffffff82afa940 RCX: 0000000000000036\n RDX: dead000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980\n RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000\n R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246\n R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400\n FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? die_addr+0x33/0x90\n ? exc_general_protection+0x1a2/0x390\n ? asm_exc_general_protection+0x22/0x30\n ? __xfrm_state_delete+0x3d/0x1b0\n ? __xfrm_state_delete+0x2f/0x1b0\n xfrm_timer_handler+0x174/0x350\n ? __xfrm_state_delete+0x1b0/0x1b0\n __hrtimer_run_queues+0x121/0x270\n hrtimer_run_softirq+0x88/0xd0\n handle_softirqs+0xcc/0x270\n do_softirq+0x3c/0x50\n \n \n __local_bh_enable_ip+0x47/0x50\n mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core]\n process_one_work+0x137/0x2d0\n worker_thread+0x28d/0x3a0\n ? rescuer_thread+0x480/0x480\n kthread+0xb8/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Se corrige el fallo causado por llamar a __xfrm_state_delete() dos veces. El km.state no se comprueba en el trabajo retrasado del controlador. Cuando se llama a xfrm_state_check_expire(), el estado se puede restablecer a XFRM_STATE_EXPIRED, incluso si ya est\u00e1 XFRM_STATE_DEAD. Esto sucede cuando se elimina el estado de xfrm, pero a\u00fan no se libera. Cuando se vuelve a llamar a __xfrm_state_delete() en el temporizador de xfrm, se produce el siguiente fallo. Para solucionar este problema, omita xfrm_state_check_expire() si km.state no es XFRM_STATE_VALID. Ups: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdead000000000108: 0000 [#1] CPU SMP: 5 UID: 0 PID: 7448 Comm: kworker/u102:2 No contaminado 6.11.0-rc2+ #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Cola de trabajo: mlx5e_ipsec: eth%d mlx5e_ipsec_handle_sw_limits [mlx5_core] RIP: 0010:__xfrm_state_delete+0x3d/0x1b0 C\u00f3digo: 0f 84 8b 01 00 00 48 89 fd c6 87 c8 00 00 00 05 48 8d bb 40 10 00 00 e8 11 04 1a 00 48 8b 95 b8 00 00 00 48 8b 85 c0 00 00 00 <48> 89 42 08 48 89 10 48 8b 55 10 48 b8 00 01 00 00 00 00 ad de 48 RSP: 0018:ffff88885f945ec8 EFLAGS: 00010246 RAX: muerto000000000122 RBX: ffffffff82afa940 RCX: 00000000000000036 RDX: muerto000000000100 RSI: 0000000000000000 RDI: ffffffff82afb980 RBP: ffff888109a20340 R08: ffff88885f945ea0 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88885f945ff8 R12: 0000000000000246 R13: ffff888109a20340 R14: ffff88885f95f420 R15: ffff88885f95f400 FS: 0000000000000000(0000) GS:ffff88885f940000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2163102430 CR3: 00000001128d6001 CR4: 0000000000370eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: ? die_addr+0x33/0x90 ? exc_general_protection+0x1a2/0x390 ? asm_exc_general_protection+0x22/0x30 ? __xfrm_state_delete+0x3d/0x1b0 ? __xfrm_state_delete+0x2f/0x1b0 xfrm_timer_handler+0x174/0x350 ? __local_bh_enable_ip+0x47/0x50 mlx5e_ipsec_handle_sw_limits+0x7d/0x90 [mlx5_core] process_one_work+0x137/0x2d0 worker_thread+0x28d/0x3a0 ? rescuer_thread+0x480/0x480 kthread+0xb8/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49954.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49954.json index ecbc9b5dfaa..098bea352ae 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49954.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49954.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49954", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.753", - "lastModified": "2024-10-21T18:15:16.753", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat's not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: static_call: Reemplazar WARN_ON() sin sentido en static_call_module_notify() static_call_module_notify() activa un WARN_ON() cuando la asignaci\u00f3n de memoria fallo en __static_call_add_module(). Esto no est\u00e1 realmente justificado, porque el caso de fallo debe ser manejado correctamente por la cadena de llamadas conocida y el c\u00f3digo de error se pasa a la aplicaci\u00f3n de espacio de usuario que la inicia. Un error en la asignaci\u00f3n de memoria no es un problema fatal, pero WARN_ON() deja fuera de servicio la m\u00e1quina cuando se establece panic_on_warn. Reempl\u00e1zalo con un pr_warn()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49955.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49955.json index 0cfad420b3b..af2c94d3479 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49955.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49955.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49955", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.833", - "lastModified": "2024-10-21T18:15:16.833", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: battery: Fix possible crash when unregistering a battery hook\n\nWhen a battery hook returns an error when adding a new battery, then\nthe battery hook is automatically unregistered.\nHowever the battery hook provider cannot know that, so it will later\ncall battery_hook_unregister() on the already unregistered battery\nhook, resulting in a crash.\n\nFix this by using the list head to mark already unregistered battery\nhooks as already being unregistered so that they can be ignored by\nbattery_hook_unregister()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: bater\u00eda: se corrige un posible fallo al anular el registro de un gancho de bater\u00eda Cuando un gancho de bater\u00eda devuelve un error al a\u00f1adir una bater\u00eda nueva, el gancho de bater\u00eda se anula autom\u00e1ticamente el registro. Sin embargo, el proveedor del gancho de bater\u00eda no puede saberlo, por lo que m\u00e1s tarde llamar\u00e1 a battery_hook_unregister() en el gancho de bater\u00eda ya anulado, lo que provocar\u00e1 un fallo. Solucione esto utilizando el encabezado de lista para marcar los ganchos de bater\u00eda ya anulados como ya anulados para que battery_hook_unregister() pueda ignorarlos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49956.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49956.json index 41627277427..ce311864ece 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49956.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49956.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49956", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.893", - "lastModified": "2024-10-21T18:15:16.893", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fix double destroy_workqueue error\n\nWhen gfs2_fill_super() fails, destroy_workqueue() is called within\ngfs2_gl_hash_clear(), and the subsequent code path calls\ndestroy_workqueue() on the same work queue again.\n\nThis issue can be fixed by setting the work queue pointer to NULL after\nthe first destroy_workqueue() call and checking for a NULL pointer\nbefore attempting to destroy the work queue again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: se corrige el error doble destroy_workqueue Cuando falla gfs2_fill_super(), se llama destroy_workqueue() dentro de gfs2_gl_hash_clear() y la ruta de c\u00f3digo posterior vuelve a llamar a destroy_workqueue() en la misma cola de trabajo. Este problema se puede solucionar configurando el puntero de la cola de trabajo en NULL despu\u00e9s de la primera llamada destroy_workqueue() y comprobando si hay un puntero NULL antes de intentar destruir la cola de trabajo nuevamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49957.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49957.json index 0e50d881cd8..2b2db01d175 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49957.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49957.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49957", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:16.950", - "lastModified": "2024-10-21T18:15:16.950", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix null-ptr-deref when journal load failed.\n\nDuring the mounting process, if journal_reset() fails because of too short\njournal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. \nSubsequently, ocfs2_journal_shutdown() calls\njbd2_journal_flush()->jbd2_cleanup_journal_tail()->\n__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()\n->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer\ndereference error.\n\nTo resolve this issue, we should check the JBD2_LOADED flag to ensure the\njournal was properly loaded. Additionally, use journal instead of\nosb->journal directly to simplify the code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: se corrige el error null-ptr-deref cuando falla la carga del diario. Durante el proceso de montaje, si journal_reset() falla debido a que el diario es demasiado corto, entonces provoca que jbd2_journal_load() falle con j_sb_buffer NULL. Posteriormente, ocfs2_journal_shutdown() llama a jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), lo que da como resultado un error de desreferencia de puntero nulo. Para resolver este problema, debemos verificar el indicador JBD2_LOADED para asegurarnos de que el diario se carg\u00f3 correctamente. Adem\u00e1s, use journal en lugar de osb->journal directamente para simplificar el c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49958.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49958.json index 6f7cbcb8331..62a0677d8b3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49958.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49958.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49958", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.050", - "lastModified": "2024-10-21T18:15:17.050", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: reserva espacio para xattr en l\u00ednea antes de adjuntar \u00e1rbol reflink Uno de nuestros clientes inform\u00f3 de un fallo y un sistema de archivos ocfs2 da\u00f1ado. El fallo se debi\u00f3 a la detecci\u00f3n de una corrupci\u00f3n. Tras la resoluci\u00f3n de problemas, la salida de fsck -fn mostr\u00f3 la siguiente corrupci\u00f3n [EXTENT_LIST_FREE] La lista de extensiones del propietario 33080590 afirma que 230 es el siguiente registro de cadena libre, pero fsck cree que el valor v\u00e1lido m\u00e1s grande es 227. \u00bfFijar el siguiente valor de registro? n La salida de estad\u00edsticas de debugfs.ocfs2 mostr\u00f3 la siguiente corrupci\u00f3n, donde \"Next Free Rec:\" hab\u00eda superado \"Count:\" en el bloque de metadatos ra\u00edz. Inodo: 33080590 Modo: 0640 Generaci\u00f3n: 2619713622 (0x9c25a856) Generaci\u00f3n FS: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Tipo: Regular Atributo: 0x0 Indicadores: V\u00e1lido Caracter\u00edsticas din\u00e1micas: (0x16) HasXattr InlineXattr Refcounted Bloque de atributos extendidos: 0 Tama\u00f1o en l\u00ednea de atributos extendidos: 256 Usuario: 0 (ra\u00edz) Grupo: 0 (ra\u00edz) Tama\u00f1o: 281320357888 Enlaces: 1 Cl\u00fasteres: 141738 ctime: 0x66911b56 0x316edcb8 -- Vie Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Vie Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Vie Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Mi\u00e9 Dic 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... ....... ....... El problema estaba en el flujo de trabajo de reflink mientras se reservaba espacio para xattr en l\u00ednea. La funci\u00f3n problem\u00e1tica es ocfs2_reflink_xattr_inline(). Para cuando se llama a esta funci\u00f3n, el \u00e1rbol de reflink ya se ha recreado en el inodo de destino a partir del inodo de origen. En este punto, esta funci\u00f3n reserva espacio para xattrs en l\u00ednea en el inodo de destino sin siquiera verificar si hay espacio en el bloque de metadatos ra\u00edz. Simplemente reduce el l_count de 243 a 227, lo que crea un espacio de 256 bytes para xattr en l\u00ednea, mientras que el inodo ya tiene extensiones m\u00e1s all\u00e1 de este \u00edndice (en este caso, hasta 230), lo que provoca corrupci\u00f3n. La soluci\u00f3n para esto es reservar espacio para metadatos en l\u00ednea en el inodo de destino antes de que se vuelva a crear el \u00e1rbol de enlaces de referencia. El cliente ha verificado la soluci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49959.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49959.json index 15e82a2a832..e384ba07954 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49959.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49959.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49959", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.123", - "lastModified": "2024-10-21T18:15:17.123", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jbd2: dejad de esperar espacio cuando jbd2_cleanup_journal_tail() devuelve un error En __jbd2_log_wait_for_space(), podr\u00edamos llamar a jbd2_cleanup_journal_tail() para recuperar algo de espacio en el diario. Pero si ocurre un error mientras se ejecuta jbd2_cleanup_journal_tail() (por ejemplo, un EIO), no dejamos de esperar espacio libre de inmediato, probamos otras ramas y, si j_committing_transaction es NULL (es decir, el tid es 0), obtendremos la siguiente queja: =============================================== JBD2: Error de E/S al actualizar el superbloque del diario para sdd-8. __jbd2_log_wait_for_space: se necesitaban 256 bloques y solo hab\u00eda 217 de espacio disponible __jbd2_log_wait_for_space: no hay forma de obtener m\u00e1s espacio de diario en sdd-8 ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 2 PID: 139804 en fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0 M\u00f3dulos vinculados: CPU: 2 PID: 139804 Comm: kworker/u8:3 No contaminado 6.6.0+ #1 RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0 Rastreo de llamadas: add_transaction_credits+0x5d1/0x5e0 start_this_handle+0x1ef/0x6a0 jbd2__journal_start+0x18b/0x340 ext4_dirty_inode+0x5d/0xb0 __mark_inode_dirty+0xe4/0x5d0 generic_update_time+0x60/0x70 [...] == ..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49960.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49960.json index 1067f29d543..74972b536f3 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49960.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49960.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49960", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.187", - "lastModified": "2024-10-21T18:15:17.187", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: fix timer use-after-free on failed mount Syzbot ha encontrado un error ODEBUG en ext4_fill_super La funci\u00f3n del_timer_sync cancela el temporizador s_err_report, que recuerda los errores del sistema de archivos a diario. Debemos garantizar que el temporizador ya no est\u00e9 activo antes de kfree(sbi). Cuando falla el montaje del sistema de archivos, el flujo va a failed_mount3, donde ocurre un error cuando se llama a ext4_stop_mmpd, lo que causa un error de E/S de lectura. Esto activa la funci\u00f3n ext4_handle_error que, en \u00faltima instancia, vuelve a armar el temporizador, dejando el temporizador s_err_report activo antes de que se llame a kfree(sbi). Solucione el problema cancelando el temporizador s_err_report despu\u00e9s de llamar a ext4_stop_mmpd." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49961.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49961.json index a01317bc305..9ee27f367ac 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49961.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49961.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49961", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.267", - "lastModified": "2024-10-21T18:15:17.267", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ar0521: Use cansleep version of gpiod_set_value()\n\nIf we use GPIO reset from I2C port expander, we must use *_cansleep()\nvariant of GPIO functions.\nThis was not done in ar0521_power_on()/ar0521_power_off() functions.\nLet's fix that.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c\nModules linked in:\nCPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\nWorkqueue: events_unbound deferred_probe_work_func\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : gpiod_set_value+0x74/0x7c\nlr : ar0521_power_on+0xcc/0x290\nsp : ffffff8001d7ab70\nx29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000\nx26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088\nx23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088\nx20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80\nx17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000\nx14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930\nx11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0\nx8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780\nx5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n gpiod_set_value+0x74/0x7c\n ar0521_power_on+0xcc/0x290\n..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: i2c: ar0521: Usar la versi\u00f3n cansleep de gpiod_set_value() Si usamos el restablecimiento de GPIO desde el expansor de puerto I2C, debemos usar la variante *_cansleep() de las funciones GPIO. Esto no se hac\u00eda en las funciones ar0521_power_on()/ar0521_power_off(). Vamos a solucionarlo. ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 11 en drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c M\u00f3dulos vinculados en: CPU: 0 PID: 11 Comm: kworker/u16:0 No contaminado 6.10.0 #53 Nombre del hardware: Diasom DS-RK3568-SOM-EVB (DT) Cola de trabajo: events_unbound deferred_probe_work_func pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gpiod_set_value+0x74/0x7c lr : ar0521_power_on+0xcc/0x290 sp : ffffff8001d7ab70 x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000 x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088 x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088 x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80 x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000 x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930 x11: ffffff8001eb2880 x10: 0000000000000890 x9: ffffff8001d7a9f0 x8: ffffff8001d92570 x7: ffffff80efeeac80 x6: 000000003fc6e780 x5: ffffff8001d91c80 x4: 0000000000000002 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001 Rastreo de llamadas: gpiod_set_value+0x74/0x7c ar0521_power_on+0xcc/0x290 ..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49962.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49962.json index 8d49d50ded6..128b54a75f7 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49962.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49962.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49962", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.353", - "lastModified": "2024-10-21T18:15:17.353", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()\n\nACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\n\nACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause\nNULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPICA: comprobar el retorno nulo de ACPI_ALLOCATE_ZEROED() en acpi_db_convert_to_package() Confirmaci\u00f3n de ACPICA 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPI_ALLOCATE_ZEROED() puede fallar, los elementos pueden ser NULL y causar\u00e1n una desreferencia de puntero NULL m\u00e1s adelante. [ rjw: Ediciones de asunto y registro de cambios ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49963.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49963.json index c14a87bab67..116ab72eaa6 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49963.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49963.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49963", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.447", - "lastModified": "2024-10-21T18:15:17.447", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn't consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mailbox: bcm2835: Fix timeout during suspend mode Durante la fase de suspensi\u00f3n de noirq, el controlador de energ\u00eda de Raspberry Pi sufre tiempos de espera de propiedad de firmware. La raz\u00f3n es que la IRQ del buz\u00f3n BCM2835 subyacente est\u00e1 deshabilitada y rpi_firmware_property_list() siempre se encontrar\u00e1 con un tiempo de espera [1]. Dado que el lado de VideoCore no se considera una fuente de reactivaci\u00f3n, configure el indicador IRQF_NO_SUSPEND para el IRQ del buz\u00f3n para mantenerlo habilitado durante el ciclo de suspensi\u00f3n-reanudaci\u00f3n. [1] PM: suspensi\u00f3n tard\u00eda de dispositivos completada despu\u00e9s de 1,754 msegs ADVERTENCIA: CPU: 0 PID: 438 en drivers/firmware/raspberrypi.c:128 rpi_firmware_property_list+0x204/0x22c Tiempo de espera de transacci\u00f3n de firmware 0x00028001 M\u00f3dulos vinculados: CPU: 0 PID: 438 Comm: bash Tainted: GC 6.9.3-dirty #17 Nombre del hardware: BCM2835 Rastreo de llamadas: unwind_backtrace de show_stack+0x18/0x1c show_stack de dump_stack_lvl+0x34/0x44 dump_stack_lvl de __warn+0x88/0xec __warn de warn_slowpath_fmt+0x7c/0xb0 warn_slowpath_fmt de rpi_firmware_property_list+0x204/0x22c rpi_firmware_property_list de rpi_firmware_property+0x68/0x8c rpi_firmware_property de rpi_firmware_set_power+0x54/0xc0 rpi_firmware_set_power de _genpd_power_off+0xe4/0x148 _genpd_power_off de genpd_sync_power_off+0x7c/0x11c genpd_sync_power_off de genpd_finish_suspend+0xcc/0xe0 genpd_finish_suspend de dpm_run_callback+0x78/0xd0 dpm_run_callback de device_suspend_noirq+0xc0/0x238 device_suspend_noirq de dpm_suspend_noirq+0xb0/0x168 dpm_suspend_noirq desde suspend_devices_and_enter+0x1b8/0x5ac suspend_devices_and_enter desde pm_suspend+0x254/0x2e4 pm_suspend desde state_store+0xa8/0xd4 state_store desde kernfs_fop_write_iter+0x154/0x1a0 kernfs_fop_write_iter desde vfs_write+0x12c/0x184 vfs_write desde ksys_write+0x78/0xc0 ksys_write desde ret_fast_syscall+0x0/0x54 Pila de excepciones (0xcc93dfa8 a 0xcc93dff0) [...] PM: suspensi\u00f3n noirq de dispositivos completada despu\u00e9s de 3095,584 mseg" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49964.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49964.json index fdd5ee50fa2..4b8a459cf2b 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49964.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49964.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49964", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.510", - "lastModified": "2024-10-21T18:15:17.510", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix memfd_pin_folios free_huge_pages leak\n\nmemfd_pin_folios followed by unpin_folios fails to restore free_huge_pages\nif the pages were not already faulted in, because the folio refcount for\npages created by memfd_alloc_folio never goes to 0. memfd_pin_folios\nneeds another folio_put to undo the folio_try_get below:\n\nmemfd_alloc_folio()\n alloc_hugetlb_folio_nodemask()\n dequeue_hugetlb_folio_nodemask()\n dequeue_hugetlb_folio_node_exact()\n folio_ref_unfreeze(folio, 1); ; adds 1 refcount\n folio_try_get() ; adds 1 refcount\n hugetlb_add_to_page_cache() ; adds 512 refcount (on x86)\n\nWith the fix, after memfd_pin_folios + unpin_folios, the refcount for the\n(unfaulted) page is 512, which is correct, as the refcount for a faulted\nunpinned page is 513." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/hugetlb: se corrige la fuga de free_huge_pages de memfd_pin_folios memfd_pin_folios seguido de unpin_folios no puede restaurar free_huge_pages si las p\u00e1ginas no ten\u00edan ya un error, porque el recuento de referencias de folio para las p\u00e1ginas creadas por memfd_alloc_folio nunca llega a 0. memfd_pin_folios necesita otro folio_put para deshacer el folio_try_get a continuaci\u00f3n: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; agrega 1 recuento de referencias folio_try_get() ; agrega 1 recuento de referencias hugetlb_add_to_page_cache() ; agrega 512 refcount (en x86) Con la soluci\u00f3n, despu\u00e9s de memfd_pin_folios + unpin_folios, el refcount para la p\u00e1gina (sin fallos) es 512, lo cual es correcto, ya que el refcount para una p\u00e1gina sin fijar con fallos es 513." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49965.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49965.json index 423555b9b0d..5afe3b1c026 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49965.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49965.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49965", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.593", - "lastModified": "2024-10-21T18:15:17.593", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: eliminar el desbloqueo irrazonable en ocfs2_read_blocks Serie de parches \"Correcciones varias para ocfs2_read_blocks\", v5. Esta serie contiene 2 correcciones para ocfs2_read_blocks(). El primer parche corrige el problema informado por syzbot, que detecta un balance de desbloqueo incorrecto en ocfs2_read_blocks(). El segundo parche corrige un problema informado por Heming Zhao al revisar la correcci\u00f3n anterior. Este parche (de 2): Hubo una liberaci\u00f3n de bloqueo antes de salir, as\u00ed que elimine el desbloqueo irrazonable." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49966.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49966.json index 7173b3aa421..f8261321851 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49966.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49966.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49966", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.683", - "lastModified": "2024-10-21T18:15:17.683", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: cancelar dqi_sync_work antes de liberar oinfo ocfs2_global_read_info() inicializar\u00e1 y programar\u00e1 dqi_sync_work al final, si ocurre un error despu\u00e9s de leer exitosamente la cuota global, activar\u00e1 la siguiente advertencia con CONFIG_DEBUG_OBJECTS_* habilitado: ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c Esto informa que hay un trabajo retrasado activo al liberar oinfo en el manejo de errores, as\u00ed que cancele dqi_sync_work primero. POR CIERTO, devuelva el estado en lugar de -1 cuando .read_file_info falle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49967.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49967.json index d480b798a57..4181c3d6569 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49967.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49967.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49967", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.767", - "lastModified": "2024-10-21T18:15:17.767", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: no need to continue when the number of entries is 1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: no es necesario continuar cuando el n\u00famero de entradas es 1" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49968.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49968.json index 8511abab43a..3fb73951376 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49968.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49968.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49968", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.833", - "lastModified": "2024-10-21T18:15:17.833", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filesystems without casefold feature cannot be mounted with siphash\n\nWhen mounting the ext4 filesystem, if the default hash version is set to\nDX_HASH_SIPHASH but the casefold feature is not set, exit the mounting." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: los sistemas de archivos sin la funci\u00f3n casefold no se pueden montar con siphash Al montar el sistema de archivos ext4, si la versi\u00f3n hash predeterminada est\u00e1 configurada en DX_HASH_SIPHASH pero la funci\u00f3n casefold no est\u00e1 configurada, salga del montaje." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49969.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49969.json index 9bd35b6e544..114c9e11913 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49969.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49969.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49969", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.910", - "lastModified": "2024-10-21T18:15:17.910", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index 'i' exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Correcci\u00f3n de \u00edndice fuera de los l\u00edmites en transformaci\u00f3n de color DCN30 Esta confirmaci\u00f3n aborda un posible problema de \u00edndice fuera de los l\u00edmites en la funci\u00f3n `cm3_helper_translate_curve_to_hw_format` en el m\u00f3dulo de administraci\u00f3n de color DCN30. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede la cantidad de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La correcci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, la funci\u00f3n devuelve falso para indicar un error. cm3_helper_translate_curve_to_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: desbordamiento de b\u00fafer 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 Error de cm3_helper_translate_curve_to_hw_format(): desbordamiento de b\u00fafer 'output_tf->tf_pts.blue' 1025 <= s32max" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49970.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49970.json index 6aeff80330d..64b4467b618 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49970.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49970.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49970", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:17.973", - "lastModified": "2024-10-21T18:15:17.973", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Implement bounds check for stream encoder creation in DCN401\n\n'stream_enc_regs' array is an array of dcn10_stream_enc_registers\nstructures. The array is initialized with four elements, corresponding\nto the four calls to stream_enc_regs() in the array initializer. This\nmeans that valid indices for this array are 0, 1, 2, and 3.\n\nThe error message 'stream_enc_regs' 4 <= 5 below, is indicating that\nthere is an attempt to access this array with an index of 5, which is\nout of bounds. This could lead to undefined behavior\n\nHere, eng_id is used as an index to access the stream_enc_regs array. If\neng_id is 5, this would result in an out-of-bounds access on the\nstream_enc_regs array.\n\nThus fixing Buffer overflow error in dcn401_stream_encoder_create\n\nFound by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 dcn401_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Implementar comprobaci\u00f3n de los l\u00edmites para la creaci\u00f3n de codificadores de flujo en DCN401 La matriz 'stream_enc_regs' es una matriz de estructuras dcn10_stream_enc_registers. La matriz se inicializa con cuatro elementos, que corresponden a las cuatro llamadas a stream_enc_regs() en el inicializador de la matriz. Esto significa que los \u00edndices v\u00e1lidos para esta matriz son 0, 1, 2 y 3. El mensaje de error 'stream_enc_regs' 4 <= 5 a continuaci\u00f3n indica que hay un intento de acceder a esta matriz con un \u00edndice de 5, que est\u00e1 fuera de los l\u00edmites. Esto podr\u00eda provocar un comportamiento indefinido Aqu\u00ed, eng_id se utiliza como \u00edndice para acceder a la matriz stream_enc_regs. Si eng_id es 5, esto dar\u00eda como resultado un acceso fuera de los l\u00edmites en la matriz stream_enc_regs. De esta forma se soluciona el error de desbordamiento de b\u00fafer en dcn401_stream_encoder_create. Encontrado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 Error en dcn401_stream_encoder_create(): desbordamiento de b\u00fafer 'stream_enc_regs' 4 <= 5" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49971.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49971.json index c25f8047d1b..0f02b867225 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49971.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49971.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49971", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.050", - "lastModified": "2024-10-21T18:15:18.050", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase array size of dummy_boolean\n\n[WHY]\ndml2_core_shared_mode_support and dml_core_mode_support access the third\nelement of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], when\ndummy_boolean has size of 2. Any assignment to hw_debug5 causes an\nOVERRUN.\n\n[HOW]\nIncrease dummy_boolean's array size to 3.\n\nThis fixes 2 OVERRUN issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Aumentar el tama\u00f1o de la matriz de dummy_boolean [POR QU\u00c9] dml2_core_shared_mode_support y dml_core_mode_support acceden al tercer elemento de dummy_boolean, es decir, hw_debug5 = &s->dummy_boolean[2], cuando dummy_boolean tiene un tama\u00f1o de 2. Cualquier asignaci\u00f3n a hw_debug5 provoca un OVERRUN. [C\u00d3MO] Aumentar el tama\u00f1o de la matriz de dummy_boolean a 3. Esto corrige 2 problemas de OVERRUN informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49972.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49972.json index 9524389f715..ac15bc6dce2 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49972.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49972.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49972", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.103", - "lastModified": "2024-10-21T18:15:18.103", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Deallocate DML memory if allocation fails\n\n[Why]\nWhen DC state create DML memory allocation fails, memory is not\ndeallocated subsequently, resulting in uninitialized structure\nthat is not NULL.\n\n[How]\nDeallocate memory if DML memory allocation fails." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Desasignar memoria DML si falla la asignaci\u00f3n [Por qu\u00e9] Cuando falla la asignaci\u00f3n de memoria DML al crear un estado de DC, la memoria no se desasigna posteriormente, lo que da como resultado una estructura no inicializada que no es NULL. [C\u00f3mo] Desasignar memoria si falla la asignaci\u00f3n de memoria DML." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49973.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49973.json index 0559f668627..2adc537cbe2 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49973.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49973.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49973", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.163", - "lastModified": "2024-10-21T18:15:18.163", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: add tally counter fields added with RTL8125\n\nRTL8125 added fields to the tally counter, what may result in the chip\ndma'ing these new fields to unallocated memory. Therefore make sure\nthat the allocated memory area is big enough to hold all of the\ntally counter values, even if we use only parts of it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: r8169: se agregaron campos del contador de recuento con RTL8125. RTL8125 agreg\u00f3 campos al contador de recuento, lo que puede provocar que el chip desactive estos nuevos campos en la memoria no asignada. Por lo tanto, aseg\u00farese de que el \u00e1rea de memoria asignada sea lo suficientemente grande como para contener todos los valores del contador de recuento, incluso si solo usamos partes de ella." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49974.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49974.json index 0b65444b982..f216fb3ce1f 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49974.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49974.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49974", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.227", - "lastModified": "2024-10-21T18:15:18.227", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Limit the number of concurrent async COPY operations\n\nNothing appears to limit the number of concurrent async COPY\noperations that clients can start. In addition, AFAICT each async\nCOPY can copy an unlimited number of 4MB chunks, so can run for a\nlong time. Thus IMO async COPY can become a DoS vector.\n\nAdd a restriction mechanism that bounds the number of concurrent\nbackground COPY operations. Start simple and try to be fair -- this\npatch implements a per-namespace limit.\n\nAn async COPY request that occurs while this limit is exceeded gets\nNFS4ERR_DELAY. The requesting client can choose to send the request\nagain after a delay or fall back to a traditional read/write style\ncopy.\n\nIf there is need to make the mechanism more sophisticated, we can\nvisit that in future patches." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSD: Limitar el n\u00famero de operaciones de COPIA as\u00edncronas concurrentes No parece que nada limite el n\u00famero de operaciones de COPIA as\u00edncronas concurrentes que los clientes pueden iniciar. Adem\u00e1s, seg\u00fan tengo entendido, cada COPIA as\u00edncrona puede copiar una cantidad ilimitada de fragmentos de 4 MB, por lo que puede ejecutarse durante mucho tiempo. Por lo tanto, en mi opini\u00f3n, la COPIA as\u00edncrona puede convertirse en un vector de denegaci\u00f3n de servicio (DoS). Agregue un mecanismo de restricci\u00f3n que limite el n\u00famero de operaciones de COPIA en segundo plano concurrentes. Comience de manera simple e intente ser justo: este parche implementa un l\u00edmite por espacio de nombres. Una solicitud de COPIA as\u00edncrona que se produce mientras se excede este l\u00edmite obtiene NFS4ERR_DELAY. El cliente solicitante puede elegir enviar la solicitud nuevamente despu\u00e9s de un retraso o volver a una copia de estilo de lectura/escritura tradicional. Si es necesario hacer que el mecanismo sea m\u00e1s sofisticado, podemos tratarlo en parches futuros." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49975.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49975.json index 6ad1b29b6fc..7c125193f37 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49975.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49975.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49975", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.287", - "lastModified": "2024-10-21T18:15:18.287", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uprobes: se corrige la fuga de informaci\u00f3n del kernel a trav\u00e9s de \"[uprobes]\" vma xol_add_vma() asigna la p\u00e1gina no inicializada asignada por __create_xol_area() al espacio de usuario. En algunas arquitecturas (x86), esta memoria se puede leer incluso sin VM_READ, VM_EXEC da como resultado el mismo pgprot_t que VM_EXEC|VM_READ, aunque esto realmente no importa, el depurador puede leer esta memoria de todos modos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49976.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49976.json index 2235e7859e3..f4e5c9ea7e6 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49976.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49976.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49976", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.353", - "lastModified": "2024-10-21T18:15:18.353", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Drop interface_lock in stop_kthread()\n\nstop_kthread() is the offline callback for \"trace/osnoise:online\", since\ncommit 5bfbcd1ee57b (\"tracing/timerlat: Add interface_lock around clearing\nof kthread in stop_kthread()\"), the following ABBA deadlock scenario is\nintroduced:\n\nT1 | T2 [BP] | T3 [AP]\nosnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun()\n | _cpu_down() | osnoise_cpu_die()\n mutex_lock(&interface_lock) | | stop_kthread()\n | cpus_write_lock() | mutex_lock(&interface_lock)\n cpus_read_lock() | cpuhp_kick_ap() |\n\nAs the interface_lock here in just for protecting the \"kthread\" field of\nthe osn_var, use xchg() instead to fix this issue. Also use\nfor_each_online_cpu() back in stop_per_cpu_kthreads() as it can take\ncpu_read_lock() again." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing/timerlat: eliminar interface_lock en stop_kthread() stop_kthread() es la devoluci\u00f3n de llamada fuera de l\u00ednea para \"trace/osnoise:online\", desde el commit 5bfbcd1ee57b (\"tracing/timerlat: agregar interface_lock alrededor de la limpieza de kthread en stop_kthread()\"), se introduce el siguiente escenario de bloqueo ABBA: T1 | T2 [BP] | T3 [AP] osnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun() | _cpu_down() | osnoise_cpu_die() mutex_lock(&interface_lock) | | stop_kthread() | cpus_write_lock() | mutex_lock(&interface_lock) cpus_read_lock() | cpuhp_kick_ap() | Como interface_lock aqu\u00ed solo sirve para proteger el campo \"kthread\" de osn_var, utilice xchg() en su lugar para solucionar este problema. Utilice tambi\u00e9n for_each_online_cpu() en stop_per_cpu_kthreads(), ya que puede volver a activar cpu_read_lock()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49977.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49977.json index cacb47c3dc4..314349a2068 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49977.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49977.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49977", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.417", - "lastModified": "2024-10-21T18:15:18.417", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix zero-division error when disabling tc cbs\n\nThe commit b8c43360f6e4 (\"net: stmmac: No need to calculate speed divider\nwhen offload is disabled\") allows the \"port_transmit_rate_kbps\" to be\nset to a value of 0, which is then passed to the \"div_s64\" function when\ntc-cbs is disabled. This leads to a zero-division error.\n\nWhen tc-cbs is disabled, the idleslope, sendslope, and credit values the\ncredit values are not required to be configured. Therefore, adding a return\nstatement after setting the txQ mode to DCB when tc-cbs is disabled would\nprevent a zero-division error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: Fix zero-division error when disabling tc cbs el commit b8c43360f6e4 (\"net: stmmac: No need to calculate speed divider when offload is disabled\") permite que \"port_transmit_rate_kbps\" se establezca en un valor de 0, que luego se pasa a la funci\u00f3n \"div_s64\" cuando tc-cbs est\u00e1 deshabilitado. Esto conduce a un error de divisi\u00f3n por cero. Cuando tc-cbs est\u00e1 deshabilitado, no es necesario configurar los valores idleslope, sendslope y credit. Por lo tanto, agregar una declaraci\u00f3n de retorno despu\u00e9s de establecer el modo txQ en DCB cuando tc-cbs est\u00e1 deshabilitado evitar\u00eda un error de divisi\u00f3n por cero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49978.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49978.json index 880529bd524..55b05eb3ff6 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49978.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49978.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49978", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.483", - "lastModified": "2024-10-21T18:15:18.483", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: fix udp gso fraglist segmentation after pull from frag_list\n\nDetect gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For UDP, this\ncauses a NULL ptr deref in __udpv4_gso_segment_list_csum at\nudp_hdr(seg->next)->dest.\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon't just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gso: arregla la segmentaci\u00f3n de fraglist gso udp despu\u00e9s de extraer de frag_list Detecta skbs de fraglist gso con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primero gso_size: uno o m\u00e1s skbs de frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para UDP, esto provoca un desreferenciado de ptr NULL en __udpv4_gso_segment_list_csum en udp_hdr(seg->next)->dest. Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No la elimines, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49979.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49979.json index 3f63a247b83..a071dd4d686 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49979.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49979.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49979", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.550", - "lastModified": "2024-10-21T18:15:18.550", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix tcp fraglist segmentation after pull from frag_list\n\nDetect tcp gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For TCP, this\ncauses a NULL ptr deref in __tcpv4_gso_segment_list_csum at\ntcp_hdr(seg->next).\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon't just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment.\n\nApproach and description based on a patch by Willem de Bruijn." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gso: arregla la segmentaci\u00f3n de tcp fraglist despu\u00e9s de extraer de frag_list Detecta skbs tcp gso fraglist con geometr\u00eda corrupta (ver abajo) y p\u00e1salos a skb_segment en lugar de a skb_segment_list, ya que el primero puede segmentarlos correctamente. Skbs SKB_GSO_FRAGLIST v\u00e1lidos: consisten en dos o m\u00e1s segmentos: el head_skb contiene los encabezados de protocolo m\u00e1s el primer gso_size: uno o m\u00e1s skbs frag_list contienen exactamente un segmento: todos menos el \u00faltimo deben ser gso_size Los ganchos de ruta de datos opcionales como NAT y BPF (bpf_skb_pull_data) pueden modificar estos skbs, rompiendo estos invariantes. En casos extremos, extraen todos los datos en skb lineal. Para TCP, esto provoca un desreferenciado de ptr NULL en __tcpv4_gso_segment_list_csum en tcp_hdr(seg->next). Detecta geometr\u00eda no v\u00e1lida debido a la extracci\u00f3n, verificando el tama\u00f1o de head_skb. No lo descartes, ya que esto puede convertir un destino en un agujero negro. Convierte para poder pasar a skb_segment normal. Enfoque y descripci\u00f3n basados en un parche de Willem de Bruijn." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49980.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49980.json index 5b39eb89232..682384c6d1c 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49980.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49980.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49980", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.613", - "lastModified": "2024-10-21T18:15:18.613", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: revert \"vrf: Remove unnecessary RCU-bh critical section\"\n\nThis reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.\n\ndev_queue_xmit_nit is expected to be called with BH disabled.\n__dev_queue_xmit has the following:\n\n /* Disable soft irqs for various locks below. Also\n * stops preemption for RCU.\n */\n rcu_read_lock_bh();\n\nVRF must follow this invariant. The referenced commit removed this\nprotection. Which triggered a lockdep warning:\n\n\t================================\n\tWARNING: inconsistent lock state\n\t6.11.0 #1 Tainted: G W\n\t--------------------------------\n\tinconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.\n\tbtserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes:\n\tffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30\n\t{IN-SOFTIRQ-W} state was registered at:\n\t lock_acquire+0x19a/0x4f0\n\t _raw_spin_lock+0x27/0x40\n\t packet_rcv+0xa33/0x1320\n\t __netif_receive_skb_core.constprop.0+0xcb0/0x3a90\n\t __netif_receive_skb_list_core+0x2c9/0x890\n\t netif_receive_skb_list_internal+0x610/0xcc0\n [...]\n\n\tother info that might help us debug this:\n\t Possible unsafe locking scenario:\n\n\t CPU0\n\t ----\n\t lock(rlock-AF_PACKET);\n\t \n\t lock(rlock-AF_PACKET);\n\n\t *** DEADLOCK ***\n\n\tCall Trace:\n\t \n\t dump_stack_lvl+0x73/0xa0\n\t mark_lock+0x102e/0x16b0\n\t __lock_acquire+0x9ae/0x6170\n\t lock_acquire+0x19a/0x4f0\n\t _raw_spin_lock+0x27/0x40\n\t tpacket_rcv+0x863/0x3b30\n\t dev_queue_xmit_nit+0x709/0xa40\n\t vrf_finish_direct+0x26e/0x340 [vrf]\n\t vrf_l3_out+0x5f4/0xe80 [vrf]\n\t __ip_local_out+0x51e/0x7a0\n [...]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vrf: revert \"vrf: Remove unexpected RCU-bh critical section\" Esto revierte el commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. Se espera que dev_queue_xmit_nit se llame con BH deshabilitado. __dev_queue_xmit tiene lo siguiente: /* Deshabilitar irqs suaves para varios bloqueos a continuaci\u00f3n. Tambi\u00e9n * detiene la preempci\u00f3n para RCU. */ rcu_read_lock_bh(); VRF debe seguir esta invariante. el commit a la que se hace referencia elimin\u00f3 esta protecci\u00f3n. Lo que activ\u00f3 una advertencia de lockdep: ================================= ADVERTENCIA: estado de bloqueo inconsistente 6.11.0 #1 Tainted: GW -------------------------------- uso inconsistente de {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W}. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] toma: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, en: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} el estado se registr\u00f3 en: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 [...] otra informaci\u00f3n que podr\u00eda ayudar Depuremos esto: Posible escenario de bloqueo inseguro: CPU0 ---- lock(rlock-AF_PACKET); lock(rlock-AF_PACKET); *** BLOQUEO INTERMEDIO *** Seguimiento de llamadas: dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0 [...]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49981.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49981.json index d72e05634fc..3b3fe65beb7 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49981.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49981.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49981", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.670", - "lastModified": "2024-10-21T18:15:18.670", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core->work is bound with venus_sys_error_handler, which is\nused to handle error. The code use core->sys_err_done to make sync work.\nThe core->work is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0 CPU1\n\n |venus_sys_error_handler\nvenus_remove |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t |\n |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n |//use hdev\n\nFix it by canceling the work in venus_remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: se corrige el error de use after free en venus_remove debido a la condici\u00f3n de ejecuci\u00f3n en venus_probe, core->work est\u00e1 vinculado con venus_sys_error_handler, que se usa para manejar el error. El c\u00f3digo usa core->sys_err_done para que funcione la sincronizaci\u00f3n. El core->work se inicia en venus_event_notify. Si llamamos a venus_remove, puede haber un trabajo sin pescar. La secuencia posible es la siguiente: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Arr\u00e9glelo cancelando el trabajo en venus_remove." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49982.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49982.json index 7660fd16415..c65ada65ea6 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49982.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49982.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49982", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.733", - "lastModified": "2024-10-21T18:15:18.733", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb->dev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb->dev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aoe: soluciona el posible problema de use-after-free en m\u00e1s lugares Para solucionar CVE-2023-6270, f98364e92662 (\"aoe: soluciona el posible problema de use-after-free en aoecmd_cfg_pkts\") hace que tx() llame a dev_put() en lugar de hacerlo en aoecmd_cfg_pkts(). Esto evita que tx() se ejecute en use-after-free. Luego, Nicolai Stange encontr\u00f3 que m\u00e1s lugares en aoe tienen un posible problema de use-after-free con tx(). Por ejemplo, revalidate(), aoecmd_ata_rw(), resend(), probe() y aoecmd_cfg_rsp(). Esas funciones tambi\u00e9n usan aoenet_xmit() para enviar paquetes a la cola de tx. Por lo tanto, tambi\u00e9n deber\u00edan usar dev_hold() para aumentar el refcnt de skb->dev. Por otra parte, mover dev_put() a tx() hace que el refcnt de skb->dev se reduzca a un valor negativo, porque los dev_hold() correspondientes no se llaman en revalidate(), aoecmd_ata_rw(), resend(), probe() y aoecmd_cfg_rsp(). Este parche solucion\u00f3 este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49983.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49983.json index 2729623026a..248f12c96ad 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49983.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49983.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49983", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.797", - "lastModified": "2024-10-21T18:15:18.797", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe 'ppath' is updated but it is the 'path' that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n ppath = path\n ext4_force_split_extent_at(&ppath)\n ext4_split_extent_at\n ext4_ext_insert_extent\n ext4_ext_create_new_leaf\n ext4_ext_grow_indepth\n ext4_find_extent\n if (depth > path[0].p_maxdepth)\n kfree(path) ---> path First freed\n *orig_path = path = NULL ---> null ppath\n kfree(path) ---> path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: eliminar ppath de ext4_ext_replay_update_ex() para evitar una doble liberaci\u00f3n Al llamar a ext4_force_split_extent_at() en ext4_ext_replay_update_ex(), se actualiza 'ppath' pero es 'path' el que se libera, lo que potencialmente desencadena una doble liberaci\u00f3n en el siguiente proceso: ext4_ext_replay_update_ex ppath = path ext4_force_split_extent_at(&ppath) ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path) ---> path Primero liberado *orig_path = path = NULL ---> null ppath kfree(path) ---> path double-free !!! Por lo tanto, elimine el ppath innecesario y use path directamente para evitar este problema. Y use ext4_find_extent() directamente para actualizar path, evitando la asignaci\u00f3n y liberaci\u00f3n de memoria innecesaria. Adem\u00e1s, propague el error devuelto por ext4_find_extent() en lugar de usar c\u00f3digos de error extra\u00f1os." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49984.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49984.json index ff294e1af96..42ac437e471 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49984.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49984.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49984", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.873", - "lastModified": "2024-10-21T18:15:18.873", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: Evitar el acceso fuera de los l\u00edmites en las extensiones de consulta de rendimiento. Compruebe que la cantidad de espacio de usuario de perfmons que pasa en las extensiones de copia y restablecimiento no sea mayor que el almacenamiento interno del kernel donde se copiar\u00e1n los identificadores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49985.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49985.json index 975e928c6fc..d41c1eeeaf9 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49985.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49985.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49985", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:18.950", - "lastModified": "2024-10-21T18:15:18.950", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume\n\nIn case there is any sort of clock controller attached to this I2C bus\ncontroller, for example Versaclock or even an AIC32x4 I2C codec, then\nan I2C transfer triggered from the clock controller clk_ops .prepare\ncallback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.\n\nThis is because the clock controller first grabs the prepare_lock mutex\nand then performs the prepare operation, including its I2C access. The\nI2C access resumes this I2C bus controller via .runtime_resume callback,\nwhich calls clk_prepare_enable(), which attempts to grab the prepare_lock\nmutex again and deadlocks.\n\nSince the clock are already prepared since probe() and unprepared in\nremove(), use simple clk_enable()/clk_disable() calls to enable and\ndisable the clock on runtime suspend and resume, to avoid hitting the\nprepare_lock mutex." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: stm32f7: No preparar/despreparar el reloj durante la suspensi\u00f3n/reanudaci\u00f3n en tiempo de ejecuci\u00f3n En caso de que haya alg\u00fan tipo de controlador de reloj conectado a este controlador de bus I2C, por ejemplo Versaclock o incluso un c\u00f3dec I2C AIC32x4, entonces una transferencia I2C activada desde la devoluci\u00f3n de llamada clk_ops .prepare del controlador de reloj puede activar un bloqueo en el mutex prepare_lock de drivers/clk/clk.c. Esto se debe a que el controlador de reloj primero toma el mutex prepare_lock y luego realiza la operaci\u00f3n de preparaci\u00f3n, incluido su acceso I2C. El acceso I2C reanuda este controlador de bus I2C a trav\u00e9s de la devoluci\u00f3n de llamada .runtime_resume, que llama a clk_prepare_enable(), que intenta tomar el mutex prepare_lock nuevamente y se bloquea. Dado que el reloj ya est\u00e1 preparado desde probe() y no preparado en remove(), use llamadas clk_enable()/clk_disable() simples para habilitar y deshabilitar el reloj en la suspensi\u00f3n y reanudaci\u00f3n del tiempo de ejecuci\u00f3n, para evitar alcanzar el mutex prepare_lock." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49986.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49986.json index 7eded319598..98ce9201d4b 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49986.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49986.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49986", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.020", - "lastModified": "2024-10-21T18:15:19.020", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors\n\nx86_android_tablet_remove() frees the pdevs[] array, so it should not\nbe used after calling x86_android_tablet_remove().\n\nWhen platform_device_register() fails, store the pdevs[x] PTR_ERR() value\ninto the local ret variable before calling x86_android_tablet_remove()\nto avoid using pdevs[] after it has been freed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86: x86-android-tablets: Se corrige el use after free en errores platform_device_register() x86_android_tablet_remove() libera la matriz pdevs[], por lo que no se debe utilizar despu\u00e9s de llamar a x86_android_tablet_remove(). cuando falla platform_device_register(), almacena el valor PTR_ERR() de pdevs[x] en la variable ret local antes de llamar a x86_android_tablet_remove() para evitar usar pdevs[] despu\u00e9s de que se haya liberado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49987.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49987.json index e1f290b6f75..0afbb9c0003 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49987.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49987", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.087", - "lastModified": "2024-10-21T18:15:19.087", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpftool: corrige comportamiento indefinido en qsort(NULL, 0, ...) Cuando netfilter no tiene ninguna entrada para mostrar, se llama a qsort con qsort(NULL, 0, ...). Esto da como resultado un comportamiento indefinido, como informa UBSan: net.c:827:2: error en tiempo de ejecuci\u00f3n: puntero nulo pasado como argumento 1, que se declara que nunca ser\u00e1 nulo Aunque el est\u00e1ndar C no indica expl\u00edcitamente si llamar a qsort con un puntero NULL cuando el tama\u00f1o es 0 constituye un comportamiento indefinido, la Secci\u00f3n 7.1.4 del est\u00e1ndar C (Uso de funciones de biblioteca) menciona: \"Cada una de las siguientes afirmaciones se aplica a menos que se indique expl\u00edcitamente lo contrario en las descripciones detalladas que siguen: si un argumento de una funci\u00f3n tiene un valor no v\u00e1lido (como un valor fuera del dominio de la funci\u00f3n, o un puntero fuera del espacio de direcciones del programa, o un puntero nulo, o un puntero a almacenamiento no modificable cuando el par\u00e1metro correspondiente no est\u00e1 calificado como constante) o un tipo (despu\u00e9s de la promoci\u00f3n) no esperado por una funci\u00f3n con un n\u00famero variable de argumentos, el comportamiento es indefinido\". Para evitar esto, agregue un retorno temprano cuando nf_link_info sea NULL para evitar llamar a qsort con un puntero NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49988.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49988.json index 31e5bd92e69..e315ede1f21 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49988.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49988.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49988", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.147", - "lastModified": "2024-10-21T18:15:19.147", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add refcnt to ksmbd_conn struct\n\nWhen sending an oplock break request, opinfo->conn is used,\nBut freed ->conn can be used on multichannel.\nThis patch add a reference count to the ksmbd_conn struct\nso that it can be freed when it is no longer used." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: agregar refcnt a la estructura ksmbd_conn Al enviar una solicitud de interrupci\u00f3n de oplock, se utiliza opinfo->conn, pero freed ->conn se puede utilizar en multicanal. Este parche agrega un recuento de referencia a la estructura ksmbd_conn para que se pueda liberar cuando ya no se utiliza." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49989.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49989.json index df2b668f90c..a205c6668a2 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49989.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49989.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49989", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.207", - "lastModified": "2024-10-21T18:15:19.207", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] \n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: se soluciona el problema de doble liberaci\u00f3n durante la descarga del m\u00f3dulo amdgpu Los puntos finales flexibles usan DIG de puntos finales inflexibles disponibles, por lo que solo es necesario liberar los codificadores de enlaces inflexibles. De lo contrario, puede ocurrir un problema de doble liberaci\u00f3n al descargar el m\u00f3dulo amdgpu. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Seguimiento de llamadas: [ 279.190580] [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [279.190601]? do_error_trap+0x73/0xa0 [279.190605]? __slab_free+0x152/0x2f0 [279.190609]? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [279.191102]? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] /0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] ister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939 ] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980] " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49990.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49990.json index 739ffdef872..1340eee5e94 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49990.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49990.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49990", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.270", - "lastModified": "2024-10-21T18:15:19.270", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/hdcp: Check GSC structure validity\n\nSometimes xe_gsc is not initialized when checked at HDCP capability\ncheck. Add gsc structure check to avoid null pointer error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/hdcp: Verificar la validez de la estructura GSC En ocasiones, xe_gsc no se inicializa cuando se verifica en la verificaci\u00f3n de capacidad HDCP. Agregar verificaci\u00f3n de estructura gsc para evitar errores de puntero nulo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49991.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49991.json index 0b826864e1e..bd0d53b1ec5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49991.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49991.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49991", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.330", - "lastModified": "2024-10-21T18:15:19.330", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: amdkfd_free_gtt_mem borra el puntero correcto. Pase la referencia del puntero a amdgpu_bo_unref para borrar el puntero correcto; de lo contrario, amdgpu_bo_unref borra la variable local, el puntero original no est\u00e1 establecido en NULL, esto podr\u00eda causar un error de use after free." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49992.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49992.json index 3235f2f74c3..b19c715c3fc 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49992.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49992.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49992", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.387", - "lastModified": "2024-10-21T18:15:19.387", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/stm: Avoid use-after-free issues with crtc and plane\n\nltdc_load() calls functions drm_crtc_init_with_planes(),\ndrm_universal_plane_init() and drm_encoder_init(). These functions\nshould not be called with parameters allocated with devm_kzalloc()\nto avoid use-after-free issues [1].\n\nUse allocations managed by the DRM framework.\n\nFound by Linux Verification Center (linuxtesting.org).\n\n[1]\nhttps://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/stm: Evite problemas de use after free con crtc y plane ltdc_load() llama a las funciones drm_crtc_init_with_planes(), drm_universal_plane_init() y drm_encoder_init(). Estas funciones no deben llamarse con par\u00e1metros asignados con devm_kzalloc() para evitar problemas de use after free [1]. Use asignaciones administradas por el marco DRM. Encontrado por Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49993.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49993.json index de27e2c21c0..1a283fb588e 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49993.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49993.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49993", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.477", - "lastModified": "2024-10-21T18:15:19.477", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count\n\nIf qi_submit_sync() is invoked with 0 invalidation descriptors (for\ninstance, for DMA draining purposes), we can run into a bug where a\nsubmitting thread fails to detect the completion of invalidation_wait.\nSubsequently, this led to a soft lockup. Currently, there is no impact\nby this bug on the existing users because no callers are submitting\ninvalidations with 0 descriptors. This fix will enable future users\n(such as DMA drain) calling qi_submit_sync() with 0 count.\n\nSuppose thread T1 invokes qi_submit_sync() with non-zero descriptors, while\nconcurrently, thread T2 calls qi_submit_sync() with zero descriptors. Both\nthreads then enter a while loop, waiting for their respective descriptors\nto complete. T1 detects its completion (i.e., T1's invalidation_wait status\nchanges to QI_DONE by HW) and proceeds to call reclaim_free_desc() to\nreclaim all descriptors, potentially including adjacent ones of other\nthreads that are also marked as QI_DONE.\n\nDuring this time, while T2 is waiting to acquire the qi->q_lock, the IOMMU\nhardware may complete the invalidation for T2, setting its status to\nQI_DONE. However, if T1's execution of reclaim_free_desc() frees T2's\ninvalidation_wait descriptor and changes its status to QI_FREE, T2 will\nnot observe the QI_DONE status for its invalidation_wait and will\nindefinitely remain stuck.\n\nThis soft lockup does not occur when only non-zero descriptors are\nsubmitted.In such cases, invalidation descriptors are interspersed among\nwait descriptors with the status QI_IN_USE, acting as barriers. These\nbarriers prevent the reclaim code from mistakenly freeing descriptors\nbelonging to other submitters.\n\nConsidered the following example timeline:\n\tT1\t\t\tT2\n========================================\n\tID1\n\tWD1\n\twhile(WD1!=QI_DONE)\n\tunlock\n\t\t\t\tlock\n\tWD1=QI_DONE*\t\tWD2\n\t\t\t\twhile(WD2!=QI_DONE)\n\t\t\t\tunlock\n\tlock\n\tWD1==QI_DONE?\n\tID1=QI_DONE\t\tWD2=DONE*\n\treclaim()\n\tID1=FREE\n\tWD1=FREE\n\tWD2=FREE\n\tunlock\n\t\t\t\tsoft lockup! T2 never sees QI_DONE in WD2\n\nWhere:\nID = invalidation descriptor\nWD = wait descriptor\n* Written by hardware\n\nThe root of the problem is that the descriptor status QI_DONE flag is used\nfor two conflicting purposes:\n1. signal a descriptor is ready for reclaim (to be freed)\n2. signal by the hardware that a wait descriptor is complete\n\nThe solution (in this patch) is state separation by using QI_FREE flag\nfor #1.\n\nOnce a thread's invalidation descriptors are complete, their status would\nbe set to QI_FREE. The reclaim_free_desc() function would then only\nfree descriptors marked as QI_FREE instead of those marked as\nQI_DONE. This change ensures that T2 (from the previous example) will\ncorrectly observe the completion of its invalidation_wait (marked as\nQI_DONE)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige el bloqueo potencial si se llama a qi_submit_sync con un recuento de 0 Si se invoca qi_submit_sync() con 0 descriptores de invalidaci\u00f3n (por ejemplo, para fines de vaciado de DMA), podemos encontrarnos con un error en el que un hilo de env\u00edo no detecta la finalizaci\u00f3n de invalidation_wait. Posteriormente, esto condujo a un bloqueo suave. Actualmente, este error no tiene impacto en los usuarios existentes porque ning\u00fan llamante est\u00e1 enviando invalidaciones con 0 descriptores. Esta correcci\u00f3n permitir\u00e1 a los futuros usuarios (como DMA drain) llamar a qi_submit_sync() con un recuento de 0. Supongamos que el hilo T1 invoca qi_submit_sync() con descriptores distintos de cero, mientras que, al mismo tiempo, el hilo T2 llama a qi_submit_sync() con cero descriptores. Ambos hilos entran entonces en un bucle while, esperando a que se completen sus respectivos descriptores. T1 detecta su finalizaci\u00f3n (es decir, el estado invalidation_wait de T1 cambia a QI_DONE por HW) y procede a llamar a reclaim_free_desc() para recuperar todos los descriptores, incluyendo potencialmente los adyacentes de otros subprocesos que tambi\u00e9n est\u00e1n marcados como QI_DONE. Durante este tiempo, mientras T2 espera adquirir el qi->q_lock, el hardware IOMMU puede completar la invalidaci\u00f3n para T2, estableciendo su estado en QI_DONE. Sin embargo, si la ejecuci\u00f3n de reclaim_free_desc() por parte de T1 libera el descriptor invalidation_wait de T2 y cambia su estado a QI_FREE, T2 no observar\u00e1 el estado QI_DONE para su invalidation_wait y permanecer\u00e1 bloqueado indefinidamente. Este bloqueo suave no ocurre cuando solo se env\u00edan descriptores distintos de cero. En tales casos, los descriptores de invalidaci\u00f3n se intercalan entre los descriptores de espera con el estado QI_IN_USE, actuando como barreras. Estas barreras evitan que el c\u00f3digo de recuperaci\u00f3n libere por error descriptores que pertenecen a otros remitentes. Considere la siguiente l\u00ednea de tiempo de ejemplo: T1 T2 ========================================= ID1 WD1 while(WD1!=QI_DONE) unlock lock WD1=QI_DONE* WD2 while(WD2!=QI_DONE) unlock lock WD1==QI_DONE? ID1=QI_DONE WD2=DONE* reclaim() ID1=FREE WD1=FREE WD2=FREE unlock soft lockup! T2 nunca ve QI_DONE en WD2 Donde: ID = descriptor de invalidaci\u00f3n WD = descriptor de espera * Escrito por hardware La ra\u00edz del problema es que el indicador de estado del descriptor QI_DONE se usa para dos prop\u00f3sitos conflictivos: 1. se\u00f1alar que un descriptor est\u00e1 listo para ser recuperado (para ser liberado) 2. se\u00f1alar por el hardware que un descriptor de espera est\u00e1 completo La soluci\u00f3n (en este parche) es la separaci\u00f3n de estados mediante el uso del indicador QI_FREE para #1. Una vez que los descriptores de invalidaci\u00f3n de un hilo est\u00e1n completos, su estado se establecer\u00eda en QI_FREE. La funci\u00f3n reclaim_free_desc() solo liberar\u00eda los descriptores marcados como QI_FREE en lugar de los marcados como QI_DONE. Este cambio asegura que T2 (del ejemplo anterior) observar\u00e1 correctamente la finalizaci\u00f3n de su invalidation_wait (marcada como QI_DONE)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49994.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49994.json index 93c367c433b..ac32235a2f4 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49994.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49994", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.557", - "lastModified": "2024-10-21T18:15:19.557", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corregir desbordamiento de entero en BLKSECDISCARD Descubr\u00ed de forma independiente el commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 bloque: corregir desbordamiento en blk_ioctl_discard() pero para borrado seguro. Mismo problema: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); entrar\u00e1 en un bucle casi infinito dentro de blkdev_issue_secure_erase(): a.out: intento de acceso m\u00e1s all\u00e1 del final del dispositivo loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 devoluciones de llamadas suprimidas" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49995.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49995.json index ed9de97904b..5e3224cae94 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49995.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49995", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.660", - "lastModified": "2024-10-21T18:15:19.660", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: guard against string buffer overrun\n\nSmatch reports that copying media_name and if_name to name_parts may\noverwrite the destination.\n\n .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16)\n .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16)\n\nThis does seem to be the case so guard against this possibility by using\nstrscpy() and failing if truncation occurs.\n\nIntroduced by commit b97bf3fd8f6a (\"[TIPC] Initial merge\")\n\nCompile tested only." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: protecci\u00f3n contra el desbordamiento de b\u00fafer de cadena Smatch informa que copiar media_name e if_name a name_parts puede sobrescribir el destino. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' demasiado grande para 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' demasiado grande para 'name_parts->if_name' (1010102 vs 16) Este parece ser el caso, as\u00ed que prot\u00e9jase contra esta posibilidad usando strscpy() y fallando si ocurre un truncamiento. Introducido por el commit b97bf3fd8f6a (\"[TIPC] Fusi\u00f3n inicial\") Compilaci\u00f3n probada \u00fanicamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49996.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49996.json index 439730a08c0..69b681a1153 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49996.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49996.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49996", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.760", - "lastModified": "2024-10-21T18:15:19.760", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType's size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige el desbordamiento de b\u00fafer al analizar los puntos de an\u00e1lisis de NFS ReparseDataLength es la suma del tama\u00f1o de InodeType y el tama\u00f1o de DataBuffer. Por lo tanto, para obtener el tama\u00f1o de DataBuffer, es necesario restar el tama\u00f1o de InodeType de ReparseDataLength. La funci\u00f3n cifs_strndup_from_utf16() est\u00e1 accediendo actualmente a buf->DataBuffer en la posici\u00f3n despu\u00e9s del final del b\u00fafer porque no resta el tama\u00f1o de InodeType de la longitud. Solucione este problema y reste correctamente la variable len. El miembro InodeType solo est\u00e1 presente cuando el b\u00fafer de an\u00e1lisis es lo suficientemente grande. Verifique ReparseDataLength antes de acceder a InodeType para evitar otro acceso no v\u00e1lido a la memoria. Los valores rdev principales y secundarios tambi\u00e9n est\u00e1n presentes solo cuando el b\u00fafer de an\u00e1lisis es lo suficientemente grande. Verifique el tama\u00f1o del b\u00fafer de an\u00e1lisis antes de llamar a reparse_mkdev()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49997.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49997.json index b8b97c9024a..158364713e1 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49997.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49997.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49997", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.837", - "lastModified": "2024-10-21T18:15:19.837", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: lantiq_etop: fix memory disclosure\n\nWhen applying padding, the buffer is not zeroed, which results in memory\ndisclosure. The mentioned data is observed on the wire. This patch uses\nskb_put_padto() to pad Ethernet frames properly. The mentioned function\nzeroes the expanded buffer.\n\nIn case the packet cannot be padded it is silently dropped. Statistics\nare also not incremented. This driver does not support statistics in the\nold 32-bit format or the new 64-bit format. These will be added in the\nfuture. In its current form, the patch should be easily backported to\nstable versions.\n\nEthernet MACs on Amazon-SE and Danube cannot do padding of the packets\nin hardware, so software padding must be applied." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: lantiq_etop: fix memory breach Al aplicar relleno, el b\u00fafer no se pone a cero, lo que da como resultado la divulgaci\u00f3n de memoria. Los datos mencionados se observan en el cable. Este parche usa skb_put_padto() para rellenar los marcos Ethernet correctamente. La funci\u00f3n mencionada pone a cero el b\u00fafer expandido. En caso de que el paquete no se pueda rellenar, se descarta silenciosamente. Las estad\u00edsticas tampoco se incrementan. Este controlador no admite estad\u00edsticas en el antiguo formato de 32 bits ni en el nuevo formato de 64 bits. Estos se agregar\u00e1n en el futuro. En su forma actual, el parche deber\u00eda poder retroportarse f\u00e1cilmente a versiones estables. Las MAC de Ethernet en Amazon-SE y Danube no pueden realizar relleno de los paquetes en hardware, por lo que se debe aplicar relleno de software." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49998.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49998.json index a3a162f9343..adfb2d29f55 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49998.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49998.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49998", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.907", - "lastModified": "2024-10-21T18:15:19.907", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: improve shutdown sequence\n\nAlexander Sverdlin presents 2 problems during shutdown with the\nlan9303 driver. One is specific to lan9303 and the other just happens\nto reproduce there.\n\nThe first problem is that lan9303 is unique among DSA drivers in that it\ncalls dev_get_drvdata() at \"arbitrary runtime\" (not probe, not shutdown,\nnot remove):\n\nphy_state_machine()\n-> ...\n -> dsa_user_phy_read()\n -> ds->ops->phy_read()\n -> lan9303_phy_read()\n -> chip->ops->phy_read()\n -> lan9303_mdio_phy_read()\n -> dev_get_drvdata()\n\nBut we never stop the phy_state_machine(), so it may continue to run\nafter dsa_switch_shutdown(). Our common pattern in all DSA drivers is\nto set drvdata to NULL to suppress the remove() method that may come\nafterwards. But in this case it will result in an NPD.\n\nThe second problem is that the way in which we set\ndp->conduit->dsa_ptr = NULL; is concurrent with receive packet\nprocessing. dsa_switch_rcv() checks once whether dev->dsa_ptr is NULL,\nbut afterwards, rather than continuing to use that non-NULL value,\ndev->dsa_ptr is dereferenced again and again without NULL checks:\ndsa_conduit_find_user() and many other places. In between dereferences,\nthere is no locking to ensure that what was valid once continues to be\nvalid.\n\nBoth problems have the common aspect that closing the conduit interface\nsolves them.\n\nIn the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN\nevent in dsa_user_netdevice_event() which closes user ports as well.\ndsa_port_disable_rt() calls phylink_stop(), which synchronously stops\nthe phylink state machine, and ds->ops->phy_read() will thus no longer\ncall into the driver after this point.\n\nIn the second case, dev_close(conduit) should do this, as per\nDocumentation/networking/driver.rst:\n\n| Quiescence\n| ----------\n|\n| After the ndo_stop routine has been called, the hardware must\n| not receive or transmit any data. All in flight packets must\n| be aborted. If necessary, poll or wait for completion of\n| any reset commands.\n\nSo it should be sufficient to ensure that later, when we zeroize\nconduit->dsa_ptr, there will be no concurrent dsa_switch_rcv() call\non this conduit.\n\nThe addition of the netif_device_detach() function is to ensure that\nioctls, rtnetlinks and ethtool requests on the user ports no longer\npropagate down to the driver - we're no longer prepared to handle them.\n\nThe race condition actually did not exist when commit 0650bf52b31f\n(\"net: dsa: be compatible with masters which unregister on shutdown\")\nfirst introduced dsa_switch_shutdown(). It was created later, when we\nstopped unregistering the user interfaces from a bad spot, and we just\nreplaced that sequence with a racy zeroization of conduit->dsa_ptr\n(one which doesn't ensure that the interfaces aren't up)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: mejorar la secuencia de apagado Alexander Sverdlin presenta 2 problemas durante el apagado con el controlador lan9303. Uno es espec\u00edfico de lan9303 y el otro simplemente se reproduce all\u00ed. El primer problema es que lan9303 es \u00fanico entre los controladores DSA en el sentido de que llama a dev_get_drvdata() en un \"tiempo de ejecuci\u00f3n arbitrario\" (no sondeo, no apagado, no eliminaci\u00f3n): phy_state_machine() -> ... -> dsa_user_phy_read() -> ds->ops->phy_read() -> lan9303_phy_read() -> chip->ops->phy_read() -> lan9303_mdio_phy_read() -> dev_get_drvdata() Pero nunca detenemos phy_state_machine(), por lo que puede continuar ejecut\u00e1ndose despu\u00e9s de dsa_switch_shutdown(). Nuestro patr\u00f3n com\u00fan en todos los controladores DSA es establecer drvdata en NULL para suprimir el m\u00e9todo remove() que puede venir despu\u00e9s. Pero en este caso resultar\u00e1 en un NPD. El segundo problema es que la forma en que establecemos dp->conduit->dsa_ptr = NULL; es concurrente con el procesamiento de paquetes de recepci\u00f3n. dsa_switch_rcv() verifica una vez si dev->dsa_ptr es NULL, pero despu\u00e9s, en lugar de continuar usando ese valor no NULL, dev->dsa_ptr se desreferencia una y otra vez sin verificaciones NULL: dsa_conduit_find_user() y muchos otros lugares. Entre desreferencias, no hay bloqueo para asegurar que lo que era v\u00e1lido una vez contin\u00faa siendo v\u00e1lido. Ambos problemas tienen el aspecto com\u00fan de que cerrar la interfaz del conducto los resuelve. En el primer caso, dev_close(conduit) activa el evento NETDEV_GOING_DOWN en dsa_user_netdevice_event() que tambi\u00e9n cierra los puertos de usuario. dsa_port_disable_rt() llama a phylink_stop(), que detiene sincr\u00f3nicamente la m\u00e1quina de estado de phylink, y ds->ops->phy_read() ya no llamar\u00e1 al controlador despu\u00e9s de este punto. En el segundo caso, dev_close(conduit) deber\u00eda hacer esto, seg\u00fan Documentation/networking/driver.rst: | Quiescence | ---------- | | Despu\u00e9s de que se haya llamado a la rutina ndo_stop, el hardware no debe recibir ni transmitir ning\u00fan dato. Todos los paquetes en tr\u00e1nsito deben ser abortados. Si es necesario, sondee o espere a que se completen los comandos de reinicio. Por lo tanto, deber\u00eda ser suficiente para garantizar que m\u00e1s adelante, cuando pongamos a cero conduit->dsa_ptr, no habr\u00e1 ninguna llamada dsa_switch_rcv() concurrente en este conducto. La adici\u00f3n de la funci\u00f3n netif_device_detach() es para garantizar que las solicitudes ioctls, rtnetlinks y ethtool en los puertos de usuario ya no se propaguen al controlador; ya no estamos preparados para manejarlas. La condici\u00f3n de ejecuci\u00f3n en realidad no exist\u00eda cuando el commit 0650bf52b31f (\"net: dsa: sea compatible con los maestros que cancelan el registro al apagar\") introdujo por primera vez dsa_switch_shutdown(). Se cre\u00f3 m\u00e1s tarde, cuando dejamos de cancelar el registro de las interfaces de usuario desde un lugar incorrecto y simplemente reemplazamos esa secuencia con una puesta a cero de ejecuci\u00f3n de conduit->dsa_ptr (que no garantiza que las interfaces no est\u00e9n activas)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49999.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49999.json index d7be252d2e7..894b1311a69 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49999.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49999.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49999", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:19.973", - "lastModified": "2024-10-21T18:15:19.973", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix the setting of the server responding flag\n\nIn afs_wait_for_operation(), we set transcribe the call responded flag to\nthe server record that we used after doing the fileserver iteration loop -\nbut it's possible to exit the loop having had a response from the server\nthat we've discarded (e.g. it returned an abort or we started receiving\ndata, but the call didn't complete).\n\nThis means that op->server might be NULL, but we don't check that before\nattempting to set the server flag." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: Arreglar la configuraci\u00f3n del indicador de respuesta del servidor En afs_wait_for_operation(), configuramos la transcripci\u00f3n del indicador de respuesta de llamada en el registro del servidor que usamos despu\u00e9s de realizar el bucle de iteraci\u00f3n del servidor de archivos, pero es posible salir del bucle despu\u00e9s de haber recibido una respuesta del servidor que descartamos (por ejemplo, devolvi\u00f3 un aborto o comenzamos a recibir datos, pero la llamada no se complet\u00f3). Esto significa que op->server podr\u00eda ser NULL, pero no lo verificamos antes de intentar configurar el indicador del servidor." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50000.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50000.json index c01c09946ad..e9a0ac22ad9 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50000.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50000.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50000", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:20.063", - "lastModified": "2024-10-21T18:15:20.063", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Se ha corregido la desreferenciaci\u00f3n NULL en mlx5e_tir_builder_alloc(). En mlx5e_tir_builder_alloc(), kvzalloc() puede devolver NULL, que se desreferencia en la siguiente l\u00ednea en una referencia al campo de modificaci\u00f3n. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50001.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50001.json index 223492b4ba0..257cd36c062 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50001.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50001.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50001", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:20.130", - "lastModified": "2024-10-21T18:15:20.130", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Corregir ruta de error en transmisi\u00f3n WQE de paquetes m\u00faltiples Eliminar la desasignaci\u00f3n err\u00f3nea en caso de que no se haya establecido una asignaci\u00f3n DMA El c\u00f3digo de transmisi\u00f3n WQE de paquetes m\u00faltiples intenta obtener una asignaci\u00f3n DMA para el skb. Esto podr\u00eda fallar, por ejemplo, bajo presi\u00f3n de memoria, cuando el controlador IOMMU simplemente no puede asignar m\u00e1s memoria para las tablas de p\u00e1ginas. Si bien el c\u00f3digo intenta manejar esto en la ruta debajo de la etiqueta err_unmap, desasigna err\u00f3neamente una entrada de la lista FIFO de asignaciones activas del sq. Dado que el intento de asignaci\u00f3n actual fall\u00f3, esta desasignaci\u00f3n est\u00e1 eliminando alguna asignaci\u00f3n DMA aleatoria que a\u00fan podr\u00eda ser necesaria. Si la funci\u00f3n PCI ahora presenta ese IOVA, el IOMMU puede asumir un acceso DMA no autorizado y, por ejemplo, en s390 pone la funci\u00f3n PCI en estado de error. El comportamiento err\u00f3neo se observ\u00f3 en un entorno de prueba de estr\u00e9s que cre\u00f3 presi\u00f3n de memoria." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50002.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50002.json index d35014d13be..a0ac5d7c522 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50002.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50002.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50002", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:20.200", - "lastModified": "2024-10-21T18:15:20.200", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it's part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it's a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can't match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: static_call: Manejar el error de inicializaci\u00f3n del m\u00f3dulo correctamente en static_call_del_module() La inserci\u00f3n del m\u00f3dulo invoca static_call_add_module() para inicializar las llamadas est\u00e1ticas en un m\u00f3dulo. static_call_add_module() invoca __static_call_init(), que asigna una estructura static_call_mod para encapsular los sitios de llamadas est\u00e1ticas integrados de la clave asociada en ella para que se puedan agregar m\u00e1s m\u00f3dulos o para agregar el m\u00f3dulo a la cadena de m\u00f3dulos. Si esa asignaci\u00f3n fallo, la funci\u00f3n regresa con un c\u00f3digo de error y el n\u00facleo del m\u00f3dulo invoca static_call_del_module() para limpiar las entradas static_call_mod agregadas eventualmente. Esto funciona correctamente, cuando todas las claves utilizadas por el m\u00f3dulo se convirtieron a una cadena de m\u00f3dulos antes del error. Si no, static_call_del_module() causa un #GP ya que asume ciegamente que key::mods apunta a una estructura static_call_mod v\u00e1lida. El problema es que key::mods no es un miembro de estructura individual de struct static_call_key, es parte de una uni\u00f3n para ahorrar espacio: union { /* bit 0: 0 = mods, 1 = sites */ unsigned long type; struct static_call_mod *mods; struct static_call_site *sites; }; key::sites es un puntero a la lista de sitios de uso integrados de la llamada est\u00e1tica. El tipo del puntero se diferencia por el bit 0. Un puntero mods tiene el bit claro, el puntero sites tiene el bit establecido. Como static_call_del_module() asume ciegamente que el puntero es un tipo static_call_mod v\u00e1lido, no puede verificar este caso de fallo y desreferencia el puntero a la lista de sitios de llamada integrados, lo que obviamente es falso. Solucione esto verificando si la clave tiene un puntero sites o mods. Si es un puntero sites, entonces no se debe tocar la clave. Como los sitios se recorren en el mismo orden que en __static_call_init(), el recorrido del sitio puede terminarse porque el c\u00f3digo de inicio no ha tocado todos los sitios posteriores debido a la salida de error. Si se convirti\u00f3 antes de que fallara la asignaci\u00f3n, entonces el bucle interno que busca una coincidencia de m\u00f3dulo no encontrar\u00e1 nada. un fallo en la segunda asignaci\u00f3n en __static_call_init() es inofensiva y no requiere un tratamiento especial. La primera asignaci\u00f3n tuvo \u00e9xito y convirti\u00f3 la clave en una cadena de m\u00f3dulos. Esa primera entrada tiene mod::mod == NULL y mod::next == NULL, por lo que el bucle interno de static_call_del_module() no encontrar\u00e1 una coincidencia de m\u00f3dulo ni una cadena de m\u00f3dulos. El siguiente sitio en el recorrido ya se convirti\u00f3, pero no puede coincidir con el m\u00f3dulo, o saldr\u00e1 del bucle externo porque tiene un puntero static_call_site y no un puntero static_call_mod." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50003.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50003.json index 444760abfa3..44d6a1d6ea9 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50003.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50003.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50003", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.020", - "lastModified": "2024-10-21T19:15:04.020", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix system hang while resume with TBT monitor\n\n[Why]\nConnected with a Thunderbolt monitor and do the suspend and the system\nmay hang while resume.\n\nThe TBT monitor HPD will be triggered during the resume procedure\nand call the drm_client_modeset_probe() while\nstruct drm_connector connector->dev->master is NULL.\n\nIt will mess up the pipe topology after resume.\n\n[How]\nSkip the TBT monitor HPD during the resume procedure because we\ncurrently will probe the connectors after resume by default.\n\n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se soluciona el bloqueo del sistema durante la reanudaci\u00f3n con el monitor TBT [Por qu\u00e9] Conectado con un monitor Thunderbolt y realizando la suspensi\u00f3n, el sistema puede bloquearse durante la reanudaci\u00f3n. El HPD del monitor TBT se activar\u00e1 durante el procedimiento de reanudaci\u00f3n y llamar\u00e1 a drm_client_modeset_probe() mientras struct drm_connector connector->dev->master sea NULL. Esto arruinar\u00e1 la topolog\u00eda de la tuber\u00eda despu\u00e9s de la reanudaci\u00f3n. [C\u00f3mo] Omitir el HPD del monitor TBT durante el procedimiento de reanudaci\u00f3n porque actualmente sondearemos los conectores despu\u00e9s de la reanudaci\u00f3n de forma predeterminada. (seleccionado de el commit 453f86a26945207a16b8f66aaed5962dc2b95b85)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50004.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50004.json index f131727bb3f..0edef93d897 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50004.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50004.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50004", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.083", - "lastModified": "2024-10-21T19:15:04.083", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35\n\n[WHY & HOW]\nMismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause\ngrey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override\nto match HW spec.\n\n(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: actualizaci\u00f3n de la pol\u00edtica DML2 EnhancedPrefetchScheduleAccelerationFinal DCN35 [POR QU\u00c9 Y C\u00d3MO] La falta de coincidencia en DCN35 DML2 hace que la validaci\u00f3n de bw no pueda adquirir una tuber\u00eda DPP inesperada, lo que provoca una pantalla gris y un bloqueo del sistema. Eliminar la anulaci\u00f3n del valor EnhancedPrefetchScheduleAccelerationFinal para que coincida con la especificaci\u00f3n de hardware. (seleccionado de el commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50005.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50005.json index 382084491b4..0b400355004 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50005.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50005.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50005", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.143", - "lastModified": "2024-10-21T19:15:04.143", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: Fix potential RCU dereference issue in mac802154_scan_worker\n\nIn the `mac802154_scan_worker` function, the `scan_req->type` field was\naccessed after the RCU read-side critical section was unlocked. According\nto RCU usage rules, this is illegal and can lead to unpredictable\nbehavior, such as accessing memory that has been updated or causing\nuse-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the `scan_req->type` value is now stored in a local\nvariable `scan_req_type` while still within the RCU read-side critical\nsection. The `scan_req_type` is then used after the RCU lock is released,\nensuring that the type value is safely accessed without violating RCU\nrules." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mac802154: Se soluciona un posible problema de desreferencia de RCU en mac802154_scan_worker En la funci\u00f3n `mac802154_scan_worker`, se accedi\u00f3 al campo `scan_req->type` despu\u00e9s de que se desbloqueara la secci\u00f3n cr\u00edtica del lado de lectura de RCU. Seg\u00fan las reglas de uso de RCU, esto es ilegal y puede provocar un comportamiento impredecible, como acceder a la memoria que se ha actualizado o causar problemas de use after free. Este posible error se identific\u00f3 utilizando una herramienta de an\u00e1lisis est\u00e1tico desarrollada por m\u00ed, dise\u00f1ada espec\u00edficamente para detectar problemas relacionados con RCU. Para solucionar esto, el valor `scan_req->type` ahora se almacena en una variable local `scan_req_type` mientras a\u00fan est\u00e1 dentro de la secci\u00f3n cr\u00edtica del lado de lectura de RCU. Luego, `scan_req_type` se usa despu\u00e9s de que se libera el bloqueo de RCU, lo que garantiza que se acceda al valor de tipo de manera segura sin violar las reglas de RCU." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50006.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50006.json index 78f04831cb2..cda2101fa5f 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50006.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50006.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50006", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.223", - "lastModified": "2024-10-21T19:15:04.223", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix i_data_sem unlock order in ext4_ind_migrate()\n\nFuzzing reports a possible deadlock in jbd2_log_wait_commit.\n\nThis issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require\nsynchronous updates because the file descriptor is opened with O_SYNC.\nThis can lead to the jbd2_journal_stop() function calling\njbd2_might_wait_for_commit(), potentially causing a deadlock if the\nEXT4_IOC_MIGRATE call races with a write(2) system call.\n\nThis problem only arises when CONFIG_PROVE_LOCKING is enabled. In this\ncase, the jbd2_might_wait_for_commit macro locks jbd2_handle in the\njbd2_journal_stop function while i_data_sem is locked. This triggers\nlockdep because the jbd2_journal_start function might also lock the same\njbd2_handle simultaneously.\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller.\n\nRule: add" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige el orden de desbloqueo de i_data_sem en ext4_ind_migrate() Fuzzing informa un posible bloqueo en jbd2_log_wait_commit. Este problema se activa cuando se configura un ioctl EXT4_IOC_MIGRATE para requerir actualizaciones sincr\u00f3nicas porque el descriptor de archivo se abre con O_SYNC. Esto puede provocar que la funci\u00f3n jbd2_journal_stop() llame a jbd2_might_wait_for_commit(), lo que puede provocar un bloqueo si la llamada a EXT4_IOC_MIGRATE compite con una llamada del sistema write(2). Este problema solo surge cuando CONFIG_PROVE_LOCKING est\u00e1 habilitado. En este caso, la macro jbd2_might_wait_for_commit bloquea jbd2_handle en la funci\u00f3n jbd2_journal_stop mientras i_data_sem est\u00e1 bloqueado. Esto activa lockdep porque la funci\u00f3n jbd2_journal_start tambi\u00e9n podr\u00eda bloquear el mismo jbd2_handle simult\u00e1neamente. Encontrado por Linux Verification Center (linuxtesting.org) con syzkaller. Regla: add" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50007.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50007.json index 9a51287ad91..739c97fe4d3 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50007.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50007", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.300", - "lastModified": "2024-10-21T19:15:04.300", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn't\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: asihpi: Se corrige el posible acceso a la matriz OOB. El controlador ASIHPI almacena algunos valores en la matriz est\u00e1tica tras una respuesta del controlador, y su \u00edndice depende del firmware. No deber\u00edamos confiar ciegamente en \u00e9l. Este parche agrega una comprobaci\u00f3n de la integridad del \u00edndice de la matriz para que se ajuste al tama\u00f1o de la matriz." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50008.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50008.json index b43c4e0c10e..ea21bd5d6f9 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50008.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50008.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50008", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.367", - "lastModified": "2024-10-21T19:15:04.367", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan->tlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mwifiex: Se corrige la advertencia de escritura que abarca el campo memcpy() en mwifiex_cmd_802_11_scan_ext() Reemplazar la matriz de un elemento con un miembro de matriz flexible en `struct host_cmd_ds_802_11_scan_ext`. Con esto, se soluciona la siguiente advertencia: elo 16 17:51:58 kernel de surfacebook: ------------[ cortar aqu\u00ed ]------------ elo 16 17:51:58 kernel de surfacebook: memcpy: se detect\u00f3 escritura que abarca el campo (tama\u00f1o 243) de un solo campo \"ext_scan->tlv_buffer\" en drivers/net/wireless/marvell/mwifiex/scan.c:2239 (tama\u00f1o 1) elo 16 17:51:58 kernel de surfacebook: ADVERTENCIA: CPU: 0 PID: 498 en drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50009.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50009.json index 877c2d6c4e8..6d4afccaa07 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50009.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50009", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.437", - "lastModified": "2024-10-21T19:15:04.437", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get's return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: amd-pstate: agregar comprobaci\u00f3n para el valor de retorno de cpufreq_cpu_get. cpufreq_cpu_get puede devolver NULL. Para evitar la desreferencia a NULL, compru\u00e9belo y devu\u00e9lvalo en caso de error. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json index 9e349d27935..e28ac283124 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50010.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50010", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.523", - "lastModified": "2024-10-21T19:15:04.523", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: don't WARN for racy path_noexec check\n\nBoth i_mode and noexec checks wrapped in WARN_ON stem from an artifact\nof the previous implementation. They used to legitimately check for the\ncondition, but that got moved up in two commits:\n633fb6ac3980 (\"exec: move S_ISREG() check earlier\")\n0fd338b2d2cd (\"exec: move path_noexec() check earlier\")\n\nInstead of being removed said checks are WARN_ON'ed instead, which\nhas some debug value.\n\nHowever, the spurious path_noexec check is racy, resulting in\nunwarranted warnings should someone race with setting the noexec flag.\n\nOne can note there is more to perm-checking whether execve is allowed\nand none of the conditions are guaranteed to still hold after they were\ntested for.\n\nAdditionally this does not validate whether the code path did any perm\nchecking to begin with -- it will pass if the inode happens to be\nregular.\n\nKeep the redundant path_noexec() check even though it's mindless\nnonsense checking for guarantee that isn't given so drop the WARN.\n\nReword the commentary and do small tidy ups while here.\n\n[brauner: keep redundant path_noexec() check]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exec: no WARN para comprobaci\u00f3n atrevida de path_noexec Tanto las comprobaciones i_mode como noexec envueltas en WARN_ON provienen de un artefacto de la implementaci\u00f3n anterior. Sol\u00edan comprobar leg\u00edtimamente la condici\u00f3n, pero eso se movi\u00f3 hacia arriba en dos confirmaciones: 633fb6ac3980 (\"exec: mover la comprobaci\u00f3n S_ISREG() antes\") 0fd338b2d2cd (\"exec: mover la comprobaci\u00f3n path_noexec() antes\") En lugar de eliminarse, dichas comprobaciones se WARN_ON, lo que tiene alg\u00fan valor de depuraci\u00f3n. Sin embargo, la comprobaci\u00f3n falsa path_noexec es atrevida, lo que resulta en advertencias injustificadas si alguien se apresura a configurar el indicador noexec. Se puede notar que hay m\u00e1s para comprobar si se permite execve y no se garantiza que ninguna de las condiciones siga siendo v\u00e1lida despu\u00e9s de que se probaron. Adem\u00e1s, esto no valida si la ruta del c\u00f3digo realiz\u00f3 alguna verificaci\u00f3n de permisos para comenzar; pasar\u00e1 si el inodo resulta ser regular. Mantenga la verificaci\u00f3n redundante path_noexec() aunque sea una verificaci\u00f3n sin sentido de garant\u00eda que no se proporciona, as\u00ed que elimine la ADVERTENCIA. Reformule el comentario y haga peque\u00f1as correcciones mientras est\u00e9 aqu\u00ed. [brauner: mantenga la verificaci\u00f3n redundante path_noexec()]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50011.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50011.json index f672e60ea4e..4cccd3c5469 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50011.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50011.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50011", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.613", - "lastModified": "2024-10-21T19:15:04.613", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item\n\nThere is no links_num in struct snd_soc_acpi_mach {}, and we test\n!link->num_adr as a condition to end the loop in hda_sdw_machine_select().\nSo an empty item in struct snd_soc_acpi_link_adr array is required." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: Intel: soc-acpi-intel-rpl-match: agregar elemento vac\u00edo faltante No hay links_num en struct snd_soc_acpi_mach {}, y probamos !link->num_adr como condici\u00f3n para finalizar el bucle en hda_sdw_machine_select(). Por lo tanto, se requiere un elemento vac\u00edo en la matriz struct snd_soc_acpi_link_adr." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50012.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50012.json index 2f5e48f540c..c9c677a5c31 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50012.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50012.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50012", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.683", - "lastModified": "2024-10-21T19:15:04.683", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: evitar un recuento de referencia incorrecto en el nodo de CPU En la funci\u00f3n parse_perf_domain, si la llamada a of_parse_phandle_with_args devuelve un error, la referencia al nodo de dispositivo de CPU que se adquiri\u00f3 al inicio de la funci\u00f3n no se decrementar\u00eda correctamente. Aborde esto declarando la variable con el atributo de limpieza __free(device_node)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50013.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50013.json index c19838d252a..7be437632e2 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50013.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50013.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50013", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.767", - "lastModified": "2024-10-21T19:15:04.767", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, 'bh' will not be released and reassigned, which\nwill cause a memory leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige p\u00e9rdida de memoria en exfat_load_bitmap() Si la primera entrada de directorio en el directorio ra\u00edz no es una entrada de directorio de mapa de bits, 'bh' no se liberar\u00e1 ni se reasignar\u00e1, lo que provocar\u00e1 una p\u00e9rdida de memoria." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50014.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50014.json index cc36356333f..55fbcb65019 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50014.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50014.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50014", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.830", - "lastModified": "2024-10-21T19:15:04.830", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn't initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there's an attempt to lock sbi->s_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it's initialization to an\nearlier point in __ext4_fill_super() fixes this splat." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige el acceso a un bloqueo no inicializado en la ruta de reproducci\u00f3n de fc El siguiente seguimiento del kernel se puede activar con fstest generic/629 cuando se ejecuta contra un sistema de archivos con la funci\u00f3n de confirmaci\u00f3n r\u00e1pida habilitada: INFO: intentando registrar una clave no est\u00e1tica. El c\u00f3digo est\u00e1 bien, pero necesita la anotaci\u00f3n lockdep, o tal vez no inicializ\u00f3 este objeto antes de usarlo. Desactivando el validador de correcci\u00f3n de bloqueo. CPU: 0 PID: 866 Comm: montaje No contaminado 6.10.0+ #11 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 01/04/2014 Seguimiento de llamadas: dump_stack_lvl+0x66/0x90 register_lock_class+0x759/0x7d0 __lock_acquire+0x85/0x2630 ? __find_get_block+0xb4/0x380 lock_acquire+0xd1/0x2d0 ? __ext4_journal_get_write_access+0xd5/0x160 _raw_spin_lock+0x33/0x40 ? ext4_ext_replay_set_iblocks+0x2f8/0x450 ext4_ext_replay_set_iblocks+0x330/0x450 ext4_fc_replay+0x14c8/0x1540 ? jread+0x88/0x2e0 ? rcu_is_watching+0x11/0x40 do_one_pass+0x447/0xd00 jbd2_journal_recover+0x139/0x1b0 jbd2_journal_load+0x96/0x390 ext4_load_and_init_journal+0x253/0xd40 ext4_fill_super+0x2cc6/0x3180 ... En la ruta de reproducci\u00f3n hay un intento de bloquear sbi->s_bdev_wb_lock en la funci\u00f3n ext4_check_bdev_write_error(). Desafortunadamente, en este punto este spinlock a\u00fan no se ha inicializado. Mover su inicializaci\u00f3n a un punto anterior en __ext4_fill_super() corrige este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50015.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50015.json index 486d8cb151d..5bafaeadc5f 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50015.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50015.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50015", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.890", - "lastModified": "2024-10-21T19:15:04.890", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: dax: fix overflowing extents beyond inode size when partially writing\n\nThe dax_iomap_rw() does two things in each iteration: map written blocks\nand copy user data to blocks. If the process is killed by user(See signal\nhandling in dax_iomap_iter()), the copied data will be returned and added\non inode size, which means that the length of written extents may exceed\nthe inode size, then fsck will fail. An example is given as:\n\ndd if=/dev/urandom of=file bs=4M count=1\n dax_iomap_rw\n iomap_iter // round 1\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 0~2M extents(written flag)\n dax_iomap_iter // copy 2M data\n iomap_iter // round 2\n iomap_iter_advance\n iter->pos += iter->processed // iter->pos = 2M\n ext4_iomap_begin\n ext4_iomap_alloc // allocate 2~4M extents(written flag)\n dax_iomap_iter\n fatal_signal_pending\n done = iter->pos - iocb->ki_pos // done = 2M\n ext4_handle_inode_extension\n ext4_update_inode_size // inode size = 2M\n\nfsck reports: Inode 13, i_size is 2097152, should be 4194304. Fix?\n\nFix the problem by truncating extents if the written length is smaller\nthan expected." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: dax: se corrige el desbordamiento de extensiones m\u00e1s all\u00e1 del tama\u00f1o del inodo al escribir parcialmente. Dax_iomap_rw() hace dos cosas en cada iteraci\u00f3n: asigna bloques escritos y copia datos de usuario a bloques. Si el usuario finaliza el proceso (consulte el manejo de se\u00f1ales en dax_iomap_iter()), los datos copiados se devolver\u00e1n y se agregar\u00e1n al tama\u00f1o del inodo, lo que significa que la longitud de las extensiones escritas puede exceder el tama\u00f1o del inodo, entonces fsck fallar\u00e1. Se proporciona un ejemplo como: dd if=/dev/urandom of=file bs=4M count=1 dax_iomap_rw iomap_iter // ronda 1 ext4_iomap_begin ext4_iomap_alloc // asignar 0~2M de extensiones (bandera escrita) dax_iomap_iter // copiar 2M de datos iomap_iter // ronda 2 iomap_iter_advance iter->pos += iter->processed // iter->pos = 2M ext4_iomap_begin ext4_iomap_alloc // asignar 2~4M de extensiones (bandera escrita) dax_iomap_iter fatal_signal_pending hecho = iter->pos - iocb->ki_pos // hecho = 2M ext4_handle_inode_extension ext4_update_inode_size // tama\u00f1o de inodo = 2M fsck informa: Inodo 13, i_size es 2097152, deber\u00eda ser 4194304. \u00bfSoluci\u00f3n? Solucione el problema truncando las extensiones si la longitud escrita es menor a la esperada." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50016.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50016.json index d44491b23b9..517ae6b0fb4 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50016.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50016", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:04.970", - "lastModified": "2024-10-21T19:15:04.970", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow assignment in link_dp_cts\n\nsampling_rate is an uint8_t but is assigned an unsigned int, and thus it\ncan overflow. As a result, sampling_rate is changed to uint32_t.\n\nSimilarly, LINK_QUAL_PATTERN_SET has a size of 2 bits, and it should\nonly be assigned to a value less or equal than 4.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Evitar asignaci\u00f3n de desbordamiento en link_dp_cts sampling_rate es un uint8_t pero se le asigna un int sin signo y, por lo tanto, puede desbordarse. Como resultado, sampling_rate se cambia a uint32_t. De manera similar, LINK_QUAL_PATTERN_SET tiene un tama\u00f1o de 2 bits y solo se debe asignar a un valor menor o igual a 4. Esto soluciona 2 problemas de INTEGER_OVERFLOW informados por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50017.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50017.json index 9911b254da6..b6064273000 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50017.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50017.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50017", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:05.043", - "lastModified": "2024-10-21T19:15:05.043", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/mm/ident_map: Utilizar gbpages solo cuando se deba mapear una p\u00e1gina GB completa. Cuando ident_pud_init() utiliza solo p\u00e1ginas GB para crear mapas de identidad, se pueden incluir en la tabla resultante grandes rangos de direcciones que no se solicitaron realmente; una solicitud de 4K mapear\u00e1 un GB completo. Esto puede incluir una gran cantidad de espacio de direcciones adicional m\u00e1s all\u00e1 del solicitado, incluidas las \u00e1reas marcadas como reservadas por el BIOS. Eso permite la especulaci\u00f3n del procesador en regiones reservadas, que en sistemas UV puede causar paradas del sistema. Utilice solo p\u00e1ginas GB cuando las solicitudes de creaci\u00f3n de mapas incluyan la p\u00e1gina GB completa de espacio. Vuelva a utilizar p\u00e1ginas m\u00e1s peque\u00f1as de 2M cuando solo se incluyan partes de una p\u00e1gina GB en la solicitud. No se intenta fusionar las solicitudes de mapeo. Si una solicitud requiere una entrada de mapa en el nivel 2M (pmd), las solicitudes de mapeo posteriores dentro de la misma regi\u00f3n 1G tambi\u00e9n estar\u00e1n en el nivel pmd, incluso si dichas solicitudes adyacentes o superpuestas podr\u00edan haberse combinado para mapear una p\u00e1gina GB completa. El uso actual comienza con regiones m\u00e1s grandes y luego agrega regiones m\u00e1s peque\u00f1as, por lo que esto no deber\u00eda tener grandes consecuencias." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50018.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50018.json index 9b3ce82b8b5..45b17c6b02d 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50018.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50018.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50018", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T19:15:05.123", - "lastModified": "2024-10-21T19:15:05.123", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:13:25.583", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: napi: Prevent overflow of napi_defer_hard_irqs\n\nIn commit 6f8b12d661d0 (\"net: napi: add hard irqs deferral feature\")\nnapi_defer_irqs was added to net_device and napi_defer_irqs_count was\nadded to napi_struct, both as type int.\n\nThis value never goes below zero, so there is not reason for it to be a\nsigned int. Change the type for both from int to u32, and add an\noverflow check to sysfs to limit the value to S32_MAX.\n\nThe limit of S32_MAX was chosen because the practical limit before this\npatch was S32_MAX (anything larger was an overflow) and thus there are\nno behavioral changes introduced. If the extra bit is needed in the\nfuture, the limit can be raised.\n\nBefore this patch:\n\n$ sudo bash -c 'echo 2147483649 > /sys/class/net/eth4/napi_defer_hard_irqs'\n$ cat /sys/class/net/eth4/napi_defer_hard_irqs\n-2147483647\n\nAfter this patch:\n\n$ sudo bash -c 'echo 2147483649 > /sys/class/net/eth4/napi_defer_hard_irqs'\nbash: line 0: echo: write error: Numerical result out of range\n\nSimilarly, /sys/class/net/XXXXX/tx_queue_len is defined as unsigned:\n\ninclude/linux/netdevice.h: unsigned int tx_queue_len;\n\nAnd has an overflow check:\n\ndev_change_tx_queue_len(..., unsigned long new_len):\n\n if (new_len != (unsigned int)new_len)\n return -ERANGE;" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: napi: Prevenir el desbordamiento de napi_defer_hard_irqs En la confirmaci\u00f3n 6f8b12d661d0 (\"net: napi: agregar caracter\u00edstica de aplazamiento de irqs duras\") se agreg\u00f3 napi_defer_irqs a net_device y napi_defer_irqs_count a napi_struct, ambos como tipo int. Este valor nunca baja de cero, por lo que no hay raz\u00f3n para que sea un int con signo. Cambie el tipo para ambos de int a u32 y agregue una comprobaci\u00f3n de desbordamiento a sysfs para limitar el valor a S32_MAX. El l\u00edmite de S32_MAX se eligi\u00f3 porque el l\u00edmite pr\u00e1ctico antes de este parche era S32_MAX (cualquier valor mayor era un desbordamiento) y, por lo tanto, no se introdujeron cambios de comportamiento. Si se necesita el bit adicional en el futuro, se puede aumentar el l\u00edmite. Antes de este parche: $ sudo bash -c 'echo 2147483649 > /sys/class/net/eth4/napi_defer_hard_irqs' $ cat /sys/class/net/eth4/napi_defer_hard_irqs -2147483647 Despu\u00e9s de este parche: $ sudo bash -c 'echo 2147483649 > /sys/class/net/eth4/napi_defer_hard_irqs' bash: l\u00ednea 0: echo: error de escritura: resultado num\u00e9rico fuera de rango De manera similar, /sys/class/net/XXXXX/tx_queue_len se define como unsigned: include/linux/netdevice.h: unsigned int tx_queue_len; Y tiene una comprobaci\u00f3n de desbordamiento: dev_change_tx_queue_len(..., unsigned long new_len): if (new_len != (unsigned int)new_len) return -ERANGE;" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json index 96c05fb4c21..84b13aeffa3 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50019.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50019", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.510", - "lastModified": "2024-10-21T20:15:15.510", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: unpark only parked kthread\n\nCalling into kthread unparking unconditionally is mostly harmless when\nthe kthread is already unparked. The wake up is then simply ignored\nbecause the target is not in TASK_PARKED state.\n\nHowever if the kthread is per CPU, the wake up is preceded by a call\nto kthread_bind() which expects the task to be inactive and in\nTASK_PARKED state, which obviously isn't the case if it is unparked.\n\nAs a result, calling kthread_stop() on an unparked per-cpu kthread\ntriggers such a warning:\n\n\tWARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525\n\t \n\t kthread_stop+0x17a/0x630 kernel/kthread.c:707\n\t destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810\n\t wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257\n\t netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693\n\t default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769\n\t ops_exit_list net/core/net_namespace.c:178 [inline]\n\t cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640\n\t process_one_work kernel/workqueue.c:3231 [inline]\n\t process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n\t worker_thread+0x86d/0xd70 kernel/workqueue.c:3393\n\t kthread+0x2f0/0x390 kernel/kthread.c:389\n\t ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n\t ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\t \n\nFix this with skipping unecessary unparking while stopping a kthread." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kthread: unpark solo kthread aparcado Llamar a kthread unparking incondicionalmente es mayormente inofensivo cuando el kthread ya est\u00e1 desestacionado. Luego, la activaci\u00f3n simplemente se ignora porque el objetivo no est\u00e1 en estado TASK_PARKED. Sin embargo, si el kthread es por CPU, la activaci\u00f3n est\u00e1 precedida por una llamada a kthread_bind() que espera que la tarea est\u00e9 inactiva y en estado TASK_PARKED, lo que obviamente no es el caso si est\u00e1 desestacionada. Como resultado, llamar a kthread_stop() en un kthread por CPU no estacionado activa esta advertencia: ADVERTENCIA: CPU: 0 PID: 11 en kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525 kthread_stop+0x17a/0x630 kernel/kthread.c:707 destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810 wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257 netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693 default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769 ops_exit_list net/core/net_namespace.c:178 [en l\u00ednea] cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640 process_one_work kernel/workqueue.c:3231 [en l\u00ednea] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Solucione esto omitiendo el desestacionamiento innecesario mientras Detener un kthread." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json index 94ef2c93b3e..e3fbccd1aa3 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50020.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50020", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.573", - "lastModified": "2024-10-21T20:15:15.573", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()\n\nThis patch addresses an issue with improper reference count handling in the\nice_sriov_set_msix_vec_count() function.\n\nFirst, the function calls ice_get_vf_by_id(), which increments the\nreference count of the vf pointer. If the subsequent call to\nice_get_vf_vsi() fails, the function currently returns an error without\ndecrementing the reference count of the vf pointer, leading to a reference\ncount leak. The correct behavior, as implemented in this patch, is to\ndecrement the reference count using ice_put_vf(vf) before returning an\nerror when vsi is NULL.\n\nSecond, the function calls ice_sriov_get_irqs(), which sets\nvf->first_vector_idx. If this call returns a negative value, indicating an\nerror, the function returns an error without decrementing the reference\ncount of the vf pointer, resulting in another reference count leak. The\npatch addresses this by adding a call to ice_put_vf(vf) before returning\nan error when vf->first_vector_idx < 0.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand identifying potential mismanagement of reference counts. In this case,\nthe tool flagged the missing decrement operation as a potential issue,\nleading to this patch." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Se corrige el manejo incorrecto de refcount en ice_sriov_set_msix_vec_count() Este parche soluciona un problema con el manejo incorrecto del recuento de referencias en la funci\u00f3n ice_sriov_set_msix_vec_count(). Primero, la funci\u00f3n llama a ice_get_vf_by_id(), que incrementa el recuento de referencias del puntero vf. Si la llamada posterior a ice_get_vf_vsi() fallo, la funci\u00f3n actualmente devuelve un error sin disminuir el recuento de referencias del puntero vf, lo que lleva a una p\u00e9rdida del recuento de referencias. El comportamiento correcto, como se implement\u00f3 en este parche, es disminuir el recuento de referencias usando ice_put_vf(vf) antes de devolver un error cuando vsi es NULL. En segundo lugar, la funci\u00f3n llama a ice_sriov_get_irqs(), que establece vf->first_vector_idx. Si esta llamada devuelve un valor negativo, lo que indica un error, la funci\u00f3n devuelve un error sin disminuir el recuento de referencia del puntero vf, lo que genera otra p\u00e9rdida de recuento de referencia. El parche soluciona este problema agregando una llamada a ice_put_vf(vf) antes de devolver un error cuando vf->first_vector_idx < 0. Este error fue identificado por una herramienta de an\u00e1lisis est\u00e1tico experimental desarrollada por nuestro equipo. La herramienta se especializa en analizar operaciones de recuento de referencia e identificar posibles errores de administraci\u00f3n de los recuentos de referencia. En este caso, la herramienta marc\u00f3 la operaci\u00f3n de disminuci\u00f3n faltante como un problema potencial, lo que llev\u00f3 a este parche." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json index 4cf7cee83ea..4343706725c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50021.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50021", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.630", - "lastModified": "2024-10-21T20:15:15.630", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi->netdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Se corrige el manejo incorrecto de refcount en ice_dpll_init_rclk_pins() Este parche soluciona un problema de manejo de recuento de referencias en la funci\u00f3n ice_dpll_init_rclk_pins(). La funci\u00f3n llama a ice_dpll_get_pins(), que incrementa el recuento de referencias de los recursos relevantes. Sin embargo, si se cumple la condici\u00f3n WARN_ON((!vsi || !vsi->netdev)), la funci\u00f3n actualmente devuelve un error sin liberar correctamente los recursos adquiridos por ice_dpll_get_pins(), lo que lleva a una p\u00e9rdida de recuento de referencias. Para resolver esto, la comprobaci\u00f3n se ha movido a la parte superior de la funci\u00f3n. Esto garantiza que la funci\u00f3n verifique el estado antes de que se adquieran recursos, lo que evita la necesidad de una gesti\u00f3n de recursos adicional en la ruta de error. Este error fue identificado por una herramienta de an\u00e1lisis est\u00e1tico experimental desarrollada por nuestro equipo. La herramienta se especializa en analizar operaciones de recuento de referencias y detectar posibles problemas donde los recursos no se administran correctamente. En este caso, la herramienta marc\u00f3 la operaci\u00f3n de liberaci\u00f3n faltante como un problema potencial, lo que llev\u00f3 al desarrollo de este parche." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json index 2d93493a838..463e9e21c7f 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50022.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50022", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.690", - "lastModified": "2024-10-21T20:15:15.690", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,\nvmf->address not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt's a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault. Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax's page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure. In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address. It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem,\u00a0 but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory). I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e. 4K/2M/1G)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: device-dax: alineaci\u00f3n correcta de pgoff en dax_set_mapping() pgoff debe alinearse usando ALIGN_DOWN() en lugar de ALIGN(). De lo contrario, vmf->address no alineado con fault_size se alinear\u00e1 con la siguiente alineaci\u00f3n, lo que puede provocar que El fallo de memoria obtenga la direcci\u00f3n incorrecta. Es una situaci\u00f3n sutil que solo se puede observar en page_mapped_in_vma() despu\u00e9s de que dev_dax_huge_fault gestione El fallo de p\u00e1gina. Generalmente, hay pocas posibilidades de realizar page_mapped_in_vma en la p\u00e1gina de dev-dax a menos que se trate de una inyecci\u00f3n de error espec\u00edfica en el dispositivo dax para activar un MCE (fallo de memoria). En ese caso, se activar\u00e1 page_mapped_in_vma() para determinar qu\u00e9 tarea est\u00e1 accediendo a la direcci\u00f3n de fallo y matar esa tarea al final. Usamos un dispositivo dax desarrollado por nosotros mismos (que es un mapeo alineado de 2M) para realizar una inyecci\u00f3n de error en una direcci\u00f3n aleatoria. Result\u00f3 que el error inyectado en una direcci\u00f3n no alineada a 2M estaba causando un MCE interminable hasta que surgi\u00f3 el p\u00e1nico. Debido a que page_mapped_in_vma() segu\u00eda generando una direcci\u00f3n incorrecta y la tarea que acced\u00eda a la direcci\u00f3n fallida nunca se finalizaba correctamente: [3783.719419] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: recuperada [3784.049006] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [3784.049190] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: recuperada [3784.448042] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [3784.448186] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: recuperada [3784.792026] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [3784.792179] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3785.162502] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [3785.162633] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3785.461116] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [3785.461247] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3785.764730] mce: Error de memoria de hardware sin corregir en acceso de usuario en 200c9742380 [3785.764859] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3786.042128] mce: Error de memoria de hardware sin corregir en acceso de usuario en 200c9742380 [3786.042259] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3786.464293] mce: Error de memoria de hardware sin corregir en acceso de usuario en 200c9742380 [3786.464423] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [3786.818090] mce: Error de memoria de hardware sin corregir en acceso de usuario en 200c9742380 [ 3786.818217] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado [ 3787.085297] mce: Error de memoria de hardware sin corregir en el acceso de usuario en 200c9742380 [ 3787.085424] Error de memoria: 0x200c9742: acci\u00f3n de recuperaci\u00f3n para la p\u00e1gina dax: Recuperado Nos llev\u00f3 varias semanas localizar este problema, pero finalmente usamos bpftrace para rastrear El fallo de p\u00e1gina y la direcci\u00f3n mce e identificamos el problema con \u00e9xito. Joao agreg\u00f3: ; Es probable que nunca lo reproduzcamos en producci\u00f3n porque siempre fijamos : las regiones device-dax en la alineaci\u00f3n de regi\u00f3n que proporcionan (Qemu hace : de manera similar con prealloc en la memoria respaldada por hugetlb/archivo). Creo que este error requiere que toquemos regiones del dispositivo DAX *no fijadas* que no est\u00e9n alineadas con la alineaci\u00f3n seleccionada del dispositivo DAX (tama\u00f1o de p\u00e1gina, es decir, 4K/2M/1G)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json index 94d5950aed2..5cd956fa9fc 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50023.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50023", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.763", - "lastModified": "2024-10-21T20:15:15.763", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: Eliminar la entrada LED de la lista de LED al anular el registro El commit c938ab4da0eb (\"net: phy: Eliminar manualmente los LED para garantizar el orden correcto\") corrigi\u00f3 correctamente un problema con el uso de devm_ pero no elimin\u00f3 la entrada LED de la lista de LED. Esto causa p\u00e1nico del kernel en un escenario espec\u00edfico donde el puerto para el PHY se desactiva y activa y se elimina el kmod para el PHY. Al desactivar el puerto la primera vez, los LED asociados se anulan correctamente el registro. El kmod asociado para el PHY ahora se elimina. El kmod ahora se agrega nuevamente y el puerto ahora se activa, los LED asociados se registran nuevamente. Al desactivar el puerto nuevamente por segunda vez despu\u00e9s de estos pasos, la lista de LED ahora tiene 4 elementos. Con los primeros 2 ya anulados previamente y los 2 nuevos registrados nuevamente. Esto causa un p\u00e1nico del kernel ya que los primeros 2 elementos deber\u00edan haberse eliminado. Arregle esto eliminando correctamente el elemento cuando el LED no est\u00e1 registrado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json index 599053d8201..422f0c98e9c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50024.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50024", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.850", - "lastModified": "2024-10-21T20:15:15.850", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix an unsafe loop on the list\n\nThe kernel may crash when deleting a genetlink family if there are still\nlisteners for that family:\n\nOops: Kernel access of bad area, sig: 11 [#1]\n ...\n NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0\n LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0\n Call Trace:\n__netlink_clear_multicast_users+0x74/0xc0\ngenl_unregister_family+0xd4/0x2d0\n\nChange the unsafe loop on the list to a safe one, because inside the\nloop there is an element removal from this list." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: Corrige un bucle inseguro en la lista El kernel puede bloquearse al eliminar una familia genetlink si a\u00fan hay oyentes para esa familia: Oops: Acceso al kernel al \u00e1rea incorrecta, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Rastreo de llamadas: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 Cambia el bucle inseguro en la lista a uno seguro, porque dentro del bucle hay una eliminaci\u00f3n de elementos de esta lista." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json index 1ed66a357a3..f0f89f25036 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50025.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50025", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.930", - "lastModified": "2024-10-21T20:15:15.930", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Move flush_work initialization out of if block\n\nAfter commit 379a58caa199 (\"scsi: fnic: Move fnic_fnic_flush_tx() to a\nwork queue\"), it can happen that a work item is sent to an uninitialized\nwork queue. This may has the effect that the item being queued is never\nactually queued, and any further actions depending on it will not\nproceed.\n\nThe following warning is observed while the fnic driver is loaded:\n\nkernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410\nkernel: \nkernel: queue_work_on+0x3a/0x50\nkernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]\nkernel: __handle_irq_event_percpu+0x36/0x1a0\nkernel: handle_irq_event_percpu+0x30/0x70\nkernel: handle_irq_event+0x34/0x60\nkernel: handle_edge_irq+0x7e/0x1a0\nkernel: __common_interrupt+0x3b/0xb0\nkernel: common_interrupt+0x58/0xa0\nkernel: \n\nIt has been observed that this may break the rediscovery of Fibre\nChannel devices after a temporary fabric failure.\n\nThis patch fixes it by moving the work queue initialization out of\nan if block in fnic_probe()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: fnic: mover la inicializaci\u00f3n de flush_work fuera del bloque if Despu\u00e9s de el commit 379a58caa199 (\"scsi: fnic: mover fnic_fnic_flush_tx() a una cola de trabajo\"), puede suceder que un elemento de trabajo se env\u00ede a una cola de trabajo no inicializada. Esto puede tener el efecto de que el elemento que se est\u00e1 poniendo en cola nunca se ponga en cola y cualquier acci\u00f3n posterior que dependa de \u00e9l no se lleve a cabo. Se observa la siguiente advertencia mientras se carga el controlador fnic: kernel: ADVERTENCIA: CPU: 11 PID: 0 en ../kernel/workqueue.c:1524 __queue_work+0x373/0x410 kernel: kernel: queue_work_on+0x3a/0x50 kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: __handle_irq_event_percpu+0x36/0x1a0 kernel: handle_irq_event_percpu+0x30/0x70 kernel: handle_irq_event+0x34/0x60 kernel: handle_edge_irq+0x7e/0x1a0 kernel: __common_interrupt+0x3b/0xb0 kernel: common_interrupt+0x58/0xa0 kernel: Se ha observado que esto puede interrumpir el redescubrimiento de dispositivos Fibre Channel despu\u00e9s de un fallo temporal de la estructura. Este parche lo soluciona moviendo la inicializaci\u00f3n de la cola de trabajo fuera de un bloque if en fnic_probe()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json index b7c855ddb32..da63592b7f2 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50026.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50026", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:15.993", - "lastModified": "2024-10-21T20:15:15.993", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: wd33c93: Don't use stale scsi_pointer value\n\nA regression was introduced with commit dbb2da557a6a (\"scsi: wd33c93:\nMove the SCSI pointer to private command data\") which results in an oops\nin wd33c93_intr(). That commit added the scsi_pointer variable and\ninitialized it from hostdata->connected. However, during selection,\nhostdata->connected is not yet valid. Fix this by getting the current\nscsi_pointer from hostdata->selecting." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: wd33c93: No usar valor scsi_pointer obsoleto Se introdujo una regresi\u00f3n con el commit dbb2da557a6a (\"scsi: wd33c93: Mover el puntero SCSI a datos de comando privados\") que da como resultado un error en wd33c93_intr(). Esa confirmaci\u00f3n agreg\u00f3 la variable scsi_pointer y la inicializ\u00f3 desde hostdata->connected. Sin embargo, durante la selecci\u00f3n, hostdata->connected a\u00fan no es v\u00e1lido. Solucione esto obteniendo el scsi_pointer actual desde hostdata->selecting." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json index 47fadb2724c..80982186b5e 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50027.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50027", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.093", - "lastModified": "2024-10-21T20:15:16.093", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Free tzp copy along with the thermal zone\n\nThe object pointed to by tz->tzp may still be accessed after being\nfreed in thermal_zone_device_unregister(), so move the freeing of it\nto the point after the removal completion has been completed at which\nit cannot be accessed any more." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: core: copia libre de tzp junto con la zona t\u00e9rmica. A\u00fan se puede acceder al objeto al que apunta tz->tzp despu\u00e9s de liberarlo en thermal_zone_device_unregister(), por lo que debe mover su liberaci\u00f3n al punto despu\u00e9s de que se haya completado la eliminaci\u00f3n en el que ya no se pueda acceder a \u00e9l." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json index 9bcf540b165..a0ad1a4abd0 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50028.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50028", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.163", - "lastModified": "2024-10-21T20:15:16.163", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: core: recuento de referencia de la zona en thermal_zone_get_by_id() Hay lugares en el c\u00f3digo de netlink t\u00e9rmico donde nada impide que el objeto de zona t\u00e9rmica desaparezca mientras se accede a \u00e9l despu\u00e9s de que thermal_zone_get_by_id() lo haya devuelto. Para solucionar esto, haga que thermal_zone_get_by_id() obtenga una referencia en el objeto de dispositivo de zona t\u00e9rmica que se devolver\u00e1 con la ayuda de get_device(), bajo thermal_list_lock, y ajuste todos sus llamadores a este cambio con la ayuda de la infraestructura cleanup.h." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json index 8d9071c6dd2..5bf9cd5217d 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50029.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50029", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.227", - "lastModified": "2024-10-21T20:15:16.227", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci_conn: Fix UAF en hci_enhanced_setup_sync Esto verifica si la conexi\u00f3n ACL sigue siendo v\u00e1lida, ya que podr\u00eda destruirse mientras hci_enhanced_setup_sync est\u00e1 pendiente de cmd_sync, lo que genera el siguiente seguimiento: ERROR: KASAN: slab-use-after-free en hci_enhanced_setup_sync+0x91b/0xa60 Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff888002328ffd por la tarea kworker/u5:2/37 CPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 No contaminado 6.11.0-rc6-01300-g810be445d8d6 #7099 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 01/04/2014 Cola de trabajo: hci0 hci_cmd_sync_work Seguimiento de llamadas: dump_stack_lvl+0x5d/0x80 ? hci_enhanced_setup_sync+0x91b/0xa60 print_report+0x152/0x4c0 ? hci_enhanced_setup_sync+0x91b/0xa60 ? __virt_addr_valid+0x1fa/0x420 ? hci_enhanced_setup_sync+0x91b/0xa60 kasan_report+0xda/0x1b0 ? hci_enhanced_setup_sync+0x91b/0xa60 hci_enhanced_setup_sync+0x91b/0xa60 ? __pfx_hci_enhanced_setup_sync+0x10/0x10 ? __pfx___mutex_lock+0x10/0x10 hci_cmd_sync_work+0x1c2/0x330 process_one_work+0x7d9/0x1360 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_process_one_work+0x10/0x10 ? asignar_trabajo+0x167/0x240 subproceso_trabajador+0x5b7/0xf60 ? __kthread_parkme+0xac/0x1c0 ? __pfx_worker_thread+0x10/0x10 ? __pfx_worker_thread+0x10/0x10 kthread+0x293/0x360 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x70 ? Asignado por la tarea 34: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __hci_conn_add+0x187/0x17d0 hci_connect_sco+0x2e1/0xb90 sco_sock_connect+0x2a2/0xb80 __sys_connect+0x227/0x2a0 __x64_sys_connect+0x6d/0xb0 do_syscall_64+0x71/0x140 entrada_SYSCALL_64_after_hwframe+0x76/0x7e Liberado por la tarea 37: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x101/0x160 kfree+0xd0/0x250 device_release+0x9a/0x210 kobject_put+0x151/0x280 hci_conn_del+0x448/0xbf0 hci_abort_conn_sync+0x46f/0x980 hci_cmd_sync_work+0x1c2/0x330 process_one_work+0x7d9/0x1360 worker_thread+0x5b7/0xf60 kthread+0x293/0x360 ret_de_la_bifurcaci\u00f3n+0x2f/0x70 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json index 1aa8a6e468a..4ee3b97c5cd 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50030.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50030", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.290", - "lastModified": "2024-10-21T20:15:16.290", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/ct: prevent UAF in send_recv()\n\nEnsure we serialize with completion side to prevent UAF with fence going\nout of scope on the stack, since we have no clue if it will fire after\nthe timeout before we can erase from the xa. Also we have some dependent\nloads and stores for which we need the correct ordering, and we lack the\nneeded barriers. Fix this by grabbing the ct->lock after the wait, which\nis also held by the completion side.\n\nv2 (Badal):\n - Also print done after acquiring the lock and seeing timeout.\n\n(cherry picked from commit 52789ce35c55ccd30c4b67b9cc5b2af55e0122ea)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/ct: evitar UAF en send_recv() Asegurarnos de que serializamos con el lado de finalizaci\u00f3n para evitar que UAF con valla salga del \u00e1mbito en la pila, ya que no tenemos ni idea de si se activar\u00e1 despu\u00e9s del tiempo de espera antes de que podamos borrar del xa. Tambi\u00e9n tenemos algunas cargas y almacenamientos dependientes para los que necesitamos el orden correcto, y carecemos de las barreras necesarias. Arregla esto tomando el ct->lock despu\u00e9s de la espera, que tambi\u00e9n est\u00e1 retenido por el lado de finalizaci\u00f3n. v2 (Badal): - Tambi\u00e9n se imprime despu\u00e9s de adquirir el bloqueo y ver el tiempo de espera. (seleccionado de el commit 52789ce35c55ccd30c4b67b9cc5b2af55e0122ea)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json index dd2be7177ca..528eb8c88c5 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50031.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50031", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.350", - "lastModified": "2024-10-21T20:15:16.350", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop the active perfmon before being destroyed\n\nWhen running `kmscube` with one or more performance monitors enabled\nvia `GALLIUM_HUD`, the following kernel panic can occur:\n\n[ 55.008324] Unable to handle kernel paging request at virtual address 00000000052004a4\n[ 55.008368] Mem abort info:\n[ 55.008377] ESR = 0x0000000096000005\n[ 55.008387] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 55.008402] SET = 0, FnV = 0\n[ 55.008412] EA = 0, S1PTW = 0\n[ 55.008421] FSC = 0x05: level 1 translation fault\n[ 55.008434] Data abort info:\n[ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 55.008481] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001046c6000\n[ 55.008497] [00000000052004a4] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 55.008525] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 55.008542] Modules linked in: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper\ngpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb\ndrm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Tainted: G C 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1\n[ 55.008824] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608\n[ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608\n[ 55.008895] sp : ffffffc080673cf0\n[ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28\n[ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148\n[ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38\n[ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000\n[ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90\n[ 55.009715] x14: 0000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0\n[ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9 : ffffffda1bd04d04\n[ 55.011162] x8 : ffffff8102097b80 x7 : 0000000000000000 x6 : 00000000030a5857\n[ 55.011880] x5 : 00ffffffffffffff x4 : 0300000005200470 x3 : 0300000005200470\n[ 55.012598] x2 : ffffff8101238000 x1 : 0000000000000021 x0 : 0300000005200470\n[ 55.013292] Call trace:\n[ 55.013959] __mutex_lock.constprop.0+0x90/0x608\n[ 55.014646] __mutex_lock_slowpath+0x1c/0x30\n[ 55.015317] mutex_lock+0x50/0x68\n[ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d]\n[ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d]\n[ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched]\n[ 55.017921] kthread+0x11c/0x128\n[ 55.018554] ret_from_fork+0x10/0x20\n[ 55.019168] Code: f9400260 f1001c1f 54001ea9 927df000 (b9403401)\n[ 55.019776] ---[ end trace 0000000000000000 ]---\n[ 55.020411] note: v3d_bin[166] exited with preempt_count 1\n\nThis issue arises because, upon closing the file descriptor (which happens\nwhen we interrupt `kmscube`), the active performance monitor is not\nstopped. Although all perfmons are destroyed in `v3d_perfmon_close_file()`,\nthe active performance monitor's pointer (`v3d->active_perfmon`) is still\nretained.\n\nIf `kmscube` is run again, the driver will attempt to stop the active\nperformance monitor using the stale pointer in `v3d->active_perfmon`.\nHowever, this pointer is no longer valid because the previous process has\nalready terminated, and all performance monitors associated with it have\nbeen destroyed and freed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: Detener el perfmon activo antes de ser destruido Al ejecutar `kmscube` con uno o m\u00e1s monitores de rendimiento habilitados a trav\u00e9s de `GALLIUM_HUD`, puede ocurrir el siguiente p\u00e1nico del kernel: [ 55.008324] No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 00000000052004a4 [ 55.008368] Informaci\u00f3n de aborto de memoria: [ 55.008377] ESR = 0x0000000096000005 [ 55.008387] EC = 0x25: DABT (EL actual), IL = 32 bits [ 55.008402] SET = 0, FnV = 0 [ 55.008412] EA = 0, S1PTW = 0 [ 55.008421] FSC = 0x05: error de traducci\u00f3n de nivel 1 [ 55.008434] Informaci\u00f3n de interrupci\u00f3n de datos: [ 55.008442] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 55.008455] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 55.008467] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 55.008481] pgtable de usuario: p\u00e1ginas de 4k, VA de 39 bits, pgdp=00000001046c6000 [ 55.008497] [000000000052004a4] pgd=0000000000000000, p4d=00000000000000000, pud=0000000000000000 [ 55.008525] Error interno: Oops: 0000000096000005 [#1] PREEMPT SMP [ 55.008542] M\u00f3dulos vinculados en: rfcomm [...] vc4 v3d snd_soc_hdmi_codec drm_display_helper gpu_sched drm_shmem_helper cec drm_dma_helper drm_kms_helper i2c_brcmstb drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight [ 55.008799] CPU: 2 PID: 166 Comm: v3d_bin Contaminado: GC 6.6.47+rpt-rpi-v8 #1 Debian 1:6.6.47-1+rpt1 [ 55.008824] Nombre del hardware: Raspberry Pi 4 Modelo B Rev 1.5 (DT) [ 55.008838] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 55.008855] pc : __mutex_lock.constprop.0+0x90/0x608 [ 55.008879] lr : __mutex_lock.constprop.0+0x58/0x608 [ 55.008895] sp : ffffffc080673cf0 [ 55.008904] x29: ffffffc080673cf0 x28: 0000000000000000 x27: ffffff8106188a28 [ 55.008926] x26: ffffff8101e78040 x25: ffffff8101baa6c0 x24: ffffffd9d989f148 [ 55.008947] x23: ffffffda1c2a4008 x22: 0000000000000002 x21: ffffffc080673d38 [ 55.008968] x20: ffffff8101238000 x19: ffffff8104f83188 x18: 0000000000000000 [ 55.008988] x17: 0000000000000000 x16: ffffffda1bd04d18 x15: 00000055bb08bc90 [ 55.009715] x14: 000000000000000 x13: 0000000000000000 x12: ffffffda1bd4cbb0 [ 55.010433] x11: 00000000fa83b2da x10: 0000000000001a40 x9: ffffffda1bd04d04 [55.011162] x8: ffffff8102097b80 x7: 0000000000000000 x6: 00000000030a5857 [55.011880] x5: 00ffffffffffffff x4: 0300000005200470 x3: 0300000005200470 [55.012598] x2: ffffff8101238000 x1: 0000000000000021 x0 : 0300000005200470 [ 55.013292] Rastreo de llamadas: [ 55.013959] __mutex_lock.constprop.0+0x90/0x608 [ 55.014646] __mutex_lock_slowpath+0x1c/0x30 [ 55.015317] mutex_lock+0x50/0x68 [ 55.015961] v3d_perfmon_stop+0x40/0xe0 [v3d] [ 55.016627] v3d_bin_job_run+0x10c/0x2d8 [v3d] [ 55.017282] drm_sched_main+0x178/0x3f8 [gpu_sched] [ 55.017921] kthread+0x11c/0x128 [ 55.018554] ret_from_fork+0x10/0x20 [ 55.019168] C\u00f3digo: f9400260 f1001c1f 54001ea9 927df000 (b9403401) [ 55.019776] ---[ fin del seguimiento 000000000000000 ]--- [ 55.020411] nota: v3d_bin[166] sali\u00f3 con preempt_count 1 Este problema surge porque, al cerrar el descriptor de archivo (lo que sucede cuando interrumpimos `kmscube`), el monitor de rendimiento activo no se detiene. Aunque todos los monitores de rendimiento se destruyen en `v3d_perfmon_close_file()`, el puntero del monitor de rendimiento activo (`v3d->active_perfmon`) a\u00fan se conserva. Si se ejecuta de nuevo `kmscube`, el controlador intentar\u00e1 detener el monitor de rendimiento activo utilizando el puntero obsoleto en `v3d->active_perfmon`. Sin embargo, este puntero ya no es v\u00e1lido porque el proceso anterior ya ha finalizado y todos los monitores de rendimiento asociados con \u00e9l se han destruido y liberado. Para solucionar esto, cuando el monitor de rendimiento activo pertenece a un proceso determinado, det\u00e9ngalo expl\u00edcitamente antes de destruirlo y liberarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json index 45a98a37007..de2e9b0bb6a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50032.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50032", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.417", - "lastModified": "2024-10-21T20:15:16.417", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix rcuog wake-up from offline softirq\n\nAfter a CPU has set itself offline and before it eventually calls\nrcutree_report_cpu_dead(), there are still opportunities for callbacks\nto be enqueued, for example from a softirq. When that happens on NOCB,\nthe rcuog wake-up is deferred through an IPI to an online CPU in order\nnot to call into the scheduler and risk arming the RT-bandwidth after\nhrtimers have been migrated out and disabled.\n\nBut performing a synchronized IPI from a softirq is buggy as reported in\nthe following scenario:\n\n WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single\n Modules linked in: rcutorture torture\n CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f93209d1 #1\n Stopper: multi_cpu_stop+0x0/0x320 <- __stop_cpus+0xd0/0x120\n RIP: 0010:smp_call_function_single\n \n swake_up_one_online\n __call_rcu_nocb_wake\n __call_rcu_common\n ? rcu_torture_one_read\n call_timer_fn\n __run_timers\n run_timer_softirq\n handle_softirqs\n irq_exit_rcu\n ? tick_handle_periodic\n sysvec_apic_timer_interrupt\n \n\nFix this with forcing deferred rcuog wake up through the NOCB timer when\nthe CPU is offline. The actual wake up will happen from\nrcutree_report_cpu_dead()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu/nocb: Se ha corregido la activaci\u00f3n de rcuog desde un softirq sin conexi\u00f3n. Despu\u00e9s de que una CPU se haya desconectado y antes de que finalmente llame a rcutree_report_cpu_dead(), a\u00fan hay oportunidades para que se pongan en cola devoluciones de llamadas, por ejemplo, desde un softirq. Cuando eso sucede en NOCB, la activaci\u00f3n de rcuog se pospone a trav\u00e9s de una IPI a una CPU en l\u00ednea para no llamar al programador y correr el riesgo de armar el ancho de banda RT despu\u00e9s de que los temporizadores hr se hayan migrado y deshabilitado. Pero realizar una IPI sincronizada desde un softirq tiene errores, como se informa en el siguiente escenario: ADVERTENCIA: CPU: 1 PID: 26 en kernel/smp.c:633 smp_call_function_single M\u00f3dulos vinculados en: rcutorture torture CPU: 1 UID: 0 PID: 26 Comm: immigration/1 No contaminado 6.11.0-rc1-00012-g9139f93209d1 #1 Detenedor: multi_cpu_stop+0x0/0x320 <- __stop_cpus+0xd0/0x120 RIP: 0010:smp_call_function_single swake_up_one_online __call_rcu_nocb_wake __call_rcu_common ? rcu_torture_one_read call_timer_fn __run_timers run_timer_softirq handle_softirqs irq_exit_rcu ? tick_handle_periodic sysvec_apic_timer_interrupt Solucione esto forzando la activaci\u00f3n diferida de rcuog a trav\u00e9s del temporizador NOCB cuando la CPU est\u00e9 fuera de l\u00ednea. La activaci\u00f3n real se realizar\u00e1 desde rcutree_report_cpu_dead()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json index 4bb39c04bff..a5d9df00683 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50033.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50033", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.477", - "lastModified": "2024-10-21T20:15:16.477", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslip: make slhc_remember() more robust against malicious packets\n\nsyzbot found that slhc_remember() was missing checks against\nmalicious packets [1].\n\nslhc_remember() only checked the size of the packet was at least 20,\nwhich is not good enough.\n\nWe need to make sure the packet includes the IPv4 and TCP header\nthat are supposed to be carried.\n\nAdd iph and th pointers to make the code more readable.\n\n[1]\n\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: slip: hacer que slhc_remember() sea m\u00e1s robusto contra paquetes maliciosos syzbot descubri\u00f3 que slhc_remember() no realizaba comprobaciones contra paquetes maliciosos [1]. slhc_remember() solo comprobaba que el tama\u00f1o del paquete fuera al menos 20, lo que no es suficiente. Necesitamos asegurarnos de que el paquete incluya los encabezados IPv4 y TCP que se supone que deben transportarse. Agregue punteros iph y th para que el c\u00f3digo sea m\u00e1s legible. [1] ERROR: KMSAN: valor no inicializado en slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455 ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [en l\u00ednea] ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212 ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [en l\u00ednea] __se_sys_sendmmsg net/socket.c:2768 [en l\u00ednea] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:4091 [en l\u00ednea] slab_alloc_node mm/slub.c:4134 [en l\u00ednea] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [en l\u00ednea] sock_wmalloc+0xfe/0x1a0 red/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec red/socket.c:729 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 red/socket.c:744 ____sys_sendmsg+0x903/0xb60 red/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 red/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 red/socket.c:2742 __do_sys_sendmmsg red/socket.c:2771 [en l\u00ednea] __se_sys_sendmmsg net/socket.c:2768 [en l\u00ednea] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 No contaminado 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json index 3a10c0b1468..675ae43e46a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50034.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50034", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.553", - "lastModified": "2024-10-21T20:15:16.553", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\n\nEric report a panic on IPPROTO_SMC, and give the facts\nthat when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too.\n\nBug: Unable to handle kernel NULL pointer dereference at virtual address\n0000000000000000\nMem abort info:\nESR = 0x0000000086000005\nEC = 0x21: IABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\npud=0000000000000000\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\n6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 08/06/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : 0x0\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\nsp : ffff80009b887a90\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\nCall trace:\n0x0\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\n__sock_create+0x4c8/0x884 net/socket.c:1587\nsock_create net/socket.c:1622 [inline]\n__sys_socket_create net/socket.c:1659 [inline]\n__sys_socket+0x134/0x340 net/socket.c:1706\n__do_sys_socket net/socket.c:1720 [inline]\n__se_sys_socket net/socket.c:1718 [inline]\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: ???????? ???????? ???????? ???????? (????????)\n---[ end trace 0000000000000000 ]---\n\nThis patch add a toy implementation that performs a simple return to\nprevent such panic. This is because MSS can be set in sock_create_kern\nor smc_setsockopt, similar to how it's done in AF_SMC. However, for\nAF_SMC, there is currently no way to synchronize MSS within\n__sys_connect_file. This toy implementation lays the groundwork for us\nto support such feature for IPPROTO_SMC in the future." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la falta de icsk_syn_mss con IPPROTO_SMC Eric informa un p\u00e1nico en IPPROTO_SMC y proporciona los hechos de que cuando se configura INET_PROTOSW_ICSK, tambi\u00e9n se debe configurar icsk->icsk_sync_mss. Error: No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000000 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000086000005 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: error de traducci\u00f3n de nivel 1 usuario pgtable: 4k p\u00e1ginas, VA de 48 bits, pgdp=00000001195d1000 [000000000000000] pgd=0800000109c46003, p4d=0800000109c46003, pud=000000000000000 Error interno: Oops: 0000000086000005 [#1] M\u00f3dulos PREEMPT SMP vinculados en: CPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 No contaminado 6.11.0-rc7-syzkaller-g5f5673607153 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910 sp : ffff80009b887a90 x29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000 x26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00 x23: 0000000 x22: ffff0000d8b78518 x21: 0000000000000000 x20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee x17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001 x14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003 x11: 0000000000040000 x10: 00000000000020a3 x9: 1fffe0001b16f0f1 x8: 0000000000000000 x7: 0000000000000000 x6: 000000000000003f x5: 0000000000000040 x4 : 00000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000 Rastreo de llamadas: 0x0 netlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000 smack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593 smack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973 security_socket_post_create+0x94/0xd4 seguridad/seguridad.c:4425 __sock_create+0x4c8/0x884 red/socket.c:1587 sock_create red/socket.c:1622 [en l\u00ednea] __sys_socket_create red/socket.c:1659 [en l\u00ednea] __sys_socket+0x134/0x340 red/socket.c:1706 __do_sys_socket red/socket.c:1720 [en l\u00ednea] __se_sys_socket red/socket.c:1718 [en l\u00ednea] __arm64_sys_socket+0x7c/0x94 red/socket.c:1718 __invoke_syscall arch/arm64/kernel/syscall.c:35 [en l\u00ednea] invocar_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 C\u00f3digo: ???????? ???????? ???????? ???????? (????????) ---[ fin del seguimiento 0000000000000000 ]--- Este parche agrega una implementaci\u00f3n de juguete que realiza un retorno simple para evitar tal p\u00e1nico. Esto se debe a que MSS se puede configurar en sock_create_kern o smc_setsockopt, de manera similar a como se hace en AF_SMC. Sin embargo, para AF_SMC, actualmente no hay forma de sincronizar MSS dentro de __sys_connect_file. Esta implementaci\u00f3n de juguete sienta las bases para que admitamos dicha funci\u00f3n para IPPROTO_SMC en el futuro." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json index ebc28eebf4f..a39f7957444 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50035.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50035", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.640", - "lastModified": "2024-10-21T20:15:16.640", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix ppp_async_encode() illegal access\n\nsyzbot reported an issue in ppp_async_encode() [1]\n\nIn this case, pppoe_sendmsg() is called with a zero size.\nThen ppp_async_encode() is called with an empty skb.\n\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\n __release_sock+0x1da/0x330 net/core/sock.c:3072\n release_sock+0x6b/0x250 net/core/sock.c:3626\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4092 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1322 [inline]\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\n __do_sys_sendmmsg net/socket.c:2771 [inline]\n __se_sys_sendmmsg net/socket.c:2768 [inline]\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppp: se corrige el acceso ilegal a ppp_async_encode() syzbot inform\u00f3 un problema en ppp_async_encode() [1] En este caso, se llama a pppoe_sendmsg() con un tama\u00f1o cero. Luego, se llama a ppp_async_encode() con un skb vac\u00edo. ERROR: KMSAN: valor no inicializado en ppp_async_encode drivers/net/ppp/ppp_async.c:545 [en l\u00ednea] ERROR: KMSAN: valor no inicializado en ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_encode drivers/net/ppp/ppp_async.c:545 [en l\u00ednea] ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [en l\u00ednea] ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 __release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 red/socket.c:744 ____sys_sendmsg+0x903/0xb60 red/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 red/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 red/socket.c:2742 __do_sys_sendmmsg red/socket.c:2771 [en l\u00ednea] __se_sys_sendmmsg red/socket.c:2768 [en l\u00ednea] __x64_sys_sendmmsg+0xbc/0x120 red/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:4092 [en l\u00ednea] slab_alloc_node mm/slub.c:4135 [en l\u00ednea] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 red/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [en l\u00ednea] sock_wmalloc+0xfe/0x1a0 red/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec red/socket.c:729 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 red/socket.c:744 ____sys_sendmsg+0x903/0xb60 red/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 red/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 red/socket.c:2742 __do_sys_sendmmsg red/socket.c:2771 [en l\u00ednea] __se_sys_sendmmsg red/socket.c:2768 [en l\u00ednea] __x64_sys_sendmmsg+0xbc/0x120 red/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 No contaminado 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json index fe2eff46598..5bb26da1567 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50036.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50036", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.717", - "lastModified": "2024-10-21T20:15:16.717", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: no retrasar dst_entries_add() en dst_release() dst_entries_add() usa datos por CPU que podr\u00edan liberarse en el desmantelamiento de netns de ip6_route_net_exit() llamando a dst_entries_destroy() Antes de que se pueda llamar a ip6_route_net_exit(), liberamos todos los dst asociados con este netns, a trav\u00e9s de llamadas a dst_release(), que espera un per\u00edodo de gracia de rcu antes de llamar a dst_destroy() El uso de dst_entries_add() en dst_destroy() es arriesgado, porque dst_entries_destroy() ya podr\u00eda haberse llamado. La disminuci\u00f3n del n\u00famero de dst debe ocurrir antes. Notas: 1) en el caso de CONFIG_XFRM, dst_destroy() puede llamar a dst_release_immediate(child), lo que tambi\u00e9n podr\u00eda causar UAF si el hijo no tiene DST_NOCOUNT configurado. Los encargados del mantenimiento de IPSEC podr\u00edan echar un vistazo y ver c\u00f3mo solucionar esto. 2) Tambi\u00e9n se est\u00e1 discutiendo sobre la eliminaci\u00f3n de este recuento de dst, lo que podr\u00eda suceder en kernels futuros." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json index aff62c6e793..c6c835f7edd 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50037.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50037", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.790", - "lastModified": "2024-10-21T20:15:16.790", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Only cleanup deferred I/O if necessary\n\nCommit 5a498d4d06d6 (\"drm/fbdev-dma: Only install deferred I/O if\nnecessary\") initializes deferred I/O only if it is used.\ndrm_fbdev_dma_fb_destroy() however calls fb_deferred_io_cleanup()\nunconditionally with struct fb_info.fbdefio == NULL. KASAN with the\nout-of-tree Apple silicon display driver posts following warning from\n__flush_work() of a random struct work_struct instead of the expected\nNULL pointer derefs.\n\n[ 22.053799] ------------[ cut here ]------------\n[ 22.054832] WARNING: CPU: 2 PID: 1 at kernel/workqueue.c:4177 __flush_work+0x4d8/0x580\n[ 22.056597] Modules linked in: uhid bnep uinput nls_ascii ip6_tables ip_tables i2c_dev loop fuse dm_multipath nfnetlink zram hid_magicmouse btrfs xor xor_neon brcmfmac_wcc raid6_pq hci_bcm4377 bluetooth brcmfmac hid_apple brcmutil nvmem_spmi_mfd simple_mfd_spmi dockchannel_hid cfg80211 joydev regmap_spmi nvme_apple ecdh_generic ecc macsmc_hid rfkill dwc3 appledrm snd_soc_macaudio macsmc_power nvme_core apple_isp phy_apple_atc apple_sart apple_rtkit_helper apple_dockchannel tps6598x macsmc_hwmon snd_soc_cs42l84 videobuf2_v4l2 spmi_apple_controller nvmem_apple_efuses videobuf2_dma_sg apple_z2 videobuf2_memops spi_nor panel_summit videobuf2_common asahi videodev pwm_apple apple_dcp snd_soc_apple_mca apple_admac spi_apple clk_apple_nco i2c_pasemi_platform snd_pcm_dmaengine mc i2c_pasemi_core mux_core ofpart adpdrm drm_dma_helper apple_dart apple_soc_cpufreq leds_pwm phram\n[ 22.073768] CPU: 2 UID: 0 PID: 1 Comm: systemd-shutdow Not tainted 6.11.2-asahi+ #asahi-dev\n[ 22.075612] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[ 22.077032] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 22.078567] pc : __flush_work+0x4d8/0x580\n[ 22.079471] lr : __flush_work+0x54/0x580\n[ 22.080345] sp : ffffc000836ef820\n[ 22.081089] x29: ffffc000836ef880 x28: 0000000000000000 x27: ffff80002ddb7128\n[ 22.082678] x26: dfffc00000000000 x25: 1ffff000096f0c57 x24: ffffc00082d3e358\n[ 22.084263] x23: ffff80004b7862b8 x22: dfffc00000000000 x21: ffff80005aa1d470\n[ 22.085855] x20: ffff80004b786000 x19: ffff80004b7862a0 x18: 0000000000000000\n[ 22.087439] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000005\n[ 22.089030] x14: 1ffff800106ddf0a x13: 0000000000000000 x12: 0000000000000000\n[ 22.090618] x11: ffffb800106ddf0f x10: dfffc00000000000 x9 : 1ffff800106ddf0e\n[ 22.092206] x8 : 0000000000000000 x7 : aaaaaaaaaaaaaaaa x6 : 0000000000000001\n[ 22.093790] x5 : ffffc000836ef728 x4 : 0000000000000000 x3 : 0000000000000020\n[ 22.095368] x2 : 0000000000000008 x1 : 00000000000000aa x0 : 0000000000000000\n[ 22.096955] Call trace:\n[ 22.097505] __flush_work+0x4d8/0x580\n[ 22.098330] flush_delayed_work+0x80/0xb8\n[ 22.099231] fb_deferred_io_cleanup+0x3c/0x130\n[ 22.100217] drm_fbdev_dma_fb_destroy+0x6c/0xe0 [drm_dma_helper]\n[ 22.101559] unregister_framebuffer+0x210/0x2f0\n[ 22.102575] drm_fb_helper_unregister_info+0x48/0x60\n[ 22.103683] drm_fbdev_dma_client_unregister+0x4c/0x80 [drm_dma_helper]\n[ 22.105147] drm_client_dev_unregister+0x1cc/0x230\n[ 22.106217] drm_dev_unregister+0x58/0x570\n[ 22.107125] apple_drm_unbind+0x50/0x98 [appledrm]\n[ 22.108199] component_del+0x1f8/0x3a8\n[ 22.109042] dcp_platform_shutdown+0x24/0x38 [apple_dcp]\n[ 22.110357] platform_shutdown+0x70/0x90\n[ 22.111219] device_shutdown+0x368/0x4d8\n[ 22.112095] kernel_restart+0x6c/0x1d0\n[ 22.112946] __arm64_sys_reboot+0x1c8/0x328\n[ 22.113868] invoke_syscall+0x78/0x1a8\n[ 22.114703] do_el0_svc+0x124/0x1a0\n[ 22.115498] el0_svc+0x3c/0xe0\n[ 22.116181] el0t_64_sync_handler+0x70/0xc0\n[ 22.117110] el0t_64_sync+0x190/0x198\n[ 22.117931] ---[ end trace 0000000000000000 ]---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/fbdev-dma: Solo limpiar la E/S diferida si es necesario el commit 5a498d4d06d6 (\"drm/fbdev-dma: Solo instalar la E/S diferida si es necesario\") inicializa la E/S diferida solo si se usa. Sin embargo, drm_fbdev_dma_fb_destroy() llama a fb_deferred_io_cleanup() incondicionalmente con struct fb_info.fbdefio == NULL. KASAN con el controlador de pantalla de silicio de Apple fuera del \u00e1rbol publica la siguiente advertencia de __flush_work() de una estructura aleatoria work_struct en lugar de las derefs de puntero NULL esperadas. [ 22.053799] ------------[ cortar aqu\u00ed ]------------ [ 22.054832] ADVERTENCIA: CPU: 2 PID: 1 en kernel/workqueue.c:4177 __flush_work+0x4d8/0x580 [ 22.056597] M\u00f3dulos vinculados en: uhid bnep uinput nls_ascii ip6_tables ip_tables i2c_dev loop fuse dm_multipath nfnetlink zram hid_magicmouse btrfs xor xor_neon brcmfmac_wcc raid6_pq hci_bcm4377 bluetooth brcmfmac hid_apple brcmutil nvmem_spmi_mfd simple_mfd_spmi dockchannel_hid cfg80211 joydev regmap_spmi nvme_apple ecdh_generic ecc macsmc_hid rfkill dwc3 appledrm snd_soc_macaudio macsmc_power nvme_core apple_isp phy_apple_atc apple_sart apple_rtkit_helper apple_dockchannel tps6598x macsmc_hwmon snd_soc_cs42l84 videobuf2_v4l2 spmi_apple_controller nvmem_apple_efuses videobuf2_dma_sg apple_z2 videobuf2_memops spi_nor panel_summit videobuf2_common asahi videodev pwm_apple apple_dcp snd_soc_apple_mca apple_admac spi_apple clk_apple_nco i2c_pasemi_platform snd_pcm_dmaengine mc i2c_pasemi_core mux_core ofpart adpdrm drm_dma_helper apple_dart apple_soc_cpufreq leds_pwm phram [ 22.073768] CPU: 2 UID: 0 PID: 1 Comm: systemd-shutdow No contaminado 6.11.2-asahi+ #asahi-dev [ 22.075612] Nombre del hardware: Apple MacBook Pro (13 pulgadas, M2, 2022) (DT) [ 22.077032] pstate: 01400005 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 22.078567] pc : __flush_work+0x4d8/0x580 [ 22.079471] lr : __flush_work+0x54/0x580 [ [22.080345] sp: ffffc000836ef820 [22.081089] x29: ffffc000836ef880 x28: 0000000000000000 x27: ffff80002ddb7128 [22.082678] x26: dfffc0000000000 x25: 1ffff000096f0c57 x24: ffffc00082d3e358 [22.084263] x23: ffff80004b7862b8 x22: dfffc0000000000 x21: ffff80005aa1d470 [22.085855] x20: ffff80004b786000 x19: ffff80004b7862a0 x18: 0000000000000000 [ 22.087439] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000005 [ 22.089030] x14: 1ffff800106ddf0a x13: 0000000000000000 x12: 0000000000000000 [ 22.090618] x11: ffffb800106ddf0f x10: dfffc00000000000 x9: 1ffff800106ddf0e [22.092206] x8: 0000000000000000 x7: aaaaaaaaaaaaaaaa x6: 0000000000000001 [22.093790] x5: 00836ef728 x4: 0000000000000000 x3: 0000000000000020 [22.095368] x2: 00000000000000008 x1: 00000000000000aa x0: 00000000000000000 [ 22.096955] Rastreo de llamadas: [ 22.097505] __flush_work+0x4d8/0x580 [ 22.098330] flush_delayed_work+0x80/0xb8 [ 22.099231] fb_deferred_io_cleanup+0x3c/0x130 [ 22.100217] drm_fbdev_dma_fb_destroy+0x6c/0xe0 [drm_dma_helper] [ 22.101559] anular registro de b\u00fafer de fotogramas+0x210/0x2f0 [ 22.102575] drm_fb_helper_anular registro de informaci\u00f3n+0x48/0x60 [ 22.103683] drm_fbdev_dma_client_unregister+0x4c/0x80 [drm_dma_helper] [ 22.105147] drm_client_dev_unregister+0x1cc/0x230 [ 22.106217] drm_dev_unregister+0x58/0x570 [ 22.107125] apple_drm_unbind+0x50/0x98 [appledrm] [ 22.108199] component_del+0x1f8/0x3a8 [ 22.109042] dcp_platform_shutdown+0x24/0x38 [apple_dcp] [ 22.110357] platform_shutdown+0x70/0x90 [ 22.111219] apagado_dispositivo+0x368/0x4d8 [ 22.112095] reinicio_kernel+0x6c/0x1d0 [ 22.112946] reinicio_del_sistema_arm64+0x1c8/0x328 [ 22.113868] invocar_llamada_al_sistema+0x78/0x1a8 [ 22.114703] hacer_el0_svc+0x124/0x1a0 [ 22.115498] el0_svc+0x3c/0xe0 [ 22.116181] controlador_sincronizaci\u00f3n_el0t_64+0x70/0xc0 [ 22.117110] el0t_64_sync+0x190/0x198 [ 22.117931] ---[ fin de seguimiento 0000000000000000 ]---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json index 8b5df5d9743..b8eb3a1c563 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50038.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50038", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.877", - "lastModified": "2024-10-21T20:15:16.877", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: xtables: evita NFPROTO_UNSPEC donde sea necesario syzbot logr\u00f3 llamar a xt_cluster match a trav\u00e9s de ebtables: ADVERTENCIA: CPU: 0 PID: 11 en net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780 [..] ebt_do_table+0x174b/0x2a40 El m\u00f3dulo se registra en NFPROTO_UNSPEC, pero asume el procesamiento de paquetes ipv4/ipv6. Como esto solo es \u00fatil para restringir el tr\u00e1fico TCP/UDP que termina localmente, reg\u00edstrelo solo para la familia ipv4 e ipv6. Pablo se\u00f1ala que este es un problema general, los usuarios directos de la interfaz set/getsockopt pueden llamar a destinos/coincidencias que solo estaban destinados a usarse con tablas ip(6). Compruebe todas las coincidencias y objetivos UNSPEC para ver si hay problemas similares: - las coincidencias y los objetivos est\u00e1n bien excepto si asumen que skb_network_header() es v\u00e1lido - esto solo es cierto cuando se llama desde la capa inet: la pila ip(6) extrae el encabezado ip/ipv6 en el \u00e1rea de datos lineales. - los objetivos que devuelven XT_CONTINUE u otros veredictos de xtables tambi\u00e9n deben restringirse, son incompatibles con el traverser de ebtables, por ejemplo, EBT_CONTINUE es un valor completamente diferente de XT_CONTINUE. La mayor\u00eda de las coincidencias/objetivos se cambian para registrarse para NFPROTO_IPV4/IPV6, ya que se proporcionan para su uso por ip(6)tables. El objetivo MARK tambi\u00e9n lo usan arptables, as\u00ed que reg\u00edstrese tambi\u00e9n para NFPROTO_ARP. Mientras tanto, abandone si connbytes no puede habilitar la familia conntrack correspondiente. Este cambio pasa las autopruebas en iptables.git." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json index 1705d2fe65a..54ff2111ecb 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50039.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50039", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:16.957", - "lastModified": "2024-10-21T20:15:16.957", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: accept TCA_STAB only for root qdisc\n\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb)\non the assumption it is invariant between the enqueue()\nand dequeue() handlers.\n\nUnfortunately syzbot can crash a host rather easily using\na TBF + SFQ combination, with an STAB on SFQ [1]\n\nWe can't support TCA_STAB on arbitrary level, this would\nrequire to maintain per-qdisc storage.\n\n[1]\n[ 88.796496] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 88.798611] #PF: supervisor read access in kernel mode\n[ 88.799014] #PF: error_code(0x0000) - not-present page\n[ 88.799506] PGD 0 P4D 0\n[ 88.799829] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 88.800569] CPU: 14 UID: 0 PID: 2053 Comm: b371744477 Not tainted 6.12.0-rc1-virtme #1117\n[ 88.801107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 88.801779] RIP: 0010:sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq\n[ 88.802544] Code: 0f b7 50 12 48 8d 04 d5 00 00 00 00 48 89 d6 48 29 d0 48 8b 91 c0 01 00 00 48 c1 e0 03 48 01 c2 66 83 7a 1a 00 7e c0 48 8b 3a <4c> 8b 07 4c 89 02 49 89 50 08 48 c7 47 08 00 00 00 00 48 c7 07 00\nAll code\n========\n 0:\t0f b7 50 12 \tmovzwl 0x12(%rax),%edx\n 4:\t48 8d 04 d5 00 00 00 \tlea 0x0(,%rdx,8),%rax\n b:\t00\n c:\t48 89 d6 \tmov %rdx,%rsi\n f:\t48 29 d0 \tsub %rdx,%rax\n 12:\t48 8b 91 c0 01 00 00 \tmov 0x1c0(%rcx),%rdx\n 19:\t48 c1 e0 03 \tshl $0x3,%rax\n 1d:\t48 01 c2 \tadd %rax,%rdx\n 20:\t66 83 7a 1a 00 \tcmpw $0x0,0x1a(%rdx)\n 25:\t7e c0 \tjle 0xffffffffffffffe7\n 27:\t48 8b 3a \tmov (%rdx),%rdi\n 2a:*\t4c 8b 07 \tmov (%rdi),%r8\t\t<-- trapping instruction\n 2d:\t4c 89 02 \tmov %r8,(%rdx)\n 30:\t49 89 50 08 \tmov %rdx,0x8(%r8)\n 34:\t48 c7 47 08 00 00 00 \tmovq $0x0,0x8(%rdi)\n 3b:\t00\n 3c:\t48 \trex.W\n 3d:\tc7 \t.byte 0xc7\n 3e:\t07 \t(bad)\n\t...\n\nCode starting with the faulting instruction\n===========================================\n 0:\t4c 8b 07 \tmov (%rdi),%r8\n 3:\t4c 89 02 \tmov %r8,(%rdx)\n 6:\t49 89 50 08 \tmov %rdx,0x8(%r8)\n a:\t48 c7 47 08 00 00 00 \tmovq $0x0,0x8(%rdi)\n 11:\t00\n 12:\t48 \trex.W\n 13:\tc7 \t.byte 0xc7\n 14:\t07 \t(bad)\n\t...\n[ 88.803721] RSP: 0018:ffff9a1f892b7d58 EFLAGS: 00000206\n[ 88.804032] RAX: 0000000000000000 RBX: ffff9a1f8420c800 RCX: ffff9a1f8420c800\n[ 88.804560] RDX: ffff9a1f81bc1440 RSI: 0000000000000000 RDI: 0000000000000000\n[ 88.805056] RBP: ffffffffc04bb0e0 R08: 0000000000000001 R09: 00000000ff7f9a1f\n[ 88.805473] R10: 000000000001001b R11: 0000000000009a1f R12: 0000000000000140\n[ 88.806194] R13: 0000000000000001 R14: ffff9a1f886df400 R15: ffff9a1f886df4ac\n[ 88.806734] FS: 00007f445601a740(0000) GS:ffff9a2e7fd80000(0000) knlGS:0000000000000000\n[ 88.807225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 88.807672] CR2: 0000000000000000 CR3: 000000050cc46000 CR4: 00000000000006f0\n[ 88.808165] Call Trace:\n[ 88.808459] \n[ 88.808710] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 88.809261] ? page_fault_oops (arch/x86/mm/fault.c:715)\n[ 88.809561] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)\n[ 88.809806] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n[ 88.810074] ? sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq\n[ 88.810411] sfq_reset (net/sched/sch_sfq.c:525) sch_sfq\n[ 88.810671] qdisc_reset (./include/linux/skbuff.h:2135 ./include/linux/skbuff.h:2441 ./include/linux/skbuff.h:3304 ./include/linux/skbuff.h:3310 net/sched/sch_g\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: acepta TCA_STAB solo para qdisc ra\u00edz La mayor\u00eda de las qdisc mantienen su lista de espera utilizando qdisc_pkt_len(skb) asumiendo que es invariable entre los controladores enqueue() y dequeue(). Desafortunadamente, syzbot puede hacer que un host se bloquee con bastante facilidad utilizando una combinaci\u00f3n TBF + SFQ, con un STAB en SFQ [1] No podemos admitir TCA_STAB en un nivel arbitrario, esto requerir\u00eda mantener el almacenamiento por qdisc. [1] [ 88.796496] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 [ 88.798611] #PF: acceso de lectura del supervisor en modo n\u00facleo [ 88.799014] #PF: error_code(0x0000) - p\u00e1gina no presente [ 88.799506] PGD 0 P4D 0 [ 88.799829] Oops: Oops: 0000 [#1] SMP NOPTI [ 88.800569] CPU: 14 UID: 0 PID: 2053 Comm: b371744477 No contaminado 6.12.0-rc1-virtme #1117 [ 88.801107] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 01/04/2014 [ 88.801779] RIP: 0010:sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq [ 88.802544] C\u00f3digo: 0f b7 50 12 48 8d 04 d5 00 00 00 00 48 89 d6 48 29 d0 48 8b 91 c0 01 00 00 48 c1 e0 03 48 01 c2 66 83 7a 1a 00 7e c0 48 8b 3a <4c> 8b 07 4c 89 02 49 89 50 08 48 c7 47 08 00 00 00 00 48 c7 07 00 Todo el c\u00f3digo ======== 0: 0f b7 50 12 movzwl 0x12(%rax),%edx 4: 48 8d 04 d5 00 00 00 lea 0x0(,%rdx,8),%rax b: 00 c: 48 89 d6 mov %rdx,%rsi f: 48 29 d0 sub %rdx,%rax 12: 48 8b 91 c0 01 00 00 mov 0x1c0(%rcx),%rdx 19: 48 c1 e0 03 shl $0x3,%rax 1d: 48 01 c2 suma %rax,%rdx 20: 66 83 7a 1a 00 cmpw $0x0,0x1a(%rdx) 25: 7e c0 jle 0xffffffffffffffe7 27: 48 8b 3a mov (%rdx),%rdi 2a:* 4c 8b 07 mov (%rdi),%r8 <-- instrucci\u00f3n de captura 2d: 4c 89 02 mov %r8,(%rdx) 30: 49 89 50 08 mov %rdx,0x8(%r8) 34: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi) 3b: 00 3c: 48 rex.W 3d: c7 .byte 0xc7 3e: 07 (malo) ... C\u00f3digo que comienza con la instrucci\u00f3n que fallo ============================================= 0: 4c 8b 07 mov (%rdi),%r8 3: 4c 89 02 mov %r8,(%rdx) 6: 49 89 50 08 mov %rdx,0x8(%r8) a: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi) 11: 00 12: 48 rex.W 13: c7 .byte 0xc7 14: 07 (malo) ... [ 88.803721] RSP: 0018:ffff9a1f892b7d58 EFLAGS: 00000206 [ 88.804032] RAX: 0000000000000000 RBX: ffff9a1f8420c800 RCX: ffff9a1f8420c800 [ 88.8 04560] RDX: ffff9a1f81bc1440 RSI: 00000000000000000 RDI: 0000000000000000 [ 88.805056] RBP: ffffffffc04bb0e0 R08: 0000000000000001 R09: 00000000ff7f9a1f [ 88.805473] R10: 000000000001001b R11: 0000000000009a1f R12: 0000000000000140 [ 88.806194] R13: 0000000000000001 R14: ffff9a1f886df400 R15: ffff9a1f886df4ac [ 88.806734] FS: 00007f445601a740(0000) GS:ffff9a2e7fd80000(0000) knlGS:0000000000000000 [ 88.807225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.807672] CR2: 0000000000000000 CR3: 000000050cc46000 CR4: 00000000000006f0 [ 88.808165] Seguimiento de llamadas: [ 88.808459] [ 88.808710] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 88.809261] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) [ 88.810074] ? sfq_dequeue (net/sched/sch_sfq.c:272 net/sched/sch_sfq.c:499) sch_sfq [ 88.810411] sfq_reset (net/sched/sch_sfq.c:525) sch_sfq [ 88.810671] qdisc_reset (./include/linux/skbuff.h:2135 ./include/linux/skbuff.h:2441 ./include/linux/skbuff.h:3304 ./include/linux/skbuff.h:3310 net/sched/sch_g ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json index 8a92f13b774..206850e139b 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50040.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50040", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.050", - "lastModified": "2024-10-21T20:15:17.050", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000\n[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000\n[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[ T292] ------------[ cut here ]------------\n[ T292] kernel BUG at net/core/dev.c:6539!\n[ T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[ T292] RIP: 0010:napi_enable+0x37/0x40\n[ T292] Call Trace:\n[ T292] \n[ T292] ? die+0x33/0x90\n[ T292] ? do_trap+0xdc/0x110\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? do_error_trap+0x70/0xb0\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? exc_invalid_op+0x4e/0x70\n[ T292] ? napi_enable+0x37/0x40\n[ T292] ? asm_exc_invalid_op+0x16/0x20\n[ T292] ? napi_enable+0x37/0x40\n[ T292] igb_up+0x41/0x150\n[ T292] igb_io_resume+0x25/0x70\n[ T292] report_resume+0x54/0x70\n[ T292] ? report_frozen_detected+0x20/0x20\n[ T292] pci_walk_bus+0x6c/0x90\n[ T292] ? aer_print_port_info+0xa0/0xa0\n[ T292] pcie_do_recovery+0x22f/0x380\n[ T292] aer_process_err_devices+0x110/0x160\n[ T292] aer_isr+0x1c1/0x1e0\n[ T292] ? disable_irq_nosync+0x10/0x10\n[ T292] irq_thread_fn+0x1a/0x60\n[ T292] irq_thread+0xe3/0x1a0\n[ T292] ? irq_set_affinity_notifier+0x120/0x120\n[ T292] ? irq_affinity_notify+0x100/0x100\n[ T292] kthread+0xe2/0x110\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork+0x2d/0x50\n[ T292] ? kthread_complete_and_exit+0x20/0x20\n[ T292] ret_from_fork_asm+0x11/0x20\n[ T292] \n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: No encender el dispositivo despu\u00e9s de un error no fatal el commit 004d25060c78 (\"igb: Reparar igb_down colgado en eliminaci\u00f3n sorpresa\") cambi\u00f3 igb_io_error_detected() para ignorar los errores pcie no fatales con el fin de evitar que la tarea se cuelgue que puede suceder cuando se llama a igb_down() varias veces. Esto caus\u00f3 un problema al procesar errores transitorios no fatales. igb_io_resume(), que se llama despu\u00e9s de igb_io_error_detected(), asume que el dispositivo es derribado por igb_io_error_detected() si la interfaz est\u00e1 activa. Esto result\u00f3 en un p\u00e1nico con el seguimiento de pila a continuaci\u00f3n. [ T3256] igb 0000:09:00.0 haeth0: igb: el enlace NIC haeth0 est\u00e1 inactivo [ T292] pcieport 0000:00:1c.5: AER: Error no corregido (no fatal) recibido: 0000:09:00.0 [ T292] igb 0000:09:00.0: Error de bus PCIe: gravedad=No corregido (no fatal), tipo=Capa de transacci\u00f3n, (ID del solicitante) [ T292] igb 0000:09:00.0: dispositivo [8086:1537] estado/m\u00e1scara de error=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: Encabezado TLP: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: mensaje de transmisi\u00f3n error_detected [ T292] igb 0000:09:00.0: Se inform\u00f3 un error no fatal y no corregible. [ T292] pcieport 0000:00:1c.5: AER: mensaje de transmisi\u00f3n mmio_enabled [ T292] pcieport 0000:00:1c.5: AER: mensaje de transmisi\u00f3n de reanudaci\u00f3n [ T292] ------------[ cortar aqu\u00ed ]------------ [ T292] \u00a1ERROR del kernel en net/core/dev.c:6539! [ T292] c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Seguimiento de llamadas: [ T292] [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] ? igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? informe_congelado_detectado+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? deshabilitar_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? Para solucionar este problema, igb_io_resume() verifica si la interfaz est\u00e1 ejecut\u00e1ndose y si el dispositivo no est\u00e1 inactivo, esto significa que igb_io_error_detected() no inactiv\u00f3 el dispositivo y no es necesario activarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json index 69f97ce2611..d45e49e349c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50041.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50041", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.133", - "lastModified": "2024-10-21T20:15:17.133", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix macvlan leak by synchronizing access to mac_filter_hash\n\nThis patch addresses a macvlan leak issue in the i40e driver caused by\nconcurrent access to vsi->mac_filter_hash. The leak occurs when multiple\nthreads attempt to modify the mac_filter_hash simultaneously, leading to\ninconsistent state and potential memory leaks.\n\nTo fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing\nvf->default_lan_addr.addr with spin_lock/unlock_bh(&vsi->mac_filter_hash_lock),\nensuring atomic operations and preventing concurrent access.\n\nAdditionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock) in\ni40e_add_mac_filter() to help catch similar issues in the future.\n\nReproduction steps:\n1. Spawn VFs and configure port vlan on them.\n2. Trigger concurrent macvlan operations (e.g., adding and deleting\n\tportvlan and/or mac filters).\n3. Observe the potential memory leak and inconsistent state in the\n\tmac_filter_hash.\n\nThis synchronization ensures the integrity of the mac_filter_hash and prevents\nthe described leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: Corregir p\u00e9rdida de macvlan sincronizando el acceso a mac_filter_hash Este parche soluciona un problema de p\u00e9rdida de macvlan en el controlador i40e causado por el acceso simult\u00e1neo a vsi->mac_filter_hash. La p\u00e9rdida se produce cuando varios subprocesos intentan modificar mac_filter_hash simult\u00e1neamente, lo que genera un estado inconsistente y posibles p\u00e9rdidas de memoria. Para solucionar esto, ahora envolvemos las llamadas a i40e_del_mac_filter() y ponemos a cero vf->default_lan_addr.addr con spin_lock/unlock_bh(&vsi->mac_filter_hash_lock), lo que garantiza operaciones at\u00f3micas y evita el acceso simult\u00e1neo. Adem\u00e1s, agregamos lockdep_assert_held(&vsi->mac_filter_hash_lock) en i40e_add_mac_filter() para ayudar a detectar problemas similares en el futuro. Pasos de reproducci\u00f3n: 1. Genere VFs y configure el puerto VLAN en ellos. 2. Active operaciones MACVLAN simult\u00e1neas (por ejemplo, agregar y eliminar filtros MAC o PortVLAN). 3. Observe la posible p\u00e9rdida de memoria y el estado inconsistente en el hash de filtro MAC. Esta sincronizaci\u00f3n garantiza la integridad del hash de filtro MAC y evita la p\u00e9rdida descrita." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json index a265555e383..fb74c6df0b3 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50042.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50042", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.200", - "lastModified": "2024-10-21T20:15:17.200", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix increasing MSI-X on VF\n\nIncreasing MSI-X value on a VF leads to invalid memory operations. This\nis caused by not reallocating some arrays.\n\nReproducer:\n modprobe ice\n echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe\n echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs\n echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count\n\nDefault MSI-X is 16, so 17 and above triggers this issue.\n\nKASAN reports:\n\n BUG: KASAN: slab-out-of-bounds in ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n Read of size 8 at addr ffff8888b937d180 by task bash/28433\n (...)\n\n Call Trace:\n (...)\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n kasan_report+0xed/0x120\n ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice]\n ice_vsi_cfg_def+0x3360/0x4770 [ice]\n ? mutex_unlock+0x83/0xd0\n ? __pfx_ice_vsi_cfg_def+0x10/0x10 [ice]\n ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vf_reconfig_vsi+0x114/0x210 [ice]\n ice_sriov_set_msix_vec_count+0x3d0/0x960 [ice]\n sriov_vf_msix_count_store+0x21c/0x300\n (...)\n\n Allocated by task 28201:\n (...)\n ice_vsi_cfg_def+0x1c8e/0x4770 [ice]\n ice_vsi_cfg+0x7f/0x3b0 [ice]\n ice_vsi_setup+0x179/0xa30 [ice]\n ice_sriov_configure+0xcaa/0x1520 [ice]\n sriov_numvfs_store+0x212/0x390\n (...)\n\nTo fix it, use ice_vsi_rebuild() instead of ice_vf_reconfig_vsi(). This\ncauses the required arrays to be reallocated taking the new queue count\ninto account (ice_vsi_realloc_stat_arrays()). Set req_txq and req_rxq\nbefore ice_vsi_rebuild(), so that realloc uses the newly set queue\ncount.\n\nAdditionally, ice_vsi_rebuild() does not remove VSI filters\n(ice_fltr_remove_all()), so ice_vf_init_host_cfg() is no longer\nnecessary." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Fix increasing MSI-X on VF Aumentar el valor de MSI-X en un VF conduce a operaciones de memoria no v\u00e1lidas. Esto se debe a que no se reasignan algunas matrices. Reproductor: modprobe ice echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_drivers_autoprobe echo 1 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs echo 17 > /sys/bus/pci/devices/$VF0_PCI/sriov_vf_msix_count El MSI-X predeterminado es 16, por lo que 17 y superior desencadenan este problema. KASAN informa: ERROR: KASAN: slab fuera de los l\u00edmites en ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8888b937d180 por la tarea bash/28433 (...) Seguimiento de llamadas: (...) ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] kasan_report+0xed/0x120 ? ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_alloc_ring_stats+0x38d/0x4b0 [ice] ice_vsi_cfg_def+0x3360/0x4770 [ice] ? mutex_unlock+0x83/0xd0 ? __pfx_ice_vsi_cfg_def+0x10/0x10 [hielo] ? __pfx_ice_remove_vsi_lkup_fltr+0x10/0x10 [hielo] ice_vsi_cfg+0x7f/0x3b0 [hielo] ice_vf_reconfig_vsi+0x114/0x210 [hielo] ice_sriov_set_msix_vec_count+0x3d0/0x960 [hielo] sriov_vf_msix_count_store+0x21c/0x300 (...) Asignado por la tarea 28201: (...) ice_vsi_cfg_def+0x1c8e/0x4770 [hielo] ice_vsi_cfg+0x7f/0x3b0 [hielo] ice_vsi_setup+0x179/0xa30 [hielo] ice_sriov_configure+0xcaa/0x1520 [ice] sriov_numvfs_store+0x212/0x390 (...) Para solucionarlo, utilice ice_vsi_rebuild() en lugar de ice_vf_reconfig_vsi(). Esto hace que las matrices requeridas se reasignen teniendo en cuenta el nuevo recuento de colas (ice_vsi_realloc_stat_arrays()). Establezca req_txq y req_rxq antes de ice_vsi_rebuild(), de modo que realloc utilice el nuevo recuento de colas establecido. Adem\u00e1s, ice_vsi_rebuild() no elimina los filtros VSI (ice_fltr_remove_all()), por lo que ice_vf_init_host_cfg() ya no es necesario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json index 5f4b4883339..e537c66a382 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50043.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50043", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.263", - "lastModified": "2024-10-21T20:15:17.263", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix possible badness in FREE_STATEID\n\nWhen multiple FREE_STATEIDs are sent for the same delegation stateid,\nit can lead to a possible either use-after-free or counter refcount\nunderflow errors.\n\nIn nfsd4_free_stateid() under the client lock we find a delegation\nstateid, however the code drops the lock before calling nfs4_put_stid(),\nthat allows another FREE_STATE to find the stateid again. The first one\nwill proceed to then free the stateid which leads to either\nuse-after-free or decrementing already zeroed counter." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corregir posible maldad en FREE_STATEID Cuando se env\u00edan m\u00faltiples FREE_STATEID para el mismo stateid de delegaci\u00f3n, puede conducir a un posible error de subdesbordamiento de contador o de use after free. En nfsd4_free_stateid() bajo el bloqueo del cliente encontramos un stateid de delegaci\u00f3n, sin embargo, el c\u00f3digo elimina el bloqueo antes de llamar a nfs4_put_stid(), que permite que otro FREE_STATE encuentre el stateid nuevamente. El primero proceder\u00e1 a liberar el stateid, lo que conduce a un use after free o a la disminuci\u00f3n del contador ya puesto a cero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json index a22ec4bc919..d6f9450297c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50044.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50044", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.313", - "lastModified": "2024-10-21T20:15:17.313", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\n\nrfcomm_sk_state_change attempts to use sock_lock so it must never be\ncalled with it locked but rfcomm_sock_ioctl always attempt to lock it\ncausing the following trace:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted\n------------------------------------------------------\nsyz-executor386/5093 is trying to acquire lock:\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]\nffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73\n\nbut task is already holding lock:\nffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: RFCOMM: CORREGIR posible bloqueo en rfcomm_sk_state_change rfcomm_sk_state_change intenta usar sock_lock, por lo que nunca se debe llamar con \u00e9l bloqueado, pero rfcomm_sock_ioctl siempre intenta bloquearlo, lo que provoca el siguiente rastro: ======================================================= ADVERTENCIA: se ha detectado una posible dependencia de bloqueo circular 6.8.0-syzkaller-08951-gfe46a7dd189e #0 No contaminado ------------------------------------------------------ syz-executor386/5093 est\u00e1 intentando adquirir el bloqueo: ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, en: lock_sock include/net/sock.h:1671 [en l\u00ednea] ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, en: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73 pero la tarea ya tiene el bloqueo: ffff88807badfd28 (&d->lock){+.+.}-{3:3}, en: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json index fd5def703e1..bb5df7d85ea 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50045.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50045", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.373", - "lastModified": "2024-10-21T20:15:17.373", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: fix panic with metadata_dst skb\n\nFix a kernel panic in the br_netfilter module when sending untagged\ntraffic via a VxLAN device.\nThis happens during the check for fragmentation in br_nf_dev_queue_xmit.\n\nIt is dependent on:\n1) the br_netfilter module being loaded;\n2) net.bridge.bridge-nf-call-iptables set to 1;\n3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port;\n4) untagged frames with size higher than the VxLAN MTU forwarded/flooded\n\nWhen forwarding the untagged packet to the VxLAN bridge port, before\nthe netfilter hooks are called, br_handle_egress_vlan_tunnel is called and\nchanges the skb_dst to the tunnel dst. The tunnel_dst is a metadata type\nof dst, i.e., skb_valid_dst(skb) is false, and metadata->dst.dev is NULL.\n\nThen in the br_netfilter hooks, in br_nf_dev_queue_xmit, there's a check\nfor frames that needs to be fragmented: frames with higher MTU than the\nVxLAN device end up calling br_nf_ip_fragment, which in turns call\nip_skb_dst_mtu.\n\nThe ip_dst_mtu tries to use the skb_dst(skb) as if it was a valid dst\nwith valid dst->dev, thus the crash.\n\nThis case was never supported in the first place, so drop the packet\ninstead.\n\nPING 10.0.0.2 (10.0.0.2) from 0.0.0.0 h1-eth0: 2000(2028) bytes of data.\n[ 176.291791] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000110\n[ 176.292101] Mem abort info:\n[ 176.292184] ESR = 0x0000000096000004\n[ 176.292322] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 176.292530] SET = 0, FnV = 0\n[ 176.292709] EA = 0, S1PTW = 0\n[ 176.292862] FSC = 0x04: level 0 translation fault\n[ 176.293013] Data abort info:\n[ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 176.293995] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000043ef5000\n[ 176.294166] [0000000000000110] pgd=0000000000000000,\np4d=0000000000000000\n[ 176.294827] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 176.295252] Modules linked in: vxlan ip6_udp_tunnel udp_tunnel veth\nbr_netfilter bridge stp llc ipv6 crct10dif_ce\n[ 176.295923] CPU: 0 PID: 188 Comm: ping Not tainted\n6.8.0-rc3-g5b3fbd61b9d1 #2\n[ 176.296314] Hardware name: linux,dummy-virt (DT)\n[ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter]\n[ 176.297636] sp : ffff800080003630\n[ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27:\nffff6828c49ad9f8\n[ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24:\n00000000000003e8\n[ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21:\nffff6828c3b16d28\n[ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18:\n0000000000000014\n[ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15:\n0000000095744632\n[ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12:\nffffb7e137926a70\n[ 176.299574] x11: 0000000000000001 x10: ffff6828c3f1c898 x9 :\n0000000000000000\n[ 176.300049] x8 : ffff6828c49bf070 x7 : 0008460f18d5f20e x6 :\nf20e0100bebafeca\n[ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 :\n0000000000000000\n[ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 :\nffff6828c7f918f0\n[ 176.300889] Call trace:\n[ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter]\n[ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter]\n[ 176.301703] nf_hook_slow+0x48/0x124\n[ 176.302060] br_forward_finish+0xc8/0xe8 [bridge]\n[ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_netfilter]\n[ 176.302605] br_nf_forward_finish+0x118/0x22c [br_netfilter]\n[ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_netfilter]\n[ 176.303136] br_nf_forward+0x2b8/0x4e0 [br_netfilter]\n[ 176.303359] nf_hook_slow+0x48/0x124\n[ 176.303\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: br_netfilter: fix panic with metadata_dst skb Corrige un p\u00e1nico del kernel en el m\u00f3dulo br_netfilter al enviar tr\u00e1fico sin etiquetar a trav\u00e9s de un dispositivo VxLAN. Esto sucede durante la comprobaci\u00f3n de fragmentaci\u00f3n en br_nf_dev_queue_xmit. Depende de: 1) que se est\u00e9 cargando el m\u00f3dulo br_netfilter; 2) que net.bridge.bridge-nf-call-iptables est\u00e9 establecido en 1; 3) que haya un puente con un netdevice VxLAN (single-vxlan-device) como puerto de puente; 4) que se hayan reenviado o inundado tramas sin etiquetar con un tama\u00f1o superior a la MTU de VxLAN. Al reenviar el paquete sin etiquetar al puerto de puente VxLAN, antes de que se llamen los ganchos de netfilter, se llama a br_handle_egress_vlan_tunnel y cambia skb_dst al dst del t\u00fanel. tunnel_dst es un tipo de metadatos de dst, es decir, skb_valid_dst(skb) es falso y metadata->dst.dev es NULL. Luego, en los ganchos br_netfilter, en br_nf_dev_queue_xmit, hay una verificaci\u00f3n de tramas que necesitan fragmentarse: las tramas con una MTU m\u00e1s alta que el dispositivo VxLAN terminan llamando a br_nf_ip_fragment, que a su vez llama a ip_skb_dst_mtu. ip_dst_mtu intenta usar skb_dst(skb) como si fuera un dst v\u00e1lido con dst->dev v\u00e1lido, de ah\u00ed el bloqueo. Este caso nunca fue compatible en primer lugar, por lo que descarta el paquete en su lugar. PING 10.0.0.2 (10.0.0.2) desde 0.0.0.0 h1-eth0: 2000(2028) bytes de datos. [ 176.291791] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000110 [ 176.292101] Informaci\u00f3n de aborto de memoria: [ 176.292184] ESR = 0x0000000096000004 [ 176.292322] EC = 0x25: DABT (EL actual), IL = 32 bits [ 176.292530] SET = 0, FnV = 0 [ 176.292709] EA = 0, S1PTW = 0 [ 176.292862] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 176.293013] Informaci\u00f3n de aborto de datos: [ 176.293104] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 176.293488] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 176.293787] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 176.293995] pgtable del usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000043ef5000 [ 176.294166] [0000000000000110] pgd=000000000000000, p4d=0000000000000000 [ 176.294827] Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP [ 176.295252] M\u00f3dulos vinculados: vxlan ip6_udp_tunnel udp_tunnel veth br_netfilter bridge stp llc ipv6 crct10dif_ce [ 176.295923] CPU: 0 PID: 188 Comm: ping No contaminado 6.8.0-rc3-g5b3fbd61b9d1 #2 [ 176.296314] Nombre del hardware: linux,dummy-virt (DT) [ 176.296535] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 176.296808] pc : br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter] [ 176.297382] lr : br_nf_dev_queue_xmit+0x2ac/0x4ec [br_netfilter] [ 176.297636] sp : ffff800080003630 [ 176.297743] x29: ffff800080003630 x28: 0000000000000008 x27: ffff6828c49ad9f8 [ 176.298093] x26: ffff6828c49ad000 x25: 0000000000000000 x24: 00000000000003e8 [ 176.298430] x23: 0000000000000000 x22: ffff6828c4960b40 x21: ffff6828c3b16d28 [ 176.298652] x20: ffff6828c3167048 x19: ffff6828c3b16d00 x18: 0000000000000014 [ 176.298926] x17: ffffb0476322f000 x16: ffffb7e164023730 x15: 0000000095744632 [ 176.299296] x14: ffff6828c3f1c880 x13: 0000000000000002 x12: ffffb7e137926a70 [ 176.299574] x11: 000000000000001 x10: ffff6828c3f1c898 x9: 0000000000000000 [ 176.300049] x8: ffff6828c49bf070 x7: 0008460f18d5f20e x6: f20e0100bebafeca [ 176.300302] x5 : ffff6828c7f918fe x4 : ffff6828c49bf070 x3 : 0000000000000000 [ 176.300586] x2 : 0000000000000000 x1 : ffff6828c3c7ad00 x0 : ffff6828c7f918f0 [ 176.300889] Rastreo de llamadas: [ 176.301123] br_nf_dev_queue_xmit+0x390/0x4ec [br_netfilter] [ 176.301411] br_nf_post_routing+0x2a8/0x3e4 [br_netfilter] [ 176.301703] br_nf_hook_slow+0x48/0x124 [ 176.302060] br_forward_finish+0xc8/0xe8 [puente] [ 176.302371] br_nf_hook_thresh+0x124/0x134 [br_filtro de red] [ 176.302605] br_nf_forward_finish+0x118/0x22c [br_filtro de red] [ 176.302824] br_nf_forward_ip.part.0+0x264/0x290 [br_filtro de red] [ 176.303136 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json index ad50191590f..53f426c0b29 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50046.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50046", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.437", - "lastModified": "2024-10-21T20:15:17.437", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\n\nOn the node of an NFS client, some files saved in the mountpoint of the\nNFS server were copied to another location of the same NFS server.\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference\ncrash with the following syslog:\n\n[232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232064.839360] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116\n[232066.588183] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n[232066.588586] Mem abort info:\n[232066.588701] ESR = 0x0000000096000007\n[232066.588862] EC = 0x25: DABT (current EL), IL = 32 bits\n[232066.589084] SET = 0, FnV = 0\n[232066.589216] EA = 0, S1PTW = 0\n[232066.589340] FSC = 0x07: level 3 translation fault\n[232066.589559] Data abort info:\n[232066.589683] ISV = 0, ISS = 0x00000007\n[232066.589842] CM = 0, WnR = 0\n[232066.589967] user pgtable: 64k pages, 48-bit VAs, pgdp=00002000956ff400\n[232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=0000000000000000\n[232066.590757] Internal error: Oops: 96000007 [#1] SMP\n[232066.590958] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport dummy ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp bonding tls rfkill sunrpc ext4 mbcache jbd2\n[232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs\n[232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: loaded Not tainted 5.15.131-9.cl9_ocfs2.aarch64 #1\n[232066.597356] Hardware name: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06\n[232066.597721] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[232066.598034] pc : nfs4_reclaim_open_state+0x220/0x800 [nfsv4]\n[232066.598327] lr : nfs4_reclaim_open_state+0x12c/0x800 [nfsv4]\n[232066.598595] sp : ffff8000f568fc70\n[232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000\n[232066.599030] x26: ffff800005521ae0 x25: ffff0100f98fa3f0 x24: 0000000000000001\n[232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050\n[232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000\n[232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000\n[232066.600195] x14: 0000000000000000 x13: ffff800008e685a8 x12: 00000000eac0c6e6\n[232066.600498] x11: 00000000000000\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: Evitar la desreferencia de puntero NULL en nfs42_complete_copies() En el nodo de un cliente NFS, algunos archivos guardados en el punto de montaje del servidor NFS se copiaron a otra ubicaci\u00f3n del mismo servidor NFS. Accidentalmente, nfs42_complete_copies() tuvo un fallo por desreferencia de puntero NULL con el siguiente syslog: [232064.838881] NFSv4: la recuperaci\u00f3n de estado fall\u00f3 para el archivo abierto nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232064.839360] NFSv4: la recuperaci\u00f3n de estado fall\u00f3 para el archivo abierto nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232066.588183] No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000058 [232066.588586] Informaci\u00f3n de cancelaci\u00f3n de memoria: [232066.588701] ESR = 0x0000000096000007 [232066.588862] EC = 0x25: DABT (EL actual), IL = 32 bits [232066.589084] SET = 0, FnV = 0 [232066.589216] EA = 0, S1PTW = 0 [232066.589340] FSC = 0x07: error de traducci\u00f3n de nivel 3 [232066.589559] Informaci\u00f3n de cancelaci\u00f3n de datos: [232066.589683] ISV = 0, ISS = 0x00000007 [232066.589842] CM = 0, WnR = 0 [232066.589967] usuario pgtable: 64k p\u00e1ginas, VA de 48 bits, pgdp=00002000956ff400 [232066.590231] [0000000000000058] pgd=08001100ae100003, p4d=08001100ae100003, pud=08001100ae100003, pmd=08001100b3c00003, pte=000000000000000 [232066.590757] Error interno: Oops: 96000007 [#1] SMP [232066.590958] M\u00f3dulos vinculados en: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm vhost_net vhost vhost_iotlb tap tun ipt_rpfilter xt_multiport ip_set_hash_ip ip_set_hash_net xfrm_interface xfrm6_tunnel tunnel4 tunnel6 esp4 ah4 wireguard libcurve25519_generic veth xt_addrtype xt_set nf_conntrack_netlink ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_bitmap_port ip_set_hash_ipport conjunto de ip ficticio ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs iptable_filter sch_ingress nfnetlink_cttimeout vport_gre ip_gre ip_tunnel gre vport_geneve geneve vport_vxlan vxlan ip6_udp_tunnel udp_tunnel openvswitch nf_conncount dm_round_robin dm_service_time dm_multipath xt_nat xt_MASQUERADE nft_chain_nat nf_nat xt_mark xt_conntrack xt_comment nft_compat nft_counter nf_tables nfnetlink ocfs2 ocfs2_nodemanager ocfs2_stackglue iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_ssif nbd overlay 8021q garp mrp enlace tls rfkill sunrpc ext4 mbcache jbd2 [232066.591052] vfat fat cas_cache cas_disk ses enclosure scsi_transport_sas sg acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler ip_tables vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio dm_mirror dm_region_hash dm_log dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter puente stp llc fuse xfs libcrc32c ast drm_vram_helper qla2xxx drm_kms_helper syscopyarea crct10dif_ce sysfillrect ghash_ce sysimgblt sha2_ce fb_sys_fops cec sha256_arm64 sha1_ce drm_ttm_helper ttm nvme_fc igb sbsa_gwdt nvme_fabrics drm nvme_core i2c_algo_bit i40e scsi_transport_fc megaraid_sas aes_neon_bs [232066.596953] CPU: 6 PID: 4124696 Comm: 10.253.166.125- Kdump: cargado No contaminado 5.15.131-9.cl9_ocfs2.aarch64 #1 [232066.597356] Nombre del hardware: Great Wall .\\x93\\x8e...RF6260 V5/GWMSSE2GL1T, BIOS T656FBE_V3.0.18 2024-01-06 [232066.597721] estado de la p\u00e1gina: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [232066.598034] equipo: nfs4_reclaim_open_state+0x220/0x800 [nfsv4] [232066.598327] estado de la p\u00e1gina: nfs4_reclaim_open_state+0x12c/0x800 [nfsv4] [232066.598595] servidor de arranque: ffff8000f568fc70 [232066.598731] x29: ffff8000f568fc70 x28: 0000000000001000 x27: ffff21003db33000 [232066.599030] x26: ffff800005521ae0 x25: 0 x24: 0000000000000001 [232066.599319] x23: ffff800009920008 x22: ffff21003db33040 x21: ffff21003db33050 [232066.599628] x20: ffff410172fe9e40 x19: ffff410172fe9e00 x18: 0000000000000000 [232066.599914] x17: 0000000000000000 x16: 0000000000000004 x15: 0000000000000000 [232066.6001---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json index 70927e18817..38a5c0890fd 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50047.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50047", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.507", - "lastModified": "2024-10-21T20:15:17.507", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it's always going to be a synchronous operation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corregir UAF en descifrado asincr\u00f3nico Al realizar un descifrado asincr\u00f3nico (lectura grande), se produce un bloqueo con un m\u00e9todo slab-use-after-free en la API de cifrado. Reproductor: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ===================================================================== [ 194.196844] ERROR: KASAN: slab-use-after-free en gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888112bd0448 por la tarea kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 No contaminado 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Cola de trabajo: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Seguimiento de llamadas: [ 194.200191] [ [194.200327] dump_stack_lvl+0x4e/0x70 [194.200558] ? gf128mul_4k_lle+0xc1/0x110 [194.200809] print_report+0x174/0x505 [194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [194.201352] ? srso_return_thunk+0x5/0x5f [194.201604] ? __virt_addr_valid+0xdf/0x1c0 [194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] Esto se debe a que TFM se est\u00e1 utilizando en paralelo. Solucione esto asignando un nuevo TFM AEAD para el descifrado asincr\u00f3nico, pero conserve el existente para los casos de LECTURA sincr\u00f3nica (similar a lo que se hace en smb3_calc_signature()). Tambi\u00e9n elimine las llamadas a aead_request_set_callback() y crypto_wait_req() ya que siempre ser\u00e1 una operaci\u00f3n sincr\u00f3nica." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json index a6594e3457a..e101e723cad 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50048.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50048", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.580", - "lastModified": "2024-10-21T20:15:17.580", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, ¶m);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, &con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, ¶m), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -> con2fb_init_display\n -> fbcon_set_disp\n -> redraw_screen\n -> hide_cursor\n -> clear_selection\n -> highlight\n -> invert_screen\n -> do_update_region\n -> fbcon_putcs\n -> ops->putcs\n\nSince ops->putcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops->putcs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbcon: soluciona un problema de desreferencia de puntero NULL en fbcon_putcs syzbot ha encontrado un error de desreferencia de puntero NULL en fbcon. Aqu\u00ed est\u00e1 el reproductor C simplificado: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open(\"/dev/fb1\", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; param.ts.xe = 0; param.ts.ye = 0; param.ts.sel_mode = 0; int fd1 = open(\"/dev/tty1\", O_RDWR, 0); ioctl(fd1, TIOCLINUX, &param); con2fb.console = 1; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); devolver 0; } Despu\u00e9s de llamar a ioctl(fd1, TIOCLINUX, &param), el ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb) subsiguiente hace que el n\u00facleo siga una ruta de ejecuci\u00f3n diferente: set_con2fb_map -> con2fb_init_display -> fbcon_set_disp -> redraw_screen -> hide_cursor -> clear_selection -> highlight -> invert_screen -> do_update_region -> fbcon_putcs -> ops->putcs Dado que ops->putcs es un puntero NULL, esto lleva a un p\u00e1nico del n\u00facleo. Para evitar esto, necesitamos llamar a set_blitting_type() dentro de set_con2fb_map() para inicializar correctamente ops->putcs." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json index 3d92a72346e..f8580a7da18 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50049.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50049", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.687", - "lastModified": "2024-10-21T20:15:17.687", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before dereferencing se\n\n[WHAT & HOW]\nse is null checked previously in the same function, indicating\nit might be null; therefore, it must be checked when used again.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Verificar puntero nulo antes de desreferenciar se [QU\u00c9 Y C\u00d3MO] se verific\u00f3 como nulo previamente en la misma funci\u00f3n, lo que indica que podr\u00eda ser nulo; por lo tanto, se debe verificar cuando se vuelva a utilizar. Esto soluciona 1 problema FORWARD_NULL informado por Coverity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50050.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50050.json new file mode 100644 index 00000000000..fd5dc4d1a7c --- /dev/null +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50050.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50050", + "sourceIdentifier": "cve-assign@fb.com", + "published": "2024-10-23T14:15:05.087", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.facebook.com/security/advisories/cve-2024-50050", + "source": "cve-assign@fb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json index 52689ad0588..7ef1e50ee15 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50055.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50055", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.770", - "lastModified": "2024-10-21T20:15:17.770", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: bus: Fix double free in driver API bus_register()\n\nFor bus_register(), any error which happens after kset_register() will\ncause that @priv are freed twice, fixed by setting @priv with NULL after\nthe first free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: n\u00facleo del controlador: bus: se corrige la doble liberaci\u00f3n en la API del controlador bus_register() Para bus_register(), cualquier error que ocurra despu\u00e9s de kset_register() provocar\u00e1 que @priv se libere dos veces, lo que se soluciona configurando @priv con NULL despu\u00e9s de la primera liberaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json index c1d7689f1aa..6dea0502008 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50056.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50056", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.853", - "lastModified": "2024-10-21T20:15:17.853", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: uvc: Corrige la desreferenciaci\u00f3n de ERR_PTR en uvc_v4l2.c Corrige la posible desreferenciaci\u00f3n de ERR_PTR() en find_format_by_pix() y uvc_v4l2_enum_format(). Corrige los siguientes errores de coincidencia: drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: posible desreferenciaci\u00f3n de 'fmtdesc' a ERR_PTR() drivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format() error: posible desreferenciaci\u00f3n de 'fmtdesc' a ERR_PTR() Adem\u00e1s, corrige un problema similar en uvc_v4l2_try_format() para una posible desreferenciaci\u00f3n de ERR_PTR()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json index f24b1d29dfb..92c0806b330 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50057.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50057", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.933", - "lastModified": "2024-10-21T20:15:17.933", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tipd: Free IRQ only if it was requested before\n\nIn polling mode, if no IRQ was requested there is no need to free it.\nCall devm_free_irq() only if client->irq is set. This fixes the warning\ncaused by the tps6598x module removal:\n\nWARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c\n...\n...\nCall trace:\n devm_free_irq+0x80/0x8c\n tps6598x_remove+0x28/0x88 [tps6598x]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x50/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x]\n __arm64_sys_delete_module+0x184/0x264\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0xc8/0xe8\n do_el0_svc+0x20/0x2c\n el0_svc+0x28/0x98\n el0t_64_sync_handler+0x13c/0x158\n el0t_64_sync+0x190/0x194" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tipd: Libera IRQ solo si se solicit\u00f3 antes. En el modo de sondeo, si no se solicit\u00f3 ninguna IRQ, no es necesario liberarla. Llama a devm_free_irq() solo si se configura client->irq. Esto corrige la advertencia causada por la eliminaci\u00f3n del m\u00f3dulo tps6598x: ADVERTENCIA: CPU: 2 PID: 333 en kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c ... ... Rastreo de llamadas: devm_free_irq+0x80/0x8c tps6598x_remove+0x28/0x88 [tps6598x] i2c_device_remove+0x2c/0x9c device_remove+0x4c/0x80 device_release_driver_internal+0x1cc/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 i2c_del_driver+0x54/0x64 tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0xc8/0xe8 hacer_el0_svc+0x20/0x2c el0_svc+0x28/0x98 el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json index 6ec3c868ada..dc343bc82d6 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50058.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50058", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:17.993", - "lastModified": "2024-10-21T20:15:17.993", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\n\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part\n3) added few uport == NULL checks. It added one to uart_shutdown(), so\nthe commit assumes, uport can be NULL in there. But right after that\nprotection, there is an unprotected \"uart_port_dtr_rts(uport, false);\"\ncall. That is invoked only if HUPCL is set, so I assume that is the\nreason why we do not see lots of these reports.\n\nOr it cannot be NULL at this point at all for some reason :P.\n\nUntil the above is investigated, stay on the safe side and move this\ndereference to the if too.\n\nI got this inconsistency from Coverity under CID 1585130. Thanks." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: proteger uart_port_dtr_rts() en uart_shutdown() tambi\u00e9n El commit af224ca2df29 (serial: core: Prevenir el acceso inseguro al puerto uart, parte 3) agreg\u00f3 algunas comprobaciones uport == NULL. Agreg\u00f3 una a uart_shutdown(), por lo que el commit asume que uport puede ser NULL all\u00ed. Pero justo despu\u00e9s de esa protecci\u00f3n, hay una llamada \"uart_port_dtr_rts(uport, false);\" sin protecci\u00f3n. Eso se invoca solo si HUPCL est\u00e1 configurado, por lo que supongo que esa es la raz\u00f3n por la que no vemos muchos de estos informes. O no puede ser NULL en este punto en absoluto por alguna raz\u00f3n :P. Hasta que se investigue lo anterior, mant\u00e9ngase del lado seguro y mueva esta desreferencia al if tambi\u00e9n. Obtuve esta inconsistencia de Coverity bajo CID 1585130. Gracias." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json index 7a40e22b903..f9d17973b89 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50059.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50059", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.057", - "lastModified": "2024-10-21T20:15:18.057", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition\n\nIn the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev\nfunction, then &sndev->check_link_status_work is bound with\ncheck_link_status_work. switchtec_ntb_link_notification may be called\nto start the work.\n\nIf we remove the module which will call switchtec_ntb_remove to make\ncleanup, it will free sndev through kfree(sndev), while the work\nmentioned above will be used. The sequence of operations that may lead\nto a UAF bug is as follows:\n\nCPU0 CPU1\n\n | check_link_status_work\nswitchtec_ntb_remove |\nkfree(sndev); |\n | if (sndev->link_force_down)\n | // use sndev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in switchtec_ntb_remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ntb: ntb_hw_switchtec: Se corrige la vulnerabilidad de use after free en switchtec_ntb_remove debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n switchtec_ntb_add, puede llamar a la funci\u00f3n switchtec_ntb_init_sndev, luego &sndev->check_link_status_work se vincula con check_link_status_work. Se puede llamar a switchtec_ntb_link_notification para iniciar el trabajo. Si eliminamos el m\u00f3dulo que llamar\u00e1 a switchtec_ntb_remove para realizar la limpieza, liberar\u00e1 sndev a trav\u00e9s de kfree(sndev), mientras que se utilizar\u00e1 el trabajo mencionado anteriormente. La secuencia de operaciones que puede llevar a un error de UAF es la siguiente: CPU0 CPU1 | check_link_status_work switchtec_ntb_remove | kfree(sndev); | | if (sndev->link_force_down) | // use sndev Arr\u00e9glelo asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en switchtec_ntb_remove." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json index 243d985273c..9c5015998b8 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50060.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50060", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.117", - "lastModified": "2024-10-21T20:15:18.117", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it'll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There's no state to maintain here as overflows\nalways prune from head-of-list, hence it's fine to drop and reacquire\nthe locks at the end of the loop." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: comprobar si necesitamos reprogramar durante el vaciado de desbordamiento En t\u00e9rminos de uso normal de la aplicaci\u00f3n, esta lista siempre estar\u00e1 vac\u00eda. Y si una aplicaci\u00f3n se desborda un poco, tendr\u00e1 algunas entradas. Sin embargo, obviamente nada impide que syzbot ejecute un caso de prueba que genere un mont\u00f3n de entradas de desbordamiento, y luego vaciarlas puede llevar bastante tiempo. Verifique la necesidad de reprogramar durante el vaciado y elimine nuestros bloqueos y h\u00e1galo si es necesario. No hay ning\u00fan estado que mantener aqu\u00ed, ya que los desbordamientos siempre se podan desde el principio de la lista, por lo tanto, est\u00e1 bien eliminar y volver a adquirir los bloqueos al final del bucle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json index 69eeb810e89..2ccd6a34537 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50061.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50061", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.210", - "lastModified": "2024-10-21T20:15:18.210", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, &master->hj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master->base through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(&master->base) |\ndevice_unregister(&master->dev) |\ndevice_release |\n//free master->base |\n | i3c_master_do_daa(&master->base)\n | //use master->base\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: master: cdns: Arreglar la vulnerabilidad de use after free en el controlador cdns_i3c_master debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n cdns_i3c_master_probe, &master->hj_work est\u00e1 vinculado con cdns_i3c_master_hj. Y cdns_i3c_master_interrupt puede llamar a la funci\u00f3n cnds_i3c_master_demux_ibis para iniciar el trabajo. Si eliminamos el m\u00f3dulo que llamar\u00e1 a cdns_i3c_master_remove para realizar la limpieza, liberar\u00e1 master->base a trav\u00e9s de i3c_master_unregister mientras se usar\u00e1 el trabajo mencionado anteriormente. La secuencia de operaciones que pueden provocar un error de UAF es la siguiente: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | Corr\u00edjalo asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en cdns_i3c_master_remove." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json index 35b1c2d8b05..109a99d133c 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50062.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50062", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.280", - "lastModified": "2024-10-21T20:15:18.280", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs-srv: Avoid null pointer deref during path establishment\n\nFor RTRS path establishment, RTRS client initiates and completes con_num\nof connections. After establishing all its connections, the information\nis exchanged between the client and server through the info_req message.\nDuring this exchange, it is essential that all connections have been\nestablished, and the state of the RTRS srv path is CONNECTED.\n\nSo add these sanity checks, to make sure we detect and abort process in\nerror scenarios to avoid null pointer deref." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs-srv: Evitar la desreferencia de puntero nulo durante el establecimiento de la ruta Para el establecimiento de la ruta RTRS, el cliente RTRS inicia y completa con_num de conexiones. Despu\u00e9s de establecer todas sus conexiones, la informaci\u00f3n se intercambia entre el cliente y el servidor a trav\u00e9s del mensaje info_req. Durante este intercambio, es esencial que se hayan establecido todas las conexiones y que el estado de la ruta RTRS srv sea CONECTADO. Por lo tanto, agregue estas comprobaciones de cordura para asegurarnos de detectar y abortar el proceso en escenarios de error para evitar la desreferencia de puntero nulo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json index a7c47dd7cf7..3bda68e673a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50063.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50063", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.360", - "lastModified": "2024-10-21T20:15:18.360", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2's\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2's return value 1\nwill be used as the return value for prog1's hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Evitar llamada de cola entre programas adjuntos a diferentes ganchos Los programas bpf se pueden adjuntar a funciones del kernel, y las funciones adjuntas pueden tomar diferentes par\u00e1metros o devolver diferentes valores de retorno. Si prog adjunto a una funci\u00f3n del kernel llama de cola a prog adjunto a otra funci\u00f3n del kernel, se podr\u00eda omitir la verificaci\u00f3n del acceso o del valor de retorno de ctx. Por ejemplo, si prog1 est\u00e1 adjunto a func1 que toma solo 1 par\u00e1metro y prog2 est\u00e1 adjunto a func2 que toma dos par\u00e1metros. Dado que el verificador asume que el bpf ctx pasado a prog2 se construye en base al prototipo de func2, el verificador permite a prog2 acceder al segundo par\u00e1metro del bpf ctx que se le pasa. El problema es que el verificador no impide que prog1 pase su bpf ctx a prog2 mediante llamada de cola. En este caso, el bpf ctx pasado a prog2 se construye a partir de func1 en lugar de func2, es decir, se omite la suposici\u00f3n de verificaci\u00f3n de acceso a ctx. Otro ejemplo, si BPF LSM prog1 est\u00e1 conectado al gancho file_alloc_security y BPF LSM prog2 est\u00e1 conectado al gancho bpf_lsm_audit_rule_known. El verificador conoce las reglas de valor de retorno para estos dos ganchos, por ejemplo, es legal que bpf_lsm_audit_rule_known devuelva un n\u00famero positivo 1 y es ilegal que file_alloc_security devuelva un n\u00famero positivo. Por lo tanto, el verificador permite que prog2 devuelva un n\u00famero positivo 1, pero no permite que prog1 devuelva un n\u00famero positivo. El problema es que el verificador no impide que prog1 llame a prog2 a trav\u00e9s de una llamada de cola. En este caso, el valor de retorno 1 de prog2 se utilizar\u00e1 como el valor de retorno para el gancho file_alloc_security de prog1. Es decir, se omite la regla del valor de retorno. Este parche agrega una restricci\u00f3n para la llamada de cola para evitar tales omisiones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json index d7e551524ce..e8b390e576e 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50064.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50064", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.440", - "lastModified": "2024-10-21T20:15:18.440", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: free secondary algorithms names\n\nWe need to kfree() secondary algorithms names when reset zram device that\nhad multi-streams, otherwise we leak memory.\n\n[senozhatsky@chromium.org: kfree(NULL) is legal]\n Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: zram: liberar nombres de algoritmos secundarios Necesitamos ejecutar kfree() en los nombres de algoritmos secundarios cuando reiniciamos un dispositivo zram que ten\u00eda m\u00faltiples transmisiones, de lo contrario, perdemos memoria. [senozhatsky@chromium.org: kfree(NULL) es legal] Enlace: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json index 577c7662859..1ac1970543a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50065.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50065", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T20:15:18.520", - "lastModified": "2024-10-21T20:15:18.520", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Change to non-blocking allocation in ntfs_d_hash\n\nd_hash is done while under \"rcu-walk\" and should not sleep.\n__get_name() allocates using GFP_KERNEL, having the possibility\nto sleep when under memory pressure. Change the allocation to\nGFP_NOWAIT." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ntfs3: Cambio a asignaci\u00f3n sin bloqueo en ntfs_d_hash d_hash se realiza mientras se est\u00e1 bajo \"rcu-walk\" y no deber\u00eda estar en suspensi\u00f3n. __get_name() asigna usando GFP_KERNEL, teniendo la posibilidad de estar en suspensi\u00f3n cuando se encuentra bajo presi\u00f3n de memoria. Cambie la asignaci\u00f3n a GFP_NOWAIT." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50066.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50066.json index d548083adb4..e0baf1308ac 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50066.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50066.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50066", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-23T06:15:10.467", - "lastModified": "2024-10-23T06:15:10.467", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mremap: fix move_normal_pmd/retract_page_tables race\n\nIn mremap(), move_page_tables() looks at the type of the PMD entry and the\nspecified address range to figure out by which method the next chunk of\npage table entries should be moved.\n\nAt that point, the mmap_lock is held in write mode, but no rmap locks are\nheld yet. For PMD entries that point to page tables and are fully covered\nby the source address range, move_pgt_entry(NORMAL_PMD, ...) is called,\nwhich first takes rmap locks, then does move_normal_pmd(). \nmove_normal_pmd() takes the necessary page table locks at source and\ndestination, then moves an entire page table from the source to the\ndestination.\n\nThe problem is: The rmap locks, which protect against concurrent page\ntable removal by retract_page_tables() in the THP code, are only taken\nafter the PMD entry has been read and it has been decided how to move it. \nSo we can race as follows (with two processes that have mappings of the\nsame tmpfs file that is stored on a tmpfs mount with huge=advise); note\nthat process A accesses page tables through the MM while process B does it\nthrough the file rmap:\n\nprocess A process B\n========= =========\nmremap\n mremap_to\n move_vma\n move_page_tables\n get_old_pmd\n alloc_new_pmd\n *** PREEMPT ***\n madvise(MADV_COLLAPSE)\n do_madvise\n madvise_walk_vmas\n madvise_vma_behavior\n madvise_collapse\n hpage_collapse_scan_file\n collapse_file\n retract_page_tables\n i_mmap_lock_read(mapping)\n pmdp_collapse_flush\n i_mmap_unlock_read(mapping)\n move_pgt_entry(NORMAL_PMD, ...)\n take_rmap_locks\n move_normal_pmd\n drop_rmap_locks\n\nWhen this happens, move_normal_pmd() can end up creating bogus PMD entries\nin the line `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. The effect\ndepends on arch-specific and machine-specific details; on x86, you can end\nup with physical page 0 mapped as a page table, which is likely\nexploitable for user->kernel privilege escalation.\n\nFix the race by letting process B recheck that the PMD still points to a\npage table after the rmap locks have been taken. Otherwise, we bail and\nlet the caller fall back to the PTE-level copying path, which will then\nbail immediately at the pmd_none() check.\n\nBug reachability: Reaching this bug requires that you can create\nshmem/file THP mappings - anonymous THP uses different code that doesn't\nzap stuff under rmap locks. File THP is gated on an experimental config\nflag (CONFIG_READ_ONLY_THP_FOR_FS), so on normal distro kernels you need\nshmem THP to hit this bug. As far as I know, getting shmem THP normally\nrequires that you can mount your own tmpfs with the right mount flags,\nwhich would require creating your own user+mount namespace; though I don't\nknow if some distros maybe enable shmem THP by default or something like\nthat.\n\nBug impact: This issue can likely be used for user->kernel privilege\nescalation when it is reachable." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mremap: correcci\u00f3n de la ejecuci\u00f3n move_normal_pmd/retract_page_tables En mremap(), move_page_tables() examina el tipo de entrada PMD y el rango de direcciones especificado para determinar mediante qu\u00e9 m\u00e9todo se debe mover el siguiente fragmento de entradas de la tabla de p\u00e1ginas. En ese punto, el mmap_lock se mantiene en modo de escritura, pero a\u00fan no se mantienen bloqueos rmap. Para las entradas PMD que apuntan a tablas de p\u00e1ginas y est\u00e1n completamente cubiertas por el rango de direcciones de origen, se llama a move_pgt_entry(NORMAL_PMD, ...), que primero toma bloqueos rmap y luego realiza move_normal_pmd(). move_normal_pmd() toma los bloqueos de tabla de p\u00e1ginas necesarios en el origen y el destino, luego mueve una tabla de p\u00e1ginas completa desde el origen hasta el destino. El problema es el siguiente: los bloqueos de rmap, que protegen contra la eliminaci\u00f3n simult\u00e1nea de tablas de p\u00e1ginas por retract_page_tables() en el c\u00f3digo THP, solo se toman despu\u00e9s de que se haya le\u00eddo la entrada PMD y se haya decidido c\u00f3mo moverla. Por lo tanto, podemos competir de la siguiente manera (con dos procesos que tienen asignaciones del mismo archivo tmpfs que est\u00e1 almacenado en un montaje tmpfs con huge=advise); tenga en cuenta que el proceso A accede a las tablas de p\u00e1ginas a trav\u00e9s del MM mientras que el proceso B lo hace a trav\u00e9s del archivo rmap: proceso A proceso B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locks Cuando esto sucede, move_normal_pmd() puede terminar creando entradas PMD falsas en la l\u00ednea `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. El efecto depende de detalles espec\u00edficos de la arquitectura y de la m\u00e1quina; en x86, puede terminar con la p\u00e1gina f\u00edsica 0 mapeada como una tabla de p\u00e1ginas, lo que probablemente sea explotable para la escalada de privilegios de usuario a kernel. Arregle la ejecuci\u00f3n permitiendo que el proceso B vuelva a verificar que el PMD a\u00fan apunta a una tabla de p\u00e1ginas despu\u00e9s de que se hayan tomado los bloqueos rmap. De lo contrario, abandonamos y dejamos que el llamador vuelva a la ruta de copia de nivel PTE, que luego abandonar\u00e1 inmediatamente en la verificaci\u00f3n pmd_none(). Alcance del error: Alcanzar este error requiere que pueda crear asignaciones shmem/file THP - el THP an\u00f3nimo usa un c\u00f3digo diferente que no elimina cosas bajo bloqueos rmap. El THP de archivo est\u00e1 controlado por un indicador de configuraci\u00f3n experimental (CONFIG_READ_ONLY_THP_FOR_FS), por lo que en los n\u00facleos de distribuci\u00f3n normales necesita shmem THP para alcanzar este error. Hasta donde yo s\u00e9, obtener shmem THP normalmente requiere que puedas montar tu propio tmpfs con los indicadores de montaje correctos, lo que requerir\u00eda crear tu propio espacio de nombres de usuario+montaje; aunque no s\u00e9 si algunas distribuciones habilitan shmem THP de forma predeterminada o algo as\u00ed. Impacto del error: es probable que este problema se pueda usar para la escalada de privilegios de usuario a kernel cuando sea posible." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50311.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50311.json index 0ec774e4fbf..bd03cf78011 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50311.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50311.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50311", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-22T14:15:19.450", - "lastModified": "2024-10-22T14:15:19.450", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en OpenShift. Este fallo permite a los atacantes explotar la funcionalidad de procesamiento por lotes de GraphQL. La vulnerabilidad surge cuando se pueden enviar m\u00faltiples consultas dentro de una sola solicitud, lo que permite a un atacante enviar una solicitud que contiene miles de alias en una sola consulta. Este problema provoca un consumo excesivo de recursos, lo que lleva a que la aplicaci\u00f3n no est\u00e9 disponible para los usuarios leg\u00edtimos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json index c7c92ab1621..83a015bd625 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50312.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50312", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-22T14:15:19.973", - "lastModified": "2024-10-22T18:35:11.263", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en GraphQL debido a controles de acceso inadecuados en la consulta de introspecci\u00f3n de GraphQL. Este fallo permite que usuarios no autorizados recuperen una lista completa de consultas y mutaciones disponibles. La exposici\u00f3n a este fallo aumenta la superficie de ataque, ya que puede facilitar el descubrimiento de fallos o errores espec\u00edficos de la implementaci\u00f3n de GraphQL de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5764.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5764.json new file mode 100644 index 00000000000..c306897c1a2 --- /dev/null +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5764.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-5764", + "sourceIdentifier": "103e4ec9-0a87-450b-af77-479448ddef11", + "published": "2024-10-23T15:15:32.340", + "lastModified": "2024-10-23T15:15:32.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.\n\nThis issue affects Nexus Repository: from 3.0.0 through 3.72.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "103e4ec9-0a87-450b-af77-479448ddef11", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "103e4ec9-0a87-450b-af77-479448ddef11", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://support.sonatype.com/hc/en-us/articles/34496708991507", + "source": "103e4ec9-0a87-450b-af77-479448ddef11" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7587.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7587.json index d32a1c2ba16..3f8928768d7 100644 --- a/CVE-2024/CVE-2024-75xx/CVE-2024-7587.json +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7587.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7587", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-10-22T23:15:02.367", - "lastModified": "2024-10-22T23:15:02.367", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64." + }, + { + "lang": "es", + "value": "La vulnerabilidad de permisos predeterminados incorrectos en GenBroker32, que est\u00e1 incluido en los instaladores de ICONICS GENESIS64 versi\u00f3n 10.97.3 y anteriores, Mitsubishi Electric GENESIS64 versi\u00f3n 10.97.3 y anteriores y Mitsubishi Electric MC Works64 todas las versiones, permite a un atacante autenticado local divulgar o alterar informaci\u00f3n y datos confidenciales contenidos en los productos, o causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en los productos, al acceder a una carpeta con permisos incorrectos, cuando GenBroker32 est\u00e1 instalado en la misma PC que GENESIS64 o MC Works64." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8500.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8500.json index 4d27122738c..0514b31b7bb 100644 --- a/CVE-2024/CVE-2024-85xx/CVE-2024-8500.json +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8500.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8500", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T11:15:13.490", - "lastModified": "2024-10-23T11:15:13.490", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s de varios par\u00e1metros en todas las versiones hasta la 7.2.2 incluida, debido a una limpieza de entrada y un escape de salida insuficiente. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json index 5ac51651769..037c566e455 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8852.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8852", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T06:15:04.890", - "lastModified": "2024-10-22T06:15:04.890", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files." + }, + { + "lang": "es", + "value": "El complemento All-in-One WP Migration and Backup para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 7.86 incluida, a trav\u00e9s de archivos de registro expuestos p\u00fablicamente. Esto permite que atacantes no autenticados vean informaci\u00f3n potencialmente confidencial, como las rutas completas contenidas en los archivos de registro expuestos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8901.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8901.json index 785774b5e33..ba20e1ff82b 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8901.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8901.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8901", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-10-22T00:15:03.667", - "lastModified": "2024-10-22T00:15:03.667", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication." + }, + { + "lang": "es", + "value": "El adaptador de directiva de ruta AWS ALB para el repositorio Istio https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master proporciona un mecanismo de autenticaci\u00f3n OIDC que se integr\u00f3 en el proyecto de c\u00f3digo abierto Kubeflow. El adaptador utiliza JWT para la autenticaci\u00f3n, pero carece de una validaci\u00f3n adecuada de firmante y emisor. En implementaciones poco comunes de ALB, en las que los puntos de conexi\u00f3n est\u00e1n expuestos al tr\u00e1fico de Internet, un actor puede proporcionar un JWT firmado por una entidad no confiable para falsificar sesiones federadas de OIDC y eludir la autenticaci\u00f3n con \u00e9xito." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8980.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8980.json index 0675a056530..801518e3be8 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8980.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8980.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8980", "sourceIdentifier": "security@liferay.com", "published": "2024-10-22T15:15:07.337", - "lastModified": "2024-10-22T15:15:07.337", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173\n does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability." + }, + { + "lang": "es", + "value": "La consola de scripts en Liferay Portal 7.0.0 a 7.4.3.101, y Liferay DXP 2023.Q3.1 a 2023.Q3.4, 7.4 GA a la actualizaci\u00f3n 92, 7.3 GA a la actualizaci\u00f3n 35, 7.2 GA a trav\u00e9s del fixpack 20, 7.1 GA a trav\u00e9s del fixpack 28, 7.0 GA a trav\u00e9s del fixpack 102 y 6.2 GA a trav\u00e9s del fixpack 173 no protege lo suficiente contra ataques de Cross-Site Request Forgery (CSRF), que permiten a atacantes remotos ejecutar scripts de Groovy arbitrarios a trav\u00e9s de una URL manipulada o una vulnerabilidad XSS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9050.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9050.json index c028546fb48..0b525e28b72 100644 --- a/CVE-2024/CVE-2024-90xx/CVE-2024-9050.json +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9050.json @@ -2,13 +2,13 @@ "id": "CVE-2024-9050", "sourceIdentifier": "secalert@redhat.com", "published": "2024-10-22T13:15:02.410", - "lastModified": "2024-10-23T11:15:13.713", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine." + "value": "A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9129.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9129.json index 2edd2857103..a262bc760d7 100644 --- a/CVE-2024/CVE-2024-91xx/CVE-2024-9129.json +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9129.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9129", "sourceIdentifier": "security@puppet.com", "published": "2024-10-22T17:15:06.557", - "lastModified": "2024-10-22T17:15:06.557", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. \n\nReported by Dylan Marino" + }, + { + "lang": "es", + "value": " En las versiones de Zend Server 8.5 y anteriores a la versi\u00f3n 9.2 se detect\u00f3 una inyecci\u00f3n de cadena de formato. Reportado por Dylan Marino" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json index 7cf81280431..278452ba6a2 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9231.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9231", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T10:15:07.313", - "lastModified": "2024-10-22T10:15:07.313", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": " El complemento de membres\u00eda WP-Members para WordPress es vulnerable a ataques de cross-site scripting reflejados debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 3.4.9.5 incluida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9287.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9287.json index 7b1c38a2433..07b31cd6b8a 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9287.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9287", "sourceIdentifier": "cna@python.org", "published": "2024-10-22T17:15:06.697", - "lastModified": "2024-10-22T17:15:06.697", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected." + }, + { + "lang": "es", + "value": " Se ha encontrado una vulnerabilidad en el m\u00f3dulo `venv` de CPython y en la CLI donde los nombres de ruta proporcionados al crear un entorno virtual no se citaban correctamente, lo que permit\u00eda al creador inyectar comandos en los scripts de \"activaci\u00f3n\" del entorno virtual (es decir, \"source venv/bin/activate\"). Esto significa que los entornos virtuales controlados por el atacante pueden ejecutar comandos cuando el entorno virtual est\u00e1 activado. Los entornos virtuales que no son creados por un atacante o que no se activan antes de ser utilizados (es decir, \"./venv/bin/python\") no se ven afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9530.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9530.json index 7e21b919632..b690c3c2aee 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9530.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9530.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9530", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T08:15:03.770", - "lastModified": "2024-10-23T08:15:03.770", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private." + }, + { + "lang": "es", + "value": " El complemento Qi Addons For Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.8.0 incluida a trav\u00e9s de plantillas privadas. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales, incluido el contenido de plantillas que son privadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9541.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9541.json index 0c564aea602..614414b6f63 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9541.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9541.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9541", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T08:15:02.920", - "lastModified": "2024-10-22T08:15:02.920", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data." + }, + { + "lang": "es", + "value": "El complemento News Kit Elementor Addons para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.2.1 incluida a trav\u00e9s de la funci\u00f3n de renderizado en features/widgets/canvas-menu/canvas-menu.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales privados, pendientes y de borrador de plantillas de Elementor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9583.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9583.json index c160b4afff2..e52e1692923 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9583.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9583.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9583", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T07:15:03.283", - "lastModified": "2024-10-23T07:15:03.283", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send premium support requests with an attacker-controlled subject line and email address to support allowing them to impersonate the site owner. License information may also be leaked." + }, + { + "lang": "es", + "value": "El complemento RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging para WordPress es vulnerable al uso no autorizado de su funcionalidad debido a una falta de comprobaci\u00f3n de capacidad en la funci\u00f3n wprss_ajax_send_premium_support en todas las versiones hasta la 4.23.12 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, env\u00eden solicitudes de soporte premium con una l\u00ednea de asunto y una direcci\u00f3n de correo electr\u00f3nico controladas por el atacante para suplantar la identidad del propietario del sitio. Tambi\u00e9n se puede filtrar informaci\u00f3n de la licencia." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9588.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9588.json index 502ccbe9b97..52739ae0b9f 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9588.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9588.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9588", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T08:15:03.563", - "lastModified": "2024-10-22T08:15:03.563", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Category and Taxonomy Meta Fields para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 1.0.0 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n 'wpaft_option_page'. Esto permite que atacantes no autenticados agreguen y eliminen metadatos de taxonom\u00eda, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9589.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9589.json index 8aa3576403e..c8e8e076bdf 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9589.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9589.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9589", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T08:15:04.227", - "lastModified": "2024-10-22T08:15:04.227", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Category and Taxonomy Meta Fields para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'new_meta_name' en la funci\u00f3n 'wpaft_option_page' en versiones hasta la 1.0.0 incluida, debido a una desinfecci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de administrador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones donde se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9590.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9590.json index 067f093c955..173d2102c4f 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9590.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9590.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9590", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T08:15:04.807", - "lastModified": "2024-10-22T08:15:04.807", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Category and Taxonomy Meta Fields para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del valor del campo meta de imagen en la funci\u00f3n 'wpaft_add_meta_textinput' en versiones hasta la 1.0.0 incluida, debido a una desinfecci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de editor y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones donde se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9591.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9591.json index 6b2a8a0db01..eb376f93dd2 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9591.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9591.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9591", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T08:15:05.273", - "lastModified": "2024-10-22T08:15:05.273", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Category and Taxonomy Image para WordPress es vulnerable a la ejecuci\u00f3n de Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro '_category_image' en versiones hasta la 1.0.0 incluida, debido a una desinfecci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados con permisos de nivel de editor y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json index bb4a482b8bf..496a9628457 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9627.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9627", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-22T07:15:02.687", - "lastModified": "2024-10-22T07:15:02.687", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot." + }, + { + "lang": "es", + "value": "El complemento TeploBot - Telegram Bot for WP para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial debido a la falta de comprobaciones de autorizaci\u00f3n en la funci\u00f3n 'service_process' en todas las versiones hasta la 1.3 incluida. Esto hace posible que atacantes no autenticados vean el token del bot de Telegram, que es un token secreto para controlar el bot." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json index 1c5fb5c133c..3c1e485d868 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9677.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9677", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-10-22T02:15:04.380", - "lastModified": "2024-10-22T02:15:04.380", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out." + }, + { + "lang": "es", + "value": "La vulnerabilidad de credenciales insuficientemente protegidas en el comando CLI de la versi\u00f3n de firmware uOS V1.21 y versiones anteriores de la serie USG FLEX H podr\u00eda permitir que un atacante local autenticado obtenga una escalada de privilegios al robar el token de autenticaci\u00f3n de un administrador que inici\u00f3 sesi\u00f3n. Tenga en cuenta que este ataque podr\u00eda tener \u00e9xito solo si el administrador no ha cerrado sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9829.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9829.json index 09d59dee695..005b1c45805 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9829.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9829.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9829", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T06:15:11.007", - "lastModified": "2024-10-23T06:15:11.007", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed." + }, + { + "lang": "es", + "value": "El complemento Download Plugin para WordPress es vulnerable al acceso no autorizado a los datos debido a la falta de comprobaciones de capacidad en las funciones 'dpwap_handle_download_user' y 'dpwap_handle_download_comment' en todas las versiones hasta la 2.2.0 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, descarguen cualquier comentario y metadatos de cualquier usuario, incluida informaci\u00f3n de identificaci\u00f3n personal del usuario e informaci\u00f3n confidencial, como nombre de usuario, correo electr\u00f3nico, contrase\u00f1as cifradas y contrase\u00f1as de aplicaciones, informaci\u00f3n de token de sesi\u00f3n y m\u00e1s, seg\u00fan la configuraci\u00f3n y los complementos adicionales instalados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json index 0e3f2e00d7c..95322e80478 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9927.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9927", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T02:15:07.467", - "lastModified": "2024-10-23T02:15:07.467", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Order Proposal para WordPress es vulnerable a la escalada de privilegios a trav\u00e9s de la propuesta de pedido en todas las versiones hasta la 2.0.5 incluida. Esto se debe a la implementaci\u00f3n incorrecta de la funci\u00f3n allow_payment_without_login. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador de tienda y superior, inicien sesi\u00f3n en WordPress con una cuenta de usuario arbitraria, incluidos los administradores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9947.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9947.json index 809bcc6510c..9f0026bd103 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9947.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9947.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9947", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-23T07:15:04.560", - "lastModified": "2024-10-23T07:15:04.560", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token." + }, + { + "lang": "es", + "value": " El complemento ProfilePress Pro para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 4.11.1 incluida. Esto se debe a una verificaci\u00f3n insuficiente del usuario que devuelve el token de inicio de sesi\u00f3n social. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token." } ], "metrics": { @@ -45,6 +49,16 @@ "value": "CWE-287" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9987.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9987.json index a2f645a19be..9956214877a 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9987.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9987.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9987", "sourceIdentifier": "security@pandorafms.com", "published": "2024-10-22T09:15:03.497", - "lastModified": "2024-10-22T09:15:03.497", - "vulnStatus": "Received", + "lastModified": "2024-10-23T15:12:34.673", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality.\u00a0This issue affects Pandora FMS: from 700 through <777.3." + }, + { + "lang": "es", + "value": " Vulnerabilidad de inyecci\u00f3n SQL posterior a la autenticaci\u00f3n en el par\u00e1metro filters de la funcionalidad extensions/agents_modules_csv. Este problema afecta a Pandora FMS: desde la versi\u00f3n 700 hasta la versi\u00f3n <777.3." } ], "metrics": { diff --git a/README.md b/README.md index 74985594a2d..5d90dd2fbb8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-23T14:00:52.006807+00:00 +2024-10-23T16:00:54.822569+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-23T13:39:38.647000+00:00 +2024-10-23T15:53:06.410000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266785 +266802 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `17` -- [CVE-2024-10278](CVE-2024/CVE-2024-102xx/CVE-2024-10278.json) (`2024-10-23T13:15:12.157`) -- [CVE-2024-10279](CVE-2024/CVE-2024-102xx/CVE-2024-10279.json) (`2024-10-23T13:15:12.877`) +- [CVE-2024-10041](CVE-2024/CVE-2024-100xx/CVE-2024-10041.json) (`2024-10-23T14:15:03.970`) +- [CVE-2024-10250](CVE-2024/CVE-2024-102xx/CVE-2024-10250.json) (`2024-10-23T14:15:04.197`) +- [CVE-2024-10280](CVE-2024/CVE-2024-102xx/CVE-2024-10280.json) (`2024-10-23T14:15:04.500`) +- [CVE-2024-10281](CVE-2024/CVE-2024-102xx/CVE-2024-10281.json) (`2024-10-23T14:15:04.773`) +- [CVE-2024-10282](CVE-2024/CVE-2024-102xx/CVE-2024-10282.json) (`2024-10-23T15:15:29.590`) +- [CVE-2024-10283](CVE-2024/CVE-2024-102xx/CVE-2024-10283.json) (`2024-10-23T15:15:29.850`) +- [CVE-2024-10290](CVE-2024/CVE-2024-102xx/CVE-2024-10290.json) (`2024-10-23T15:15:30.110`) +- [CVE-2024-30122](CVE-2024/CVE-2024-301xx/CVE-2024-30122.json) (`2024-10-23T15:15:30.390`) +- [CVE-2024-47575](CVE-2024/CVE-2024-475xx/CVE-2024-47575.json) (`2024-10-23T15:15:30.707`) +- [CVE-2024-47901](CVE-2024/CVE-2024-479xx/CVE-2024-47901.json) (`2024-10-23T15:15:30.930`) +- [CVE-2024-47902](CVE-2024/CVE-2024-479xx/CVE-2024-47902.json) (`2024-10-23T15:15:31.163`) +- [CVE-2024-47903](CVE-2024/CVE-2024-479xx/CVE-2024-47903.json) (`2024-10-23T15:15:31.397`) +- [CVE-2024-47904](CVE-2024/CVE-2024-479xx/CVE-2024-47904.json) (`2024-10-23T15:15:31.687`) +- [CVE-2024-49370](CVE-2024/CVE-2024-493xx/CVE-2024-49370.json) (`2024-10-23T15:15:31.987`) +- [CVE-2024-49675](CVE-2024/CVE-2024-496xx/CVE-2024-49675.json) (`2024-10-23T15:15:32.120`) +- [CVE-2024-50050](CVE-2024/CVE-2024-500xx/CVE-2024-50050.json) (`2024-10-23T14:15:05.087`) +- [CVE-2024-5764](CVE-2024/CVE-2024-57xx/CVE-2024-5764.json) (`2024-10-23T15:15:32.340`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `469` -- [CVE-2024-10289](CVE-2024/CVE-2024-102xx/CVE-2024-10289.json) (`2024-10-23T12:15:03.423`) -- [CVE-2024-47675](CVE-2024/CVE-2024-476xx/CVE-2024-47675.json) (`2024-10-23T13:39:38.647`) -- [CVE-2024-5187](CVE-2024/CVE-2024-51xx/CVE-2024-5187.json) (`2024-10-23T13:36:11.643`) +- [CVE-2024-50066](CVE-2024/CVE-2024-500xx/CVE-2024-50066.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-50311](CVE-2024/CVE-2024-503xx/CVE-2024-50311.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-50312](CVE-2024/CVE-2024-503xx/CVE-2024-50312.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-7587](CVE-2024/CVE-2024-75xx/CVE-2024-7587.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-8500](CVE-2024/CVE-2024-85xx/CVE-2024-8500.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-8852](CVE-2024/CVE-2024-88xx/CVE-2024-8852.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-8901](CVE-2024/CVE-2024-89xx/CVE-2024-8901.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-8980](CVE-2024/CVE-2024-89xx/CVE-2024-8980.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9050](CVE-2024/CVE-2024-90xx/CVE-2024-9050.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9129](CVE-2024/CVE-2024-91xx/CVE-2024-9129.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9231](CVE-2024/CVE-2024-92xx/CVE-2024-9231.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9287](CVE-2024/CVE-2024-92xx/CVE-2024-9287.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9530](CVE-2024/CVE-2024-95xx/CVE-2024-9530.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9541](CVE-2024/CVE-2024-95xx/CVE-2024-9541.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9583](CVE-2024/CVE-2024-95xx/CVE-2024-9583.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9588](CVE-2024/CVE-2024-95xx/CVE-2024-9588.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9589](CVE-2024/CVE-2024-95xx/CVE-2024-9589.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9590](CVE-2024/CVE-2024-95xx/CVE-2024-9590.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9591](CVE-2024/CVE-2024-95xx/CVE-2024-9591.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9627](CVE-2024/CVE-2024-96xx/CVE-2024-9627.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9677](CVE-2024/CVE-2024-96xx/CVE-2024-9677.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9829](CVE-2024/CVE-2024-98xx/CVE-2024-9829.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9927](CVE-2024/CVE-2024-99xx/CVE-2024-9927.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9947](CVE-2024/CVE-2024-99xx/CVE-2024-9947.json) (`2024-10-23T15:12:34.673`) +- [CVE-2024-9987](CVE-2024/CVE-2024-99xx/CVE-2024-9987.json) (`2024-10-23T15:12:34.673`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 6d97ebb522a..a8d4424a5fb 100644 --- a/_state.csv +++ b/_state.csv @@ -114216,16 +114216,16 @@ CVE-2018-13367,0,0,2c0b190f3877d554c7c1793628ac2255a5cca3a093c589c3f0ee70977e780 CVE-2018-13368,0,0,db3621b4229003a92c4734f6155d38c9e0973d22b3108c201c69db75b3f18dae,2020-08-24T17:37:01.140000 CVE-2018-1337,0,0,ac2f74a143a89a31e641617add9054f59782e3dc278d74a4c0107d8a66e7c7ca,2023-11-07T02:55:59.343000 CVE-2018-13371,0,0,6d518c7f248715560f2fdc8eda0d045226e614f54a2220bedf3a83e9d961d6e4,2020-04-03T18:53:23.173000 -CVE-2018-13374,0,0,d8d3cbda0879903d9708fa8ab377ca18fce7fb90f58417b260f2dbab0b870929,2024-06-28T14:04:14.410000 +CVE-2018-13374,0,1,2ef7b2ad3f170041b4f14e419ead6d2b6bc66b247b9b28502c75161bb736f80f,2024-10-23T14:35:00.903000 CVE-2018-13375,0,0,d56d6bafd36bf4e0bb208e573685704fee8535e51d0b9a9e0de49024b4474a77,2019-05-30T15:19:19.737000 CVE-2018-13376,0,0,34379bca4498e8ec746f1a8397920cc44e22e9cefdf9bd673e27251e09c3a80a,2019-10-03T00:03:26.223000 CVE-2018-13378,0,0,9f71a7a5685934cdd46869122ec078124ae2ec66bfbc946ccbf9f49813590b58,2019-04-17T18:06:24.997000 -CVE-2018-13379,0,0,af407aeeed99a01cc7a4409d5eb5be2ac5a2e06ee3acacc6a604d3bc95ea630f,2024-07-25T14:09:54.960000 +CVE-2018-13379,0,1,d5f3c20a15fc41dd7db172a046157d316fbf5a3bea148f7bd01a767259761602,2024-10-23T14:35:02.830000 CVE-2018-1338,0,0,d64411637977ae42c91121f0409cbf1c71d1031cb46205ab4bc91aedd4d1c053,2023-11-07T02:55:59.417000 CVE-2018-13380,0,0,480272033178ab224e15cb78036830ce2ce28e5ca27484adf0a78212d77e5330,2021-04-06T12:56:42.507000 CVE-2018-13381,0,0,c6d40fea6a34ff14b2a09585a7b5be2b92a5fed103e6436015156bf377343728,2021-03-16T02:41:08.027000 -CVE-2018-13382,0,0,ca43b2040162dddaa95b9380e114e014e168a64ced16cdb5edee66eb4c311ffb,2024-07-24T17:00:11.230000 -CVE-2018-13383,0,0,55bb53e286984e1ed3d949b7aaf5296a0b7ab211b536ccfce1835626d229dbd0,2021-03-16T15:48:20.167000 +CVE-2018-13382,0,1,d577aa48fb4909dc30a192abdb700d2f785f27bf8a82df28093deba860a43e2d,2024-10-23T14:35:03.977000 +CVE-2018-13383,0,1,3917815d0ce3fcdb5af1ee61e13e4da694426b405bf668ed33d844969a103504,2024-10-23T14:35:04.847000 CVE-2018-13384,0,0,0470da54b93707468acde7194067c44388da84e74ce445a3f6794a553a854a11,2019-06-05T14:26:09.117000 CVE-2018-13385,0,0,4e701bd89560a8ee5e1216c62101d98e943a0ac12ab90ea0f01e645a62b830ae,2020-05-11T16:29:41.080000 CVE-2018-13386,0,0,ac1c92d8c2b1ce7a084b13c83da90e1d9578e1ecdf924c062b623ddcb6c13f83,2020-08-24T17:37:01.140000 @@ -140618,7 +140618,7 @@ CVE-2019-5587,0,0,36a21e1962c4b84046c708b9530a7b6739ebf9b478111ca6a2241258e54411 CVE-2019-5588,0,0,3f0b8fba42908ef2af4fee61278f32858eed24baf92642c9d5aebb509ca10bcb,2019-06-06T08:29:01.163000 CVE-2019-5589,0,0,9f67f8b6b5e2fafbf076286d8eaf684f4116be340de16ca47f21da70d196906a,2019-05-29T16:07:09.427000 CVE-2019-5590,0,0,14eacc45b17452900d49eb3790b63c5114826589aeb83b384adfdd687aec81e5,2019-09-03T17:36:09.097000 -CVE-2019-5591,0,0,6e5530f8574191a82072d2aade1a5d34bc9125b52243346dd4822b4f4d9803d3,2021-07-21T11:39:23.747000 +CVE-2019-5591,0,1,fe615c20161277d1b087a9e23864acc33626fdc18fa50a9478a5ce9f3d5c195f,2024-10-23T14:35:05.617000 CVE-2019-5592,0,0,c65975805c53507a25362facc127ffc160832023947eeb0b3170a80c5c01a765,2020-08-24T17:37:01.140000 CVE-2019-5593,0,0,dbf1143c17c60df0e3b56b726eab8152cc476ee429e7eb8af2a630e11f7ca3d3,2021-07-21T11:39:23.747000 CVE-2019-5594,0,0,0dae2849bfddd68890ebd30c23f1e3c5e38c982981fb8adf9e75744dd0620f84,2019-08-26T14:12:55.073000 @@ -170437,7 +170437,7 @@ CVE-2021-24562,0,0,baa770ef906f0e2638525e58ffa4168e98db861c5802f86cd3820eb648030 CVE-2021-24563,0,0,eab02b7cb2e9f7d140aa33e5b2390a7888e495f7012ebf555c7637a6a70216fe,2022-02-19T04:44:04.857000 CVE-2021-24564,0,0,86e2798d0912a669dbef7859ebb29c6219e79f4c26fab3dd309f0e6794ff6854,2021-08-27T14:49:03.590000 CVE-2021-24565,0,0,327df3f009e7de626351065caf963ba05d34adf1dbda7b2b3278de78cc13f5db,2022-07-28T12:00:49.127000 -CVE-2021-24566,0,0,bf1e3ddbfd4315d08b7c2d239aa08d321fce759f9047ef7cfb92906e37b04eb9,2024-01-23T20:37:16.450000 +CVE-2021-24566,0,1,eae5c3d74bc0d012a26b311c7122185431a68e8d85a52398abaf51923afe7489,2024-10-23T15:35:02.310000 CVE-2021-24567,0,0,cfcf994544e82803dffea3cf7bf899c943bc00598e6bdf175ce7f8d654602843,2024-08-29T20:35:03.797000 CVE-2021-24568,0,0,22cd2e0b768132cf4829cbea5eb6ab2da07a55e3161a1a04667ac3d3e42514dd,2021-09-09T21:08:04.690000 CVE-2021-24569,0,0,66259a984518a916e0ff3e18bda082d41f6b760f7ad8bef9bca336029dad4c89,2021-10-04T20:18:42.137000 @@ -185040,7 +185040,7 @@ CVE-2021-44164,0,0,3953db61df1979ca78c5c6890cacd56bf83441f46792aa34f8722e7ea8834 CVE-2021-44165,0,0,62f71e9913a1e93c2dd3cbc55bcae109ae60e1eff4af22daa5ee5a7bba761ebf,2021-12-16T22:00:44.380000 CVE-2021-44166,0,0,285e1baafdd7b0a945b677318edb20e598e58c71c58d1e1aefc0d782339dc390,2022-03-11T19:40:52.643000 CVE-2021-44167,0,0,67a9c40d00214581e04ba8f834a909476ef625c049133b03ee7ec5c2e954ae8c,2022-05-19T02:47:23.603000 -CVE-2021-44168,0,0,de4cb600ca8837661c2a1b69a7a9796e114e67450920ad4ad0ce74a33d00f65a,2024-10-22T21:35:02.960000 +CVE-2021-44168,0,1,de9a7d9c0835b22925ed84889d98b878a6476e348c8bb46c5fc40d75ce082076,2024-10-23T15:40:23.217000 CVE-2021-44169,0,0,759bf413da439ae2ac08624614cca5309bd4606b588abdbf63b90a4654b9fdb1,2022-04-14T13:41:34.387000 CVE-2021-4417,0,0,b22211b4a50a557cf6cc85903b3b762ddcba5f4343e219e94634e4f024887f34,2023-11-07T03:40:54.140000 CVE-2021-44170,0,0,88334b61a2437ecfc967a58e5f4352f0f9c43824393ad5ebe302e1e3e94622d7,2022-07-25T17:05:58.760000 @@ -193038,8 +193038,8 @@ CVE-2022-23856,0,0,ee2cbc2426322388ff1afe7a44f2d91a7a9d83fba9914f637e37fe8ae0521 CVE-2022-23857,0,0,132a872c07af8d8c70261b35abca8d6a153a1859a711a2ed034df1a2f2ae9139,2022-01-27T16:14:04.917000 CVE-2022-23858,0,0,62f1f606d4b9efbf1631daba2d503d290be6f481e4bba2a8ebf7e52bf48393a1,2022-12-09T16:23:45.117000 CVE-2022-2386,0,0,09f49d4259c6ee996cc850650c207ec22add260b3b84ba16b896c572ed7d3292,2022-08-12T14:17:49.413000 -CVE-2022-23861,0,0,b7f6912621c34d9cb3366d0dd5b5259d62f1fd1e683f2e2fc5b95a122aaed23f,2024-10-22T19:35:01.570000 -CVE-2022-23862,0,0,d205b444d31d5084d2110b9e46847ffd77a0b531064aecc34b848aa211f7b732,2024-10-22T19:35:03.463000 +CVE-2022-23861,0,1,1b79df6ad607e321a06ffd4f1414ad54f48e3b8a61921f1d2f0a02f3a735e314,2024-10-23T15:12:34.673000 +CVE-2022-23862,0,1,2b721dae3c741fa798c190bd3375737db683c0e200456780df62dd1f1d9e42d1,2024-10-23T15:12:34.673000 CVE-2022-23863,0,0,718dca3b438e5f32d08c79cae192ff7673ae1521722bf5bc5fb8ef6492a0b31b,2023-08-08T14:22:24.967000 CVE-2022-23865,0,0,34050304e0195f46e2f5ca23d58f867b7e2ee63ec6639e974e762ba109c518b8,2022-04-22T14:12:24.920000 CVE-2022-23868,0,0,c4621856d933568f66278364ad9aeb56e74477fa3255560a959f3a6c8b310a91,2022-04-04T19:47:02.100000 @@ -208942,7 +208942,7 @@ CVE-2022-4371,0,0,275080852b7640fb074456225f88178f9e81657356dbc5280fa489ab497596 CVE-2022-43710,0,0,8252021b200bf69a0879f2153da2a55121d0a089867a62fedaecf3856e956dba,2023-08-04T16:05:41.757000 CVE-2022-43711,0,0,75fdb24330479eec6752c493ca1c0dcce71aeb60bb9f4a3ec519941a11409ccf,2023-08-04T15:37:18.857000 CVE-2022-43712,0,0,1f3633e27afb31c08675af9ad75e88d9090a100378c1dd0bb148e9db326b39a8,2023-08-04T19:39:49.167000 -CVE-2022-43713,0,0,3b09413887004099df215f7892a533fc48188411143c782898fe9f5c50a6c722,2023-08-04T15:49:03.637000 +CVE-2022-43713,0,1,5d82cc52ae6118140f4aa1461ec87f6c9ace56a1e1bce40e490c21cfdd2503c3,2024-10-23T15:35:06.987000 CVE-2022-43716,0,0,bfbdcdd5188bd491bf22c9469dee5c2bb33e93ce8bec29584e0419dcaf894f74,2024-09-10T10:15:04.627000 CVE-2022-43717,0,0,29a13eb1c3f929491bd4890a5cb91a25d48a2fac30e9970c5e3fca2bfdb8dc2a,2023-11-07T03:54:02.080000 CVE-2022-43718,0,0,51b91014b37759fc7d6f30b773c9245370da36aee436ce0fdb04abfef0b7be6d,2023-11-07T03:54:02.147000 @@ -212556,103 +212556,103 @@ CVE-2022-48942,0,0,2cf46354691478839d2223efa2eaa869b06a9729fd72ecdcbb1c9e9660f0a CVE-2022-48943,0,0,a7018e1dbe7c5677e235ba4ed082a73fce76282052204bd38ca850f621dffe72,2024-08-22T18:27:42.807000 CVE-2022-48944,0,0,78b35f4e96175b0acbd7eb76c8fc345abc146c0623b459d55b4bfe903afbd190,2024-09-03T14:26:56.393000 CVE-2022-48945,0,0,04e7494c867d2745065a695f3c050464fcd7db6e245bb13442273deff488e24a,2024-09-26T13:32:55.343000 -CVE-2022-48946,0,0,aa3240ffc10453865bde88d3264235517f9c57a3c1f0aa29fe21b0f513b35516,2024-10-21T20:15:06.020000 -CVE-2022-48947,0,0,b2df6088df0ddb6c9933c1f4f27862b615d0afe71cc5c6e107d751885517630e,2024-10-21T20:15:06.150000 -CVE-2022-48948,0,0,5ebceb86567fdd0bd7f86b4c4854a82d67ac53ff9b695ef78422bf9710153201,2024-10-21T20:15:06.230000 -CVE-2022-48949,0,0,e1c131babe1d75d09fa509245a1326df8509b156d8ce70cbe6c25b17d84ad118,2024-10-21T20:15:06.337000 +CVE-2022-48946,0,1,1df7137dee6b4c4a5e3f8613084121272ab068dbfc5c217e4e46dd75cef501fa,2024-10-23T15:13:25.583000 +CVE-2022-48947,0,1,8eac4b90177e0cee64005b8271cce50edbdecd0feb9b6ba4c912157e57fa25cd,2024-10-23T15:13:25.583000 +CVE-2022-48948,0,1,0df7ff89bc20e6d14a730310fe00121f0b4c3b94433557dadb35b55179bf0d80,2024-10-23T15:13:25.583000 +CVE-2022-48949,0,1,2d06b0ddc43a1d6ceef8a0ad6d5012e53b15c9ea3ed8f9cf12049c67291c9b36,2024-10-23T15:13:25.583000 CVE-2022-4895,0,0,0efd54174b680d04b5646c623fd6b294801b419a72088921312b45e7bb6c068f,2023-11-07T03:59:15.667000 -CVE-2022-48950,0,0,7f65c93ae6e2667d8c70ffa25c6da7c7a6835a9211ae83ed272ecfe03e6fcc53,2024-10-21T20:15:06.440000 -CVE-2022-48951,0,0,07972e0fa011b3a75cef42ad728f9fac8d63bc8ed8951ffc13c0d81b02b2ebd1,2024-10-21T20:15:06.530000 -CVE-2022-48952,0,0,d60627f41827a76ee28383172717e973078d706904c183fc221b0659f9d69122,2024-10-21T20:15:06.617000 -CVE-2022-48953,0,0,0eeb6ca2c8c22c2ef15a36d47679819444dc92fb589182d1531c5b3e73306209,2024-10-21T20:15:06.700000 -CVE-2022-48954,0,0,2c81cb910ecf9a13f78686fb3037fd1f4ab06cf0a39ba7bf2abe181ad671a1f9,2024-10-21T20:15:06.783000 -CVE-2022-48955,0,0,4c96b0f0132e1edbf7a699739f250807c17583db7b92f12f2179cf255216284d,2024-10-21T20:15:06.870000 -CVE-2022-48956,0,0,71caf01dd368b3a3d52bc4a615bfcefd528f5c7fd09d55997a260dd4583e0aa8,2024-10-21T20:15:06.973000 -CVE-2022-48957,0,0,51c40a0750e3d021d7e8531decce58a7d6df77178e8427015398ba5372bd825c,2024-10-21T20:15:07.090000 -CVE-2022-48958,0,0,b4ef58e208fec54f976a34bbd87143fef4f7fb6fbfd082575a32464e35015ddf,2024-10-21T20:15:07.270000 -CVE-2022-48959,0,0,34e704c95a17174d5727d8943e70c7fa90ce455efe8a21e8809bddd9e0f47ec6,2024-10-21T20:15:07.460000 +CVE-2022-48950,0,1,df7cdcc43adc0fe4790bfeee6795f91b28a4c15b10566f630a78891552ade293,2024-10-23T15:13:25.583000 +CVE-2022-48951,0,1,ba9d8cef5379b0ff4a935922614acdd38174cd969734d165c8703c7601b1f6a8,2024-10-23T15:13:25.583000 +CVE-2022-48952,0,1,cf21a0255246b5b3ab6d95e6ea99d72bc42c2b56c4888d478133ad8ae4632324,2024-10-23T15:13:25.583000 +CVE-2022-48953,0,1,037e26b090bc3b5c06ab9dffbf7de850a858e5fc3604925c0be082d71471c418,2024-10-23T15:13:25.583000 +CVE-2022-48954,0,1,d03a871ace91d7fda187606652c7e051870285e499bfc0944e94d8b0548b731c,2024-10-23T15:13:25.583000 +CVE-2022-48955,0,1,adfc623e02dfe3e9e8f9ee1f86ccacf1144c3f91e445f7d71c55691d3ddd637d,2024-10-23T15:13:25.583000 +CVE-2022-48956,0,1,efc542c10b827503bb60baef12ae6363e9aaed958a02fa0171aa8b339eb477e6,2024-10-23T15:13:25.583000 +CVE-2022-48957,0,1,e75f592b46fc02f5c17b54b9d14925ac4ac550c8bec708e43fe7280bb85bded4,2024-10-23T15:13:25.583000 +CVE-2022-48958,0,1,64a1b4825cb7fe46a7f91cfb2ea852904955b0ccb818b0aff987ae8d6445afa5,2024-10-23T15:13:25.583000 +CVE-2022-48959,0,1,15542692f4371b13a09c39e6e151849b1884a96a610571abab83498557c99ba6,2024-10-23T15:13:25.583000 CVE-2022-4896,0,0,04cb60ab8732a1bfba8bf7d8a4df08b8371cdecc380fd455d1b928e8213822e1,2023-09-15T15:18:10.843000 -CVE-2022-48960,0,0,6274a590c0d138d7075bf9ba1efdc2f845820da424a897c6f99837b00235118d,2024-10-21T20:15:07.663000 -CVE-2022-48961,0,0,03260afda2c34dc47fdb4d6f4839240b9967194257201f021980ea4d5dd3b4e3,2024-10-21T20:15:07.887000 -CVE-2022-48962,0,0,22acedf5e3e67e1fa8580544bc1b82fcd2b7fc29a79ea84451e63a16f68c8620,2024-10-21T20:15:08.117000 -CVE-2022-48963,0,0,c8eeadf93bdd070d0065a40f2e3e220cff1da16e4383a3f286d11dc41c3e0a4c,2024-10-21T20:15:08.273000 -CVE-2022-48964,0,0,adc4d4f17b8fffbd9b347b72d8a1ad3b103339879396db1ef7dc67fa4bdd08af,2024-10-21T20:15:08.377000 -CVE-2022-48965,0,0,bbde06ed95d08d260d1952ed5963fb686beb7d77a4bbb1ba94e25cbdd8610af0,2024-10-21T20:15:08.470000 -CVE-2022-48966,0,0,67828554db3a81726e39e44562e02b83c98e18661e0de9e7e1aae2dd7e74bba3,2024-10-21T20:15:08.573000 -CVE-2022-48967,0,0,9d77249ea48f18a9590613a35a92250cd70d4c4e5bf49f59966517ae36bae4f6,2024-10-21T20:15:08.757000 -CVE-2022-48968,0,0,ae0f1f7668be4906c1d39f98d8aa1bdb7010ac2f0f322066018f8399313d3a37,2024-10-21T20:15:08.897000 -CVE-2022-48969,0,0,72ecf3b0be7f7bb0f608a21f949c7d395a0d7b77e88e90e24be8855c64f8c315,2024-10-21T20:15:09.037000 +CVE-2022-48960,0,1,7cb8843c394326dbdacddf0f27bacd316ff597acdea2e37e285edd34a46c7da3,2024-10-23T15:13:25.583000 +CVE-2022-48961,0,1,9079782a53ac6f878f46ee5a7bd8c6d64ab25ec3e859504aac9ecda2b190e0a9,2024-10-23T15:13:25.583000 +CVE-2022-48962,0,1,1fbe44df9f14637284a2af17fc0f2951662bf83234ea5e1359c57113b94d87c0,2024-10-23T15:13:25.583000 +CVE-2022-48963,0,1,370e14d6d7de5be593d3aea44663d07232c2f99638747b44362a7976312c9d6a,2024-10-23T15:13:25.583000 +CVE-2022-48964,0,1,b433adf18e64faf47e8adedd875bbd7b9f6f61ed17ec1312cd5f64e587863cf5,2024-10-23T15:13:25.583000 +CVE-2022-48965,0,1,5c2d1d54d8b3c46630fcded2c16f38c7fffd2383699aeb72a69572ed1749a87e,2024-10-23T15:13:25.583000 +CVE-2022-48966,0,1,7b5ea2cdb27342c6837b1d63b8ed702b4c34ea924734529cc736266041c3d692,2024-10-23T15:13:25.583000 +CVE-2022-48967,0,1,9a4dff8791ae44e4087bbdddb5fbc68f8736e971375d2e967fe26661594f6b57,2024-10-23T15:13:25.583000 +CVE-2022-48968,0,1,017a1d2b13f226f7bddbc210b2bd3cf757d1f0d39cf99f216cca9b576a19e95d,2024-10-23T15:13:25.583000 +CVE-2022-48969,0,1,9d5e3023502dbcf73cf247c9ccac819ef4bcc5ebe125f185e7eeef2c89ccaf31,2024-10-23T15:13:25.583000 CVE-2022-4897,0,0,0a243664793293bb535173693d8b2bb850e8caf27eb71e5f98003bf4c293392a,2023-11-07T03:59:15.853000 -CVE-2022-48970,0,0,215f9044f583e8313335b6a323d0416030d0f99207de8c08c813efbcd66849fb,2024-10-21T20:15:09.177000 -CVE-2022-48971,0,0,ad6ce752df2de2dfa7bbb6e27239c1f5d53b28094d2a57dd8da2a5cabd4d71ba,2024-10-21T20:15:09.260000 -CVE-2022-48972,0,0,6e0bf18b7030f636281a3b0b20acb8bb2a825fa43cbf178e8cfd4c2999b63d3d,2024-10-21T20:15:09.343000 -CVE-2022-48973,0,0,f016f25c6406121bf53aaf15fa8935b7a01bdcafca920f222553048728f40927,2024-10-21T20:15:09.430000 -CVE-2022-48974,0,0,d651e7b66cf9cd5678f845c51dbbc422a41ddbe6aea34be99bc80723739073a5,2024-10-21T20:15:09.517000 -CVE-2022-48975,0,0,00f651a26432eb0e308c80a64ef6a46c0362fc478008e2234f32b5abec4b4b52,2024-10-21T20:15:09.597000 -CVE-2022-48976,0,0,548606305b6a7d3f20c1ac5ad67980594eaf044857e59ab045886f8d61e42939,2024-10-21T20:15:09.680000 -CVE-2022-48977,0,0,db0e52d43683d2c5f5be64e8cac205cd197ee05d0189e86c0d25204b70375aab,2024-10-21T20:15:09.763000 -CVE-2022-48978,0,0,a9a9b8195fcf276aca4dc4683ff93cd6f3f6c0bc8b568e4cf5674d7452e6eee5,2024-10-21T20:15:09.850000 -CVE-2022-48979,0,0,60a5139f43cfc96e1b0c3ff48eea1940514948c2b3e5ab192b0b6f9e88db2643,2024-10-21T20:15:09.947000 +CVE-2022-48970,0,1,45c85a1af32aaabc82a280a88744dc74a183e44f43b2cbbbe39c736815048512,2024-10-23T15:13:25.583000 +CVE-2022-48971,0,1,bd54fbb0c1a1f8256ecbe84a7983dc4c347ecac0b3edefb38623b0e7f19e9ecc,2024-10-23T15:13:25.583000 +CVE-2022-48972,0,1,da53d09fee0b743c4e84c6fc45c7699f24d076dbb3308f2587610f748901c7b9,2024-10-23T15:13:25.583000 +CVE-2022-48973,0,1,6116dced52fd879b051aa3b01cef0aaa1a44c0b61123ce31efefbe7ba874b90b,2024-10-23T15:13:25.583000 +CVE-2022-48974,0,1,01ad91b6f0b9cd76af6e1848676d091c9ae53df34bdf7dcf3c4c3aa2369d9ac0,2024-10-23T15:13:25.583000 +CVE-2022-48975,0,1,5aa03611cf6147e6cbe4a65152583e0072aea2d5e51c8399c173faf09094d685,2024-10-23T15:13:25.583000 +CVE-2022-48976,0,1,a64de68b36096327ba87788e46c4482923e9b464dece26a8aba3dd90cbbbdf36,2024-10-23T15:13:25.583000 +CVE-2022-48977,0,1,22a1f9cacabe8dede59f80dc5c8e91dcb66c9e473ead5c6f5b52cff09106031d,2024-10-23T15:13:25.583000 +CVE-2022-48978,0,1,31293eb0f81829ea7af1f070d7a3df5a1790f8574ca5251e33cd7c1710ed9003,2024-10-23T15:13:25.583000 +CVE-2022-48979,0,1,d38e0f35f5b0051b12afc3385f777364a73a3b1754aa2556c22567d7fd4543a8,2024-10-23T15:13:25.583000 CVE-2022-4898,0,0,45b8fe73140eae686f75256e6a033fa7f76a1c506314cc4b83a596aba96b02bc,2023-02-21T15:15:12.023000 -CVE-2022-48980,0,0,59522db8b0c28e71de30ce512df7d69c65ee8c2e564edb72e179460415315ba7,2024-10-21T20:15:10.037000 -CVE-2022-48981,0,0,222856c87b11d5bf5b6a9f7558b97ab8bd22eb0299634c9e0d0db269437fe3af,2024-10-21T20:15:10.130000 -CVE-2022-48982,0,0,9d714c445d725bf1249f6e06108444808312dd2028ae221aa177d9514251b1fb,2024-10-21T20:15:10.210000 -CVE-2022-48983,0,0,38493d36caa0a9eda3929568b02d57e6cd05358d5d4d3c17f72c723cb903c211,2024-10-21T20:15:10.283000 -CVE-2022-48984,0,0,090b7825de0e4f8bec85a2432218f52e0352eeb54aa6ec974d429d55592951f4,2024-10-21T20:15:10.360000 -CVE-2022-48985,0,0,896ab0ef7dc8e424e8bac6ec63ccfd441f1e6511634a26da9de22b74bbd35dea,2024-10-21T20:15:10.463000 -CVE-2022-48986,0,0,05cdfc273093bbe9f655f3ae21bdc25785dd466da3ffec7021a0e94662f81cf1,2024-10-21T20:15:10.527000 -CVE-2022-48987,0,0,17fadc0fde31281f5b0ec0487996f33590278d32e81b5902c6b59f92932b09e0,2024-10-21T20:15:10.617000 -CVE-2022-48988,0,0,c53c27fc655319903f72294de22f370ec3cb4122af430d49c9fc56e0abf54a82,2024-10-21T20:15:10.710000 -CVE-2022-48989,0,0,ea5c65d118b303fa52b0a68eaffb7f1c16d91364f907343582434290a73b55c2,2024-10-21T20:15:10.820000 +CVE-2022-48980,0,1,8d526640cbdfc2eac896bd10a04a158881a6eaf9b8c038323a974e23d54cd968,2024-10-23T15:13:25.583000 +CVE-2022-48981,0,1,964b5764196aa475d717a98d105807ba1ba56de8f543da7fb2f4d00ef08bab19,2024-10-23T15:13:25.583000 +CVE-2022-48982,0,1,2b231419453512dd11ff8c1000c255778689437792243f66ab1524a71b12fbdf,2024-10-23T15:13:25.583000 +CVE-2022-48983,0,1,89c99eb008e4543f59ffb9b8f97206fd39b58250924e143ecfa056eefd701519,2024-10-23T15:13:25.583000 +CVE-2022-48984,0,1,c9c64f59c6e0ae126ed5ccdad9f415b181e68b350fc343ea20dafa489e069d0e,2024-10-23T15:13:25.583000 +CVE-2022-48985,0,1,6cf11753a689d662f9255b9369c8210e89bb6def1b70b9ecf2bda7c020ae1116,2024-10-23T15:13:25.583000 +CVE-2022-48986,0,1,6c9de2cdc1f05896064512205d6a856f3488acd470650f11d2c15464c4a320e4,2024-10-23T15:13:25.583000 +CVE-2022-48987,0,1,7e41a00ba39093b717c7e7821e300a97872c374b14c3fe63fb5c52c9819075bf,2024-10-23T15:13:25.583000 +CVE-2022-48988,0,1,13aee4cb90261ef632b8011d536d4f4d81a59bc5186a33e9a1bb37d07ce9e2c4,2024-10-23T15:13:25.583000 +CVE-2022-48989,0,1,ec3acefd81e80f8987880bd73f4eb6f75823cd54c45158afed0c4749ffd0f34c,2024-10-23T15:13:25.583000 CVE-2022-4899,0,0,64070b82b08d57aace9b84f3711bc30a23fda3b7a68f2b187d0af07aa5382f53,2023-11-07T03:59:16.090000 -CVE-2022-48990,0,0,3a2954ab94b1ae268f2103031717e5cd66b63293be0497957927430422796f1a,2024-10-21T20:15:10.910000 -CVE-2022-48991,0,0,4cac372f908915eff4a2f14085333fee8ccfc60c272553bbad63194353ac6319,2024-10-21T20:15:11 -CVE-2022-48992,0,0,a185c5433dadef8240cfcea6cc8a4a4a82a0c0cf2662f7641eaa26136556ce4b,2024-10-21T20:15:11.067000 +CVE-2022-48990,0,1,76b3abca04cda73be5b91a655a68e9ea48b8941272ce2e5ded70924fe2f52256,2024-10-23T15:13:25.583000 +CVE-2022-48991,0,1,6a7cb21a3ac184136cd0ab4a861f7301f05b1785725a9d2367d58cd519d1b08f,2024-10-23T15:13:25.583000 +CVE-2022-48992,0,1,d92c8ca8a95948e1be7457194a40c222a8e8302589496e8a10d5354e69202cbf,2024-10-23T15:13:25.583000 CVE-2022-48993,0,0,ef216d3e2a04a71a8d804734065ba340ce4d331bb10df8d692bb266c02e77712,2024-10-23T09:15:02.593000 -CVE-2022-48994,0,0,ae9a0e662c2d06e42ad756bcc38ff1250f2e0fc04a2d3c1041611666ac57de19,2024-10-21T20:15:11.257000 -CVE-2022-48995,0,0,9a7f2caabe7819fcd012ff7905ee1d1a731ebbb61bf233df1fb3ad06dedf80c2,2024-10-21T20:15:11.343000 -CVE-2022-48996,0,0,e6ea1226a77c17a54021df252583a23884023a5a65c35af89fbcb61150e1c604,2024-10-21T20:15:11.423000 -CVE-2022-48997,0,0,566f7f45ad2b12c046c6b7b5e336b7a56f4e3b17b1a98602597e4e36af133960,2024-10-21T20:15:11.503000 -CVE-2022-48998,0,0,3f56e50493a4fc0c1ed2d46dee38d327b164a801ada4fb84049b53fa7c3d8e0e,2024-10-21T20:15:11.570000 -CVE-2022-48999,0,0,715d7094612ab017b5584db8e96878a849c354e2d641381c733e020487cd25ea,2024-10-21T20:15:11.630000 +CVE-2022-48994,0,1,b4a7042332d16d435ad130f7c8d429b85afe54d674c86946aa6b2b6c75399002,2024-10-23T15:13:25.583000 +CVE-2022-48995,0,1,e54f5dd18ba65c44008367d91a18d6310df7d1e2fbae548bd76ee6f2ab064a75,2024-10-23T15:13:25.583000 +CVE-2022-48996,0,1,0f669c5d177a55ab1de24ef7aebf7206e81a91803f760e8aa9a6146660e8c4e1,2024-10-23T15:13:25.583000 +CVE-2022-48997,0,1,b7b9d54e465f5a467cd4544e1b3ea1f9aa1fa07b25224a4e924ef74e6000999e,2024-10-23T15:13:25.583000 +CVE-2022-48998,0,1,b57fd57be2b9c4c0639652b977cb6f002cc2a4810b1a8b3ec1079b25ac9d83fc,2024-10-23T15:13:25.583000 +CVE-2022-48999,0,1,ec5be2b03e3b5b7d38590253ae9fa2814424968d957fec2c8bd6f9455405047f,2024-10-23T15:13:25.583000 CVE-2022-4900,0,0,190b62a537516e288099ba80e5f84457dcb946e631ca8348b4310cc8613075c4,2023-11-30T22:15:07.600000 -CVE-2022-49000,0,0,c7e2bb7ac34b2e2691bbde0d352ecad4cac46a9956201cf96cb37ae9298eaa8f,2024-10-21T20:15:11.710000 -CVE-2022-49001,0,0,258a0d348b978547de150a3d968b66621c201ef7af35c2d75680d602f7c5b838,2024-10-21T20:15:11.773000 -CVE-2022-49002,0,0,99966d738cd628fcd32d9c794cde0f9974ebda5479f902c03bcd2305a300b233,2024-10-21T20:15:11.853000 -CVE-2022-49003,0,0,629cb3f7ba2d630a5ec5b2e1d4146852301fc351dc8c2a5215f05ce3713d5175,2024-10-21T20:15:11.920000 -CVE-2022-49004,0,0,715f68b72e7aed1bb16874ab89a28cac2e6cd08224f337444932981683da2c13,2024-10-21T20:15:11.990000 -CVE-2022-49005,0,0,1f8d33e585f01ff7993f18a5f5b1f823400f09efdcd7d8ad6162b482787c0d72,2024-10-21T20:15:12.040000 -CVE-2022-49006,0,0,9aca12a9bc3d65fd12ca97dbf39ebb44d927aa58184285662503e3a65d97830d,2024-10-21T20:15:12.103000 -CVE-2022-49007,0,0,10eb5e5a83e19937cfcde61bb20326bd97d506147312d7251a54027b65cdc3f0,2024-10-21T20:15:12.197000 -CVE-2022-49008,0,0,557511220ae3420ad9efe998620e64b23efd2f64750f9841871256eb75b61741,2024-10-21T20:15:12.290000 -CVE-2022-49009,0,0,65e9e1d8f0251cb2edb0f6c389d9e02504b3ef676baf18274eeb3e0649c643e8,2024-10-21T20:15:12.373000 +CVE-2022-49000,0,1,66fc4f4f03879d9d446108a6269b018e290959a61a92a2a2ba3fb133109a0b85,2024-10-23T15:13:25.583000 +CVE-2022-49001,0,1,a7ebb50038c6320990b6a4272aa8a293aee28015fce836d5217b5b7746259999,2024-10-23T15:13:25.583000 +CVE-2022-49002,0,1,22bdfc71018f2426b9a8955e420dc9e9d9e78e107e21c022489ca86ca6e9e407,2024-10-23T15:13:25.583000 +CVE-2022-49003,0,1,3c41ee1b6f67935f3dbaee5c17ff067b795e8a1dade147c4e4670edf7dacf33a,2024-10-23T15:13:25.583000 +CVE-2022-49004,0,1,ef8f6c91fd2e0c960e79d053b02a1200e69708a26daae4e65a75c0ee555da105,2024-10-23T15:13:25.583000 +CVE-2022-49005,0,1,996bcc00649f5f4d6806dab3ae223e12d9b68c5372e06c85334c63daf1a1a662,2024-10-23T15:13:25.583000 +CVE-2022-49006,0,1,11e74bb0eed70588405216f8164bddc6145e3f7d92995a8a649678fb341b062c,2024-10-23T15:13:25.583000 +CVE-2022-49007,0,1,d8181ccdf2d774c95472fe77412f5c5f6b4c10d6c0a508bc04c802e0d59cc425,2024-10-23T15:13:25.583000 +CVE-2022-49008,0,1,858dc4a8a05732b95c403be0591a3fe4ca899c97593a1ac4eca126dfe89df3b4,2024-10-23T15:13:25.583000 +CVE-2022-49009,0,1,1aec1b3dbbd754481a9895696d1234016e9a1841a8ac88e2c3e799ed40d012bd,2024-10-23T15:13:25.583000 CVE-2022-4901,0,0,b216b364f33ab0ef7a0c7606c08559e2c099c064cab5e2ac5756fa24252b7a04,2023-03-09T01:06:23.703000 -CVE-2022-49010,0,0,372058aac3867d3911cf0e39c74d65b34d6402a0cd746cca99e6bfb308c5be39,2024-10-21T20:15:12.433000 -CVE-2022-49011,0,0,0714b11089767b7b6250f54c0b05881d2c58922bd791d7caf2d279a921ceb26f,2024-10-21T20:15:12.500000 -CVE-2022-49012,0,0,927e20772f7137233709977820c95fa6c5f9774374b6593c4af052bd2da0daf3,2024-10-21T20:15:12.573000 -CVE-2022-49013,0,0,d5116e3d1066376f8cc1d44c2be9d6d75ba660c93fc08175f15d59968373a55e,2024-10-21T20:15:12.637000 -CVE-2022-49014,0,0,da4dd4f4962f407c9709eca58f50baa702de72649c1cb6612073b0b23dd31e4a,2024-10-21T20:15:12.707000 -CVE-2022-49015,0,0,f57a72c49bcc7608dba42a1a30687a812cc716457fb7400082f61903d7f11770,2024-10-21T20:15:12.787000 -CVE-2022-49016,0,0,4e8914b8448df4fc788dd297f7b8a125647fe887c82c6a918ad968440cd4b438,2024-10-21T20:15:12.840000 -CVE-2022-49017,0,0,9bb1ba565477d24454f36591810caa433546ea94175db689cd61dd0597947622,2024-10-21T20:15:12.910000 -CVE-2022-49018,0,0,546d30048d47d37606dc1afae8d502453270c6e5406c6f56643f4fc720905a1f,2024-10-21T20:15:12.973000 -CVE-2022-49019,0,0,c9c878f0928eef7054e2800c4f87809f3c05d735e61dadd6a3fa53292a6a22d6,2024-10-21T20:15:13.040000 +CVE-2022-49010,0,1,49975f5b867403a17732cbfe6a5dee552c26356798f44f784cdba98c23cd8df4,2024-10-23T15:13:25.583000 +CVE-2022-49011,0,1,dd8bd533bcadf678b7a0db8e543d4ef16f0eea5bec6feba6fc7a987b91b9fa0c,2024-10-23T15:13:25.583000 +CVE-2022-49012,0,1,8a07c2182c08c1ad1a1e47bc11287bb605967cbbc6cf7f351e157a0d363b7429,2024-10-23T15:13:25.583000 +CVE-2022-49013,0,1,36e914fc82151133b00c14fc0dd6d2d180769b97ee8e5432bf641487fa8d4e47,2024-10-23T15:13:25.583000 +CVE-2022-49014,0,1,c95ecff56e0869fae06846154373eae8fdf97512991cb1140fbb3620e800e126,2024-10-23T15:12:34.673000 +CVE-2022-49015,0,1,d620d6c287c474533517dfcedb468be84f4e45ba759170841969d0058958d06a,2024-10-23T15:12:34.673000 +CVE-2022-49016,0,1,40181a51cb7f8d3d385284bf52759235ad6ab4c0905c1e0bc5c375445a969030,2024-10-23T15:12:34.673000 +CVE-2022-49017,0,1,0c85b099df4275fc59772759a2c7d8c7b3e6d34ed68e2b25de3128c16b275f11,2024-10-23T15:12:34.673000 +CVE-2022-49018,0,1,8b91d14699188a6466e9b66054c2b091a5111a7978d2fc3244b03468cd297966,2024-10-23T15:12:34.673000 +CVE-2022-49019,0,1,b406e6800cc70a1fc2a15f69819be72708afd5adefec73d3ca91358360130730,2024-10-23T15:12:34.673000 CVE-2022-4902,0,0,287e358bd6e692608595d8f35e480fa1fc0a17dda86b7a57dcb446074ab1fd22,2024-05-17T02:17:02.280000 -CVE-2022-49020,0,0,71bffe8455376b3c225bed4a0b6dd305929ae889367a1d0debcf9830fdebb26e,2024-10-21T20:15:13.100000 -CVE-2022-49021,0,0,b42931adcfdf192b76216697664aacce6ef003a75e4ac4e0f06e9346e2fa8850,2024-10-21T20:15:13.163000 -CVE-2022-49022,0,0,edf85585b5cceb08ae98379790062102443426d437f1efe5635f073d7ee656d6,2024-10-21T20:15:13.233000 -CVE-2022-49023,0,0,e8f358c56afe7353f4e999ca863eeefd82f349e6ef44a380a58dd0bb8c578c0b,2024-10-21T20:15:13.290000 -CVE-2022-49024,0,0,54ce59942793fa8eb5252ddaff58bb0bab6fc0461e2b45c1cfeca355e0f09199,2024-10-21T20:15:13.367000 -CVE-2022-49025,0,0,125c2f9a1e6c3c60d73767bca9f3a9e109456445c61d57f42cb9b407c7190919,2024-10-21T20:15:13.427000 -CVE-2022-49026,0,0,a5d83fa98a30fb44d3de5f0bd4d743c76c73ee668ec2c313a5152932399ac336,2024-10-21T20:15:13.490000 -CVE-2022-49027,0,0,e02a5365a8b72dec2bd4bbbc8c3635867a424623c52cd9567ecea32bceb3939e,2024-10-21T20:15:13.563000 -CVE-2022-49028,0,0,2d9e5b2b740a4156545963d02d19af0c9f9a3d1791c79c6b993cfed6cb9cc867,2024-10-21T20:15:13.627000 -CVE-2022-49029,0,0,ea672fd2a64fce09693599d9ffa392fc05f3324b10a2615724679418f4fd9bdb,2024-10-21T20:15:13.690000 +CVE-2022-49020,0,1,8b25c362578c653f15013748f84ab47d07734b1a9ed889e7947a86ddd913892d,2024-10-23T15:12:34.673000 +CVE-2022-49021,0,1,c13080553f6c3a29a539f0228afee28b33a32fbcd7514148f0639e4b5bcab60e,2024-10-23T15:12:34.673000 +CVE-2022-49022,0,1,375c2c1f5bbfb9be9e7fe5a0f98ed056cada3390d8b8188c759d343f8dc611ad,2024-10-23T15:12:34.673000 +CVE-2022-49023,0,1,886f28047e51b0d5cbd020df4cc655cdd458a7911b25cd4951f4b4242a4b892c,2024-10-23T15:12:34.673000 +CVE-2022-49024,0,1,c00893c59a165d1c170d9a317bfb43056081887f830fc21e0891bc4d8c47c79d,2024-10-23T15:12:34.673000 +CVE-2022-49025,0,1,91a35a24f6d258ae9c91b9eae293a385299b9bf04797f3ff4cd189ffe97b5beb,2024-10-23T15:12:34.673000 +CVE-2022-49026,0,1,9d023d745e62a45d98a366113e9be9e14ee982d178ba42d16b41e438d20cad55,2024-10-23T15:12:34.673000 +CVE-2022-49027,0,1,42fa0c700e5307e968a3969af2d092b0f75d1095174ef837ce5312d1711e198e,2024-10-23T15:12:34.673000 +CVE-2022-49028,0,1,feac20437bb7da1f124a8fd07fbdf5c8a01c1dfc3a8fe17089fe43ba3203fed8,2024-10-23T15:12:34.673000 +CVE-2022-49029,0,1,e9f2fdd5a911ae13fff2c73a1d3fa9d99016d5a0884f3d9f5ef330bccd743b65,2024-10-23T15:12:34.673000 CVE-2022-4903,0,0,cf9430f75554b10fc3063c2d4e895e2575b24650a7af1dc91ee51937fe80926d,2024-05-17T02:17:02.397000 -CVE-2022-49030,0,0,becd3939ee4dea707ad88b9bb076bb0a811edef3fb92448f881ea9ef2128d089,2024-10-21T20:15:13.747000 -CVE-2022-49031,0,0,7540ae958cf90c3af2210fc685c26025a66de882a6a35325157dce5804520a2e,2024-10-21T20:15:13.807000 -CVE-2022-49032,0,0,8dc46e6d43a3b6bb370a7d07778b399d929a978e8e9374cb80b4fba730faed1c,2024-10-21T20:15:13.877000 -CVE-2022-49033,0,0,2363120e675f407538ca9191956b3d3c07e597125372a2204c4e3b04194f17ac,2024-10-21T20:15:13.943000 +CVE-2022-49030,0,1,8b08791e22bd0db2cd2447524ac51c27e6a5d22f5626359a796fc03cac974990,2024-10-23T15:12:34.673000 +CVE-2022-49031,0,1,fda1b563d41f60673577f402073e67bd27d4683f91bb9eceb6214101f7e415a1,2024-10-23T15:12:34.673000 +CVE-2022-49032,0,1,075def20ae5c9133ccffd27b7227f76cca0accf4e692dd96d8ef8328dfaaa090,2024-10-23T15:12:34.673000 +CVE-2022-49033,0,1,f1525e73208fdc16ccb4e511516019213374c129e7ea61503d159b482ea92060,2024-10-23T15:12:34.673000 CVE-2022-49037,0,0,d1881b67cff6ffd1cd4a44c62a3eeff49dad87129228607de02747a08dc9d03b,2024-10-08T16:08:55.390000 CVE-2022-49038,0,0,26bf80583e02462755629eb75d32d3c2894b1263d5b99e87b4bfae13ac56c00a,2024-10-08T16:08:35.743000 CVE-2022-49039,0,0,3fa8a10f3d81d2265a7106534dc05a400de9995334e02e08b86692ec188f1511,2024-10-08T16:08:08.507000 @@ -215070,7 +215070,7 @@ CVE-2023-20673,0,0,affffacc533aba2532557f2de98bce06e1b80275a3e11547ad12ab6f33b2d CVE-2023-20674,0,0,9be4445dabd4c6d48c4f99bbee4861b6107ed4633c1e2064088a971b13de6bab,2023-04-12T19:40:21.857000 CVE-2023-20675,0,0,8686574aa3fe42a29190a79f2553f0d18fd42908a7c39129807f91238bf8013f,2023-04-12T19:41:02.040000 CVE-2023-20676,0,0,5cbc4ed001ded84befc11e7c5e3ef5d055fd73f8bee9ca479930898e22eec6fd,2023-04-12T19:41:16.217000 -CVE-2023-20677,0,0,69e7edf38f79082f720d7b81e016f2f5a2b4e267de5b8a8d8aaad07d9ca89bef,2023-04-12T19:41:24.083000 +CVE-2023-20677,0,1,6d0eebacb15538ea38741c0fe05c2823022dee23735339bc3fee8bd85b50e08f,2024-10-23T15:35:08.200000 CVE-2023-20679,0,0,aee7d2a1e541be59a960cd8a54aca41d8c73bacb329512b283a720420e358619,2023-04-12T19:41:39.267000 CVE-2023-2068,0,0,fe831fe47f5d7751675b34e60b3c0abb0c83b794f1735576522318c3dfdec56f,2023-11-07T04:11:51.603000 CVE-2023-20680,0,0,6c0bcbaa503843604f20546a999dd257cb042167eb5cb47892a9e8493eee21e8,2023-04-12T19:42:24.927000 @@ -219846,7 +219846,7 @@ CVE-2023-26265,0,0,a5a96bf4a479000dcaf17d180456468d1f58e3b8cfc40b1cb5ae0d097e5bf CVE-2023-26266,0,0,48db5ce845c1a283a9e2d6356dbc1b316f83bb3f1c498b5aaf283d61acad5b0c,2024-08-27T19:40:05.087000 CVE-2023-26267,0,0,4ee62ec08f811c303cf14885467b575d838f218d3495de5ceccf08eb40bc5c42,2023-03-02T16:01:23.653000 CVE-2023-26268,0,0,acba0f9f3727dac791768c3b96e68b01dd35481cb8eeba7a893714f55c71e756,2023-05-10T16:08:34.207000 -CVE-2023-26269,0,0,3fc74b2e1b6e5e008c233812fdd6e3e283304fb6cbd0cb973fc9820127806764,2023-04-18T03:15:07.593000 +CVE-2023-26269,0,1,6134a35a3f21701cf58b5b56f762d321446deb0c2a25160fbd0a26b8cf05970b,2024-10-23T15:35:10.417000 CVE-2023-2627,0,0,4fb4aa107c37922d01e99c08864a3afc15dca464855f60f61291bf654eac3242,2023-11-07T04:12:59.243000 CVE-2023-26270,0,0,295826a23efaae3e03ca3b4c009c12b0316d0a2482856b224f82f4e081806be1,2023-08-29T05:02:40.407000 CVE-2023-26271,0,0,28c743460f4df6973ed5b291ceeef0df5dee2faa56d66a7e924f7f89ee784f21,2023-08-29T05:04:27.877000 @@ -221855,7 +221855,7 @@ CVE-2023-28703,0,0,0f0cebf3a82254d0f256f8ee7ad05786e89f280679305fc77b9a10a202724 CVE-2023-28704,0,0,0ea96abeac4099eb6f8aeff445b717c3ff853eb5b66e71b0c3097300ad8383c5,2024-10-14T04:15:04.400000 CVE-2023-28705,0,0,875ee5eeedcbaf87184e53272462439379c1e8baf901ebbbb714e99fd79f0ba9,2023-06-09T18:14:13.487000 CVE-2023-28706,0,0,50e6020734b1331e0a1f6818c44fa8ed0422882143ec83bad7c87bb811eda5e9,2024-10-22T16:35:10.210000 -CVE-2023-28707,0,0,32d4d4aa6f7aca5e473a1393c06496a21c3a1ef5446c39d4c4403f8b4eeb5898,2023-05-22T14:25:13.693000 +CVE-2023-28707,0,1,f40a2ff5e66594df42d634a3d6168c2c06b168e74d7ebca3a2ead6ed438e5a5a,2024-10-23T15:35:10.927000 CVE-2023-28708,0,0,3676b37bd572d293623b1d4d6062d80511a32f4ec94735432036b13d40cac96c,2023-11-07T04:10:49.370000 CVE-2023-28709,0,0,4a374603268a75183fc4d8867975e646438b75b17cc4c5fec221f049409c16f9,2024-02-16T18:20:07.610000 CVE-2023-2871,0,0,c547a7e85685136989871db883e9d8714fc66f889d110c2bfa95d6061d7e85d5,2024-05-17T02:23:19.727000 @@ -222051,7 +222051,7 @@ CVE-2023-28931,0,0,cebc1ae4abad705bd1597c946be8385381dab3e8c8b806c79b20dc3e1e12e CVE-2023-28932,0,0,c27edb7177ffb1e28b222f4c9bea001b1ab4e7dabfe7ec30c9d9613d07224d94,2023-05-16T21:23:45.097000 CVE-2023-28933,0,0,5ce46109e79bea8882816ddff82fb199f9ef887c387f06ca945e17126aa66f4e,2023-06-16T03:57:30.010000 CVE-2023-28934,0,0,4eab8436dac264b2200990ccb31618c962abf371fe7021d35f56b20df7a84412,2023-08-10T03:49:58.650000 -CVE-2023-28935,0,0,63d693fd9b62dae4e8403e6669a45bfd676f7312996626e62115ea5b187457dc,2023-11-07T04:10:58.823000 +CVE-2023-28935,0,1,29a6ac02bfd73cba8d479a2587c32eca5134447dbcf58b68dae5f8800563a3c7,2024-10-23T15:35:11.167000 CVE-2023-28936,0,0,999ac9569f4890af2f8cee442eed571b392d2129167cc54e6520c79e6509ca4b,2024-10-11T21:35:47.317000 CVE-2023-28937,0,0,49df2c40f793aeab1c1d58cb1954b3d606331d90ad9ced192296130e2c071e4d,2023-06-13T10:15:10.047000 CVE-2023-28938,0,0,92210f1f66544f8435cbf427094b0b1ab5ebdd85d822693044e20f1239f1b230,2023-11-07T04:10:58.907000 @@ -224611,7 +224611,7 @@ CVE-2023-32414,0,0,fa6525bb7681c459cfe2e33a6ea7cf815e79ab0e62287a71a94539dde9ede CVE-2023-32415,0,0,96fa6eae8f221b9a47a59ca4cc9351dc0fa58ca6ba14b14a15a5171433a1b47f,2023-07-27T04:15:35.437000 CVE-2023-32416,0,0,1a8e3b833f50b96b700f5f81732ab547e243a4c27b5f823ddd2ff9401c65654f,2023-08-01T19:33:14.997000 CVE-2023-32417,0,0,04ec232bce9741055ca69819059af5b7140710ba2d9767584d63e128e1cad6da,2023-09-06T08:15:43.720000 -CVE-2023-32418,0,0,c7f7854a80fb04f35cfb0961c66013e56f6da8a4061d0e9f54fa695ec69efdaa,2023-08-01T18:55:34.673000 +CVE-2023-32418,0,1,a38d997bb881cacc97126bc5819582142f57b1cec9acd3ac92e393cda146f1d7,2024-10-23T14:35:07.963000 CVE-2023-32419,0,0,6296553ba91c9725c627256011708d68cad49a3746bc10be80ee459f89ebeaa5,2023-07-27T04:15:36.913000 CVE-2023-3242,0,0,d7affedfb69954780396c3429a656a47fdced696ab2dd3f46b339a768bebd028,2024-05-27T08:15:08.863000 CVE-2023-32420,0,0,d567dafb9d7301282afcbb0069471d86449f9b82e4e4758e9161816afa0a4d04,2023-07-27T04:15:37.297000 @@ -225679,7 +225679,7 @@ CVE-2023-33741,0,0,d03d65bb59627ecf26b98087902f2763f51ae7c70e2636b43306517b6cca6 CVE-2023-33742,0,0,6485a5013edc9e09d658fca1f3088f75e18d8c77dc48a442e117991c6544d7ab,2023-08-03T14:00:39.710000 CVE-2023-33743,0,0,beb1b1276fa767cb5b209990f5c92ad44058e106fed322586e67c35d8893398c,2023-08-03T14:01:07.043000 CVE-2023-33744,0,0,accbaa15b4efd4214e2e8c5fd26f92959d98fbad1a13180ecec22a567c1abf63,2023-08-03T14:01:25.300000 -CVE-2023-33745,0,0,786439217c0da885e15123180389b81c7cdfde631ec0c32e6f2e9e160d1905d1,2023-08-03T14:01:54.033000 +CVE-2023-33745,0,1,4837802ec2efeb13f3b08f74d2ae9e9b5b4db1bb71dadb95dcd26413bb12f639,2024-10-23T15:35:12.013000 CVE-2023-33747,0,0,fe3dfa695643204bca06b77658062f64e4d2a377c0c028c88f0feec46b613851,2023-06-12T16:59:41.887000 CVE-2023-3375,0,0,442ec51f6cbe0d0d89e0d22483f6ffb1a7729d6080ae906cca355f6418781daa,2023-11-02T01:45:00.120000 CVE-2023-33750,0,0,4872e4d9b899a3b702af8eef463bb588860c07eb3ad9706f52b3de9904c6da7e,2023-05-31T13:59:37.380000 @@ -229138,7 +229138,7 @@ CVE-2023-38407,0,0,693c501a24fd30d31e2ef38a392256cef1f52bdf566fe136ed9d5ad372f83 CVE-2023-38408,0,0,8ede47c21e8c8a65641e21bf39fbf7db76eae2d961f2c4f7ab02db10fe0385f1,2024-10-15T19:35:32.680000 CVE-2023-38409,0,0,838e08b6ac7468e45b0e0743452ec8eac55d08ae6cebd5146f7b96ce40e80d8e,2023-07-27T03:49:09.943000 CVE-2023-3841,0,0,d2f5ee23f09965afeb5d36623db7f402f898f5d6074e3d1a8c3e15639396c726,2024-05-17T02:27:52.550000 -CVE-2023-38410,0,0,e9274a8c2977bf03cf0d0c7f2c3582424b089bd5b319bd6a98b407cf6ad77a9e,2023-08-01T19:54:15.847000 +CVE-2023-38410,0,1,6c048eb455397479418bb47030b11f6e590486d07d435d761a9e48d83acfb861,2024-10-23T15:35:13.280000 CVE-2023-38411,0,0,878de725f745853626d009447a072e4f76f5e67940f796a7c936cf666df69e06,2023-11-21T18:44:14.920000 CVE-2023-38412,0,0,df0002f82b102587c36ce4bd4dcaf5471240c902dec1e7d84fcc0e875e6105c4,2023-08-09T18:02:31.297000 CVE-2023-38417,0,0,583658d5bba65e8993776b94ca73c204115dabb313a5d853d66ca313b1a68943,2024-05-17T18:36:31.297000 @@ -230501,14 +230501,14 @@ CVE-2023-40150,0,0,773192d4bcd37aa399744bee15f3fadad298ede88c91b4752c2dd3564a1d3 CVE-2023-40151,0,0,3d0f6c1c57a0aac699bed2599ed1fedb8fc6cf053d7b8ad9097726b21da7eb53,2023-11-29T17:28:12.413000 CVE-2023-40152,0,0,dcacc5b44050cb59d212435fbba4b589e052e87e87f7f380cddbb6affa05eb08,2023-11-30T17:28:53.117000 CVE-2023-40153,0,0,68082b8d0b1cd673ce13fc831779593073884ad14dff8278795b2977ab85be34,2023-10-25T13:39:43.797000 -CVE-2023-40154,0,0,6db426d68f75684e01202401e3ecbe622403876ecbe4560542d2a6ae1522887b,2024-02-14T15:01:46.050000 +CVE-2023-40154,0,1,0c21ee8c4fe867d7637a5b5eae7ca984d29457115dd9276ce93b2b7de45045a8,2024-10-23T14:07:44.730000 CVE-2023-40155,0,0,6607ef25c31938b51bd9b5bc14fc82ea7b9d6e01e850e1c2a7260709004a339f,2024-07-03T01:41:05.087000 CVE-2023-40156,0,0,5e8f76b298822e89ccc8b4a43484c8f474a98f9ca30f47e72c0a6bb7cf341fbd,2024-02-14T15:01:46.050000 CVE-2023-40158,0,0,f5c33dd671eaea6944f90c9c2dcc1f233b63eb3f3d167e9fce8fa1f154c769a3,2024-10-11T22:35:00.770000 CVE-2023-40159,0,0,f23653787b2c8d1c7ab49dff62eab2cb6aa12e31e549c1c4d79a1506883bf305,2024-09-05T20:41:09.723000 CVE-2023-4016,0,0,fd0766ac93b2d18ad336657f47ddb29d4b25b76da4cba12e55388717e6b8762f,2023-12-15T18:19:03.787000 CVE-2023-40160,0,0,de8c32a875ccf6f89392dafa209d66eda2b9b820e48facccb8082fc450366841,2024-03-18T01:53:02.353000 -CVE-2023-40161,0,0,811acdcf20dca77f5e641cd172c1882f83d8fefd01d88b9229bb052c09bff4e9,2024-02-14T15:01:46.050000 +CVE-2023-40161,0,1,bfefc6bca59c3bdd335a902ec0f86c7481186e139782caa90012e0df1fd7de97,2024-10-23T15:39:39.910000 CVE-2023-40163,0,0,a1d4f004ccc01bbcc21d67692937b814d051c9d1fb07226eb632321baf4161a6,2023-09-25T18:46:35.360000 CVE-2023-40164,0,0,e1710c55401fbfdfd3997c2f9c7ef468d49e2cc76ffd081700ba8a98b5b4edc0,2023-08-31T17:33:09.500000 CVE-2023-40165,0,0,7d78c7e3b5d175b99b5f1acc7ea6fa32c99fab50f6128a450f7da006b5e3a8ad,2023-08-24T20:50:00.990000 @@ -231254,7 +231254,7 @@ CVE-2023-41086,0,0,724cf5c12c1eb7fc440cb764ba907bebb79c6f0371ce0a8b6c0e30c8bd6f0 CVE-2023-41088,0,0,49329b5d67d4cd3940fce7a9adab0d791c43fb70872ff5ce3deb4e26e23e1a13,2023-10-25T13:39:31.207000 CVE-2023-41089,0,0,330c83575a9976e5107ccd3bae1c646ffa2e4fef50c0897f1ccd9bee7e5907f8,2023-10-25T13:38:19.127000 CVE-2023-4109,0,0,8baa8250e57f9070f1588ee57a6aaa5e217a410144b639ec04878717d28bc67a,2023-11-07T04:22:05.817000 -CVE-2023-41090,0,0,4d5c0fd4d0575727f0bf2946f5c84c3a5bcfcb1a4c5d3adb384d0b3490f6aa8a,2024-02-14T15:01:46.050000 +CVE-2023-41090,0,1,854b0d414b7b6c0e11cc9e6219a438b183a76dbd03346da869904dfb3e0d1bf5,2024-10-23T15:36:17.703000 CVE-2023-41091,0,0,ca1acbfbb48698a0030abb208f0760a15256e3fda004078e03e1a216b077f0fa,2024-02-14T15:01:46.050000 CVE-2023-41092,0,0,4e8e931d3ededed79b2045da3cc968b68e4b0145dbe88e1d7c336f100fc82182,2024-05-17T18:36:05.263000 CVE-2023-41093,0,0,e2ec8ffe14945965701d15ef17979727c54dc987034806d91272b18047967a11,2024-09-10T16:19:41.973000 @@ -234741,7 +234741,7 @@ CVE-2023-46179,0,0,7df6f632e5ebdfe2ac0791e3008fa37e3348cf878b1be369c5905228f1b85 CVE-2023-46181,0,0,038edae82fd3b29b4665e2dd7a541552b57d69c4eb93e555d2c27521b1d1606f,2024-03-19T17:31:14.200000 CVE-2023-46182,0,0,a131684040f99aabdb48e021ffb20262c419eaec6603cd7cc3b87ba980f4037d,2024-03-19T17:27:44.057000 CVE-2023-46183,0,0,b55245b3556ad42e6bcac7893abcb8f941685faf078fa0291da58ea3bd448492,2024-02-15T14:21:14.870000 -CVE-2023-46186,0,0,6892eba9f8a950e6ab2fcdd5302b76c4819fc7326bfbc858e060313c5dde16ce,2024-02-14T16:13:22.177000 +CVE-2023-46186,0,1,7f936d2f68468cf73e1affeac13507832eba4f5b3da2c17a088195f829e5ac5c,2024-10-23T15:43:32.647000 CVE-2023-46189,0,0,6494194b53848ef556f9ddb4369bb9959100a07b09ff8d867e6845bf7828d5f7,2023-11-01T17:00:55.353000 CVE-2023-46190,0,0,cc76a6da5e2fc44203b9aab6dcf5cc888a32032806269f07a5da7c62a6bb3b63,2023-11-01T17:05:29.030000 CVE-2023-46191,0,0,fd069b670a5c6976b6cb0486e6e32e8b75ff367f0c7123be83f0564f3abfe920,2023-11-01T17:41:06.707000 @@ -237719,7 +237719,7 @@ CVE-2023-50306,0,0,4f1d3b091421856e56dbbaaa9ee4678a885aa3ffdce75c9d83e590ccb0be3 CVE-2023-50307,0,0,ea0b023cdac8ed9cf01745c0fa57889642f00eb899be12d40ee0b2d23a79439b,2024-04-12T12:43:57.400000 CVE-2023-50308,0,0,88cf45fc4dfce771184291626ea0bb427caba5d11fd1214d84bc00f3ae89061f,2024-03-07T17:15:11.473000 CVE-2023-5031,0,0,04bef1332046fe66f966e350e278e31343a5f3babd618b80f6a69200c058ebc1,2024-05-17T02:32:47.910000 -CVE-2023-50310,0,0,b30e769952df2aa9493f8927875984b5b486ff33e5bebb2af3c107f88f892c50,2024-10-23T11:15:12.600000 +CVE-2023-50310,0,1,a06e937bdb97f52f1a36b7dc4dcac9085491c4cd68dbc30f643d5c64cd0d68ba,2024-10-23T15:12:34.673000 CVE-2023-50311,0,0,790ed7dc3382e6e4bbd385f74753a917a8942a525c8d1570018413938ec95ac4,2024-10-23T11:15:12.873000 CVE-2023-50312,0,0,2bad74315adc5a15838005e613036a33cb3767df680b81a37071695206496d89,2024-03-01T14:04:26.010000 CVE-2023-50313,0,0,0ff1dc09ff0045844fa80710a45c5539f6e888446fbdc5db21cb236b97018b79,2024-04-08T22:48:41.757000 @@ -238224,7 +238224,7 @@ CVE-2023-5121,0,0,46287db8a217d3d5ab4deb4dee376afdccc5bbf3df6e7937e02f24621bb626 CVE-2023-51210,0,0,408d109f353125fcbc9e4024f5c91829754158e94898530652d1462aff8aabd9,2024-01-29T19:38:28.213000 CVE-2023-51217,0,0,804003af226f05ce2da0aae9a1b2b53a296e5ba5852a1145267b45b6e8b01d07,2024-01-26T14:40:49.700000 CVE-2023-51219,0,0,224214ec43f7edf7652e340261967af4873d7012cd198464ea752949f8fc6847,2024-06-25T20:15:11.020000 -CVE-2023-5122,0,0,03156f42e431fc71fa12c709ee0950bc8f8e5fbcbc98bb5e3c6228f5052a4a43,2024-05-03T13:15:20.843000 +CVE-2023-5122,0,1,fe76f2610a8efa1fcfd693c92d5281a39b05e8b633407f90e66c7dcbc7e04923,2024-10-23T15:50:43.897000 CVE-2023-5123,0,0,cca3c3f4fbb21f5c6a6d6265e33aa2e87141d3923657e91283715ae631af137b,2024-06-18T10:15:09.937000 CVE-2023-5124,0,0,0483628dd0304bc2218edc0adec9562db891718cb630f07e9b08db9d21711017,2024-02-05T16:48:58.247000 CVE-2023-51246,0,0,c5deb4836b81108d26041aec440adcac0a21f3ce584950acde90a7aa10cb1e96,2024-01-12T16:31:28.787000 @@ -239622,8 +239622,8 @@ CVE-2023-52914,0,0,3e2f63e6fcc2429a7a056b2f17033ece733c3917a2a011b1363b92bf8c84e CVE-2023-52915,0,0,ce3c89a4bf7cab80e859d29c06c18dc19c9bdeb973ab832dffae6eeb3861fdf4,2024-09-10T17:12:41.607000 CVE-2023-52916,0,0,bebcac5d0a36cd875bff11f8b42fd7bc5076a3c1c94e9b8c44be74509c12a53b,2024-09-06T12:08:04.550000 CVE-2023-52917,0,0,fadae4ec5e5aee737480721d0991bf811403c3e8c62826f0e019ee2079cb11e4,2024-10-21T17:09:45.417000 -CVE-2023-52918,0,0,d659d59feafeb4e663972c60df9621c832ce34299a9404f5fef9cd76cfb7071d,2024-10-22T08:15:02.277000 -CVE-2023-52919,0,0,60e8a1561f256e2cef92b76a61a862095f0d8958679923cdce8386ff7530c603,2024-10-22T08:15:02.623000 +CVE-2023-52918,0,1,74e5b6d470115d5c7c46eee1c8402d2d07b899f7917593c4bd37bfc869efab98,2024-10-23T15:12:34.673000 +CVE-2023-52919,0,1,2044b462f20869d97200941fa3130944522a0590324b18030f1d24ff105039aa,2024-10-23T15:12:34.673000 CVE-2023-5292,0,0,214d7ae5654e29ed0e372211abf39e379cdbd830eab553609e162ffb791fd787,2023-11-07T04:23:48.910000 CVE-2023-5293,0,0,37b5570c94c226fac17bbeba13451e285dd87937cebf55577645a70e3fbcf851,2024-05-17T02:32:58.843000 CVE-2023-5294,0,0,91871d88408d7e2bcaad4b05fb484ac2315248d3665cd88ba6ae47f2da8d5f16,2024-05-17T02:32:58.950000 @@ -242318,8 +242318,8 @@ CVE-2024-0997,0,0,40cbe7d07647cf304a8bc3bc11787b58a8f50582e3e8b65316a7ae7fa59c2b CVE-2024-0998,0,0,f7933578d5dbeb3f77563ebf1f5420d4cf36180b38c1c7cf760eedcdac974d39,2024-05-17T02:35:08.490000 CVE-2024-0999,0,0,84034800a287889c8e66f3ba01c1d930a06538aadfe1b375cfd8893390aed6f7,2024-05-17T02:35:08.593000 CVE-2024-1000,0,0,60c836cbd4d96144c97b06caa16452d33dc82172b5cc2c653a7406010f53b5df,2024-05-17T02:35:08.790000 -CVE-2024-10002,0,0,d9e6d9c3dadfeee65af18c96f3354f0e28813a6d08ae2b1ad0584b6cf7f1e0bf,2024-10-22T05:15:03.513000 -CVE-2024-10003,0,0,64b23dc1f174419c9d8c99f8734c8d02061ba723f84ef2d2f2fefc86eed2ca40,2024-10-22T05:15:05.163000 +CVE-2024-10002,0,1,5edc9992c96bddffc59b658ba4018e947312c70ae5ecd37f00776e6aca84fcbd,2024-10-23T15:12:34.673000 +CVE-2024-10003,0,1,7ac769c9b6f213d999f9907a6b5f6a438cde86170274ef0088cef2f9496da509,2024-10-23T15:12:34.673000 CVE-2024-10004,0,0,2b01ad1fe33b0387cc6ecf8ca605118100ba1eac830a494972582a4b13530ed3,2024-10-16T20:35:08.850000 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000 CVE-2024-10014,0,0,1395463dc1e29fd6db71d83f72260a8cd3462c205364f301260cc7f7b129af31,2024-10-18T12:52:33.507000 @@ -242334,7 +242334,8 @@ CVE-2024-1003,0,0,5577a6ad54fba7e1e984add6f75aca7e6ad73817623f9ed150fa33b583cd3f CVE-2024-10033,0,0,c0a9b2336bab3102cd006cc0abae51c59fa7520aa657f85607505772ed524766,2024-10-18T12:53:04.627000 CVE-2024-1004,0,0,be9a3a60f238fd673f4d3f1f166af1f9400f4582d193359c16f232ef2b1c02fa,2024-05-17T02:35:09.263000 CVE-2024-10040,0,0,e60010f49ca3103740274faae9ff6204ef5e8179ea2561631dfe21b2ee350ec3,2024-10-18T12:52:33.507000 -CVE-2024-10045,0,0,684b23ba1478ca354d4193c989ef53c8da732b9eb767fc1b0f39a76acfbbd2ce,2024-10-23T08:15:02.380000 +CVE-2024-10041,1,1,d3a5fc70054a78d48c6ae937cda2967a3e628fbc08e88f2a331a6962f073bdec,2024-10-23T15:12:34.673000 +CVE-2024-10045,0,1,df53331c9b7607363b5960cd2fb00b418f72be4924f4b02eb17d04eadab916e2,2024-10-23T15:12:34.673000 CVE-2024-10049,0,0,53720c9da49b26dcdd62ca517621f91bdc81303aa9036eed1b0a1b7834addde0,2024-10-18T12:52:33.507000 CVE-2024-1005,0,0,1191b4a20d5b719ff3ba58b8e13bb4278d19f2133e7221e782230a58acb2d18f,2024-05-17T02:35:09.367000 CVE-2024-10055,0,0,f23c4e0430e3651b3e5a88876f1cbabbd51c53a5add393f17e3c2bc07307aa14,2024-10-22T16:28:59.297000 @@ -242366,7 +242367,7 @@ CVE-2024-10120,0,0,c466bf566e1f967eaf89709a18be2244947274563a08f6d81f9be121740d5 CVE-2024-10121,0,0,027182529cfee940508ffb4070951b9c88b4b8cda22059e126804038d2c848e4,2024-10-21T17:10:22.857000 CVE-2024-10122,0,0,153862f3f9eb72281b1c72dbca34e4eb5ada0e8c96788af32355e9b86fecda30,2024-10-21T17:10:22.857000 CVE-2024-10123,0,0,325a6a57a5064913151c5985ffe615d4882dfebfa3dba79aced7ca6e42d126e2,2024-10-21T17:10:22.857000 -CVE-2024-10125,0,0,facab3bc024a1614b1de7c53906c7a6efc98cc3e7945e08ecc982449c817f75c,2024-10-22T00:15:02.457000 +CVE-2024-10125,0,1,f4c120fab70482ccb83c9dab18998f050be65f8640635deee9e5476e3051b2ad,2024-10-23T15:12:34.673000 CVE-2024-10128,0,0,88b9e310a7215917b3c3eb4a7cebbad5131b0eb240c8e3b152a59db372aef3f9,2024-10-21T17:10:22.857000 CVE-2024-10129,0,0,ec801a1f21eba257d935123cd915f870568d53f742fe5aad47c455a4df207feb,2024-10-21T17:10:22.857000 CVE-2024-1013,0,0,0ecf415fc1e3c9674ce36da20d6e67872f02747822a72b780ad0899083ff5765,2024-03-18T12:38:25.490000 @@ -242399,22 +242400,22 @@ CVE-2024-10163,0,0,26289a38ca28d6fbf3697cebc7b8e78d717fbaa250d69c3062759b06a1925 CVE-2024-10165,0,0,5e96b8bac045d76007a8a1ccaf66b23094bbe577806718f5c39b95850bfcb648,2024-10-21T21:35:06.987000 CVE-2024-10166,0,0,d38e0eaedffd343f532bd4c1abf13dec4f7eece79809104c00c35d23c5bd77f6,2024-10-21T21:34:52.430000 CVE-2024-10167,0,0,e7ee4350c0d87b98f4009c350ce488d1222a8473f5eed0163be4fcf02375526f,2024-10-21T21:34:25.810000 -CVE-2024-10169,0,0,e8e6c9fb9383945c3d410fc4f008280f899970c875613eff84d409b4d2eaf686,2024-10-21T17:09:45.417000 +CVE-2024-10169,0,1,1db0b82161d097e04e0d9142501d34c98067446995af0ad4d8dda4cff4f3006d,2024-10-23T15:01:58.987000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289e84,2024-10-21T21:33:49.663000 CVE-2024-10171,0,0,6def7c486839e6a93365a9531b31890798e7138f9c8ee651ff23d937de5aea60,2024-10-21T21:33:26.937000 CVE-2024-10173,0,0,a9b223ad26342bae0ecb573e6f6a805ec316d304fdef819b8c7ff56b9edef74b,2024-10-22T17:05:13.483000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 -CVE-2024-10183,0,0,7ebf45c51fa69f38c2e38f42cc74a900aa06eb6cd128011216da23f9521a65c2,2024-10-22T18:15:03.827000 -CVE-2024-10189,0,0,ffc755e96982501f804ab166cd12d0605832a17249527107c82c3cd65a58ebf1,2024-10-22T10:15:03.610000 +CVE-2024-10183,0,1,120f83031d6b056b9464662cc23a397a8370d5b6b85b4ebf16896e12042e7ae6,2024-10-23T15:12:34.673000 +CVE-2024-10189,0,1,c7e7e9c9433451acc4ead77e2398a65c092c06680c0a336db7286291fd8ac494,2024-10-23T15:12:34.673000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 CVE-2024-10191,0,0,4ecd88c27c34e37b94ed56c347924bf6837bbfb39d55fba1c828925d6337ab29,2024-10-22T14:33:12.313000 CVE-2024-10192,0,0,cefddc86e7199e5797c8520fdbef80b765c771e6fac9e1c4dccb50f7aa98e5c6,2024-10-22T15:09:16.517000 CVE-2024-10193,0,0,1edc42ac3209c75585ec8c6b26eafba6b0b9f2d61f9e6b3760f20c0ded29aa99,2024-10-21T17:09:45.417000 CVE-2024-10194,0,0,2306506683b8321312c529c12d5538fdae946fec3d958eb6a86af3539ec3be4d,2024-10-21T17:09:45.417000 CVE-2024-10195,0,0,433002dc4be76148bf0f1e8e85e5de7bd9f18de30e21fefcd1f30061067a4930,2024-10-21T17:09:45.417000 -CVE-2024-10196,0,0,0b052761dda527c9d578bdd237c16d6bdaa0a843794729a716c520574b82f796,2024-10-21T17:09:45.417000 -CVE-2024-10197,0,0,6fe37138acc52d09938e9bcb1e310dbdb2ac9977a35ddc0fec14852ea89360e5,2024-10-21T17:09:45.417000 +CVE-2024-10196,0,1,90b9a4c8c1bbc9cc12d3c54632ebd3a76326bf6f32219a9f3d2039a7242e607d,2024-10-23T14:15:16.843000 +CVE-2024-10197,0,1,7718b3c8726b69a6cc1d39e0b2a3a9b59c3c49ee29e6d3bc5c07a1b64761daac,2024-10-23T14:14:52.420000 CVE-2024-10198,0,0,58468dbe56a875fce487b2c24efa66d706cd94ef799a0ad9490149b003e5442b,2024-10-22T15:39:37.217000 CVE-2024-10199,0,0,18eedf0aaa14f9eae78c4d887bc668d26c7f01ea3ac2e8913ea363a18a98b2b0,2024-10-22T15:40:56.637000 CVE-2024-1020,0,0,d848db5207b830f092dac5463c394c0f65f6423556f55d15e70d177c797c2de1,2024-05-17T02:35:10.867000 @@ -242423,24 +242424,30 @@ CVE-2024-10201,0,0,fdd706f65f7aa0e194f575c5a7304653f1f8e37bb0097e52a009edadbfcb9 CVE-2024-10202,0,0,3a01bc3efcbe4e17c6fdc2e9102f4cbe8dd4afeaccd594b0d2eceea29302f820,2024-10-21T17:09:45.417000 CVE-2024-1021,0,0,89180a6ed9705fc79d8d8a15633a1cfe9e27adac2a4a623501249d49427826d0,2024-05-17T02:35:10.970000 CVE-2024-1022,0,0,f42eaa1b302319f7e3148377e0522c31bf6c16d407215c446c1d3f1b55b4debd,2024-05-17T02:35:11.070000 -CVE-2024-10229,0,0,4a5ab0ba3f849e27f5f5145fbbb0df57570dcaafc4e282191989babe9dbb211b,2024-10-22T22:15:03.180000 +CVE-2024-10229,0,1,3c4fb9ca956b215d6891f05cec1bb6664ae35049ccd9a8e1dad507ca063ff01a,2024-10-23T15:12:34.673000 CVE-2024-1023,0,0,8d9bd157d13575cb2f7284ebb3a2797f2b531ebc1f530e248b6a4889677c4116,2024-07-25T21:15:10.280000 -CVE-2024-10230,0,0,12d1df5f9d6055dd3410e5650952f3505f77bdd27e9fe821c655b71e59209b8f,2024-10-22T22:15:03.960000 -CVE-2024-10231,0,0,ce7f2e9baa708229fd547d4ca95183494fcda01c73c7c4230390c14d4af179c4,2024-10-22T22:15:04.130000 -CVE-2024-10234,0,0,d8689a914e8d9ea543ec1d317c32c7c59c868d4764bd7aca5d600362d697f0db,2024-10-22T14:15:14.573000 +CVE-2024-10230,0,1,071efdf8dbe6f43ad8bdfc5cb0324a8f9b14590d6803d3d3f568746922ac2f52,2024-10-23T15:12:34.673000 +CVE-2024-10231,0,1,c15e7dbf37700d38c3e757762d5346b89ebfa63b0f9c77dbe606c20e045e3b74,2024-10-23T15:35:19.003000 +CVE-2024-10234,0,1,f0f874ebc55e8dfa4acd91fc71f3ef8e531ff2aafbcdb23e5894b5f6702649bb,2024-10-23T15:12:34.673000 CVE-2024-1024,0,0,d47b3d3840cd70db883d335219cea52b6b4fa0e3fdfc3f4d41efc4b833dff6a1,2024-05-17T02:35:11.210000 +CVE-2024-10250,1,1,49bdf987ce58c47efa88fef4edc3537a24e3f1da0e14345bbc53b304e24c9e72,2024-10-23T15:12:34.673000 CVE-2024-1026,0,0,e127bb5d00442b36eed0e6ff6513a3a42c45706876a3a5f2167365447fb898e7,2024-05-17T02:35:11.320000 CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000 -CVE-2024-10276,0,0,da9f0e11523debbbc49405bb7878bb8f8443bc95694b9806a4633e65902b8675,2024-10-23T11:15:13.137000 -CVE-2024-10277,0,0,f95a05b3c3910756ce6d8e3fd718df545ecdf6fca0ce8ab211b217b5297e1508,2024-10-23T12:15:02.403000 -CVE-2024-10278,1,1,fb3064a646d9c9c93d9f1d4d2031ec8ff1f0bdb5a56ff62f28ea37a8dcc0ad8e,2024-10-23T13:15:12.157000 -CVE-2024-10279,1,1,5485f65346289032eca20947d796d74c288b69b28f3de7cd2a7e6dac6cb2bf5c,2024-10-23T13:15:12.877000 +CVE-2024-10276,0,1,5e7ff159e65586309659d6baff08f635e7f7065d36341ca3fc8957b4d9175dc0,2024-10-23T15:12:34.673000 +CVE-2024-10277,0,1,045d19cabcb46c520338d26403e49aad7248792b4dcb1c61a9bb40526760fac4,2024-10-23T15:12:34.673000 +CVE-2024-10278,0,1,56ee6a4da4de5c0e9a8258a03df3a3a9b6b90c37d9c7631850f400938a22db00,2024-10-23T15:12:34.673000 +CVE-2024-10279,0,1,e64edd41252858e04d752ad843858b5ee1ffab4901d78e52b3de9d4b7b86a8b2,2024-10-23T15:12:34.673000 CVE-2024-1028,0,0,e7c94049b8605ccb1520e715a47348e2114f12f58dfbf02bb50626d7afd3f607,2024-05-17T02:35:11.530000 -CVE-2024-10286,0,0,ffdd903c156a6a7ca01a8f5776ecfde12d4b08624d81a14b3f9656c7829a824d,2024-10-23T12:15:02.770000 -CVE-2024-10287,0,0,7344c0fbc39efeea058d607a23e8288b6a3a2cc2ae2a6ca6682684b17de4169c,2024-10-23T12:15:03.010000 -CVE-2024-10288,0,0,fdddeee5d1da259cfc823e710474c641929d8a68299babbfb287c4fc5c91a6d6,2024-10-23T12:15:03.220000 -CVE-2024-10289,0,1,a0721c1e6d51f749cf811c813a7c3527a0fbcf076e6357c3da61d650c7b80b9f,2024-10-23T12:15:03.423000 +CVE-2024-10280,1,1,5929b917545d8ac9a5712190601c52463c1c49843096ab22a3ee3e511638c603,2024-10-23T15:12:34.673000 +CVE-2024-10281,1,1,9a36c44d0eeb7437ca773f59beacf73fd89778a77f7f1816f560992a33fce085,2024-10-23T15:12:34.673000 +CVE-2024-10282,1,1,502f13ab11591f902fdee413a1b458cbf17ac0e902dcb767bc7c74b4896284ae,2024-10-23T15:15:29.590000 +CVE-2024-10283,1,1,4218091fe17f678b6c5995fd76360b7bb48740fb8bde0144c6a1a41fe06176ce,2024-10-23T15:15:29.850000 +CVE-2024-10286,0,1,a0511f2126e99f632f63a841019ce0b7a5cd5bfa44467292eeedb9e9fc25a9f2,2024-10-23T15:12:34.673000 +CVE-2024-10287,0,1,444bb1834d04ae58067e6ed11a40e3b8d4dd30b41b8c8998e1ac4776418320ab,2024-10-23T15:12:34.673000 +CVE-2024-10288,0,1,62632d8190e731a41f6f6f95077008cfc723ce3872e777e1665c799e13844f1a,2024-10-23T15:12:34.673000 +CVE-2024-10289,0,1,70e6b8f04ff845fceee5b0c76d2707d88bce3ae7973ab8343d2bcc50274f9bd6,2024-10-23T15:12:34.673000 CVE-2024-1029,0,0,0f58435c5c731694bc563330e2e0cc48091c7d28b092c9a25a6684c410525166,2024-05-17T02:35:11.633000 +CVE-2024-10290,1,1,d3e172c9c7b7b0403c392ffa2d79ecaff1aea477f009179997ba8147d4bbe88f,2024-10-23T15:15:30.110000 CVE-2024-1030,0,0,34264c5a1a4e97f6ee4441192a69e3a5aa9d9614a8467bdc88cd76d1a9884fe0,2024-05-17T02:35:11.737000 CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700d4,2024-05-17T02:35:11.843000 CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000 @@ -247892,9 +247899,9 @@ CVE-2024-26268,0,0,a834c6859c82fe01c7319b79ec743ac2e1e48384520fe6bc3af73c96ba93c CVE-2024-26269,0,0,cb625b1bd944ac1bff27d9b34a6ef0746c8193395b27f4cce109495578d443cc,2024-02-22T19:07:37.840000 CVE-2024-2627,0,0,e439be7d2f37d06c2a4be60c3366459538fd000d9e0a2427e31ec28a8b0dbf4b,2024-08-08T21:35:10.330000 CVE-2024-26270,0,0,2370bdb7a99956787a3745aa3f3e8554faf5c6062fbc90c3c2a2f302e3ff3d08,2024-02-20T19:50:53.960000 -CVE-2024-26271,0,0,24083e398b43cc7550a39a9a20e629649df704da96b50eed5b54764533cdffb2,2024-10-22T15:15:05.523000 -CVE-2024-26272,0,0,c1800722847a57902614b956d55e36f898d5c7885aaf7183308a4058cb973641,2024-10-22T15:15:05.740000 -CVE-2024-26273,0,0,bc1bde3b4567b7a81ccdd3b768fac87158cd8e39fba32ce35cfb2d7facaa2765,2024-10-22T15:15:05.937000 +CVE-2024-26271,0,1,94d22f604a985174d42111d64e0b23a56810ed5aec83eeffb7fda2be0e45ea7c,2024-10-23T15:12:34.673000 +CVE-2024-26272,0,1,2cafd8fc22129f3b590189152a9df5b093c77bb6590e2fe2c8ad7ef6db6cc619,2024-10-23T15:12:34.673000 +CVE-2024-26273,0,1,1c558983e69a364df8a14cb27906a600a4f6ce5ee29c8d95d118d25203c55b4a,2024-10-23T15:12:34.673000 CVE-2024-26275,0,0,8dfbb329f4480275f3997f999c67156f6da28beb9598b03f6430ffd568c06a84,2024-08-13T08:15:09.747000 CVE-2024-26276,0,0,ed958264a3e7c1b7d2ac25a218f34723a1e07c37a5fc5a5cc9f79cdf29775191,2024-08-13T08:15:09.880000 CVE-2024-26277,0,0,38c0c6ef14e665cf88fac106ffd03b1734f58fbe675610b1f96bcc355b7c6807,2024-08-13T08:15:10.003000 @@ -248002,7 +248009,7 @@ CVE-2024-26504,0,0,666faf787e5dc390b263f6f43b439704bacedd4c95ae744503624ba007956 CVE-2024-26507,0,0,64f088a446d983fef0e9e5fe7e57b9067d595ae9ecbc4c9f4bac89b612f6dadc,2024-07-03T01:49:41.820000 CVE-2024-2651,0,0,deae8674d69402627d10f964604ef39b1dc02d308e0346f206cd12e33908ca51,2024-10-03T07:15:30.030000 CVE-2024-26517,0,0,26d33e1785f323f6a59cabe443b6ac20ef93d37ea417fa08778ea549f200621f,2024-05-14T16:13:02.773000 -CVE-2024-26519,0,0,0b7ea74c5a4812cdd266e6e391a9e22bf63d33294bb0557d0c2de5fe53d4a489,2024-10-22T22:15:04.220000 +CVE-2024-26519,0,1,c49b389d9c60c72251fa877dfe3f4b8b9b5b4dd9f0edbaa0f4cf33cb749870a2,2024-10-23T15:12:34.673000 CVE-2024-26520,0,0,86e0582816b93edd4eb3d1c9ff436171e7839b198d50b34d2ff44523de982520,2024-08-01T15:35:07.080000 CVE-2024-26521,0,0,ff2a5c02f9a6415a5b63e6732629254f75c56e7bdeff107f4eb34b7b12623384,2024-08-27T21:35:14.300000 CVE-2024-26529,0,0,a99f8b82dd93bb8e095cf66957c2511d719283fb972a26f9f23d0d1aca2bb1bf,2024-08-28T19:35:10.463000 @@ -250719,6 +250726,7 @@ CVE-2024-30118,0,0,a600cbc3312207feafbf7858618a61f6dd2c38296d39ec303171804559f68 CVE-2024-30119,0,0,4baed8c508a821c818525782701105249753896feab644ba3efffba269f578b9,2024-07-03T01:53:51.120000 CVE-2024-3012,0,0,ae30314159430e25e9f2b09f2e0a440cd8bb99b7d72b62fa4eb73b4affe20188,2024-05-17T02:39:40.620000 CVE-2024-30120,0,0,f704816cf356d01bbdb53903a0b14bef34a589a7c9185030672ca3a1f14e4a1c,2024-06-17T12:42:04.623000 +CVE-2024-30122,1,1,7f99b857c9a2e4fa501efea0d5e828571448ebeb675ef96bce92bb002f2beb46,2024-10-23T15:15:30.390000 CVE-2024-30125,0,0,1e8984bc19e1a45cd2a6c4ac0b43f227ca7f3a8dcb96ab9c16c6ada82e4faa52,2024-07-19T13:01:44.567000 CVE-2024-30126,0,0,1dc4258efb62007b2fcf00852fe3af92d237972fa2c163c391fddf8c594d1425,2024-07-19T13:01:44.567000 CVE-2024-30128,0,0,c924b379265c859e8daf7f44eeec6d1dc40d7540b45d81bbd3137e5592a1e7b5,2024-09-26T13:32:02.803000 @@ -250730,11 +250738,11 @@ CVE-2024-30135,0,0,434c5499719264a4e2ad07af1f36d8ed1af6151b19467e0009865806919ae CVE-2024-3014,0,0,c46983235075ad6c61a858c21d5be28ec226124df8363686d4a4d1cade05d3fc,2024-05-17T02:39:40.800000 CVE-2024-3015,0,0,cf3ef36018f814f81d7c4b278b721ac941c52c0f1c0bedc65491406707b51ee6,2024-05-17T02:39:40.887000 CVE-2024-30156,0,0,3d53855c757ad6b4fdec1c866bc6a474f7a081008c29fdfc2556616a5702f89d,2024-03-25T01:51:01.223000 -CVE-2024-30157,0,0,b4413e2e5263fd764d22ffa6255e560222ce447dceec65fcb4225e2b11135a83,2024-10-21T21:15:04.620000 -CVE-2024-30158,0,0,7aa2072367c304ef15068853d42c7cfc42d686d1c6236aed0361c418da255cee,2024-10-22T14:35:11.397000 -CVE-2024-30159,0,0,b905413140e33de6a3d93be87dd7cad7a2e92a94fa8fca3348535d1caf49c569,2024-10-21T21:15:05.073000 +CVE-2024-30157,0,1,c1aa337642ad458cf39faaffb9afaab333b10ba0a44ac5220fb5b0de7c571a0e,2024-10-23T15:12:34.673000 +CVE-2024-30158,0,1,5c31840124042c7dc8c794a9fc04b120cc40b06bb57135fe8916eaa30c0fb643,2024-10-23T15:12:34.673000 +CVE-2024-30159,0,1,1b615975b979bc10b11a069b75bf0572c70c3d456f45ef1f417ec22ee73e229b,2024-10-23T15:12:34.673000 CVE-2024-3016,0,0,365b1d8bd40146c56247f165cad66ba9032ab62d7024128ecd437112ab8f9af3,2024-08-22T15:35:08.600000 -CVE-2024-30160,0,0,47aa9aaeaf0d9d3169383db35f7389cfd4e3ae26d2060339142e175448806635,2024-10-21T21:15:05.190000 +CVE-2024-30160,0,1,1967d448aba9f951666052c9439ee52aac0084b8b4b6dda5bce07b851a006f2b,2024-10-23T15:12:34.673000 CVE-2024-30161,0,0,1923ba0ba6f178ce866a1a8ca8f64984391bfd8920138b4d8c36e03ff657287b,2024-04-11T14:15:12.083000 CVE-2024-30162,0,0,bfc1b2dd1f9f0516f5fde509ec8f6b937e3d3043c9b38e8e614a15ddc80d79a3,2024-07-03T01:53:51.970000 CVE-2024-30163,0,0,a73a629b03deb6cd2f20f667428a8c95efd54363034c035eeeed31541b8e07f7,2024-08-08T21:25:19.010000 @@ -251377,7 +251385,7 @@ CVE-2024-31002,0,0,91060d363efbbd57c96984ebcb08d042f61fbe28b157d9f0ed5ab606981c6 CVE-2024-31003,0,0,4468ff6139dffd902d54dba282442b03643ad92e636b3ecc84e56f5157573f49,2024-08-01T13:50:37.813000 CVE-2024-31004,0,0,4704ee13f9f534d8c7bace10a79d7d4280ca43ae0178f7a716eda9d0db56ea6c,2024-04-02T12:50:42.233000 CVE-2024-31005,0,0,045b5d5570cfb671aba58425d476f29fa3e750f6d99363d9b536e986ebd3831d,2024-07-03T01:54:33.603000 -CVE-2024-31007,0,0,debfba7fef715479be89acce3d87f867aadf0e1e679f7d0e87ff45f0593cb4f4,2024-10-21T21:35:02.513000 +CVE-2024-31007,0,1,232b72c392999620650ad8aa95313b13b8fd469ccc397a85cabbe2c8678e3ccd,2024-10-23T15:12:34.673000 CVE-2024-31008,0,0,a974f67fc051176587797d68bd7b8f7fe117012e84496a743cd76182b8fe18e1,2024-08-01T13:50:38.620000 CVE-2024-31009,0,0,3077bfb383403641b21b3b69eff09950c4c56bae68058cba13568ddd6189034f,2024-08-01T13:50:39.423000 CVE-2024-3101,0,0,437dbb9fcac4bacba400f2fa9de8c79fbcdd2c0866383f4a0cb42b039afb8d76,2024-04-10T19:49:51.183000 @@ -251388,7 +251396,7 @@ CVE-2024-31013,0,0,bb000ff328032a4f208d94fb503825f394fb805157b8cf8e3eb34f87d47ca CVE-2024-3102,0,0,9ab659046e55d9ecd56e44281bca18746bc15afba53539e701a3b46145b5c936,2024-10-22T14:26:30.447000 CVE-2024-31022,0,0,c7e2196fc2144529ae779b7c6081e3f8d64391691f708665471ce7a0ce765e5a,2024-08-01T13:50:40.970000 CVE-2024-31025,0,0,266f5a8ff7b60cbaf297d43ee22e31a9e1b96dfba0c06978e4170eac2ee8bd02,2024-09-06T21:35:12.560000 -CVE-2024-31029,0,0,0c806e63ae0f73fff1c1bc45069ebdafe4db981e84b4cf39bade53ff16fa3de5,2024-10-22T22:15:04.313000 +CVE-2024-31029,0,1,10aa801b85c04da0fa1b2dbaf5c05ed163510ca153c727e998047a1ac61ca689,2024-10-23T15:12:34.673000 CVE-2024-31030,0,0,55e23e64b3707eab4de6e94c5df81025e4c96cb6796b4cba9a4e287691f568e8,2024-08-01T13:50:41.730000 CVE-2024-31031,0,0,22dbfc8ddbe94926f4450ce3680a694e3a6be4ac1b04af44fb2aad33642532ec,2024-07-03T01:54:34.620000 CVE-2024-31032,0,0,9dc46c99afa3eb3462c2c2bb3d13abfc32da42b12a1aa1cfc0db0d7d5a534d98,2024-08-22T19:35:23.210000 @@ -251893,7 +251901,7 @@ CVE-2024-3165,0,0,0646edb30e52b9cd1d5dc09ce07b22c68fadd9067d31e951e14a2e77fb715a CVE-2024-31650,0,0,f91457293ffe9951d31a570db1b9cb5f0c4dfb9ffa5e388dc3d2c34a75979925,2024-07-03T01:55:17.350000 CVE-2024-31651,0,0,ff635ec14b868d2b93fa21d54db2cc160b86957cb7aa11437f2a0e792cdace05,2024-08-20T16:35:08.810000 CVE-2024-31652,0,0,2f3d2336fbc8f42d1dec7a1682c8c016320ebabd666e8e526baaf0f45acfa966,2024-04-16T13:24:07.103000 -CVE-2024-3166,0,0,04937860c731b46e9c6b95e68f13e5f7d601593cff28a841df90efccab79ba6d,2024-06-07T14:56:05.647000 +CVE-2024-3166,0,1,d48b1a20c8084628d17380e69f30813f1d8085267297cebc2bf523c13b3ece3d,2024-10-23T15:25:16.403000 CVE-2024-31666,0,0,253643df7e9c7fc7c94316b23bbda0edfbf28e84ffeb8510af634fd8ae7e9fc0,2024-04-22T19:24:06.727000 CVE-2024-3167,0,0,0e0e401d957a36adf31f389f0d7fa47f7901c0598b7b2fd42d4c75bdbdd76e80,2024-04-26T15:55:58.810000 CVE-2024-31673,0,0,958f02eb1f314a421c4e692d99797c4d8f0e196e848d56cb014d5e77e7fc54c5,2024-08-05T19:35:12.297000 @@ -252001,7 +252009,7 @@ CVE-2024-31874,0,0,2aaf0dfaa6414e1f138855d0f6d75787313d073eca635397ca103ff7f6449 CVE-2024-31878,0,0,c6557222267c2e9c166ed275e7cc9327cfea0693e0a8976b187deb7865aacef5,2024-06-11T18:23:27.153000 CVE-2024-31879,0,0,3d520028d5f0055139f730dd4a6eb2d11b7ab38a082798764c43108749c5b618,2024-05-20T13:00:34.807000 CVE-2024-3188,0,0,0566f9bb8e826930c137ba20908e573874a3f34d7900cbdeff699f1e3434f595,2024-07-08T14:19:01.160000 -CVE-2024-31880,0,0,32067864538b60bbf3feba7f1c2b7fa82d95990b8fc56c301672ce33521f88bc,2024-10-23T02:15:07.167000 +CVE-2024-31880,0,1,9cd4a3c2ca2ab2398c30b80db0ad6fc73ea86f35e60508c7ffaeb96dc29b834a,2024-10-23T15:12:34.673000 CVE-2024-31881,0,0,b3692d17c2d4f662273dec610556097ee0b8856656ac8f4835c5e840eb8a6228,2024-08-07T16:59:15.627000 CVE-2024-31882,0,0,2166c1d8e88429778073b60eb2a31c41e2b55293434c096888febf101419ae12,2024-09-21T10:15:05.403000 CVE-2024-31883,0,0,c4a2241ac7ebf5ea1afff59f8bf762360ac7a99942ee729cf3d03ae8864dc6f3,2024-08-02T15:06:08.297000 @@ -254443,9 +254451,9 @@ CVE-2024-3528,0,0,c96e1e132295c243d4fa4a90d8abf77e41d771305ddbcf81d644bca2cdde7d CVE-2024-35282,0,0,fe23f4116601299cd085746b33d91adab4014743ea1af63d79bf69af6ebb68e0,2024-09-20T19:44:17.557000 CVE-2024-35283,0,0,517940d61eca1185fcc5d68a59f62111cbe8fdc81301b4e7c0610afefcc22645,2024-05-29T19:50:25.303000 CVE-2024-35284,0,0,3a94c448d00dd5059f3fd361118e6cd65d80e9412861f2d6774f390c6aa71d9d,2024-05-29T19:50:25.303000 -CVE-2024-35285,0,0,e0f087719a637109ecb5a6d311a40d161183fd5db4c88d383728a31ff40faf95,2024-10-22T20:35:08.223000 -CVE-2024-35286,0,0,35410cd3d18af675e9066896bb72f344aeed35a82c0887bbcc42ece7bdbf8fbc,2024-10-22T14:35:13.583000 -CVE-2024-35287,0,0,38643b7462a0d947033f7b2ca609231321a2a14371b7b37b5f4c9c752052cce9,2024-10-22T14:35:14.367000 +CVE-2024-35285,0,1,76a41b3575cee58df6a92d4d67ad746bb5986287224218feccad1dc78e0acbbc,2024-10-23T15:12:34.673000 +CVE-2024-35286,0,1,750facd12e2c01a8ba1e0bf72f7c63f3d0fd7caac4133b6f0d25286457d0ae82,2024-10-23T15:12:34.673000 +CVE-2024-35287,0,1,d23ccc5a63d0f8204e6f73a8496c2a32e71c084f7ddffea488a7aac29721d836,2024-10-23T15:12:34.673000 CVE-2024-35288,0,0,5a7e419c5723f5855a10246582e4e92910b876efa85bd2048c10c45e071584c8,2024-10-10T12:51:56.987000 CVE-2024-3529,0,0,b7433b023ce9172d03becfe0cc0d18595c43e3d8737e87c779d288c2827cf3e8,2024-05-17T02:39:59.247000 CVE-2024-35291,0,0,5225c2a0abe81b64c53a235e59e3157e49cd9481d5912145de7f4fa19255770a,2024-05-28T12:39:28.377000 @@ -254465,13 +254473,13 @@ CVE-2024-35304,0,0,6034918ad52f93d1da2bc26a38d2a41af1cec6e4b2633afd9a4c11faed3e6 CVE-2024-35305,0,0,e31f5a2153df0748351b63d3b29145f978c7628ebc2659ea3282a1f078dca5e0,2024-06-10T18:06:22.600000 CVE-2024-35306,0,0,ad90645c7ad3fc3d00a11af0348fe264fd3520d218ef28c934a8abfa42cbedb9,2024-06-10T18:06:22.600000 CVE-2024-35307,0,0,b73247d3e5b323866c011ccf7e1f39f41293535811b1ef82260b19c7e0a4c21f,2024-06-10T18:06:22.600000 -CVE-2024-35308,0,0,091d82fba952e9061ef9171e21dda30194affbecc81e785a577b597b40043591,2024-10-22T09:15:02.927000 +CVE-2024-35308,0,1,79e7327977df0aea45e2e6e1fe499b2de02adb1ea26d766fd37180400d1b0cfe,2024-10-23T15:12:34.673000 CVE-2024-3531,0,0,a342a9958ba8d00c279b1676525284c1cab302a477225f05f9d97b5deb071134,2024-05-17T02:39:59.430000 CVE-2024-35311,0,0,94751a7e140c2a3ff83ee374530e5919b0823edf97b2e344646a9709229c503b,2024-05-29T19:50:25.303000 CVE-2024-35312,0,0,81ee7e5cffa0828718ff42985b5f71e3223019ea36fce71fb3a2d6856e31b3e3,2024-05-20T13:00:34.807000 CVE-2024-35313,0,0,1eb4867830818e97987762ca58d043d2f7f53fc926bce8bfb2e66b630c99ca4a,2024-05-20T13:00:34.807000 -CVE-2024-35314,0,0,8b00fc627c3e1c6ff34cbb4708c278713efd499b74ad54064c188a8a66c45f52,2024-10-22T14:35:15.233000 -CVE-2024-35315,0,0,84efd35bd289a945021a9c7dd1849ff64be9b144534b4418f264cb0672980105,2024-10-21T21:15:05.613000 +CVE-2024-35314,0,1,dd6af0f66de20db386ca5e2b413231717b44ab4a64aa857fe87b8a5b714ae4c5,2024-10-23T15:12:34.673000 +CVE-2024-35315,0,1,289cfa0e1db3df642660f595c400326d64d272ac3fb0d9faaa1a93e0a8059cef,2024-10-23T15:12:34.673000 CVE-2024-3532,0,0,861b69b5ea2c2097afdbe40dd2c40123c9da7c07e730e8c939be6340175b992f,2024-05-17T02:39:59.520000 CVE-2024-35324,0,0,97e62876b974bdb37d65a00c14d6ae80121537e286249b5814c033b73ffdbb1b,2024-08-20T16:35:11.473000 CVE-2024-35325,0,0,073df6c9b920e39e00ae6bf411b4ce7fcbfdedf8b124ea4a78741a586d12ac92,2024-08-28T16:15:08.417000 @@ -256355,7 +256363,7 @@ CVE-2024-37997,0,0,10214765491aa29b8c34faf22f5e8238fda623005890c9342516743753b6c CVE-2024-37998,0,0,f74f0aee21c1d0ed189b1b53893b54b9b769e53300f2261ee57ad9c992f023c0,2024-07-24T12:55:13.223000 CVE-2024-37999,0,0,8cc7ef29669a6bf56abc5c4d9d499ae722d49a7fd7f5699024acadd03ad23f41,2024-07-11T14:44:57.050000 CVE-2024-3800,0,0,f8f57ef4bdedf9e336bba69e6db949ed7a578f3b2a10988d7c69ed3685de0000,2024-07-03T14:36:22.273000 -CVE-2024-38002,0,0,4428864e3adf5d2b2e1699accfaeac253b1059be29e13e1cad19ffb714fdfcb2,2024-10-22T15:15:06.277000 +CVE-2024-38002,0,1,3f1776652bfff47ad9ae67348d05ac12be781d94e135045e1da706f908eaf048,2024-10-23T15:12:34.673000 CVE-2024-3801,0,0,59de265ce1af1c02a0bfcf9801db717e0400c3bfeeedabcf1fa6b682733a5570,2024-07-03T14:36:52.797000 CVE-2024-38010,0,0,125b75eaae30e843cae73c88a30795eb210e3d24686e4a61bf98ad43199377ac,2024-07-12T18:53:35.657000 CVE-2024-38011,0,0,dfdf39bbdcd434b41a8000e4746e5893d04cf4219e333c27df414f4801f5d71e,2024-07-12T18:57:40.873000 @@ -257668,7 +257676,7 @@ CVE-2024-39745,0,0,76dcbb05d353e026eccc967feaecdea5409270418987883e30491009b8479 CVE-2024-39746,0,0,6375fbb4b5bb9c905c41c7f4d0b9ebb7e249deb4532114f1d7954e0a6335ab2c,2024-08-23T15:25:02.123000 CVE-2024-39747,0,0,a2161f167ae95389c72b0c031bdb90fe73f7e348a5f87dbcba6e48e76545660a,2024-09-16T17:13:47.497000 CVE-2024-39751,0,0,a868bf4be3dd2b51f3b58089c18a834cccac125c90e59de11837fcfc432cb518,2024-08-29T16:56:32.053000 -CVE-2024-39753,0,0,3a88d6cd61d8321e104e0b56a14128748ea22eae2d91cdb54f3ff46e4ba2a976,2024-10-22T20:35:09.860000 +CVE-2024-39753,0,1,6bcbf6ac96b06d4d219adf124dd62c559d3dd840ef1bf69100476577424fbd3d,2024-10-23T15:12:34.673000 CVE-2024-39755,0,0,dfcf10f6b8600deddb49177d38227bb50ccc0bc92a697b205718d374dfc6c532,2024-10-04T13:50:43.727000 CVE-2024-39767,0,0,3e2d929a0dec960247b2d08752313be7fe5d03de12cbd71addbfff64b71f8489,2024-07-16T18:04:02.993000 CVE-2024-3977,0,0,e9ddc667440c6dcbe059212d85a4e046d10d5ad7b4b151b497bb4963c631de68,2024-08-01T13:56:47.833000 @@ -257827,16 +257835,16 @@ CVE-2024-40060,0,0,8684e047d9ba2e6cc4bcc7c4afd5cb58b4b20c732a4bb0dd43020155d17e1 CVE-2024-4007,0,0,857ffd215040050c5517e94efdf82e72cc62aae4cfd62acb973d56bcff6e13cd,2024-07-01T16:37:39.040000 CVE-2024-40075,0,0,ea8801174ab63f09ecb78691088214272746fb9a3a5615024827c9ef25c43b0c,2024-07-24T12:55:13.223000 CVE-2024-4008,0,0,41ba43cb718e067f099fac417cd6110082f457ea9bc7353b1528141e52f4a2d0,2024-06-18T17:00:01.570000 -CVE-2024-40083,0,0,6214757a38a28413207a0d4d3bf59a87ad21f64a445a6477f90c9814d96e64d5,2024-10-22T17:35:03.297000 -CVE-2024-40084,0,0,e5a48869dc57daf978e93f4d404b40d8cd7575a004e2e23910e1636b2fbf4ba2,2024-10-22T17:35:04.057000 -CVE-2024-40085,0,0,7cc1b970ba005bdf1c26ff25b3a180cbc5e09f7dbecaeac58ab4095d9a54f531,2024-10-22T17:35:04.843000 -CVE-2024-40086,0,0,d477aa9a9d381f98d54e41fcc40bef402826f6575f7a4d21e22aed5f418bbdb5,2024-10-22T17:35:05.600000 -CVE-2024-40087,0,0,be7927f3488a0d370038975baafb448110d1c8fb340e9ed7e5d0faed3d81a193,2024-10-22T17:35:06.420000 -CVE-2024-40088,0,0,f7759b011e80db767fd1dbd212bf4323a92520bb9be3957ba923eab16655ce61,2024-10-22T14:35:16.010000 -CVE-2024-40089,0,0,ed4eb5a53b2cd859e53f91fb6a09f58a08f10b728994f90f9ffa170b92bfb777,2024-10-22T17:35:07.167000 +CVE-2024-40083,0,1,002189cbf2bb61a03947d60ab203b9b2c05b38f7fa5f102a2294b4e285e5aee3,2024-10-23T15:12:34.673000 +CVE-2024-40084,0,1,4bfdc024cb91df5bb8d17d66cec084fec7d97ef49264d00142fadf94256b75f9,2024-10-23T15:12:34.673000 +CVE-2024-40085,0,1,3cf29d3877975d85dc2f58ccd88d84c561c4c037e65f012ecaaa33ce0aecf4df,2024-10-23T15:12:34.673000 +CVE-2024-40086,0,1,d48e42a43404190ca166b9932a7078d2b34c0c46c84e8965be0e224b8d0ed30a,2024-10-23T15:12:34.673000 +CVE-2024-40087,0,1,069bd30cb7311578e696d9fee7e028d0371e9001ffe2cc17bdb58d3d13deb7e1,2024-10-23T15:12:34.673000 +CVE-2024-40088,0,1,72ba12c599e26ff1b44dab56ef787f8bcbf580b714c1bc768d0d3bee85db9dbd,2024-10-23T15:12:34.673000 +CVE-2024-40089,0,1,b1296f356928edbe2d82de24d12a2612dcf7abb5bc99192c31c010ef4cd651ae,2024-10-23T15:12:34.673000 CVE-2024-4009,0,0,26a6ec4a10b164e2f280e8681d4c21dd6301b3a45dfa2578f28e720f7416c2f5,2024-06-18T17:01:19.897000 -CVE-2024-40090,0,0,1d8565eba1bbb89f12f02c55fd6cc2d4a5a146a6b0b6272e27409baab823c846,2024-10-22T17:35:07.957000 -CVE-2024-40091,0,0,d7ceb5c1a6a6f5dd1f114159610592371d05efa53ae448a2bdee1e5d98966d98,2024-10-22T17:35:08.760000 +CVE-2024-40090,0,1,347dd27ebbf31715e7f48da6e45c004c4edc67f8f00f4ee0ba1241437c194a3d,2024-10-23T15:12:34.673000 +CVE-2024-40091,0,1,914838b957c0a5806f707d139284bac967ba497b38be1d8b22756333f89af5d0,2024-10-23T15:12:34.673000 CVE-2024-40094,0,0,5d1ab4fa5a1484beb0714ef3fcebe3147b446e4d722942df6d84c0a1bd2dd7f2,2024-07-30T13:32:45.943000 CVE-2024-40096,0,0,7067973a4296a7a70beea7b209cd71d2a86d44a9bdfd60035b86d8848d99631b,2024-08-30T16:14:41.957000 CVE-2024-4010,0,0,6f96a951ba4d658f2d216c10726beef3ec3f9c518875bc1c492ed89999ff3fc2,2024-05-15T16:40:19.330000 @@ -257931,8 +257939,8 @@ CVE-2024-40486,0,0,4cd2f281e08f3291d37d3a4823af93070215d87d687ca41653f1c72ca427a CVE-2024-40487,0,0,41af7da83500c8a75e7df05fb6c9f48916ac5794006d346f5d5ff76e523c1408,2024-08-23T15:35:06.307000 CVE-2024-40488,0,0,935bd1c3b9e22ad2c8e572783ed910d0a85a3508107693b6f595be8805553bbf,2024-08-13T01:13:53.230000 CVE-2024-40492,0,0,887baeb8c822fbf96c83ae7c8317e551b9d380e125d5f646dfb0a8c0719647ab,2024-08-01T13:57:30.260000 -CVE-2024-40493,0,0,663f44dc0a7c65e2d5e8cc7cb01cf0418b3b356b840e61f2c89ee120e408b66f,2024-10-22T22:15:04.407000 -CVE-2024-40494,0,0,6b08abb61791baad2589092a3bb0c76d15b1b6e12eb024c9e401082c0d6a97c6,2024-10-22T22:15:04.493000 +CVE-2024-40493,0,1,e7c2247b6a9d9e43b39aad441a089b9e828d1dc246583482a98b7db45286e327,2024-10-23T15:12:34.673000 +CVE-2024-40494,0,1,207904db8b2cab4f6aedc3753b5b3056ba5292a248e00138ac49d9292ee79d31,2024-10-23T15:12:34.673000 CVE-2024-40495,0,0,0c92b9527f5126e4b4bbf0d1f0a16c194305be9e806244080172bf727ded6b6a,2024-08-01T13:57:31.037000 CVE-2024-40498,0,0,5810ed5aa59e12db14c51ce30325d1c0d70a5c997d2111b8b796a66ebc036219,2024-08-06T16:30:24.547000 CVE-2024-40500,0,0,9a99879dfd0dbe8b302a14079bbe558c6c55e4235f8be751f039f05b5f32d9db,2024-08-21T16:05:32.603000 @@ -258085,7 +258093,7 @@ CVE-2024-40740,0,0,b418443d865eec432c82a04de65de6e9b39f235788ff127206843cf6bdb7c CVE-2024-40741,0,0,d8d483a0abb3b7648774c6f8d0ea3345aaa4bf40cdd21fdc9df2fcbe837ed8fa,2024-08-01T13:57:59.147000 CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000 CVE-2024-40743,0,0,4e2bb12b39654c0a7fc101446a81422e3ca7ab692f01d12e73f708088891a69c,2024-08-21T12:30:33.697000 -CVE-2024-40746,0,0,1323a4d1eb53065b11fb3ea06fca0403aa033fdae8ae40cf5d05d01281201792,2024-10-21T17:15:03.330000 +CVE-2024-40746,0,1,1162e1a27685b6cdb9477d6e763b56da4eadb8ca126f0caef412a4e4575d8849,2024-10-23T15:13:58.783000 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000 CVE-2024-40754,0,0,1ec64db92f9c8a84c8628e1cdeeb1b227a772e83fb8bf52c0f582741174a2abb,2024-09-10T14:35:04.833000 @@ -258469,7 +258477,7 @@ CVE-2024-41175,0,0,35e860a2d31eb21e3779e1686be69664a02d6ab1bab83d6168914f472f9b9 CVE-2024-41176,0,0,54a27b7d242a59ee004d70d03c3c2f94f53556ca2727d85ff4c509bc25fb8e36,2024-10-01T07:15:03.147000 CVE-2024-41178,0,0,5da27e6bd4cfecb3274c0413ac77a628456bf2e70cb97b3347c2830cb191bae8,2024-08-01T13:58:24.173000 CVE-2024-4118,0,0,261b7c2db2db4c5bd0863007ba022afd6141eeb3c40d43094e801a457a5edb93,2024-06-04T19:20:30.147000 -CVE-2024-41183,0,0,d47920b6ca9cd00e5102a54f551ac84fb41d61257f3aa2c1532e0d6058a340b3,2024-10-22T19:15:05.413000 +CVE-2024-41183,0,1,3479ba65af33a4ecdf34a2b32a3a48b477cb0cb181461bc97db0c932130f792d,2024-10-23T15:12:34.673000 CVE-2024-41184,0,0,460d3d6d07916ac0f7c6ce162599c802c196ea0f25bca5ddf54b8e8b249634fe,2024-08-02T05:15:47.217000 CVE-2024-4119,0,0,1787463dab796293e9249fc34f7a40843b12d1d129a7d5ccdb513e5ec2672067,2024-06-04T19:20:30.247000 CVE-2024-4120,0,0,820754c86895fc4e7f3a6d10baae3c2abd537610acf37474f492c12f46cc8b59,2024-06-04T19:20:30.353000 @@ -258731,12 +258739,12 @@ CVE-2024-41709,0,0,6713bfc73e81c65bc7923627db30413fcbe413ec587fff89449c3abd86e7e CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000 CVE-2024-41710,0,0,60d485e1ae4ab9a6a76b69400c8e45c5632e291398c40e0cff7baeda3bb118be,2024-08-14T18:35:06.257000 CVE-2024-41711,0,0,a7d50100784e2b53720ec9203abd546adbf9c7f45f11894e83b991465b2f1919,2024-08-14T16:35:15.033000 -CVE-2024-41712,0,0,fda1df8096c7e740d7c1e5b76ebc20ad4db1e4b92172ce54a6c2dabadb93a134,2024-10-21T21:15:06.387000 -CVE-2024-41713,0,0,db1b71817a5ce0b697df043f8e1585f7943defebfef472347a986524d193ee8f,2024-10-22T14:35:16.817000 -CVE-2024-41714,0,0,b7e979e6a2ada11f31a276f8770fe1bb150c75726a0f17380180742b9a2f6160,2024-10-22T14:35:17.650000 +CVE-2024-41712,0,1,8c4bb48b748182bd628e14f15afed97c64418398e71d45ef945a735ca0cfa2e3,2024-10-23T15:12:34.673000 +CVE-2024-41713,0,1,8f0d6ce2b16af2d5fa9efbd57c386308e27393dc3408acba0a4aabd0d256c1a6,2024-10-23T15:12:34.673000 +CVE-2024-41714,0,1,5c1b3ca0f3768b3facc3c2a64b0fa3bb9a4fa7a97e0d9eefaa64355f631be3eb,2024-10-23T15:12:34.673000 CVE-2024-41715,0,0,35d1e19982d6029b0a8b7671c2382ff20d85aa479fa52b1ecc90bc4ca8088cf0,2024-10-17T17:15:11.530000 CVE-2024-41716,0,0,add00a3b8bb5c856cb11efe54462b72e0907045ad71076c98ae404e938cc3293,2024-09-13T19:53:47.723000 -CVE-2024-41717,0,0,3f9e7d0cef413dc7929a79215fee91589b66489cbbf004545a591462045f6457,2024-10-22T22:15:04.580000 +CVE-2024-41717,0,1,16ee40a4b40390a82df115ffc0e464522b2b6abcbb2b0ee1a062ff90a2d4b7fd,2024-10-23T15:12:34.673000 CVE-2024-41718,0,0,7651686104923551937c1bf922db9a37da5f3ad1631e564fe3c0dca9a6e79a72,2024-09-03T11:15:15.050000 CVE-2024-41719,0,0,9153c34983715c653b1c300082bd1504f28f779a4622f52f1934f7c462bf8faf,2024-08-19T18:40:35.203000 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000 @@ -258855,7 +258863,7 @@ CVE-2024-41889,0,0,c2f8146a4c074f06a28a6e2235a6e3d92ccee3a8823a7bd377c0c9b959c16 CVE-2024-4189,0,0,b15b5d19a4afbfbc333cece3d1c3d72ee722494b6d9c37e3d6f01c5f9d0416f9,2024-10-21T14:08:57.430000 CVE-2024-41890,0,0,a90af16c8c7558e5227ebbc511a4c71519b3a4532e07b0a451c0d8da1663fee0,2024-08-29T12:56:47.413000 CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000 -CVE-2024-41902,0,0,43ae61ebce9a8b7d3996bceeab15083df998500c68f80ca3ea2bc52db86bbada,2024-10-10T12:56:30.817000 +CVE-2024-41902,0,1,e87c1010573bd18d423025e1a23cf803d55a5fd5b55efe454863d924e6d0a103,2024-10-23T14:16:24.277000 CVE-2024-41903,0,0,67dddda11208425a9dbc345fc58604fc5d7cb0caf7e9b81aadfd0fc331e40c63,2024-08-14T18:39:21.207000 CVE-2024-41904,0,0,2a16ff348e5db01cbd9004bb6da7c38aafbed87ec5d8a582eda1208aebd9a27c,2024-08-14T18:39:32.883000 CVE-2024-41905,0,0,ac139d9e01d82a616a25e6137ffc628fc7fb451519deab8e50230ba67daa3137,2024-08-14T18:03:07.660000 @@ -259446,7 +259454,7 @@ CVE-2024-42639,0,0,1a5c2259211b7b8d7a3c9ad7a85700d339edaffc744195b682680689ea5c3 CVE-2024-4264,0,0,aceade487dcdf82d5a23a178a070b3c07d4cce69337175854977fa24341a320c,2024-05-20T13:00:34.807000 CVE-2024-42640,0,0,aa9fdc0f8db2e7e48ae8090075d403a2f9c88e4c7abd16509bc27a944cdc3dcd,2024-10-15T17:35:04.623000 CVE-2024-42642,0,0,368dc5dc34a16a5f055bfb8f43121adeaf05034c9b1b73657cc5e8228e1781ec,2024-09-10T13:46:25.733000 -CVE-2024-42643,0,0,378a5af54f13c523812b3874ec55eace2a5d0f45e2e230ac1871aad414df1cbf,2024-10-22T22:15:04.860000 +CVE-2024-42643,0,1,021d70a76409d4143f9037f029c526c4fb401b0dda4433b26f06d4a6991e3f9e,2024-10-23T15:12:34.673000 CVE-2024-4265,0,0,674cb78ce8c95e07c05495b52772b5d4a079c608362a6e67c2dfb567e6b8517a,2024-05-02T18:00:37.360000 CVE-2024-42657,0,0,7a9e5456dd66d94be3a75e811d67a1de5788317e788930f1ba2e8b5887d23144,2024-08-20T16:13:12.413000 CVE-2024-42658,0,0,54060235edd9bcf5ce68f6b48efde0940a62552fb8b9f2dcc8d06d163b4ded88,2024-08-20T16:12:50.290000 @@ -259693,8 +259701,8 @@ CVE-2024-43165,0,0,8125472d7e20e379acd67d29cc7075b43b03a71223ce60c46b14d0ffb4bd9 CVE-2024-43167,0,0,c4eae034ed90d957ee0d40ac6b75e1eb711889b4b8905f404c5783e222980273,2024-10-21T12:15:03.837000 CVE-2024-43168,0,0,ef0081344887975b429a2b0b7741a490ebb03d62e914345ff88e9fc7663b3374,2024-10-21T12:15:04.327000 CVE-2024-4317,0,0,2ab51635ebb5a78f9093ee7220532c2f98c47bcb30186dfa33cf412783a7fe8e,2024-05-14T16:11:39.510000 -CVE-2024-43173,0,0,5c8f90b9861a166e104ffcc99d3b578724b942af6f62a199be390ecf1a3fb743,2024-10-22T15:15:06.800000 -CVE-2024-43177,0,0,8b0b35d5d6991691783cdf8a0eab90dfd9795fad78b616442a1d6b5530beee1e,2024-10-22T15:15:07.020000 +CVE-2024-43173,0,1,65f29b0905efb6c9d226bbe87834898e91f17362e5d152e0d961ca7ade84631d,2024-10-23T15:12:34.673000 +CVE-2024-43177,0,1,3abc399faf2c0e72d4b29b578a8f0efca5fbe594cb17b0e330c46da3d5d7f655,2024-10-23T15:12:34.673000 CVE-2024-4318,0,0,3bd63bc61468b7ca3d2d40c33a55eb01fa72ff95d7d5fb5f0e4f8d9b094da54b,2024-05-16T13:03:05.353000 CVE-2024-43180,0,0,abb2e48a138ce8e840850ec2c73107ac445b622170d298531958775b0aa3e8a2,2024-09-20T17:28:06.617000 CVE-2024-43188,0,0,e35d0111e2400440d7a3229650e46565d9a613f599bd61cb8e0041fbf0bfcd3f,2024-09-29T00:24:49.103000 @@ -260067,7 +260075,7 @@ CVE-2024-43693,0,0,86a2418e4d1748f5ff1d2c010cf8ecb2f43f15c3955c5a628ff84ac9fa94c CVE-2024-43694,0,0,1f38ed43c98bb35b4ccdf138bc4e0fc802b17a5cb43658b2fe1564d43a70cd61,2024-10-07T19:40:04.147000 CVE-2024-43696,0,0,b6d21f30f715b52776ec1b781c5995bbebea0d00d95a94042a058b4d46e17c62,2024-10-16T17:38:48.517000 CVE-2024-43697,0,0,aafe4540255caf8b19befcf934243317e12360bb6a3de5ba411c529a9341265a,2024-10-16T17:42:54.640000 -CVE-2024-43698,0,0,5d701dbfd7cf56e9cd26b19423ac83fba3a8ca2aeff30ddce3e9c44699c7ba74,2024-10-22T22:15:04.943000 +CVE-2024-43698,0,1,9b448123aeeb7ed29d501dfc299ad522a922eb920dddeed66edfa1a9523d2df8,2024-10-23T15:12:34.673000 CVE-2024-43699,0,0,78534d33d290678062dddcdfe24e803feecb99e21dbcb3ac97f746608e5c52e4,2024-10-08T15:44:29.183000 CVE-2024-4370,0,0,3c1f5b342c087fc6587c8bc9012541b58d80e50fdee9d14eea44daecdec82901,2024-05-15T16:40:19.330000 CVE-2024-43700,0,0,0a06b833e6fd1b1e874ef27bf2dcddebe6eeed2fb3b70101d743561cb29959e0,2024-10-15T14:35:01.987000 @@ -260121,7 +260129,7 @@ CVE-2024-43808,0,0,5904dacb826507090b9d583058f58aa9b73c36079d8a4861440bfd52d34f3 CVE-2024-43809,0,0,83732ae5b37d299f4c52d51b00d231c62060b5df8f6e1ebed9668263f47472ea,2024-08-19T21:11:28.327000 CVE-2024-4381,0,0,acf3a4021017fa63457aceda91db3b255168337a90160e11d4caaf0dc88c06d3,2024-07-17T02:54:24.913000 CVE-2024-43810,0,0,3423aa76d2322965ee6b2f07b882867425d31c3e78ec55c0a16ed8dcb25e9221,2024-08-19T21:11:45.823000 -CVE-2024-43812,0,0,bb5f0826af11be9ffc6da21a0d76b11f87676808ef5f45a9b3f9b5d6a6aba913,2024-10-22T22:15:05.180000 +CVE-2024-43812,0,1,8445c0bb98fe421a145baa8e4fefb35001079c5ee434022c7741c5503def09e8,2024-10-23T15:12:34.673000 CVE-2024-43813,0,0,0eeebfc2e52232a1c410e398d59e84b3ed93d69c2f86a7c29afdb248f4d5f622,2024-08-23T15:35:12.617000 CVE-2024-43814,0,0,b022b6b7d9befe8326620161e5277981bd50c9c9b0cb53fa808760ab38d38b85,2024-10-17T18:15:04.773000 CVE-2024-43815,0,0,982a00e3a03355b9c82b813d4044e6da96d5259d4a40715b1b2b57e8056ddfef,2024-08-19T12:59:59.177000 @@ -260242,7 +260250,7 @@ CVE-2024-4392,0,0,5c82c123a66d3444e81adbb958bd6b8cf11e432e36668571a78dbfc8c82c1c CVE-2024-43920,0,0,4fe0b9b4bdc3c773cef62ba0a55678a848520d2f26b7c394fdfed7064f320ada,2024-09-04T14:06:43.780000 CVE-2024-43921,0,0,8cb3a8317d91fe8c86f2a088d9aae7d066ad8cdfd297a2cc1e6c90830f46e738,2024-09-04T14:12:12.957000 CVE-2024-43922,0,0,1bda9e09eeb9cf761058baff2572a8d05071b30f4dbb7675f13cebb74973fb9f,2024-09-19T21:44:49.453000 -CVE-2024-43924,0,0,dfda955203fd41d6177bff7ef52e1a59af68f70d45c806a235ca1a775c73b4df,2024-10-23T08:15:03.453000 +CVE-2024-43924,0,1,bb2efaa4f19a90f6ad938fb6ac6c2fcde87a4755a2a040a9391dc5aa61d478fc,2024-10-23T15:12:34.673000 CVE-2024-43926,0,0,afe6ba4a11196449e0acf87526616d8bc217e24dbfcd1f8bfd3b6ef863d1044f,2024-09-03T15:15:45.160000 CVE-2024-4393,0,0,4e00802830a11f2dfec38985ebf8ec82363098448bfe6d2b274aa9f7d7f56b33,2024-05-08T13:15:00.690000 CVE-2024-43931,0,0,e4b487ce16111f7507cab3f7997c98054a40435c39d10d2eeeecf16baa2d636f,2024-09-13T21:22:51.923000 @@ -260305,7 +260313,7 @@ CVE-2024-43996,0,0,4ab5e67e8284ceee786b93aed8adbdd80e1748d0425e228e0426548655b0c CVE-2024-43997,0,0,6c8f403711524a70f603385ceb669667a4c46d7aa3512bb8c48c49bc3e88de15,2024-10-18T12:52:33.507000 CVE-2024-43999,0,0,44faf8f669c2612c0005bd86c2cd14309b22432e58922d209b993e9c26847278,2024-09-25T15:15:43.683000 CVE-2024-4400,0,0,5b653bf54f7bd4284ff54a803a56c0860c5d3b2bf58a6f974ce1eac832bfafb8,2024-05-16T13:03:05.353000 -CVE-2024-44000,0,0,d9b805c0ced007d13e1daaa1a0919d9f0b1803ca3e227038ddb8cd8b68e32114,2024-10-21T17:09:45.417000 +CVE-2024-44000,0,1,b24fdcea75f52b7f51a8a830efae5bfbeda44ea801c35a203330e5525875206c,2024-10-23T14:16:02.973000 CVE-2024-44001,0,0,346ae8bf0c871825527e18434529b8ae58c66d1360bf3ccc9a5ea96d6edee082,2024-09-25T20:13:04.160000 CVE-2024-44002,0,0,a9ee9907ad6f165092347fc84904c323e2fe7244eb403d6a142135718b9384c1,2024-09-25T20:06:13.100000 CVE-2024-44003,0,0,5349233fccc3b861a24f3e5f6be5454244be5973fb6ae966dc1e7b789f2be81b,2024-09-25T20:03:29.867000 @@ -260469,7 +260477,7 @@ CVE-2024-4430,0,0,137066e4356a4d04e3ad731fb42c3579f278eca0ad3e41ea882926334c7109 CVE-2024-4431,0,0,8d95de6ec075320f55907047db89835dd68db45859f7bae49d6625b2a3240b6b,2024-05-24T01:15:30.977000 CVE-2024-4432,0,0,492ff6791a7b1a2e081b9c5249b748792a54b9554ba3a2422039c4bfa6a7bf50,2024-05-20T13:00:34.807000 CVE-2024-4433,0,0,29650c676957862ed8f96380f29298acd09e1ae0c4c0eae7a19f73eb896474af,2024-05-02T18:00:37.360000 -CVE-2024-44331,0,0,d93f4413bed12809dd918c7a7420734ea51ad8ea6a341af1c12c9f7c8d53b3d9,2024-10-22T22:15:05.463000 +CVE-2024-44331,0,1,598c01d980cf0f1c91e7287a2a8238a45c252270701e9a14115ae5190303492a,2024-10-23T15:12:34.673000 CVE-2024-44333,0,0,d4fac21295587aa2979fd79e1578e51567e5183cd9197e256154e36309cd2381,2024-09-09T21:35:11.347000 CVE-2024-44334,0,0,27220524666d063359048a7f3de8a9bf531c5b74b035bcd3d68284cc277b9a46,2024-09-09T20:35:12.473000 CVE-2024-44335,0,0,bea255eb7004ca14c44e24d39ca0678896b2d706dfe75c727ca75c52a4a40bff,2024-09-09T20:35:17.330000 @@ -260611,7 +260619,7 @@ CVE-2024-44807,0,0,62c2b8a7567d7a7c61c3dd691038c78c799cdde1b88696256483cc85f3e66 CVE-2024-44808,0,0,53ee5f88da9d15aa3ffd696fc5703153aab92dbb219aaccde4dc48186abdbb68,2024-09-05T12:53:21.110000 CVE-2024-44809,0,0,424c650381a963ac60378eaa5a7cd36fd86829e33f994f3d0227dc416ec44e82,2024-09-04T14:35:12.707000 CVE-2024-4481,0,0,c2852db732c7c65c13524ea22e5406663429c55dff3bfe0d5bbffa299f48bbd3,2024-05-14T16:11:39.510000 -CVE-2024-44812,0,0,3e1b9e54a017ec28cad26caf751beb641fec677dc0b7c734b24d4fec5dff756d,2024-10-22T22:15:05.543000 +CVE-2024-44812,0,1,58c5cf9640d27aaeb5d501aec11caa42847374dbca17391372c1e2e207ac31c0,2024-10-23T15:35:20.023000 CVE-2024-44815,0,0,b542c0b8057471e724100a6582edd807f2b604eab9a88d4411aa24f995571f97,2024-09-25T19:17:02.237000 CVE-2024-44817,0,0,69deaa4e7ecbf919037754dfd86d6f5f34bcd33ff645863b7e5f14d08ab18721,2024-09-05T12:53:21.110000 CVE-2024-44818,0,0,d174c0799ffdbf965fa98c057c949d0dd19f8293fcbd2dc7f74d6c2c59752335,2024-09-05T12:53:21.110000 @@ -260997,8 +261005,8 @@ CVE-2024-45323,0,0,c7408403154d2d18fc914b88a9df254c03b0863b353ec16a1e5cdd4039b8f CVE-2024-45327,0,0,34cd0fc64fb19ec545d442f8caf6da026f7560c6302dd0f3b1f687d00148ed60,2024-09-11T16:26:11.920000 CVE-2024-4533,0,0,aca3a412ead1ce1343d6f498450801be5e059db6302d74881039b5fe75fb6c09,2024-05-28T12:39:28.377000 CVE-2024-45330,0,0,44d2ce461eeddbf3a7a44fe92b128e09d8c56d9b0bb9a6c4f9c38a59d262f5be,2024-10-19T00:41:09.717000 -CVE-2024-45334,0,0,eacd68328ca4f44b8ed08b353c4abb200cf5fff2f977b297b36e84209a3f4e16,2024-10-22T19:15:05.670000 -CVE-2024-45335,0,0,f0cdb2059b0012b9af6f227aefe4f1580459ec588ab341a4a3b300f37dd651cd,2024-10-22T19:15:05.840000 +CVE-2024-45334,0,1,f6c05fece0cc4f139720ac1531928b166644d7d7b1188b541048e9127de13916,2024-10-23T15:12:34.673000 +CVE-2024-45335,0,1,8cf8dfa389d5ec74510eaa5b51d5c7cfd76807a8704cd642571f3a839f1a8528,2024-10-23T15:12:34.673000 CVE-2024-4534,0,0,527a3127a7586bdf18d80cd2b5b17fe74ac5ed6a2aa4ee562148173cc1d9d3e9,2024-08-09T19:35:09.923000 CVE-2024-45346,0,0,2f7f906fa8e830e09f5dc1994b30102df77aeab36a86b7c31755a212ce377dbe,2024-08-29T03:15:05.247000 CVE-2024-45348,0,0,f8397568e636cad274a96a56fcdbc01af3feb6775d5986faa9442985588b0658,2024-09-26T13:32:55.343000 @@ -261108,12 +261116,12 @@ CVE-2024-45507,0,0,b2cf0920dcb75db868de7b4afd51449cea360da72164b9b7e7a575176b0c1 CVE-2024-45508,0,0,a7bf13ff5f2bf318e53d0cc8b12c1b5ac7eae45f1991e7b683a2e3673a166bb9,2024-09-04T16:44:08.247000 CVE-2024-45509,0,0,2da4a07b41eb99a3059398ff74aeb7ba3be7995744fd94f415c5c3e9d41f0b5f,2024-09-04T16:45:08.597000 CVE-2024-4551,0,0,f0a0f74f6dfab215971682e84a8c3d35d9da568954bf14d9189d7462b5493bd2,2024-09-20T00:24:08.597000 -CVE-2024-45518,0,0,3f71040dbae7c84bba1fb6028e9819786c7fcad026d08f57513fa9a7c3bb40d1,2024-10-22T18:35:04.347000 -CVE-2024-45519,0,0,661fee6d9786bdfc8f05f61f45d35274571ae79fce6a99d3aa3f8cc2cfe0ebee,2024-10-22T21:15:06.543000 +CVE-2024-45518,0,1,eee8786565a710073f7e13550b53b8d012490e096745a44063dca7a05d578266,2024-10-23T15:12:34.673000 +CVE-2024-45519,0,1,ba02770fed1525b5b4f0df98b6cf30b24de2e09da9e676dc121caef23db2992b,2024-10-23T15:39:23.220000 CVE-2024-4552,0,0,a910e848f992d4848b5a9057809234cfe8833a167abb01396097dc34db4ca3d3,2024-06-04T16:57:41.053000 CVE-2024-45522,0,0,cfbe5f5b4866198ecf4773ddc4ec07a576ac517554c3c987f558bc88648f0e9a,2024-09-05T14:29:32.737000 CVE-2024-45523,0,0,e7d93fa702fd02b5bced215282921c641c45ca521a1d9282d8eeca5a4c9e6cac,2024-09-20T14:35:11.523000 -CVE-2024-45526,0,0,1fadb0f7694d51674cb5d16d609f9a93a10acf8c8809ffc300be3efbdc6fc457,2024-10-22T21:15:06.720000 +CVE-2024-45526,0,1,d4628a03fc7d8a7cfb2442f76a34dac3190b6a61bb43d7edb2d6687c9af7ff5e,2024-10-23T15:12:34.673000 CVE-2024-45527,0,0,0ed4b7876171a991bf7220f1ee96f2007c9fed522b397370892e632e0f15c024,2024-09-03T15:35:13.673000 CVE-2024-45528,0,0,b726a60695697377572ea54be1902b1c537e8da89a7623e441b7aa9130d0fc17,2024-09-03T15:35:14.480000 CVE-2024-4553,0,0,a1e8f5bd1acd4a97b93bbbe85c146f94099965137fad1ebd49acd106c4b8e00a,2024-05-21T12:37:59.687000 @@ -261369,12 +261377,12 @@ CVE-2024-46213,0,0,27e374a93d05489cae0dc7b637416d222349a9ff3127ca1d693830a2cb84a CVE-2024-46215,0,0,d9c9b41b37ebb8d2c46b9303b2f662f08cd28b45185e47d3a9c15d51a3370a31,2024-10-15T21:35:30.590000 CVE-2024-4622,0,0,7ee7f5b0dbbae0efd9526a317b5150a2af537411986feb7d056b697fe5fc8d53,2024-05-15T18:35:11.453000 CVE-2024-4623,0,0,c53a127683caa8cc49c11a88cc217ef787af901116f1ba89c4741730eb1cc926,2024-06-20T12:44:01.637000 -CVE-2024-46236,0,0,209f5305021314c3b6255b9d0e8e8a0308a4fd597e09d99072173108ec464c84,2024-10-21T19:35:03.590000 +CVE-2024-46236,0,1,693e91f44f55c7044362f804878b8ff20da28bfa4640d789283be09f8a229082,2024-10-23T15:13:25.583000 CVE-2024-46237,0,0,89c70f938f955e8f8794daf2309e374bb81a18bcff912f949189945353ae1bfc,2024-10-22T18:35:05.180000 -CVE-2024-46238,0,0,e04df7a8502d302f172444f965d1fa00612ca87792c631612b16a6e649750ad1,2024-10-21T21:35:03.580000 -CVE-2024-46239,0,0,926566aaeaac1cf6bfa054ea714a4093c287c3bf6826d025bfc5db3fb3092da4,2024-10-21T21:35:04.510000 +CVE-2024-46238,0,1,c0b3aa1e64f4a91b9c4da7e2401f4fe18d33534691ef378a47cfa822f9a55266,2024-10-23T15:13:25.583000 +CVE-2024-46239,0,1,725c4cefa2ca2647a32f2bf2b322ce53dedacf1976287dda499bc36c65d5a603,2024-10-23T15:13:25.583000 CVE-2024-4624,0,0,8d5df292e17ba086eddadcbafacc529f2ebc3c5e49d7b6ea9488db217d327898,2024-05-14T19:17:55.627000 -CVE-2024-46240,0,0,7fc06dbd07643c50f35214e73d631140ea5c0fd9a5a338bf2252defe35cc8370,2024-10-22T18:35:05.950000 +CVE-2024-46240,0,1,e1fabb07f498fd1cd5336ee19dd4a0cded9959b31a2fc1d149406578714fa211,2024-10-23T15:12:34.673000 CVE-2024-46241,0,0,e8f867d722224165a0936937fdbb3a70034985bd08f25a28d6b30ab6a32199ce,2024-09-26T13:32:55.343000 CVE-2024-46256,0,0,3eabf4e0bd1ddec40016e8895217bf93aabad097691dbd82d3a7db1e6662a8b3,2024-10-03T18:35:08.983000 CVE-2024-46257,0,0,9ea0ad0f2e6865da2b0362a090cb21ce2a440cd52edf95f9a53e87e2d7fb967d,2024-10-03T16:35:05.240000 @@ -261402,7 +261410,7 @@ CVE-2024-46313,0,0,0b29c605876b046853c74672dadf1c8118f0e83614058ed8950277f93a0b2 CVE-2024-46316,0,0,54b9c1fe9acfe98423855e0709c0cdd187e74f76088027a762e1c19f14357911,2024-10-10T12:51:56.987000 CVE-2024-4632,0,0,1847fe54466daf978000619c24fbece5b125c2ebcf9d5cf0d1e6a4b41146457c,2024-06-20T12:44:01.637000 CVE-2024-46325,0,0,2552c217f6f2bafd1ae497da9a6104efc7773541d10c748bee2c01ded062ab22,2024-10-08T19:35:19.850000 -CVE-2024-46326,0,0,70349983a6f2562224ac741e0655e5701b6e6590f61ca41c2783f0e01b277172,2024-10-22T18:35:06.717000 +CVE-2024-46326,0,1,f0578270eab46bab4492a6b2c704cfe94c3e0445c11c1280b1ace56f9af506a9,2024-10-23T15:12:34.673000 CVE-2024-46327,0,0,d444c66c2d1131cacb5a6cc939ae8062aae08f60f0b531cdd6bc43039126a6e8,2024-09-30T12:46:20.237000 CVE-2024-46328,0,0,150e1d7b5fcc22f852cb919b13410447bdf1e8cb19cb878b6bbbd7be01f4269b,2024-09-30T12:46:20.237000 CVE-2024-46329,0,0,8c93b211ce727ef89bff0e17a07fc114c301812ff446c3d9b747d9a6ed124748,2024-09-30T12:46:20.237000 @@ -261449,8 +261457,8 @@ CVE-2024-46471,0,0,470c933b4642dc2897ace8d3fcae6cce28009d5c4dc28b3858aee18cd52a0 CVE-2024-46472,0,0,905efea5ffd69a3fd22b9ebc43e76cd3335e2f2038a60c220dd9d439817a4610,2024-09-30T12:45:57.823000 CVE-2024-46475,0,0,6dd32d21b34d5ed62fc4d47e4e31b7806525d2f693fc3da0c33e5fca3fe88762,2024-10-04T13:51:25.567000 CVE-2024-4648,0,0,911dfdcd448576dec5371ac5fe5f3ab9d434d7a73d2296063b028e9785e0deda,2024-06-04T19:20:44.580000 -CVE-2024-46482,0,0,64b6fcd421585aeaa3fc89f8b09b58640759e5e71e32d1ecfbdd014b86697cdf,2024-10-22T22:15:05.633000 -CVE-2024-46483,0,0,fd9e8e5ec9c48d6b8c605797b5d82c94a553a0d3e7c6d3303ae061db7b56f5f6,2024-10-22T22:15:05.720000 +CVE-2024-46482,0,1,4c7cc9f8abefdf394d703170cab2c1d0f6815a856ba8a2a17cbdc610ce072993,2024-10-23T15:12:34.673000 +CVE-2024-46483,0,1,75ffc445ccb8ac003ecbb6c3c08c1b221eff0be1f110f3f40bfdb9fa10891b03,2024-10-23T15:12:34.673000 CVE-2024-46485,0,0,904850996ff0ccd2e4983d6545a4277eb41afbf1d891eac2f17d8f906616c485,2024-09-26T13:32:02.803000 CVE-2024-46486,0,0,6fe755bff404a9260861863774df3deb9fd23fe20cfc4f9cee682ab32adf5d48,2024-10-07T19:37:29.423000 CVE-2024-46488,0,0,41c2092a15aede67b224d6f9481dd8740d600089d5047373dfa98024a8d780a7,2024-10-02T16:21:36.507000 @@ -261466,7 +261474,7 @@ CVE-2024-46528,0,0,81f8583f4022a65d1ad9471b4717d45f3c83d5a174d4df1514139f8d90b90 CVE-2024-4653,0,0,7b6d5c0913690c5b51d844fc9718b4208eaa5f352f244fd41eee7be1add5e3bc,2024-06-04T19:20:44.990000 CVE-2024-46532,0,0,28e90e41b88b199c93bd44748203fc4edc0b214d52c53df9729e48aaafb51060,2024-10-16T18:35:05.480000 CVE-2024-46535,0,0,303f432dafe76053288b97daeba04961b685b8c5980dad6e5d762d1f5502c318,2024-10-15T16:35:08.740000 -CVE-2024-46538,0,0,49444b472ba8cdcaedaf8db0cf57116ab5798660a07219d0cf58ae35fd282d3b,2024-10-22T19:35:08.563000 +CVE-2024-46538,0,1,ac6dc223b2fc042fc585a7b373eda5b9790406c41b719a2a6d8f11009722bde3,2024-10-23T15:12:34.673000 CVE-2024-46539,0,0,2d2c57643421ecf3202df41ca86f61b87e91435ec045a273724c1fd7bed0cf14,2024-10-10T12:56:30.817000 CVE-2024-4654,0,0,0088d34096b2578204ff98fe71c1f702e4c8866653411407f72fe940a56448df,2024-06-04T19:20:45.100000 CVE-2024-46540,0,0,82bd73e280c5a23d3b35406dd5a042ddc542cc53d99831f15d05d7d862ed5067,2024-10-04T13:51:25.567000 @@ -261762,7 +261770,7 @@ CVE-2024-46867,0,0,8316d7997f273d3e067642701a8234592f3f2c26a3648af1f12dc5cbdd0c2 CVE-2024-46868,0,0,f9213706fab3b425fd6d7b9c70ceaf5cede666ff7057d8fa56ee82d754aa07ed,2024-10-01T17:09:12.247000 CVE-2024-46869,0,0,9ed81572871432f968131373b48d9116fc414e30c1ec7495d6906513924c285a,2024-10-04T13:51:25.567000 CVE-2024-4687,0,0,5435981fd840e586246d5a6c7c954862d5332569f9e647b4965c896a6669b062,2024-06-04T19:20:46.547000 -CVE-2024-46870,0,0,0637de163d838f36123cb06c095825d18ce9813cc33a2a70b7f0575bd9f2cdb5,2024-10-10T12:51:56.987000 +CVE-2024-46870,0,1,652ca601a7652d849ccf9f3fa227a6384ea9072535f4139d45e923bcd7c9f15f,2024-10-23T14:26:28.690000 CVE-2024-46871,0,0,42cba4af988a3361fdd6b06fd16c88b02566969c525ca337e5a0e24979f190e2,2024-10-10T12:51:56.987000 CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257b2,2024-06-20T20:15:19.617000 CVE-2024-46886,0,0,a928062ae00bc94e4a7abf511f66b23a1126250ea4d99006bdee4b18a22b92db,2024-10-10T12:56:30.817000 @@ -261771,8 +261779,8 @@ CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113 CVE-2024-46897,0,0,2e86e25932c3365c9fccf8620fea0f0e322915cee2108f33175688332c9426e1,2024-10-22T14:09:46.913000 CVE-2024-46898,0,0,1121a0227e884e663de945d1f5ee0881d2211aaf4fceffe823ea2d2dc74e4f9c,2024-10-17T17:52:00.700000 CVE-2024-4690,0,0,8a659fbde289577b9d47a4e0b198b3a10d973db6b9b3690d157fcfdd9eceabd6,2024-10-21T15:51:10.467000 -CVE-2024-46902,0,0,84a92f67e4cb3c89751bf07675bd1aed31b5257a3cc92542d0e4de163f9c9a35,2024-10-22T19:35:09.313000 -CVE-2024-46903,0,0,3193f232af51497688648157e8d7e65d0fd98a4b8a3968b1550229148f9fd1b3,2024-10-22T19:15:06.283000 +CVE-2024-46902,0,1,7bfdb6b1b77fa1ead7ed4d641aa345dc6ec5d04ee00fc4bcb25d3fbda58dd5f2,2024-10-23T15:12:34.673000 +CVE-2024-46903,0,1,3b3917d8b7bb5ba2b9b2429e0545b7ed1791a9c11c0420bbf83786e19e1abf95,2024-10-23T15:12:34.673000 CVE-2024-46911,0,0,611952a6b1126b54cf024e9a99d67e12cb7d1e8ec93fd9b8c3fb7fb963b348cf,2024-10-15T12:57:46.880000 CVE-2024-46914,0,0,8183f2e81bda981099173d1b49f2e9d3c952a93e63b81e2bd23ce00d12f134f9,2024-10-22T22:15:05.810000 CVE-2024-46918,0,0,bb2eeb1c2eb1e1757cf1750044772f91012857866544e10c0b718da276cf0057,2024-09-20T18:14:23.897000 @@ -261915,7 +261923,7 @@ CVE-2024-47184,0,0,ec4f2d4aa381d6be3b04a5d96e034e76004fe037b3abeb496a459d57a9fce CVE-2024-47186,0,0,039f38f277124d2a0772e43f534fb151851ccf4c65185f4966f7e81d742991ce,2024-10-07T13:30:55.640000 CVE-2024-47187,0,0,817b13d1e8de6a39f3ef47c843dc5a93e7afef448e0409c2b2ed1c1bad0aac52,2024-10-22T13:48:59.893000 CVE-2024-47188,0,0,121b1d8543a839662e5f78a404dc83b47db88a564ef1132d3f948fc248118eb7,2024-10-22T13:50:17.493000 -CVE-2024-47189,0,0,7cfb297f069ec0bde01366fc1e98ed4b7494ca96d20ea4c39eda69e4b21882bf,2024-10-21T20:15:14.697000 +CVE-2024-47189,0,1,7ecc2a6d7651786fe3ca88fc21700c3aba959abbfb427b593201d67fe273baa5,2024-10-23T15:12:34.673000 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000 CVE-2024-47191,0,0,2d0ea97c75991dd32a2813bf0ef51251f3610baaa622ce7906ea2e3545fc5ab0,2024-10-10T12:51:56.987000 CVE-2024-47194,0,0,0afa0b09ca6b7bbd6bd860b01b5c9153eec47be962883f1807d6c455d470088c,2024-10-16T18:15:04.043000 @@ -261932,8 +261940,8 @@ CVE-2024-4722,0,0,d0eb70616d7559be2944527d8cacda4cb03faa787985cf2ceace067dd7c5ef CVE-2024-47220,0,0,ec1088c10a16b1d5d48c36f52f549a9f66295221614c4c2acd2563482d5ed68e,2024-09-26T13:32:55.343000 CVE-2024-47221,0,0,cc80d5b45c9b68b206ee1a2dbfe9f9a68f652cad6fbd63e536e536e628b771d4,2024-09-29T00:45:21.857000 CVE-2024-47222,0,0,c74f6ce55a0f72a72d3d22a82ae52356e74326f3e21780a319e444b828ec8b8d,2024-09-30T14:02:23.007000 -CVE-2024-47223,0,0,fb09416be3a21eceb8e5bccd108d47d718595b69c0752141eb5a33e742ce9071,2024-10-22T18:35:07.540000 -CVE-2024-47224,0,0,0cb275a6c41266c4316d80da854515c99c83745da7bd8c045804d500798ee0a9,2024-10-21T21:15:06.650000 +CVE-2024-47223,0,1,6ced9d5d48193f0dcb61cb33f661af77d821be6912a7f6c6cd03b3c2f8883f5b,2024-10-23T15:12:34.673000 +CVE-2024-47224,0,1,faa7dbf755c9b0e2007ed5828e4d43ecbba4d3b7ed25e8dbea00a981d37cf6b3,2024-10-23T15:12:34.673000 CVE-2024-47226,0,0,67acd1dda98161941683c1ecdf3fb2829a8afb2cdb12d796e19b0a64631c82e3,2024-09-26T13:32:55.343000 CVE-2024-47227,0,0,411c02c14211cd5d3ec12de94c1c6b5b491382d24a6716c2e035097b7090e042,2024-09-27T16:37:44.143000 CVE-2024-4723,0,0,7af98ecd367a90ef8c416c400db7bb1bdf630fc1c111a3c8e6b7b48b9bb15bbe,2024-06-04T19:20:47.717000 @@ -262071,7 +262079,7 @@ CVE-2024-47425,0,0,e832dc60d6b0a911f7b82219c1b7e7050a04085decdafb9accbb9c4ea24ed CVE-2024-4743,0,0,213080d2ce7e290785906918b766d2dd6153d7beb42f4a36c418fabdb6096c44,2024-06-11T17:32:50.367000 CVE-2024-4744,0,0,f2a62275342fb4e02e31ad60fb7b37b3a8ac2b2376213a1fba752ece8166ef2e,2024-06-12T16:44:12.157000 CVE-2024-4745,0,0,54a19ac018881ab94cc09206a38557755449249c459a354d473ddea48bafd7eb,2024-06-12T16:23:34.197000 -CVE-2024-47459,0,0,0b1d286cc18504287dd532d658d2383a7255013ccc216b35a3e0d03bccac4a93,2024-10-18T12:52:33.507000 +CVE-2024-47459,0,1,dc476e38be60b6a1efda7726261f4c9f051d293bb6f4f7193aea3c1108a67e3c,2024-10-23T14:17:23.557000 CVE-2024-4746,0,0,764da2d2faf52d5d8b005efc01764a8e4bfb42f0a65f0b328618a43b312322fb,2024-06-12T16:17:42.223000 CVE-2024-4747,0,0,071c88b133efa29a5bceaf4f1781edaa635d35ede69008d4aad9361c37e95f56,2024-05-14T16:11:39.510000 CVE-2024-4748,0,0,5ce71114653bf2c9cc6586a0117b72827b192c4aa4e8e27ac2b81ed4a0b190af,2024-10-10T16:15:08.630000 @@ -262131,6 +262139,7 @@ CVE-2024-47562,0,0,f948ab473eac72b74771d65275c3bce022b2870f6200aad718c4a235ef7a7 CVE-2024-47563,0,0,8e14a8aeeab89240dc7f71203e62b9d2c2b2c697ebcb095329938e996837371a,2024-10-11T20:05:05.143000 CVE-2024-47565,0,0,1f4de7ea43d4059fde3978664bf9271defcef7d2ededc73cf25a3c2fbdf29d8c,2024-10-11T20:05:59.237000 CVE-2024-4757,0,0,8697ca9e70d5ba37736a0a67620900f7a3da7cbcb97e29086de20de73cd3bfef,2024-07-03T02:08:02.463000 +CVE-2024-47575,1,1,a0d437913509dbdce400ee44446375e68a770ae7ac86a11ab02595b3e83f8bb4,2024-10-23T15:15:30.707000 CVE-2024-4758,0,0,725af37997323245576176c0490558b45926193602683436c3054da734872332,2024-07-03T02:08:02.707000 CVE-2024-4759,0,0,88e594c7c898a4e82a1a8532a1f049d1a9fe25baf60278988c21dabe64f2896b,2024-07-03T02:08:02.923000 CVE-2024-47594,0,0,1ae534f7a3c1c97ead2076790a49a30a6aebae2067756e88afe36b9237831ffa,2024-10-10T12:57:21.987000 @@ -262196,7 +262205,7 @@ CVE-2024-47664,0,0,1c2309f9d69bf8bb4cc3d6eb245972d5a50bf2b31179b3921c4437d37dadd CVE-2024-47665,0,0,e8a6fa909a361ab6d7cc78d96e16742c4b3f809215ea5c8834927031949bb7a0,2024-10-10T12:51:56.987000 CVE-2024-47666,0,0,a5a9f51120f3c9ddd4e33149f72ef447bc4c927097f5851c64b003de19643664,2024-10-10T12:51:56.987000 CVE-2024-47667,0,0,38ec78121e570b51d421eb5ff7db3ba1ac7cdc0e7f949923732012891a8b3d78,2024-10-10T12:51:56.987000 -CVE-2024-47668,0,0,e001990644657b5cbf026f76d790a5eb95d1d99bc1acc218664334dad09f5059,2024-10-10T12:51:56.987000 +CVE-2024-47668,0,1,cf94068f0e7f8e5e7d64a7e8a1d91fb4c9f70ff81ce5d918148c4e18a53dc56f,2024-10-23T15:30:00.057000 CVE-2024-47669,0,0,cc07106cf0c3934e18c2295dc4d9599646844641786bb44db10c2dc10f6e6435,2024-10-21T13:28:34.330000 CVE-2024-4767,0,0,ac8fd08be8bf5dfebff2c5bd3958a6b91cd60ea11215d2f819ca56e82a8bdf8b,2024-07-03T02:08:05.290000 CVE-2024-47670,0,0,47fba4dee4b00f21dbff6c6decd1bc6ab83cdd30571ca10600e97efb139e20ef,2024-10-17T14:15:13.560000 @@ -262204,22 +262213,22 @@ CVE-2024-47671,0,0,6ed788244a5b1c264869a97a389632df94bcd4e1ed09a4e006408f0739ce7 CVE-2024-47672,0,0,208c9363d63200a0f87e54b2ecaa4588cdcb8ebe0fa60448ea15f5f621cd45a2,2024-10-17T14:15:13.780000 CVE-2024-47673,0,0,2317135deeb5a2ba1be6a2e702cd3dee3239bc7e08807d40785f15a0d93329d9,2024-10-17T14:15:13.853000 CVE-2024-47674,0,0,9273dcf5991b9b8c8433130a4938740f9721051fe1fcb6d45b5c4bc4625153d6,2024-10-21T18:15:05.993000 -CVE-2024-47675,0,1,624f315494e47c95b1269b56800071e724c94a3629173e26cf42531c4b63e4de,2024-10-23T13:39:38.647000 +CVE-2024-47675,0,0,624f315494e47c95b1269b56800071e724c94a3629173e26cf42531c4b63e4de,2024-10-23T13:39:38.647000 CVE-2024-47676,0,0,d31d6f56ccab7b160561fa0b3c682aa5c75e9dbbe155592bcb66f3a4628abbed,2024-10-22T16:12:39.830000 CVE-2024-47677,0,0,e6b5dc6058dd7bfb77cd62ce948de0b274ef953046c0e021bc136fd28c5143ad,2024-10-22T14:55:45.950000 CVE-2024-47678,0,0,0599171199c0933ac90dc22e0c718002df8dc875ff64d0f6cfd466c664eca6eb,2024-10-21T17:09:45.417000 -CVE-2024-47679,0,0,307939d2ecd8d5c95d936c71f851827dbf3076f2cbcbbaee79f0d0403d820535,2024-10-21T17:09:45.417000 +CVE-2024-47679,0,1,ff4453f27f8106322d7b03df5908d00952b689ca70903c4a49e7a2270442cdd5,2024-10-23T14:49:48.763000 CVE-2024-4768,0,0,eca965b33b3bb965dbc6e4fa576e2b459dc24fb57cb15a91596443aba7e291e4,2024-06-10T17:16:33.883000 CVE-2024-47680,0,0,779185d87101541924dc45d047ca1b9e685cb152836bf7742a8884724035e45e,2024-10-21T17:09:45.417000 CVE-2024-47681,0,0,bcb480aef1983b0991a4a45d2e94e32a59322fc6073af2e0d422ea34ecd87573,2024-10-22T14:57:47.973000 -CVE-2024-47682,0,0,6c96643a2a20d61e5631dad60147e65d29328d6a7f713c97d1e3e384bd3d2097,2024-10-21T17:09:45.417000 -CVE-2024-47683,0,0,29df637f255ef6790fa4d5a6cef4a640ffa0c80b3f317910e368f8552b5ce5c0,2024-10-21T17:09:45.417000 +CVE-2024-47682,0,1,46fa66ba51047277cbea09ed5154dc9b7e2d2f32e222256eb9a1726a2684da5f,2024-10-23T14:57:12.700000 +CVE-2024-47683,0,1,7ec7028bb740304f208393a68c6cce367ef86fe45c0c6df398de986d9b0bace8,2024-10-23T15:02:12.800000 CVE-2024-47684,0,0,c39612721e855a6bfd73c21cef099cc4455986cccfb2ea78b2c09a72e7deb582,2024-10-22T14:59:31.340000 -CVE-2024-47685,0,0,45dca83ceec4838c760fe3a933b300812ff7df633870d5c25a6d36368c1c1374,2024-10-21T17:09:45.417000 -CVE-2024-47686,0,0,002328641bf73f5c7fdd0cb5a2e29f6ab710bee941d944f9154eb587c6d547fc,2024-10-21T17:09:45.417000 -CVE-2024-47687,0,0,94419916fe94ff70fceea8c9848ea1313fd4f7e2844cd750b51c3c2895ce18a2,2024-10-21T17:09:45.417000 -CVE-2024-47688,0,0,63cf7bbc52d99e9642d18487f0ecff1b2d60d37d963c462ecfec28bd3e5ec740,2024-10-21T17:09:45.417000 -CVE-2024-47689,0,0,f38595b73929eda7ffbe92fb56583fe677428445484bb676b9602bf370ac3b1a,2024-10-21T17:09:45.417000 +CVE-2024-47685,0,1,99ab178208101c31a4fdbe9ddced16aaacce89958f6ac3fde572093fdd022e25,2024-10-23T15:19:05.983000 +CVE-2024-47686,0,1,37864736ad2a4d49ad32a2bfd5d9c20ac88219311e144b89fc2decc05f6ba031,2024-10-23T15:34:50.460000 +CVE-2024-47687,0,1,8395d2f1197b10b881cfc99c8cbe4e99a9a7142c9f350fac2e5252f27d32099a,2024-10-23T15:22:45.867000 +CVE-2024-47688,0,1,e342f1a85a423eeb25e5887c6a7e3ca064156a5f85774a6b7da8769bd9bb7428,2024-10-23T15:36:21.977000 +CVE-2024-47689,0,1,3f75c6785b241c3eacb9ccaf62f165a533348a414404d2e40f2e1dab85da5dde,2024-10-23T15:53:06.410000 CVE-2024-4769,0,0,27e569a8d015b1733830e438c3e7532f74e5dc1a595d9d72a9cda524aaf6545e,2024-07-03T02:08:05.617000 CVE-2024-47690,0,0,448d7fd9a4748a1d25367ec5280b83293a5830a569687c37d4d84e0edb81fe89,2024-10-21T17:09:45.417000 CVE-2024-47691,0,0,3fdc4f49a381b730d9addaf6deb128b8a633a5acbe8c6f6cd5c757255fd2b7cd,2024-10-21T17:09:45.417000 @@ -262331,12 +262340,12 @@ CVE-2024-47815,0,0,843559a4031eaee974816014150940c4f18b7f6d93739de5a1866ac2ce670 CVE-2024-47816,0,0,c0bf0d33ec35192d4154926a2f4d5d81b042bde4dbbd41d5e4618f5e20416892,2024-10-10T12:51:56.987000 CVE-2024-47817,0,0,e954b96b63862e883b53cd879b63811973adbf39f1f221652228e04e702c2294,2024-10-10T12:57:21.987000 CVE-2024-47818,0,0,4d7e5ae8d80cd68e1a4826a976dd1a317a0485050783b2b6d50912171135a504,2024-10-10T12:57:21.987000 -CVE-2024-47819,0,0,c727e536f3a624a59e67b95481c62382de08269a5f55f9d425d3effd214f1eb2,2024-10-22T16:15:07.500000 +CVE-2024-47819,0,1,a201b17d1277f48bd2a8213c81a510d8fc617942b304ecc358a5d34098e66f28,2024-10-23T15:12:34.673000 CVE-2024-4782,0,0,37dcdb14f7d23ae467b62646ac8eb504448e2a7781e3c175892c72dc54d3aebf,2024-08-19T13:00:23.117000 CVE-2024-47822,0,0,659225121d6760adf8eca1f83c834e75b86ebec31d9e1e0ebc639ac3cc87e33f,2024-10-10T12:56:30.817000 CVE-2024-47823,0,0,aba6c10bf903d75799cabb92b24bf5cc826ec4b52223e2aab9a9f7d8d8298a07,2024-10-10T12:56:30.817000 CVE-2024-47824,0,0,60e3e0b82e04fc3016ce5ff7f0485ad8429207cb4be5065515079214bfa51129,2024-10-16T16:38:43.170000 -CVE-2024-47825,0,0,e6e94693ebedcf56110bdb9f855c5f47b6c720dc40ab6904281b3b8627802481,2024-10-21T19:15:03.500000 +CVE-2024-47825,0,1,e319259d9b937a2cf2775125b51ccc3a135e4cd0dcfdc35845c8f95f676fc6af,2024-10-23T15:13:25.583000 CVE-2024-47826,0,0,e0e92319bd7ff9f0b6142ef26fd12487604c5bd0a7b38d2c0ea52634274a8fe7,2024-10-15T12:57:46.880000 CVE-2024-47828,0,0,a6b81ff1073f19581e05e8c790863d706cba88272fb227df996495bf444dca26,2024-10-17T13:55:23.577000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 @@ -262348,7 +262357,7 @@ CVE-2024-47836,0,0,9820902057ffe0b868812f79151bb5dbded2f7cf0e121917a52aed0157f4d CVE-2024-4784,0,0,4cc2a5a387e2d44a289947f3cae3cd294fd9977dc8f62a4a2754567f4ad78544,2024-08-23T16:59:30.430000 CVE-2024-47840,0,0,c2ff7b850c32ab1f0cd524b652cd23069ad0261af0dda33ffcd5ed7e8a17367a,2024-10-16T16:44:54.440000 CVE-2024-47841,0,0,5965eb4de1da8f2a0dd0895a3f88b849e9e6237b2cba12893d6c98b9d53e6e0f,2024-10-16T16:34:31.173000 -CVE-2024-47845,0,0,d3249c38c91418ebff96a6ca4864e0d4ddc2d024adb70c041dea7cee390b051c,2024-10-07T17:48:28.117000 +CVE-2024-47845,0,1,fba2bd4658014e4d6aa7611c4102700faa491de5557f836f104a3695e65a150f,2024-10-23T15:00:11.853000 CVE-2024-47846,0,0,5053ec96b1964ec4cf07752f40f0383acb21d284ff73eb672d6eb88ec2b7aeb5,2024-10-16T16:42:58.513000 CVE-2024-47847,0,0,2c1e2e1c851a4a516d6696b28107e81902c0df1fd1f8d5a493124b40cda48e2d,2024-10-16T16:42:05.567000 CVE-2024-47848,0,0,dc9eb429b1aadadb7717ca6bfd0505a99cdb374dc0fa769de0a8c407aae9a86d,2024-10-07T17:48:28.117000 @@ -262377,10 +262386,14 @@ CVE-2024-47888,0,0,1ed854ade470bc163ad8c76031be0255e632797f8163938f76c7a31de7a78 CVE-2024-47889,0,0,661bf5d3df9343f9d9841050fa7811eba61ad27c7b6cfb90f97b1fd9293eaac0,2024-10-18T12:53:04.627000 CVE-2024-4789,0,0,991c3c0809892f7a4ebcc223f96155782fc07af160e30bd64d5fbc63735bec50,2024-05-17T18:35:35.070000 CVE-2024-4790,0,0,96aecd7cd4f769c190cdd6309a2627db4d493e5cf9efda536a135cb9a7f4eb96,2024-06-20T20:15:19.883000 +CVE-2024-47901,1,1,8f1f29394b5c16bfe6b0e83f3a08018ca330312f43293f4c2d16d7d1553a7881,2024-10-23T15:15:30.930000 +CVE-2024-47902,1,1,3d206f3d88e4f05605962b415c9503f50b5196bbc29c18031c309784ce4c3964,2024-10-23T15:15:31.163000 +CVE-2024-47903,1,1,943046cf1629de7f7f7d825ad9a50768ed7ad1b6063e1c7aebe621842ecd5be0,2024-10-23T15:15:31.397000 +CVE-2024-47904,1,1,8f656980cd3f6bcd083478657c1093f935cc902e5c67f7685eb07f658db8e4a0,2024-10-23T15:15:31.687000 CVE-2024-4791,0,0,45f7f0badd9eeca0c08f0ffcf78bd3c1e9a171e1e79fba42777d793a804985ff,2024-05-17T02:40:37.090000 CVE-2024-47910,0,0,da0097185007355b026dacc76d86a72088b7bf1d898f5a147fff92f16ae106b9,2024-10-07T19:37:43.677000 CVE-2024-47911,0,0,1780d2f9891b374cce407dc3e6f68171fc1b0dbbc46286fbacc7f087c63dae2c,2024-10-07T19:37:44.613000 -CVE-2024-47912,0,0,9ef4037532aa5c90e72bb73275b6d7ee1fa1589599c954cd7f031f4933f0d2e1,2024-10-22T18:35:08.360000 +CVE-2024-47912,0,1,f418c53b744005b67d73cb39395cb1c2d3d904d67f2798e6e9fa7f31b38510fd,2024-10-23T15:12:34.673000 CVE-2024-47913,0,0,dc38cdbfa262901d16ea1ec6ec0c83500e8aa0e3d84f1c11ffa637c829ee03f8,2024-10-07T17:48:28.117000 CVE-2024-4792,0,0,d367db616eff60413675ec0cb96dcf5072899c5126e3ab7b85dd0b323d2aa0a3,2024-06-12T20:15:13.643000 CVE-2024-4793,0,0,d7ea24a63b045e67640f8521c21cc9fd0113236775183a92ddafb3253726675a,2024-06-04T19:20:49.390000 @@ -262494,7 +262507,7 @@ CVE-2024-4839,0,0,b71f0924b0409cbf87c224c453882d6c9b4eee1b8a725627eb630ec6587a6e CVE-2024-4840,0,0,e883b61cf74d34d59484fc9e98d49b7c4a3e1a85aadae7b936258fde00012f35,2024-05-14T16:11:39.510000 CVE-2024-4841,0,0,65ebfdfe2681835a6b4ece6477d685d2c79df9dc285d61b3c6847a6703ab5189,2024-06-24T12:57:36.513000 CVE-2024-48411,0,0,f02f5a173c68a1066ae1d0ad3ecb091448747ebc7ae5d98814db8ad4f2b7f72f,2024-10-16T19:35:11.290000 -CVE-2024-48415,0,0,95acb013fb47d31a0326afab16ca69c3c9659d9f2df3dfa6c20f228fb2401ed6,2024-10-22T22:15:05.890000 +CVE-2024-48415,0,1,c10186924aa2f07960783e2fd15a8f4fa4a9a66e80dda97c9071e00f746fc7e7,2024-10-23T15:12:34.673000 CVE-2024-4842,0,0,266948939b8663b41b45dca8cb12f3f3247c17eab2663a8a73d7a0fbf198d426,2024-05-30T20:15:09.703000 CVE-2024-4843,0,0,b365eeabe96e8dec3f961357ff342df21bbefef716d14e64f95fe3929d1e363a,2024-05-16T13:03:05.353000 CVE-2024-4844,0,0,b1cdfd63abb8075cb2a12dc44eacca2f75c6048adf9c4ea8b8b7c6072669030d,2024-05-16T13:03:05.353000 @@ -262503,19 +262516,19 @@ CVE-2024-4846,0,0,354213cecebbad5d2830809199864dadc70a5508c38afeb47a24b8f17c4c0f CVE-2024-4847,0,0,3e175fcde7743d0dafc07697dcd3c0585505cba50a8840c440513434f4a1e2f1,2024-05-15T16:40:19.330000 CVE-2024-4848,0,0,e9a992014a82f7f25ea8b020a59a54821debcc21ba29ea30b909eb2d249ee224,2024-07-29T11:15:09.920000 CVE-2024-4849,0,0,ea1119b37dea5602dfce7972c7449fed4caaba21295f1145a8612489a3c2fd07,2024-05-20T13:00:34.807000 -CVE-2024-48509,0,0,0dbfb0204216b0e7fdee05a93164dd894790913bc376ddde67012f43046bda19,2024-10-21T20:35:11.953000 +CVE-2024-48509,0,1,c6a322b44f1b5c48c99b4ab0a24ca78577b459bf4c9409e8862d334d073306ba,2024-10-23T15:12:34.673000 CVE-2024-4851,0,0,444f4e959fbd50fab42bb9cd6f5b1019a6d50ea56a5371bcf4f4fa6566e3e360,2024-10-17T18:45:13.093000 CVE-2024-4853,0,0,7e943be0a2434f6362f67f453fe22910f05fecde26076344b21d97f20b2d6efa,2024-08-29T15:15:31.687000 CVE-2024-4854,0,0,9d5d733c00183e47994464da1b76a252c7e4b8268459cd8a1634b1fda6297d73,2024-08-29T15:15:31.797000 CVE-2024-4855,0,0,c93719b20367086f39a585784c8fe87b51678f3d6fabb283bc26fc5dedf0f872,2024-08-29T15:15:31.893000 CVE-2024-4856,0,0,01234b09ea1a4585c989c1dc87d23ed182241e8a50536214983ade66b15e19f8,2024-06-04T16:57:41.053000 CVE-2024-4857,0,0,1a28f92c79b598b55521235359a1d50b478306861b37a5a0ef0abc4d3160ef4c,2024-06-04T16:57:41.053000 -CVE-2024-48570,0,0,56771479e9991268856a1d955d0601f531a6533023e1e3d356d8dae043b5b7bf,2024-10-22T19:35:10.083000 +CVE-2024-48570,0,1,a07030a76cd88cf2d077be21611e593db567eb3ed2799d5f3776bbda7ecbaf36,2024-10-23T15:12:34.673000 CVE-2024-4858,0,0,3cb9bd8b6c75f95328665e9ee04ad5356aa75f69b8a71bb4682aa7bcb86b9454,2024-05-28T12:39:42.673000 CVE-2024-4859,0,0,8383b8e86eb4a4e5b90aae7f1f2380c0c5e94dbe99d2c93d082bf89d93f61e82,2024-05-14T19:17:55.627000 -CVE-2024-48597,0,0,d418873f3e9303c59419cda288a50538e497ca866e7b1cfaef7313951a15ddbe,2024-10-21T20:35:13.860000 +CVE-2024-48597,0,1,72aec40fe60a6c8353dc32b60169cb2bc295b2fc07fd4d45cd6ccc7e559fc86b,2024-10-23T15:12:34.673000 CVE-2024-4860,0,0,51415b9207d508daf9b92cfd5981ba904e23fd57e3ad30c10a4a3319cff2429d,2024-05-14T19:17:55.627000 -CVE-2024-48605,0,0,0f18a8d2cdb3a35cb0367e48bca7be58813da58c2e79e94c95cec99d5276ce2a,2024-10-22T18:35:09.113000 +CVE-2024-48605,0,1,c6fe6d7786e01bf3c07bbcc6dab9ca443b7f4a840bac8f1d3880bbfc76bd164d,2024-10-23T15:12:34.673000 CVE-2024-4862,0,0,1615bd8ef961831b9e24202d7c6665df3c0d355a3a7edbddf82c728a6e33bae9,2024-07-09T18:19:14.047000 CVE-2024-48622,0,0,4cd7a4b67551e1c7266b414b834e1956aa3a51a75d895e45be98bc89b06ddf81,2024-10-16T16:38:43.170000 CVE-2024-48623,0,0,d049076f927dcf309023eb7c4a1c5680d5c48a2a4bd2097c596ebfe8af0f8628,2024-10-16T16:38:43.170000 @@ -262531,21 +262544,21 @@ CVE-2024-48635,0,0,70acc62db2773972323caa582098c14d2ba0630ccd28542fd3671e2f06f9a CVE-2024-48636,0,0,a1b3046a0d6b06507f3010f4369f5a0d6853a8c7798cca6c53bc4bbbc77e9757,2024-10-18T12:52:33.507000 CVE-2024-48637,0,0,d42c2fa4f588b75285bfd9e74cf828ce6be24d319097efc6470bbe43fee07e4e,2024-10-18T12:52:33.507000 CVE-2024-48638,0,0,93a9606c88551eca2a43d58a9a18871f8de782bd448d66dc6474dd57c860ad86,2024-10-18T12:52:33.507000 -CVE-2024-48644,0,0,fb8e8deecb2e7aa1d2cd689f30d88b33dd50d1a7b135cdd1053585d1e54e143a,2024-10-22T22:15:05.970000 -CVE-2024-48645,0,0,4d15b7126f0cd9aed73fd4742963f6dd9be03e82c6b83bb18d5e9d425a39f324,2024-10-21T21:35:05.333000 +CVE-2024-48644,0,1,714259621a93750b61183872589245a3305e917af92df87963fd7418c19665a3,2024-10-23T15:12:34.673000 +CVE-2024-48645,0,1,68a6d6f0e4b4f7bc96fb65a4350b69a13ff6b55f133c0422ecbf10590166619b,2024-10-23T15:12:34.673000 CVE-2024-4865,0,0,df8706c5d26e485ec9b623150b314bb58c6338346ba72ce79d78a6dbca58bc77,2024-05-20T13:00:34.807000 -CVE-2024-48652,0,0,4b747613f413ebfb67540690e86cafa3bbcdad6af103f33d4c1435f508a72f22,2024-10-22T22:15:06.057000 -CVE-2024-48656,0,0,28f49c49185f387cd7096bbcded853af3db422e2661bfb5234fe46ad879e0213,2024-10-22T22:15:06.147000 -CVE-2024-48657,0,0,ec5153269f1420e9d2839a41d5cf569949963faa29aeeda7dce6001b98ac2596,2024-10-22T22:15:06.233000 -CVE-2024-48659,0,0,376bb71c0efd1325046bdfdf37523540e1204fee1eb33883e4747a9ec6036b98,2024-10-22T18:35:09.947000 +CVE-2024-48652,0,1,96c02e8d4c75f1bf63462842142fe98f41b6dc4da927ad34ea96e15f61f7ea58,2024-10-23T15:12:34.673000 +CVE-2024-48656,0,1,ad863fd78a40b8c92b425115b21a49889969a7ecfd85e7d47aa0814d4ed5e379,2024-10-23T15:12:34.673000 +CVE-2024-48657,0,1,62e751e359be22ac1cbdfa47cdea066e280077f08a29a781e1ee4c08a9e3e4f0,2024-10-23T15:12:34.673000 +CVE-2024-48659,0,1,74eba10fd7e373cc2157a8c68b69a750c73226aa0e75d8a35ccb512ee7fa62b0,2024-10-23T15:12:34.673000 CVE-2024-4866,0,0,1fd2c3b939730f1522c70c99454a98badb9f05648f1c0fa9438c4abc3e506e92,2024-07-11T13:05:54.930000 CVE-2024-4868,0,0,115d92ddb75cc1364cb7dc1ed780a32e113f5bc6f17706ce21f4cd60cd219a13,2024-07-09T18:19:14.047000 CVE-2024-4869,0,0,c966893d60f3d2b834063ff6490a8006deca39b71769e89345f5be1133a2f10c,2024-06-26T12:44:29.693000 CVE-2024-4870,0,0,34dc62fe0d9ee09fd087b0b9ccdcdae4c15125668207018dedb4b3cfd451baf0,2024-06-04T16:57:41.053000 -CVE-2024-48706,0,0,926ab8463510247fc481bb381aa230962c9fea3185a890f8b8054f1478cb993b,2024-10-22T19:35:10.843000 -CVE-2024-48707,0,0,1b788795add12412c5ac4fb5c44f5fb35c2ea252b6749d2053970e4208c7e0bf,2024-10-22T19:35:11.020000 -CVE-2024-48708,0,0,3e8196ef69fe40ead548bd48c99619e6fe8dd4254b5c836ca0edde81daa04a92,2024-10-22T19:35:11.790000 -CVE-2024-48709,0,0,a2f1048f43a5ff6c83482412ed457499b4f82b0c444a20075955708fd04c880e,2024-10-21T19:35:07.443000 +CVE-2024-48706,0,1,f713530be88e39bc26678bb907cef38003dcec08f4e06d8324296c8e4ff23ce3,2024-10-23T15:12:34.673000 +CVE-2024-48707,0,1,11d7dda87282e1f93592f9ed17a7b792c848338d8fc8576caa83ed8e9a59d7c5,2024-10-23T15:12:34.673000 +CVE-2024-48708,0,1,a3d087492c40739451e8f1e17f6bd6f3fe16ba5866242fef2c3de1daa457a1c3,2024-10-23T15:12:34.673000 +CVE-2024-48709,0,1,09a0506fcee26889d94982710596f7bcc50ff18fa38b0b5a0230c066edc673cb,2024-10-23T15:13:25.583000 CVE-2024-4871,0,0,27d58887099f376e93909bb4c2214524b0789bbba79f05cabea36e120d5295ee,2024-08-12T16:15:17.313000 CVE-2024-48710,0,0,2fbd0f8c58cb24ce52b0e5c8d654e92a74d3cd7c1aadc3c4c977083a33ba41b8,2024-10-16T17:35:03.423000 CVE-2024-48712,0,0,26c5ef0ec7563b7eb021e1452100a4e706852158c36c374f8078b72afb6523b7,2024-10-16T17:35:04.483000 @@ -262605,8 +262618,8 @@ CVE-2024-4888,0,0,3f4c58ee217cc87037d385e3cb53da7d318e33e3629509fa30ad3e92203777 CVE-2024-4889,0,0,98c988bc305180dfde4233cdb25b83940a2a23ecd5fc7825e58f1cc0fbfe5628,2024-10-15T19:00:09.633000 CVE-2024-4890,0,0,ee7720239380ab5c638f0803999a779457a74687c16e858d2acf0798605f57a2,2024-10-10T20:11:44.610000 CVE-2024-48902,0,0,fed2bf5b719b321f64381a649376d7e0618bda5baab6f732c38dcd1211106c26,2024-10-16T16:57:23.463000 -CVE-2024-48903,0,0,4fc0f066af4da6c148bcc807dba9dfdc06b982998a481364a1cecde7617eb694,2024-10-22T19:15:06.590000 -CVE-2024-48904,0,0,3d8da6651fd11d14678b4aae2ea816adaecfe80c3802c993155a413aa87f75fe,2024-10-22T19:35:12.560000 +CVE-2024-48903,0,1,af1ee698040ee7f8c19b83dd0eb3404cde07c42231b0e3832a1aa5561c10194f,2024-10-23T15:12:34.673000 +CVE-2024-48904,0,1,56bc56ed1722c08287266703a07bddbd88211e3eebee5fa1d299ad65c198bf37,2024-10-23T15:12:34.673000 CVE-2024-48909,0,0,67804b300a72fc34a54a9327f0b3a7a8082afb16b0051c28b942604285939f48,2024-10-17T17:56:11.130000 CVE-2024-4891,0,0,f3940d673165429e16eea192398cf8ad711af9d91140d48fc15ea6e438b5c077,2024-05-20T13:00:34.807000 CVE-2024-48911,0,0,f147f0790cf653449e8f662255582c7c922d3f40a3d15e4b98d08b1e5fd9c969,2024-10-17T21:13:37.147000 @@ -262614,14 +262627,14 @@ CVE-2024-48913,0,0,06d6a212c655b7ac1bbc6f5a3509e81cf89d4f1d83017b87d6e9303af3084 CVE-2024-48914,0,0,8775ce8f63d45f4e21be0399438c25117df9f166b6335c0adfec50056398fb57,2024-10-16T16:38:43.170000 CVE-2024-48915,0,0,53434c02f8cd9e61d046160183bd56a99da2a89b0bd423c79e06c9bddd2f90b1,2024-10-16T16:38:43.170000 CVE-2024-48918,0,0,37d8ea84d8110f3a600a1d2f557058b666848b057b36b01b41785c57ee923776,2024-10-18T12:53:04.627000 -CVE-2024-48919,0,0,3de3c9080ae176dafa7159521cfe35d8da61090a4a68993fb05acfa22eae6bbe,2024-10-22T21:15:06.813000 +CVE-2024-48919,0,1,a0a7ee1576689ebc33e8b3ae0ac8ebb40e27885e788e12cb9b562903133f149c,2024-10-23T15:12:34.673000 CVE-2024-4892,0,0,86d55410ceaf3ecac0b7906bf27b918d65f0ae499a5475505564f001e752dae0,2024-06-13T18:36:09.013000 CVE-2024-48920,0,0,a03bdbd7875951f84a0ddd56d8e819e54834e1b20b1220c7604c44f7db3ea361,2024-10-18T12:52:33.507000 CVE-2024-48924,0,0,e474b369eaf4331d2ff3a579fbee4e63e8ec29b93749a9c533ecb0a1775a3de6,2024-10-18T12:52:33.507000 -CVE-2024-48925,0,0,17ad6fa4547f2ce7b16f4da89e9b101cb04c2294b06cc702cb3983c1e1a94ab1,2024-10-22T16:15:07.853000 -CVE-2024-48926,0,0,85b04bcd589f9426bacb388b76883147a3307f836fd8fd417156eccdaeb86ba1,2024-10-22T16:15:08.090000 -CVE-2024-48927,0,0,703fccd925f1f3af0bb4d7bdb71de5226e00f5f5ac4de4592eb47b115aedc481,2024-10-22T16:15:08.360000 -CVE-2024-48929,0,0,66787fd57ce09c453329b762aeb961f8826f0e3b696b20681b1d74930ccbbfca,2024-10-22T16:15:08.617000 +CVE-2024-48925,0,1,3a078bcb4a89f0f86dd16bcf4b7d66e72e3ba5854d913637ee75a010ccd70548,2024-10-23T15:12:34.673000 +CVE-2024-48926,0,1,85f39ac2dcd7739b6ccfb6e70db444f1e5bc7351c40aca02df38e0890edc7565,2024-10-23T15:12:34.673000 +CVE-2024-48927,0,1,01a9606e87c9d0fe295b7af78c12d3892f336c8d52386afeb159eacf9a03d0c7,2024-10-23T15:12:34.673000 +CVE-2024-48929,0,1,8f42514e5e40293361141ad0a32c5cc2c18cee04cb42f38abe2f83b6fba170dd,2024-10-23T15:12:34.673000 CVE-2024-4893,0,0,c4900f559bdc4a1c952ec15ffc0a407a7d0fc758594c29af597940962bf437f6,2024-05-15T16:40:19.330000 CVE-2024-48930,0,0,c7b6cd0340da2631ccf07a7015b8cf581a1e5f29f6a6b1ff9f3168b16f8d9c48,2024-10-21T17:09:45.417000 CVE-2024-48933,0,0,eab55cc4133fd12eb852707496206c0c064cf1bfef188e95346821cf2dadf897,2024-10-15T18:56:52.363000 @@ -262664,11 +262677,11 @@ CVE-2024-4919,0,0,c726f606173904c8377395d864d6d1f0bfcdbe8df42cdb4cc2d61ca12557d8 CVE-2024-49193,0,0,4817bc5a524f8686c9c390cc6499f217005a03a967baaa28cc06a1d405a85c45,2024-10-16T20:35:16.380000 CVE-2024-49195,0,0,ebe503b8e48bc1eb234bda5829019875beb46e6f81279b5b20d7be3e70714d45,2024-10-17T18:35:13.253000 CVE-2024-4920,0,0,fb11a98a98fcee227749c982e12efa14a4a4b18da858cef87f2552ce91a0c62d,2024-05-17T02:40:42.227000 -CVE-2024-49208,0,0,8f2e6c1e86f64af5e9881e3f7358f063e855448026ab47a0489d80c8a2fe32b3,2024-10-22T17:15:04.503000 -CVE-2024-49209,0,0,63bc036493de6c1ed83f722bcd4747b3b03d632c72fe17005e827b6f6284d1e9,2024-10-22T17:15:05.763000 +CVE-2024-49208,0,1,28d2e992b35e2e1ef94ebf877a0d80afe91b36d68188c2e8154f71c6c78a8978,2024-10-23T15:12:34.673000 +CVE-2024-49209,0,1,ab6c3083b5b8fa47a4348dad42de9ce31362f8f34855825cd8b57b8bf5b7437d,2024-10-23T15:12:34.673000 CVE-2024-4921,0,0,1060b5013f8dc8547f0f33cabd337061fb69f6fcf324e5387138007cbeb6a9c1,2024-06-04T19:20:53.730000 -CVE-2024-49210,0,0,6e53b8aa574f1a38b7aa78fd56066f3a919773a1d515d8c8b36c1cf9f646d98b,2024-10-22T17:15:05.970000 -CVE-2024-49211,0,0,639835fa2342b8dba7122e14997d5aa1fec6ab36565dab9c04b435fe88b7768d,2024-10-22T17:15:06.193000 +CVE-2024-49210,0,1,8424ab4c00391981dbea8fb400ab567e22b8f079a4e2f9fbe1929ef4146f150a,2024-10-23T15:12:34.673000 +CVE-2024-49211,0,1,a47517181b3e75750b7f10cabddc80665e773679b6531198c52d52e7b124250b,2024-10-23T15:12:34.673000 CVE-2024-49214,0,0,4421e2282d31894802376d02d8bd5564e11b8590218433c4394ddc3df2a81c0d,2024-10-15T12:57:46.880000 CVE-2024-49215,0,0,76e95c9c81da96c4e5c4682f2ccc1a4d158465abcbc19e7e07b19566ffff8023,2024-10-22T20:35:12.140000 CVE-2024-49216,0,0,6acffa32d15c0271869a6ba3150ee4d41d9276ea01fbd76b60626657e8a8c6f0,2024-10-16T16:38:14.557000 @@ -262799,10 +262812,11 @@ CVE-2024-4934,0,0,fd5d4b9709dde517f56a9aae7369c165c45ceba9bcf88bee680213c2fc56b6 CVE-2024-49340,0,0,37285f025630fd9eb79c4269f84ef859e190bfac2e34728b5f3d3dbad2273eb0,2024-10-16T16:38:14.557000 CVE-2024-4936,0,0,51b2c41822c3ce01e84bd55c02328ac3499013d52d632d2af56d406c35d5a658,2024-08-06T18:29:27.013000 CVE-2024-49361,0,0,f551e9abf09d421b2a081416ae11d1d19a91d21656c86d2519f1c7f0e281007d,2024-10-21T17:10:22.857000 -CVE-2024-49366,0,0,dba23a6a5d899dfc1dd93480431c60e66516ce3fea9b6f89406c417953de1770,2024-10-21T17:15:03.567000 -CVE-2024-49367,0,0,9cdea4233abdf31e5711ba3faae763fba0a540ae42a436f6b5d5034f60f32d59,2024-10-21T17:15:03.783000 -CVE-2024-49368,0,0,4323388038598adba9c2e6f2533f5d2b25d45af0a630786c844ee55a0bab465d,2024-10-21T17:15:03.960000 -CVE-2024-49373,0,0,0572794ffa0a562b1feec1afbfc4282a4c956dbda0b30d27fc085e44ad9f38f6,2024-10-22T16:15:08.860000 +CVE-2024-49366,0,1,aa37188721af357c851b7fc33379d0188a960b9f96974610014dea2671948c2a,2024-10-23T15:13:58.783000 +CVE-2024-49367,0,1,c9b869d3df961cbe6cd45089af2bd9e7675369053a02cc6adaf7052174946b00,2024-10-23T15:13:58.783000 +CVE-2024-49368,0,1,7653bacc44e12cb471d1297a98c3c2ed197407d61a2b90effa86f38f0c320729,2024-10-23T15:13:58.783000 +CVE-2024-49370,1,1,b89a2e2ab1386e04b12ace31fb73f652b5a68972249f3ac22d026cdf90ce38d9,2024-10-23T15:15:31.987000 +CVE-2024-49373,0,1,d6a9e6f6c722f791a40f83e3b6a0acb632418ab99ccc19489aebf72e45099e53,2024-10-23T15:12:34.673000 CVE-2024-49382,0,0,cd14c2989a948ff9829f4d119b31d603af2c2c459b5f5d9afd11a73e5c1e5fec,2024-10-16T13:53:45.860000 CVE-2024-49383,0,0,8836e7d175d405b86f6d0105b03c4862827296be5b39fe5cde78189dfe892bb0,2024-10-16T13:53:04.380000 CVE-2024-49384,0,0,3ee9c94c4e7d62f73d98e9003a41428dea707c45ee737dda67404986a9c936b6,2024-10-16T13:52:19.317000 @@ -262838,15 +262852,15 @@ CVE-2024-49580,0,0,2a4b2f9ee960712197ef0f3776cc1a15f015ed4f9adbe3a24755a9ff67152 CVE-2024-4959,0,0,862ee7700763d202e5d5dada80050e48cca3b83d56a63673f2017bcf5adb7503,2024-07-03T02:08:22.750000 CVE-2024-49593,0,0,28b8568333d09b89b040a623f287dcf302e51d7008368ee150b7fde946577e54,2024-10-18T12:53:04.627000 CVE-2024-4960,0,0,1e2962fabc78c9680506fb58bfd339ee733c096965130a77b4df6d334c6fc642,2024-08-01T21:15:53.753000 -CVE-2024-49604,0,0,dd1305ca7435bc4e8c076d067f4a80af070415eb72501c5c21a101622376e51b,2024-10-21T17:09:45.417000 +CVE-2024-49604,0,1,4130a6c1f975a0d07098374dd7fb4ff2ab97718728858633e395173b92657205,2024-10-23T15:49:25.567000 CVE-2024-49605,0,0,60247b99368f7bfa4039a3fcf801765c9601ec753a06227ddc6351d1c84fa963,2024-10-21T17:09:45.417000 -CVE-2024-49606,0,0,121c09c76d4b6e894d5ebd1b707360988d1d01435b0cb03ae392f5549358eb50,2024-10-21T17:09:45.417000 +CVE-2024-49606,0,1,482f7b3a4b3cd8858d21ac066cc90df27186c596756677b41d202355300674a8,2024-10-23T15:49:41.503000 CVE-2024-49607,0,0,65d4fe3b1dba2addf1a61a3c95e064bb0d23c04de7591f7f59b2b0d73eaf55e6,2024-10-21T17:09:45.417000 CVE-2024-49608,0,0,5d356ee42b416b0e34ac84baa67290c9c17b7c79aeab97e7f4d0a4ee1a8d45f5,2024-10-21T17:09:45.417000 CVE-2024-49609,0,0,58b5c9be468b513e3488cad4f69b335640bd2a9cfa84d94939a2898ec9a3cd0c,2024-10-21T17:09:45.417000 CVE-2024-4961,0,0,fcb73b246c680abaae254870453939d7dbf5d8c46c3dbb2f7ab747d994c3a111,2024-08-01T21:15:53.893000 CVE-2024-49610,0,0,4f883c779c7b80912a16a7cdc0e52ccc8dd24129efdfa293f6a1ccc1bf1526fe,2024-10-21T17:09:45.417000 -CVE-2024-49611,0,0,c7f7e09d8f83b62743396c3bd4904fddaab94d00a5cf5a5c7129906b3bdbdafc,2024-10-21T17:09:45.417000 +CVE-2024-49611,0,1,3c617deda14cf120c8b3fd2e3cd2ebc0e7d04f3285c76c5dbf7a0c701a6f6996,2024-10-23T15:49:58.247000 CVE-2024-49612,0,0,acd6c0707ff81a9cd91d7e43f1e50373957b69b17c638b1ca230b26e66d303b8,2024-10-21T17:09:45.417000 CVE-2024-49613,0,0,20f17e03932ce1d22e25d4f6728446a601ccc4501b4f23acdcb8336cbf93e2ba,2024-10-22T15:29:55.203000 CVE-2024-49614,0,0,7dd3537b0ff1f3de2fff68f2c1a6b2ab47880b5af077ec967e05dcc4fdcd0d9d,2024-10-22T15:34:09.190000 @@ -262873,6 +262887,7 @@ CVE-2024-4964,0,0,786ceb95d48675f478c0edd25187f0304d39eb81096edb79d2e9ae0401f68b CVE-2024-4965,0,0,5bd9bf33c1ad1b27237ab2761363d4d9817c8f50155c84d844f98b12772718a0,2024-08-08T15:15:18.730000 CVE-2024-4966,0,0,ca96dc16e6a41cb4de3af3c10d7787996b0688fd8eb0522e09efb3ad5052b418,2024-05-17T02:40:44.507000 CVE-2024-4967,0,0,8025a234fc289bdab04f9acbdc2478b7155048b60320bc8b6b7a0758b314e3b9,2024-06-04T19:20:55.777000 +CVE-2024-49675,1,1,d445661173420aa7e4b075685c6d095d96fc1d203415958069ae9105144d20f8,2024-10-23T15:15:32.120000 CVE-2024-4968,0,0,e5876599ebc72fb366518fd24786abd136bd58674cfc6b7ffb1fde29b7dfc2f8,2024-06-04T19:20:55.910000 CVE-2024-4969,0,0,ab0804889b5a888b9b65e9fe2bbd8691478393df4e0fc992e2c82c7a1daa3f54,2024-07-08T14:19:14.173000 CVE-2024-4970,0,0,57238e39937dd97cbba063724432adc0a3a93bd80ba7688359158539986e4d98,2024-06-24T19:30:39.397000 @@ -262901,219 +262916,220 @@ CVE-2024-49859,0,0,d128ad3420c66b03d628db278329ad6a0d637911116441391f7baa845a99a CVE-2024-49860,0,0,f5150f7cf3bb2d2d0ca50e9d424c876fd9c84254fcf7bd6f2627024294f5ef2f,2024-10-21T17:09:45.417000 CVE-2024-49861,0,0,f8d823d453896bd63aeb95297d35b7ca2209aad13429ece51e5e583706dfbad3,2024-10-21T17:09:45.417000 CVE-2024-49862,0,0,0c94aa307fd6d2aeab9692641051191e71a94c4443ed0051d87097b98891acf2,2024-10-21T17:09:45.417000 -CVE-2024-49863,0,0,822195cb0ed5a8eb5305b6c6995ed00981a3a731df5cefc0aa94b0fdfd665d9e,2024-10-21T18:15:06.120000 -CVE-2024-49864,0,0,6d71b5cb6c263d61926e5c2f5a13dac01179c41cee6fbee949f55b69f290dc25,2024-10-21T18:15:06.203000 -CVE-2024-49865,0,0,d3936da15db8dd0c28ab82a1303351819461189ffdbc05b4575c1c8949d30daa,2024-10-21T18:15:06.270000 -CVE-2024-49866,0,0,223f08efee6d6fd103561d2bfe6667c5c652b9b1d364d45948e6953463f2fa72,2024-10-21T18:15:06.330000 -CVE-2024-49867,0,0,416ecbdb938e48206fbf939237542df67fd6b413b49ab7671f9ac83071d0f4f7,2024-10-21T18:15:06.403000 -CVE-2024-49868,0,0,e0587f668434e32601927b15211646418fb45e28b3498782bf08f80ed874267f,2024-10-21T18:15:06.623000 -CVE-2024-49869,0,0,df0569bb8ac0457556a7222fee8db954b39b39b213dcf9cc2ec112549c7c5a69,2024-10-21T18:15:08.340000 -CVE-2024-49870,0,0,7565ea41c34064735f8a0ceb75aa3ce614341d0f5f6fc6dd5acb6ba655ded8b4,2024-10-21T18:15:08.413000 -CVE-2024-49871,0,0,a3eb587e201acd871bb6ed4f52e94278ab7ec07dc2b38464b095cdf3c32c6264,2024-10-21T18:15:08.500000 -CVE-2024-49872,0,0,4c1b0ae825fd6f1bc464ed359c2666ebe034fc27ed59d22585c6f79cf2bb47d9,2024-10-21T18:15:08.587000 -CVE-2024-49873,0,0,f871db5540c384cbb1cf8d630c5066d3c423821bc91b9d9ee601a60f242b3196,2024-10-21T18:15:08.763000 -CVE-2024-49874,0,0,ae04eb32c377c4df2e287852e90692c56b89abd59714074934dc0a4b522c5c48,2024-10-21T18:15:08.983000 -CVE-2024-49875,0,0,702b6f3aadc1435a59abe2eff4ea714f51aacb444e571c2e656bd5a7da5c8f0e,2024-10-21T18:15:09.183000 -CVE-2024-49876,0,0,2c290ed2484874bf93fd15eac4fa64fbbabe0dc7ab9d513214753d6bc7d9724e,2024-10-21T18:15:09.450000 -CVE-2024-49877,0,0,9d1fcb4643e7b32fd01b5fd208dd30de92c90754b1d411f1dc924a5896853e9c,2024-10-21T18:15:09.657000 -CVE-2024-49878,0,0,77286e77eac85019bf9ee751853c1f1be5b07a044889371f6dab142c686bba19,2024-10-21T18:15:09.863000 -CVE-2024-49879,0,0,33ad68a54532867d0f9bfab8cc84f3e652acdb17bd76a4ece5dfd8ee737b9b38,2024-10-21T18:15:10.147000 +CVE-2024-49863,0,1,6b95c286ba526eda8fe740b407a6bfc7f237461b3b2da1ccf712f97bca3266df,2024-10-23T15:13:58.783000 +CVE-2024-49864,0,1,11ee8b000b9a62890a75dd63920e4a33890ab9d058f73a94a2fe3382caeb81d2,2024-10-23T15:13:58.783000 +CVE-2024-49865,0,1,7d0d3bc3b58e3a73b342518618670e0b0da74132af9460999190836dd7383f64,2024-10-23T15:13:58.783000 +CVE-2024-49866,0,1,64fdfad45770d631f65ff417b8e0b441a9ced54aafec781f55abff0506219420,2024-10-23T15:13:58.783000 +CVE-2024-49867,0,1,11525928326247994afa37f5f74290d14e35f5766721fa984acf8b349134099f,2024-10-23T15:13:58.783000 +CVE-2024-49868,0,1,6609c1a314b5164f8a7adeabef80c2a74cbb80bc7c2a2e5c84963dbc51c9cd4a,2024-10-23T15:13:58.783000 +CVE-2024-49869,0,1,d690b4f2f8651d319485a5bc5cca48765c250e0f74f356167c1a1d3ed44b7fd9,2024-10-23T15:13:58.783000 +CVE-2024-49870,0,1,bd25832bdab748cbefddb0beafc59ded25cc04cad6fd191b9be1b37f3e63d060,2024-10-23T15:13:58.783000 +CVE-2024-49871,0,1,ff3a0400aee2237325121a8977f8f422a8adc0802dd41c581f84b4b2b95f7591,2024-10-23T15:13:58.783000 +CVE-2024-49872,0,1,f6cbcd97baebde3f8280c71cb6b25b64732424c878389d8a2470cbdc55168647,2024-10-23T15:13:58.783000 +CVE-2024-49873,0,1,c6b069511598e461d2e296ba6e220ac16e5f671f4d49f2f2af9d3aa6afc61d05,2024-10-23T15:13:58.783000 +CVE-2024-49874,0,1,4f4502a656a6919bb0fc2df63ac79790c27837d9594594fa2f35c7d172253253,2024-10-23T15:13:58.783000 +CVE-2024-49875,0,1,82bafbcf170d072fa3aabc0828e31168f5d6064939d809bc95477f24f2a13491,2024-10-23T15:13:58.783000 +CVE-2024-49876,0,1,8b0326ebf02fdb04378f224329264d3e4924f0d6c498aeb91040e23ce7c118f6,2024-10-23T15:13:58.783000 +CVE-2024-49877,0,1,4d2cf7b07452ecc1c5625b6711f0af4f5f0d37ad629f5ad2378b696713e57584,2024-10-23T15:13:58.783000 +CVE-2024-49878,0,1,b8c9bc38c52857d113170f626183012a77e29f98422a41470a6d55d4836a25af,2024-10-23T15:13:58.783000 +CVE-2024-49879,0,1,a056ace805473862267f59e7ccc7d6e891ba0cc947c4146e51cc5d6a49e971c1,2024-10-23T15:13:58.783000 CVE-2024-4988,0,0,ff557f66f633c813e65ed42f6b56820b4233d3efc23d00548e6797ba166f3d35,2024-08-21T03:15:05.460000 -CVE-2024-49880,0,0,b52fb0ef3f6e1c21d5cbce06d56f874dcf18fb3dd97b125db1d402a4ecf4e757,2024-10-21T18:15:10.373000 -CVE-2024-49881,0,0,98042a06494613f2928e094d2fa909c115df3ab72353ec52b6422e91ca8ed993,2024-10-21T18:15:10.560000 -CVE-2024-49882,0,0,e66023ce971a9d11e792bd78cf40b7bc0fe9ac7894c0512eab6adc79894b9c9f,2024-10-21T18:15:10.790000 -CVE-2024-49883,0,0,37acdbcd398e8228bb279278844f4406b7efd6d6a63221000e833a66f7591c86,2024-10-21T18:15:11.060000 -CVE-2024-49884,0,0,e38c65326228a8cd1318f0f0cefdf4e5bbdf82e377f91e76732ff8f23931e9b5,2024-10-21T18:15:11.130000 -CVE-2024-49885,0,0,ed1572b2de9b402a83c9af591110cc9779fe23b7c58bcdb07fc312ae985bf00f,2024-10-21T18:15:11.230000 -CVE-2024-49886,0,0,cb8b5df158124ff581fff00849defb8fcc783d4461719a4b9d6c866e2e0d2521,2024-10-21T18:15:11.293000 -CVE-2024-49887,0,0,f132982427955349e6ed007dd6d71d9b3c92c457318d6c07927122fc94ace4d5,2024-10-21T18:15:11.360000 -CVE-2024-49888,0,0,cc924b819d51c229517a448a28b418cfa0732d8ab757fd6a1592d71570083222,2024-10-21T18:15:11.443000 -CVE-2024-49889,0,0,79b51de9360ff25a6471e1b00f5c2a3125562a23cf089765cd35288762ec4fb0,2024-10-21T18:15:11.513000 -CVE-2024-49890,0,0,77696cc73866150a5d1b49602ab09dc71c0e59c660923ecde53f4495e81f51af,2024-10-21T18:15:11.580000 -CVE-2024-49891,0,0,dd81b0b06c1d053d8a74180b9da79f7d22b80900500b1817b5765aa3e1b8b868,2024-10-21T18:15:11.657000 -CVE-2024-49892,0,0,1580fe96fb288cd989bb2f85632f6cfc6b24e2e629fd16687a2d7cf3a403a83c,2024-10-21T18:15:11.757000 -CVE-2024-49893,0,0,d511d03f18a8ca11bee91aa3894ff0d0f9bb4aacf685837e1f411585af990d9a,2024-10-21T18:15:11.850000 -CVE-2024-49894,0,0,88cd5ce3fd8ba369e038399b97d0be3dfe18f5cd822e94addebbc26af1ab3f79,2024-10-21T18:15:11.913000 -CVE-2024-49895,0,0,0d0647ca2e335320804377a2cbd6e5c56a2e5a09d2590d50cd806644e941bf5f,2024-10-21T18:15:11.990000 -CVE-2024-49896,0,0,a908826b168746e98694b2d3ffcfa8d0b8fb4574b82019c69efdb76d8fbcea34,2024-10-21T18:15:12.067000 -CVE-2024-49897,0,0,25edab85ea7603452b090b4a5a467a9927aa8931b61a4a7012c475069483a2d5,2024-10-21T18:15:12.133000 -CVE-2024-49898,0,0,d271df81d1c49f8689cb713176a41237c0b0bd646bf55d199db062eaf422babd,2024-10-21T18:15:12.190000 -CVE-2024-49899,0,0,7a489c872f4a8a6cafd4adf72eee8bf0477915eeda84a46614c444f2c5dbf5cf,2024-10-21T18:15:12.253000 -CVE-2024-49900,0,0,442f871c5033fb4d817dcb23172cb4af712873e6d3847088a999310a236f2a67,2024-10-21T18:15:12.320000 -CVE-2024-49901,0,0,38f2ab7e79608192ef80e2320379c51a334ebe822c589fe77f2fbd0dce3fd44f,2024-10-21T18:15:12.480000 -CVE-2024-49902,0,0,a434c9f51e23ab195ac49be2982a8c0fc8838491da8278c8e75db9c76acbd657,2024-10-21T18:15:12.700000 -CVE-2024-49903,0,0,c2309ee0c8d24d23ab7529a4918687b1cdce0bc12188c01955f1dc5a34002d17,2024-10-21T18:15:12.873000 -CVE-2024-49904,0,0,f77065ef3436d9c51b738f2ed393d552149f94dccc5342833a080d9ef008810f,2024-10-21T18:15:12.960000 -CVE-2024-49905,0,0,429fdbbcc0be5ba7747df2aff250fc438efe916999f88efd462a46f49fc8de85,2024-10-21T18:15:13.033000 -CVE-2024-49906,0,0,f1db4cceb57fd758fcf854abdf77016dc83260c8dcb0126b9f115f528c71fc5f,2024-10-21T18:15:13.120000 -CVE-2024-49907,0,0,5d8edc2e7c5e0325d116a4c4e1004945cfe1513ae8038f938d1c05ced14bb9cc,2024-10-21T18:15:13.210000 -CVE-2024-49908,0,0,e2e1e97c872425b428014aaf05dc7637c6a779f36ea763f76672da6671899329,2024-10-21T18:15:13.290000 -CVE-2024-49909,0,0,209e3d539a7883f6a78b4925601153902bdb9a63b70fac4709b5f8e6cc0ac9dc,2024-10-21T18:15:13.357000 +CVE-2024-49880,0,1,451749fefd67e74bbeb3c0f709643bae60f2a71eb71ec77d830a94e7a1231b73,2024-10-23T15:13:58.783000 +CVE-2024-49881,0,1,a457e708f151afe70f4353ab787a197eced712e7eb008a4ae460560f613817df,2024-10-23T15:13:58.783000 +CVE-2024-49882,0,1,e28c808ad906fdf2d8b42e0337e716f32ce905464511139ffb16f8cabedad72e,2024-10-23T15:13:58.783000 +CVE-2024-49883,0,1,9716a4fde73a53061a7723088c0d40d3adc026fa1e880e0f5c5a85406e7e81a1,2024-10-23T15:13:58.783000 +CVE-2024-49884,0,1,4253c12c5a9400a34fd27d4f356e84e2304acbdab19f2414b5baae55a96e79dd,2024-10-23T15:13:58.783000 +CVE-2024-49885,0,1,7454dd4079942ea8aa368264550142902e9d91264028a0091b5e06c3e31015df,2024-10-23T15:13:58.783000 +CVE-2024-49886,0,1,d058b0110cc7ae718a3f90fe7bd717654f8b8374ccdac41e3166fd761799644f,2024-10-23T15:13:58.783000 +CVE-2024-49887,0,1,e6db44b39cc00cffa6a621a85bfcf2139e4599af1b439fcb766e3952fb2c09b3,2024-10-23T15:13:58.783000 +CVE-2024-49888,0,1,3f840da09cb58e8af69d24768fab0f04d52756c1cab879ffca1acbd8ff14327a,2024-10-23T15:13:58.783000 +CVE-2024-49889,0,1,190f37570d0338921a636ba2218dc229dabb2e2bb6c7df0fb584b720e7afefb2,2024-10-23T15:13:58.783000 +CVE-2024-49890,0,1,0344bb4b2e74084bb110984cd7cb15fc17a111b45e887522ce53a453cda58527,2024-10-23T15:13:58.783000 +CVE-2024-49891,0,1,1525f71483987227d889f020192eb4227580ac422200b0b0c58dfa345d498522,2024-10-23T15:13:25.583000 +CVE-2024-49892,0,1,c1416ac252f04fdab07ec36316b59cdae9170438e2419997d80c63c42701d4fa,2024-10-23T15:13:25.583000 +CVE-2024-49893,0,1,9831c49185790cfdd9ccaad9659921768e47b7538b2b05ea48dd7276a3d1ca93,2024-10-23T15:13:25.583000 +CVE-2024-49894,0,1,9e36c91fccd71a8140e4661b6b035e0f2c06854597fe9bb3fc036e42471579cc,2024-10-23T15:13:25.583000 +CVE-2024-49895,0,1,41e5b854547bb803be9c30afa2de7e0107599d5fa73a1d8d46241692e713844c,2024-10-23T15:13:25.583000 +CVE-2024-49896,0,1,26c40820c78e7fc7ea4e6ce4517b7b5452a352e0b3fb1d66ca7b2a91957182b4,2024-10-23T15:13:25.583000 +CVE-2024-49897,0,1,f31524e1efc8ee5a9e73df951a18e06d10291aa5962ae940870f2cbc30aa66d4,2024-10-23T15:13:25.583000 +CVE-2024-49898,0,1,247f23f060bca110c174aebd26a3ab42b9046378866bc7395686d566934c61e2,2024-10-23T15:13:25.583000 +CVE-2024-49899,0,1,a5f0145e815e0fee4eb42b4cfc98f9b8063718c43f49bd73f572e98a3301f0b7,2024-10-23T15:13:25.583000 +CVE-2024-49900,0,1,27f48280c2f7cf39a5eb5145a0ea91dee32362c0db93202141cc5370b19a9f59,2024-10-23T15:13:25.583000 +CVE-2024-49901,0,1,4c85a2a78714f180373a34b94a0c3030c446af18abe94b8c49f4841c023b7714,2024-10-23T15:13:25.583000 +CVE-2024-49902,0,1,3fe235ed65651ec18a8b1f6f0acf83e71c546f542c12b0c09828768c24b587f6,2024-10-23T15:13:25.583000 +CVE-2024-49903,0,1,a24491d4460f7ff8c66718aba9a1813db830200c28e5f8ebbb1c5bef43c89198,2024-10-23T15:13:25.583000 +CVE-2024-49904,0,1,7493ac321f6503f4e18c67ad0882fc55725cebe44088b8d8d961e60946b59037,2024-10-23T15:13:25.583000 +CVE-2024-49905,0,1,f6d4bb38e504751abeb99921fa33f9b63c9d21977e49e0abf71389cfa4bfcb0c,2024-10-23T15:13:25.583000 +CVE-2024-49906,0,1,bc02a06059d7e4bf8cbdfa4a2b2ddf9d92454391d6584e67442bcc71973f4a1f,2024-10-23T15:13:25.583000 +CVE-2024-49907,0,1,9e990f0f6953b779a61ff9676576cfcc4256084e049815996b638d91cdbb48ea,2024-10-23T15:13:25.583000 +CVE-2024-49908,0,1,95ed439126a8afb52b0e6701669df52ce978a27865e9d4db0a44d2d2e924da6a,2024-10-23T15:13:25.583000 +CVE-2024-49909,0,1,13d040a3084d823f842eaafac8b778407821ff1f80eb4e8c0b4fdcc1a0fa17c6,2024-10-23T15:13:25.583000 CVE-2024-4991,0,0,3aef226cc1578adb6c75565d63e7f13bcda4a2e79607b48e5e73e305c3d938d8,2024-05-16T13:03:05.353000 -CVE-2024-49910,0,0,9002cd9822cfb0b26c3db7f3625eda7d5f68149e09a4156321b451dca09022b4,2024-10-21T18:15:13.433000 -CVE-2024-49911,0,0,b4f3eb0672d010e1104202c01ae700e4bd3b933899d9893b7cf5b85831d844ba,2024-10-21T18:15:13.507000 -CVE-2024-49912,0,0,f597fae29b7a4adba3b76ab90a77333cf88f55a537a41c489cbf8bdccd30681d,2024-10-21T18:15:13.593000 -CVE-2024-49913,0,0,6b7b9001a0078a16aa1db709291851c1ff86a37900db34a9e31e0c57c94fff02,2024-10-21T18:15:13.657000 -CVE-2024-49914,0,0,7a1220bc0049369ff60198dc952d2fc5b9b22ece9d565373ddfe6cfcf796246b,2024-10-21T18:15:13.723000 -CVE-2024-49915,0,0,8df6804ece8345329cc1c59f9582351e960e6379f3bf306fe54776a8dca7b452,2024-10-21T18:15:13.787000 -CVE-2024-49916,0,0,2af08f83a3923e938fa0adea8c18df68d49f1ccc0006aa3d43946150716816ee,2024-10-21T18:15:13.877000 -CVE-2024-49917,0,0,fca889031914f17c7b5c14febfc4f8d0f9b45af802be647e68ea61e59ae25154,2024-10-21T18:15:13.937000 -CVE-2024-49918,0,0,1e0c906d39bb179e6f5d05ea02581f75a2fe6b128e89c87bc47089fcc3a916dc,2024-10-21T18:15:14.030000 -CVE-2024-49919,0,0,a4fe0a18d0f2a766ecb3fe7724dc2ecfd051f9395d18cdeb8cf178a37da70c78,2024-10-21T18:15:14.117000 +CVE-2024-49910,0,1,b4793afbd16ac7d4c0ce6e02119fadb79a120fa3376253eea321deeba57dc3dc,2024-10-23T15:13:25.583000 +CVE-2024-49911,0,1,4c2e0d573fea405ea2c1c28152a61bcc3051d0dd20cdb1f4dc086260ef4915bb,2024-10-23T15:13:25.583000 +CVE-2024-49912,0,1,5da3367789660570545892ef5eb1d06667f7f99b79f4999ae93a29d70eb8a6c3,2024-10-23T15:13:25.583000 +CVE-2024-49913,0,1,4a98967135c5998583dcc023672d8cebacab77d81b6764139e1fada1735c9c58,2024-10-23T15:13:25.583000 +CVE-2024-49914,0,1,6a6ae0984b6035b98733c78ccfd6d55ea4ecb9a2278e19dfbdc74ea925b0473c,2024-10-23T15:13:25.583000 +CVE-2024-49915,0,1,924f95aafb8601287a9689be42f161d3a7a7996d863f6de5cd4d353d0e11181c,2024-10-23T15:13:25.583000 +CVE-2024-49916,0,1,9c2aa99f8c03bd69d3fc4d4410e9e5fade85121470316deb114da79bbfa59b69,2024-10-23T15:13:25.583000 +CVE-2024-49917,0,1,a31e5012c070bbb68388b874fb6d7a930adf3546f34285c7bc9b062f7af47265,2024-10-23T15:13:25.583000 +CVE-2024-49918,0,1,81556e5177362c0cfcd74094ef34e5a7eeeeafca1c79215b0376843de610fc09,2024-10-23T15:13:25.583000 +CVE-2024-49919,0,1,b8220512b2f54a750ee311dbfda4f6730f8465019395efefcd7cd5e904006c7e,2024-10-23T15:13:25.583000 CVE-2024-4992,0,0,e061228a83f2d41e21e64f404fd50aefb3a354b638438e4cf4870e41885d01e3,2024-05-16T13:03:05.353000 -CVE-2024-49920,0,0,d19cba17e864a9eda13f9d1aa49fc53522990944d4393b761cba518cb04555cd,2024-10-21T18:15:14.180000 -CVE-2024-49921,0,0,07c55719bdfbeb00f399a97321920e141ac09f80a1fbd4fc3d43b5d76bb452af,2024-10-21T18:15:14.260000 -CVE-2024-49922,0,0,ca98b5474538d4941e42a98fc6501e48eff9ea72286b6d4c586e08cb291f9234,2024-10-21T18:15:14.327000 -CVE-2024-49923,0,0,17081ddbbc6491ddec9264d205799a3ade9f91a463e56d376b89e58eec530869,2024-10-21T18:15:14.390000 -CVE-2024-49924,0,0,2b4dbfa5adf706b6944bfd736663a333915bb65e91672520e3613e7f2c3fd20e,2024-10-21T18:15:14.450000 -CVE-2024-49925,0,0,300579539cd2c62d72358d822844d7bbb6f8318488edc3104e1b0d77aee8b870,2024-10-21T18:15:14.540000 -CVE-2024-49926,0,0,8295c638191f98bdfc784646694df103593717711af8bdea643d76bd3920f222,2024-10-21T18:15:14.623000 -CVE-2024-49927,0,0,fdb1b82be7aa736fe77c1740d5b1b893e6439d0a26054b85a487db8a197d4316,2024-10-21T18:15:14.737000 -CVE-2024-49928,0,0,a28c9b49b27cf4b159d6e80a9042ff01d34bd4f26b8ef611d7137fa5a6c6b24d,2024-10-21T18:15:14.813000 -CVE-2024-49929,0,0,2c500301366de57531faadd6576ed5fb0f5c8af9209abfc4fd595e9c1d5a0a61,2024-10-21T18:15:14.907000 +CVE-2024-49920,0,1,1be42ef77ee9fc1c65ad81ab0dcd66fba1641a6fdde817094ddeecfb3f06d5d0,2024-10-23T15:13:25.583000 +CVE-2024-49921,0,1,6967ef728c2f67d4bb212d10da40edb6fbaf0fe7acdb581bbe0d307f401b8b13,2024-10-23T15:13:25.583000 +CVE-2024-49922,0,1,ca91ba7162cc32dc4e2cf14fb163208d854cd671aa75638cf4d3976a29621ea0,2024-10-23T15:13:25.583000 +CVE-2024-49923,0,1,82332cfea17dbcccff91a9f356a4aa30d314d8e49cbe8e60b1cf1638309ed2f5,2024-10-23T15:13:25.583000 +CVE-2024-49924,0,1,e3e9d77dac8e6a933e59737e42ece4edc4793234e163acb67d340babaa85575b,2024-10-23T15:13:25.583000 +CVE-2024-49925,0,1,6717452f4abf1a8f70ff5a0320447c3ada5e06f5537ce54743f004253e0476ee,2024-10-23T15:13:25.583000 +CVE-2024-49926,0,1,c340907a54f3f82bc1267ccf326bdc9da10ebc5c7cb46a2ab73c0d413d3ff7bf,2024-10-23T15:13:25.583000 +CVE-2024-49927,0,1,80092bd69a60e7db046e7721161bd2b361d15ecd0245c57dbfc59dd407a5dd94,2024-10-23T15:13:25.583000 +CVE-2024-49928,0,1,544457369adc751d5efb140eeaeee10b79f7211aecea480971d43213fefd498a,2024-10-23T15:13:25.583000 +CVE-2024-49929,0,1,9b521152d38f4615a7b12d9d048aaaff3ebdad923ec3ab76ad4d1026438745e1,2024-10-23T15:13:25.583000 CVE-2024-4993,0,0,e0839a9575413089a3f10a1147258f2a987a3e24cb291a41fcab67561670893d,2024-05-16T13:03:05.353000 -CVE-2024-49930,0,0,f87ae058263eb14a43e150779ecfe6a6b2c54b273c028069ccb0531d23ca481e,2024-10-21T18:15:14.990000 -CVE-2024-49931,0,0,1ea64b73d6d7be29c14fee7565f572c6f0b1d85a4d56e3a3f1df87ff8f35ece3,2024-10-21T18:15:15.080000 -CVE-2024-49932,0,0,f9d9af52eb0d6c08fa93b4674d91baeb24719f016aa5418492835d7da9a8a6e3,2024-10-21T18:15:15.140000 -CVE-2024-49933,0,0,53d9bdf6e358cb2590bf9930d3e462dfbf8337dcaccf84f1af09e4d831bfb06b,2024-10-21T18:15:15.210000 -CVE-2024-49934,0,0,e3e503d02467e48b261cecb555e830ee8ad2498cccc70a40e395d2581b3238ef,2024-10-21T18:15:15.273000 -CVE-2024-49935,0,0,017079fa5c5b311c34097bd4316c72ac2c86c92be41f7db652f907fd24a91108,2024-10-21T18:15:15.350000 -CVE-2024-49936,0,0,faa86ce6b4427b6993dfa663ffd1f353935541bd4beda40cca817752117a40b8,2024-10-21T18:15:15.413000 -CVE-2024-49937,0,0,1ddc94453fc4ade819c835bccffc70cad973fc09f9134d4bea3fdce78570e544,2024-10-21T18:15:15.477000 -CVE-2024-49938,0,0,f4d365d0ce3d1578401fd4ae19766e2055c6381d5173bbeba2e2bf9ca7166b3d,2024-10-21T18:15:15.547000 -CVE-2024-49939,0,0,c535086680310b5cc330a339e194c8adc816254c07431417b5811844dd38b771,2024-10-21T18:15:15.620000 -CVE-2024-49940,0,0,d1ce6d9df63ab6d69c0470ff48d7bb6ad598c90a2adcc7e54403053b0155ba85,2024-10-21T18:15:15.703000 -CVE-2024-49941,0,0,c1c1ec78aa90860ef902850c44ce3f3bbbc66b9dcb65b22a58acc96c3013c323,2024-10-21T18:15:15.780000 -CVE-2024-49942,0,0,42ebb307bff9b6cfd1d80515a75fee68471522d7e23528152f5b221d5f99c97a,2024-10-21T18:15:15.843000 -CVE-2024-49943,0,0,5bd0baba9fad401ae2966a5afd74a17f3b5bfe07bacab8ea3c37210a3328453d,2024-10-21T18:15:15.920000 -CVE-2024-49944,0,0,131c3f4f4324d3d83ab08d53894a0c1feeffea665e9f3d106a9edafb8a327374,2024-10-21T18:15:15.993000 -CVE-2024-49945,0,0,d9768bdb8102c7ab9ddb3b09c537888ccdaeb1b8af4a6f393e4a1fb1e01c2f2f,2024-10-21T18:15:16.073000 -CVE-2024-49946,0,0,27f03b5c6f7aeb147a87a037e8f388338f0b52f097a9d9861b253ebf06f8cfe1,2024-10-21T18:15:16.133000 -CVE-2024-49947,0,0,048174b765afe4fff0c0cb6c741193768a0856c7a5d6919d8839d34be72e1e95,2024-10-21T18:15:16.207000 -CVE-2024-49948,0,0,254afb0ae03c5e9dbcf7f646813d286f1525d08f0c6cc2d07d9d611f45343d70,2024-10-21T18:15:16.260000 -CVE-2024-49949,0,0,e1092862299ce2c90d8dc9a6173a127653d464f87c63c33bc0b16a0254336281,2024-10-21T18:15:16.323000 -CVE-2024-49950,0,0,8c3ceff9ef2c46644cfa82096677d88e5b39d893622537c208a1379c0aa5065a,2024-10-21T18:15:16.417000 -CVE-2024-49951,0,0,f2d7dd21313fb994299de3b7796ba73e7501de3715ddfa306199ffb483498741,2024-10-21T18:15:16.500000 -CVE-2024-49952,0,0,1bb95eb5d4ef2d31c0a6b16abcd360f5a0eb081f2f426604ba15a122a80d7613,2024-10-21T18:15:16.590000 -CVE-2024-49953,0,0,19d8f29bafed9da3ffb2b84289b2750096f58d3bd457c1901ca28261ce9dd74c,2024-10-21T18:15:16.673000 -CVE-2024-49954,0,0,b1a986232473fbcfaa049070a08bedc0ed2c07ce5a4b31091951e293e0c61739,2024-10-21T18:15:16.753000 -CVE-2024-49955,0,0,aca53a3848ae59f6411183a6d02fe08aae05858fa3793016881531f8bfe4853d,2024-10-21T18:15:16.833000 -CVE-2024-49956,0,0,5d2727ebf758b416781a5d4a4e1bd34d5b44318ce922ae92fd7249dc1dd664d5,2024-10-21T18:15:16.893000 -CVE-2024-49957,0,0,168b9f19695f22254a9ead8b94a483b3363a005b371841e85614f102ca81a4eb,2024-10-21T18:15:16.950000 -CVE-2024-49958,0,0,f742b4c7f6ff35425a742d12878093da94c170c2aff781b9947e0db4ef79bc79,2024-10-21T18:15:17.050000 -CVE-2024-49959,0,0,1395433d71ba6b8b5ff523aae9d2129edb28c5a2c7178880b545addd92619984,2024-10-21T18:15:17.123000 -CVE-2024-49960,0,0,ae6e4b5068ce7c61e9258e27cd900cd0e377ff54e299d7ac667348ce8f09a9da,2024-10-21T18:15:17.187000 -CVE-2024-49961,0,0,63ad463f5a2970d8047fdba10230ee9f25327cbe40f72d00f253bbf480117139,2024-10-21T18:15:17.267000 -CVE-2024-49962,0,0,772d37517642b62f43e18a8bd98b5765760cf422eb44b7859b5fe8f13409c8a1,2024-10-21T18:15:17.353000 -CVE-2024-49963,0,0,1a3dc9c6fa04a0e5ec44b10dc02f1102fe3348f86942b060ce235940bcff9a3e,2024-10-21T18:15:17.447000 -CVE-2024-49964,0,0,d00b13f0a86a8e82ad126be507aa8914df12ef8058acb2cc46031008ce73cc53,2024-10-21T18:15:17.510000 -CVE-2024-49965,0,0,bed6a26a6e6527f5290db79dfbb22f109500d5f51b23f828b34271d37c0b59d1,2024-10-21T18:15:17.593000 -CVE-2024-49966,0,0,0d7e177c5626c70a931d26c60a8bd5469472651852136ab3aae4982b68bc1b8d,2024-10-21T18:15:17.683000 -CVE-2024-49967,0,0,5484f6985708cb6ff867d8b0ce901b49b803a6318104557919204a14f9d79a5b,2024-10-21T18:15:17.767000 -CVE-2024-49968,0,0,7077da0c2636949275d97eb608839ef01b868b7f2f46611d031760f40a878f3a,2024-10-21T18:15:17.833000 -CVE-2024-49969,0,0,5cb11d1f9ea0bc3f3f316c96a8323de21329a6fccf58f5b2b3f9c4173ebcfcb2,2024-10-21T18:15:17.910000 +CVE-2024-49930,0,1,e33a0f89b739a01814f632ae6fd71a4506b382062bc41fa4ca5b8f786929c03f,2024-10-23T15:13:25.583000 +CVE-2024-49931,0,1,0bf7cec4bcf233bcc5e67b03d626cf21e54f2688e5aa67100f6fa5b5cc24583e,2024-10-23T15:13:25.583000 +CVE-2024-49932,0,1,e5188c7ee1c1972b05d3687d2846a4c04fb0ddad3d4fdc696a14fd6fd5b3f9da,2024-10-23T15:13:25.583000 +CVE-2024-49933,0,1,19c189adea2c51f30368218900eaf8147078b0b49ef8fa469c43040d096ea648,2024-10-23T15:13:25.583000 +CVE-2024-49934,0,1,e37c6ce2db6489d7950418452ae8950ea036544ab18fb721f3040d7c2ecacadd,2024-10-23T15:13:25.583000 +CVE-2024-49935,0,1,47ec8d85e946423f2b5a7d6f760f5940e7dec7c60deca4cdde6ceadd824a68c0,2024-10-23T15:13:25.583000 +CVE-2024-49936,0,1,d7807b7818c4bb2d8ce0ec04aabb1f3544d5a8d9419132d6f08684cc8424e45d,2024-10-23T15:13:25.583000 +CVE-2024-49937,0,1,fbe6451c8c5411e80e94bbe8a5b20cc7de2c60b897db9c68851607b7663313dd,2024-10-23T15:13:25.583000 +CVE-2024-49938,0,1,b09fdb8ffc6d5bd9de59db6069511d5913a2762d8b413226026de2322576dd21,2024-10-23T15:13:25.583000 +CVE-2024-49939,0,1,402d43d358a15010064d110767edefebd01db49ff6b25ef8d93e0a2b850281ad,2024-10-23T15:13:25.583000 +CVE-2024-49940,0,1,2e190a7774264c10f5b4bfb57ed4ea08bed9643d1920281d3d935207593158d9,2024-10-23T15:13:25.583000 +CVE-2024-49941,0,1,c50bd07219a1423cc59298255706fb1962f26493f4a2a3e0fd35cb9777b6459b,2024-10-23T15:13:25.583000 +CVE-2024-49942,0,1,b98fb0b0c98b42d695c4c1ad854b813801232df1e1dddfded32eb0450b2fe18a,2024-10-23T15:13:25.583000 +CVE-2024-49943,0,1,c3614511322770c16ab293e578f901ae8604118536f12a561f6871b2e4e64082,2024-10-23T15:13:25.583000 +CVE-2024-49944,0,1,a5c39556d594e40e637b5d4bce6dabeb8fc6b6740ae1330c7d32ed8079defca7,2024-10-23T15:13:25.583000 +CVE-2024-49945,0,1,8830ebf94239bc1c89548ddf5790035646bb82b6726d019b6557ea104bc21136,2024-10-23T15:13:25.583000 +CVE-2024-49946,0,1,13a5d5811bf383f61044a773b4a572cf961b77975d398bb5002b0e276f496ca5,2024-10-23T15:13:25.583000 +CVE-2024-49947,0,1,5b75f252b800589f5cd5dfe41ee5a2f61df4165d1873b84f7f83f4b0ed7467aa,2024-10-23T15:13:25.583000 +CVE-2024-49948,0,1,95031996de193f661130830207de2692bfa108ccf827c14427716876b420acb6,2024-10-23T15:13:25.583000 +CVE-2024-49949,0,1,4b7cc6ad46e6fb02c30d561a1abf4d685b4716c9a9a63cb194665a262ed01dde,2024-10-23T15:13:25.583000 +CVE-2024-49950,0,1,b937b62baf2afe705487c80997d4737e2300cdf45c170203d8e2c83d4e18bd10,2024-10-23T15:13:25.583000 +CVE-2024-49951,0,1,b8f60d5ef8bd84dfe50bdc427eded9132dc5d0565199c187e518a0aa431c0f98,2024-10-23T15:13:25.583000 +CVE-2024-49952,0,1,eacfa13d5e4b6dd3f3d20e28896adb1fddd3533c2dd67578249a8ef8b4ca45d2,2024-10-23T15:13:25.583000 +CVE-2024-49953,0,1,b8a9bc733c66046dd903f078e23eb8ac6d568842a124d95c6b358ada4288e837,2024-10-23T15:13:25.583000 +CVE-2024-49954,0,1,2156082b776c1c996298ae4f0db53d4824ef35b37e49b72d874b5564fde8e048,2024-10-23T15:13:25.583000 +CVE-2024-49955,0,1,e7695a88ff3679ba8db0d0bea7fd9d2715977aa81cbfabae58d29cb095db5eec,2024-10-23T15:13:25.583000 +CVE-2024-49956,0,1,9a80f892654454ec2ae37af584ff200e3b3b49220884690e6cec1a0bebb68cfb,2024-10-23T15:13:25.583000 +CVE-2024-49957,0,1,ccf2bebe8f2fea0e2b1ffc0a1a86d722a1f4c92c0c11a254cc2af4563b239dbf,2024-10-23T15:13:25.583000 +CVE-2024-49958,0,1,b1ebc1ff3bae20b247885077e84e11d90e86e4e6cc4663e7a20bce8cb785db87,2024-10-23T15:13:25.583000 +CVE-2024-49959,0,1,fe4ecd654bcbd844d5c5f2f62134e451f680e3336be4294ef8d3e7baf3f259c4,2024-10-23T15:13:25.583000 +CVE-2024-49960,0,1,aa6bc327a0e56520d8d77885b3b337f7c9659310340931919f27ebac852153d1,2024-10-23T15:13:25.583000 +CVE-2024-49961,0,1,3670d75402fdb83bcd4895876fbf8a79a88caabf5691d9ccca791e5627785c19,2024-10-23T15:13:25.583000 +CVE-2024-49962,0,1,a204a5208aacb55b29013c53cf74adaad4bda721e3427e33373c6e53bdcab1c1,2024-10-23T15:13:25.583000 +CVE-2024-49963,0,1,2b2f3924927237848da0ce4db39b07cfa23ea57811f60b13338146ece598c290,2024-10-23T15:13:25.583000 +CVE-2024-49964,0,1,a3daf32d816def969df47ee2e8de5196da8c32fcc51b4fa6e88980ee02b891ef,2024-10-23T15:13:25.583000 +CVE-2024-49965,0,1,5017e4bbea441f34bb1695a3b7704c83c90f6308e3baa7512dac279c00198861,2024-10-23T15:13:25.583000 +CVE-2024-49966,0,1,3dd9d402aa195283567134637b94ebf05fd7aa88c1f417600ffa5b4bb2fa6e42,2024-10-23T15:13:25.583000 +CVE-2024-49967,0,1,f92f6192704c8d30fb1b877d6399c880863ff64783a228d60dfdd51b9d90f359,2024-10-23T15:13:25.583000 +CVE-2024-49968,0,1,19a93f4a6384a37e0e479ce1fc4610aee20a39bc275896118b96ca5904112124,2024-10-23T15:13:25.583000 +CVE-2024-49969,0,1,3f4b1951d217c2369704bd79d60ccf2c9671a1780f98d22e3235419fbb3c673d,2024-10-23T15:13:25.583000 CVE-2024-4997,0,0,8869d8cee41a7f38be4f03ad1383841d0fd18dd2f92c0e8b0f0fd7c6f2096580,2024-06-04T16:57:41.053000 -CVE-2024-49970,0,0,a92a08cf657d3b6cb7016730305a2f8ec2b8405aaa645a94dbbccbe58c3386c0,2024-10-21T18:15:17.973000 -CVE-2024-49971,0,0,d1bfc54a12d69a88bfb4c0fbab3e6e5dbac24fcd6a47ee94b8ca898b5b468222,2024-10-21T18:15:18.050000 -CVE-2024-49972,0,0,31006d82ec83f4a48470e846f62404f299b662cacc51f74cadd6efc5f0a3144b,2024-10-21T18:15:18.103000 -CVE-2024-49973,0,0,e9393f93e0bb17121dae1744c7545703eba04aa461372b88c7b5998b8ce3fbd1,2024-10-21T18:15:18.163000 -CVE-2024-49974,0,0,22990b5793ffd3a3db4a2e723e3e2b68b982e87be73df176ecd83dd716d2ff48,2024-10-21T18:15:18.227000 -CVE-2024-49975,0,0,9e75c148e45696385a95893bed64802cf6ef2387afe5146d2bc948a94a22cacc,2024-10-21T18:15:18.287000 -CVE-2024-49976,0,0,dfe82f308748223d7c8cdc664b67f3d3c4432af4f35e61f164f2262dd652da9e,2024-10-21T18:15:18.353000 -CVE-2024-49977,0,0,5870e97c47d6047660e494f5028be2a8e2df62d2eed94394dc6cc676af12d5e1,2024-10-21T18:15:18.417000 -CVE-2024-49978,0,0,49f5a3869bbf77d42d4b37fa44119e3515a6e68804ee502502377ade5c127c3e,2024-10-21T18:15:18.483000 -CVE-2024-49979,0,0,a04965f311e4a668522b1896583b26462db2eb79b79676e413f0f91f037fefa4,2024-10-21T18:15:18.550000 +CVE-2024-49970,0,1,05aca179b29c638548a8f21052c8ccbafdc943e81b23beda746307887e7bcbaf,2024-10-23T15:13:25.583000 +CVE-2024-49971,0,1,60c83f32ab70eca3cd14f38dc4040565edae34a7c11d6016f53aaf212ad0bc15,2024-10-23T15:13:25.583000 +CVE-2024-49972,0,1,985809352bdfeb655e911cb32258e8e8a65029ce7fe386242f6e0bc275afc60f,2024-10-23T15:13:25.583000 +CVE-2024-49973,0,1,cbc8317e69e991b61b33286118a69f0b5499d236a65e0770daff1dbdf352cd5d,2024-10-23T15:13:25.583000 +CVE-2024-49974,0,1,4d1ad9e69552c2546e3ebc37028a81d020f8c81c7e81067843bb3e0268b54a37,2024-10-23T15:13:25.583000 +CVE-2024-49975,0,1,77496d71dbdb1011dc9ff94c3d0cd336344267f57fcfac6b98755dbc72bb5eee,2024-10-23T15:13:25.583000 +CVE-2024-49976,0,1,13e58887358e60c5ecd8c88e2ec609c29a2b4dfca716f3d2e2465eaccc20989f,2024-10-23T15:13:25.583000 +CVE-2024-49977,0,1,d404101d9ba30145a428525398d400ce54caae55b8fe029e10181362c4f21c12,2024-10-23T15:13:25.583000 +CVE-2024-49978,0,1,d1d022627966490e425b664f8063a108568b0f5033ee2065467ad5efe1a2a3e8,2024-10-23T15:13:25.583000 +CVE-2024-49979,0,1,af031dedc92de72c54d427a92e62fc2853294f38d0fdf026f9d854688a1c6e3a,2024-10-23T15:13:25.583000 CVE-2024-4998,0,0,fe1bc994ac10ee97dd90e00ffa3b2211d68ef77cdb160f8aaa68bd1eee2d92b4,2024-05-17T16:15:08.160000 -CVE-2024-49980,0,0,4c4d10e0b138a936b62d1fe20876a830dbe6d6f2098feaab3df441298138363b,2024-10-21T18:15:18.613000 -CVE-2024-49981,0,0,3a1da79b1ff1b73f82c4a59642da7840ce792ca43e6766037b8a23eb02e1a7f7,2024-10-21T18:15:18.670000 -CVE-2024-49982,0,0,cd7f5dd8502170f0cf8b08a6b21eb7cd649dd9ce4193dff78b8a9c159ca08574,2024-10-21T18:15:18.733000 -CVE-2024-49983,0,0,9396b31bd2a85016e67c4496b171ff7cc88d0597f1c67f420507e7d015d981db,2024-10-21T18:15:18.797000 -CVE-2024-49984,0,0,2ddabeeaf068d075b3784b8f5e2e0311f60884f0863af13c94bc80b18bd63a5e,2024-10-21T18:15:18.873000 -CVE-2024-49985,0,0,9a6c118c8135a1dc8b15bb28eb9ce074d325aa55167dcad7b1d3b3d9b8c2f6e7,2024-10-21T18:15:18.950000 -CVE-2024-49986,0,0,61d242649b735c508b878e5a443579b5e56736f895d651584088df7127f61617,2024-10-21T18:15:19.020000 -CVE-2024-49987,0,0,0badac39da449e246304db3fa5a0d8ec9f8e6bdb4f3b9d2ac7e077debbe8562d,2024-10-21T18:15:19.087000 -CVE-2024-49988,0,0,e7eecfcbffe0e4043e9c744ff25523cd6af58676f1b106c498f055e0613f1a1b,2024-10-21T18:15:19.147000 -CVE-2024-49989,0,0,8419611c4d7c2dda7fffe3f5f6e201c368616b4fbf61bcf73ad5198829629b4b,2024-10-21T18:15:19.207000 +CVE-2024-49980,0,1,1b7f876e1e74006c4cbc36f26a364fbc1043d115c2b25809299afdde070e9fbd,2024-10-23T15:13:25.583000 +CVE-2024-49981,0,1,abf3d30af0b7da12daa86f749619a258de3be687f035ffbcb225c27748b23822,2024-10-23T15:13:25.583000 +CVE-2024-49982,0,1,9677db1ad3aaa145e208c49ddeb7ec3d7018fb102c140cc722b06c22f2e07fa8,2024-10-23T15:13:25.583000 +CVE-2024-49983,0,1,a8ab82f4196f5cdde113b23acc0e392f7ce69758223b37afd8356b634ec56e89,2024-10-23T15:13:25.583000 +CVE-2024-49984,0,1,52132884d98254bcf3670a6c5035fab9415ac6c1e9ca87fbf0878fa15bfb5d0a,2024-10-23T15:13:25.583000 +CVE-2024-49985,0,1,6505f687f4eb9245242570ba51d30471acb035977a44ab969f22173c754f5a44,2024-10-23T15:13:25.583000 +CVE-2024-49986,0,1,6b9117399ead2b415f726daa5f92aa72211afcf4379d55baefe074f1577e4e88,2024-10-23T15:13:25.583000 +CVE-2024-49987,0,1,83561d5aa41b3c98ac3da73906c8dc7e2c585f0470372fd90d93ee13a1235673,2024-10-23T15:13:25.583000 +CVE-2024-49988,0,1,c7a60174b0a2907e13494050fdcc3cf96f4fcf64b06f52d88c7b2176f07fad68,2024-10-23T15:13:25.583000 +CVE-2024-49989,0,1,b0266992e9e68cde51259a4c15d0630c79796c1acece427b6a30c5a2dc4e9d03,2024-10-23T15:13:25.583000 CVE-2024-4999,0,0,aeea1ad154336e8cbd739fb19642e978908300b067641ea9bc4ea587cb0b31ba,2024-05-16T15:44:44.683000 -CVE-2024-49990,0,0,39546e1cdb783104b0b21d042037c3517f174690869a65e2304e57fb94f35994,2024-10-21T18:15:19.270000 -CVE-2024-49991,0,0,1e79bf3162e186614e9411a4eae6aa4ca42a80d7742ee548da61dccbdf9a80b7,2024-10-21T18:15:19.330000 -CVE-2024-49992,0,0,0311e3e674c8377ca728d3da5378d92f106011a0f7f446e6602d68fbbd7d30d2,2024-10-21T18:15:19.387000 -CVE-2024-49993,0,0,42ed8e3f240f649a6e7d9c0f43e912a15c4e62d0bc9575a508f6bc2145f88df8,2024-10-21T18:15:19.477000 -CVE-2024-49994,0,0,e2b5a07f36db56b1a5d542da9bcdd20f61638414ed97fd5b350c94f2c5f93ca0,2024-10-21T18:15:19.557000 -CVE-2024-49995,0,0,16c858b6d3b667e454cb1700cea98be9e2abc25303cc228d830bb4528c410b60,2024-10-21T18:15:19.660000 -CVE-2024-49996,0,0,7e2dba942c7507914d2a0ecd67ed4a4c2d3b8365fd52b6351a32bbc41c376b18,2024-10-21T18:15:19.760000 -CVE-2024-49997,0,0,2149d3e894cfeb3d69bffdd471dd8aaeeb9444fbf5fc75397c88dca4fd3fd954,2024-10-21T18:15:19.837000 -CVE-2024-49998,0,0,efeb80f977254c3dabb05b028cec66fe96fe7dc98b92e5165d95edc9e3c76f46,2024-10-21T18:15:19.907000 -CVE-2024-49999,0,0,dc6b44582e762cea0df74bb37cbf27f60d95b223d72ae4cf8f92feafa8821751,2024-10-21T18:15:19.973000 +CVE-2024-49990,0,1,e1d70beb5c3ac0c9d76d00adce179924ec0e97ef68d2e89f39fbefb01b11d6b7,2024-10-23T15:13:25.583000 +CVE-2024-49991,0,1,2fb930d0a7a3c2773f0499a4ac914a761eade3a99dfddc4271f3a9d058939c0f,2024-10-23T15:13:25.583000 +CVE-2024-49992,0,1,f0614aa14cd4a2b6ccac57cac86d4616d97c178a368e730c80c96253894fc745,2024-10-23T15:13:25.583000 +CVE-2024-49993,0,1,431e09872aad235bfcce9475c34ad382bc8db37c02902a317629c2ff678fa4dc,2024-10-23T15:13:25.583000 +CVE-2024-49994,0,1,0ec99d0f3759788296e81b13c827a29b7ece490ae9136187cd8cbf4199412c39,2024-10-23T15:13:25.583000 +CVE-2024-49995,0,1,b14274080bc6cde5e18285c4271101e0fd75dd4ad1b68ac92642bd34920a24f9,2024-10-23T15:13:25.583000 +CVE-2024-49996,0,1,09919f5bd92b6ffa4ceeb00f48af54ba697342e221271cbab43696a2c7a40ce0,2024-10-23T15:13:25.583000 +CVE-2024-49997,0,1,4f0d5cbc938668da4cca12e8619053d4fe51e93b90646e0ffb3c7559200d809e,2024-10-23T15:13:25.583000 +CVE-2024-49998,0,1,dc2b1c1752af1746445d713a06a03643e693f616cacbb49fca8b0a6d6c19fcfd,2024-10-23T15:13:25.583000 +CVE-2024-49999,0,1,78b6148f41a15652bfa26256a49a5e5917d5dbd35564ac4e51ba7d691f423879,2024-10-23T15:13:25.583000 CVE-2024-5000,0,0,78aa4b3aa9bab8131501fa8740489ecb0fe42637a1055cb7cfa2d7935a7c9e42,2024-06-04T16:57:41.053000 -CVE-2024-50000,0,0,17685d3641d55e9708668d377d79f9832a0ce37d1c83a966b2540044e2e956c8,2024-10-21T18:15:20.063000 -CVE-2024-50001,0,0,e1035271ec7049855b01eb75c0c422d1c30e900e319441b20773b408b766a86c,2024-10-21T18:15:20.130000 -CVE-2024-50002,0,0,4e061a3eba3f4f7b184c6bedec6f93a6ac06ce60beb51fdc1935126b4ef8f526,2024-10-21T18:15:20.200000 -CVE-2024-50003,0,0,57eafeee9812a2b7d98ad832a5611cf2622ed1aedbcaaa9515385c36fa1a7bfa,2024-10-21T19:15:04.020000 -CVE-2024-50004,0,0,e01f942e490cb8ed605edbb2c4c8b5eda45dfb87609026c1693329e5972e9748,2024-10-21T19:15:04.083000 -CVE-2024-50005,0,0,7322ce5d5d7b49e612f442f3b9735e48e141061ab9d3ea0a91ef96e5ab9f4df5,2024-10-21T19:15:04.143000 -CVE-2024-50006,0,0,8fa8b64a0eef9ae08a4e58e1a2f33dbf1b64e0af7796c7f4949cc744f2ea6a4e,2024-10-21T19:15:04.223000 -CVE-2024-50007,0,0,89b12aa223a0371a2bf93340464905abfa9b72db24328a74cda142a8f9da1c20,2024-10-21T19:15:04.300000 -CVE-2024-50008,0,0,9fe4276ddd16b749967559f43bd7dc5ee81fd12011dad530eef68c2ec97539d0,2024-10-21T19:15:04.367000 -CVE-2024-50009,0,0,15fc8a86b421ee1c16daf57ac09dfc7d0000a4dbe2fdd7b20f00ef6791b62003,2024-10-21T19:15:04.437000 +CVE-2024-50000,0,1,cec02897eadd69642a8478330d38fa15edaf3633d0d107bb46ad0cb4bf889d34,2024-10-23T15:13:25.583000 +CVE-2024-50001,0,1,886b8a582aeed728b3b4fd74e088fd22423f5fc4d8231c2d820afabe46d603d5,2024-10-23T15:13:25.583000 +CVE-2024-50002,0,1,7e826e0b3de3d65693e9dcc09edb35c05892be528b111a68d82dd8a04b1f2994,2024-10-23T15:13:25.583000 +CVE-2024-50003,0,1,318b4134c29bf882eea2c3b90b36a6f001c79495854be1fa1cd17567830c7826,2024-10-23T15:13:25.583000 +CVE-2024-50004,0,1,fe596401aaf26a0bb4fc90f2562faa93ddcac118926c98a71e59d59cbb14fac7,2024-10-23T15:13:25.583000 +CVE-2024-50005,0,1,71785d188823b2f1a674a1d58fa9bf202e420b9fbc567aaf86f41c900cbed7a5,2024-10-23T15:13:25.583000 +CVE-2024-50006,0,1,174a49f9baeb76f5d648cc15e7a84ec57785d5c83c45a196962bd5065ca2a699,2024-10-23T15:13:25.583000 +CVE-2024-50007,0,1,006f42f97bcdeb5fc8a89a08e9722f5109d1edf1bac5f56ec00ec3aca086f462,2024-10-23T15:13:25.583000 +CVE-2024-50008,0,1,cf18884f6df3df5c9ce0073b5f01db383272d1fb920974501c4f54c76c821365,2024-10-23T15:13:25.583000 +CVE-2024-50009,0,1,b25c89b587ef8f767a118a888203f26c1813b03ccfac66d7b88c177a8b952f96,2024-10-23T15:13:25.583000 CVE-2024-5001,0,0,d13fccabd833b06301db98a96a793d9305ac650b09885bcad3ab7a5e90e7be86,2024-07-23T20:32:50.207000 -CVE-2024-50010,0,0,c53ba20f15be46922415c033fc3e7ed380519ce0eb76211d27b09088e1790b0b,2024-10-21T19:15:04.523000 -CVE-2024-50011,0,0,5f035249db3ba2b24e53e8ba6260368180018cbcfac0b7055d0e4e4e355f8612,2024-10-21T19:15:04.613000 -CVE-2024-50012,0,0,e6eb0338dc2e9f6e121b0c74a88f027b67d6ce68afa6ed8e34c013a1f58544c7,2024-10-21T19:15:04.683000 -CVE-2024-50013,0,0,9bce96b82be6041c6d31723e95529da6b4fa6cda3221f6ed2f78bdb71a07769d,2024-10-21T19:15:04.767000 -CVE-2024-50014,0,0,9fbe5dcd27cf39996764d864e981d268a8c59f48be0444fad3649a08b81849b6,2024-10-21T19:15:04.830000 -CVE-2024-50015,0,0,e8088df4c2e48d549683ae8c2e7ff9235e47300a0012eae1875188102af57d45,2024-10-21T19:15:04.890000 -CVE-2024-50016,0,0,a55f4725ca2402415ab9e6b67bddded136cc2be1fda35777a7494e7090316b41,2024-10-21T19:15:04.970000 -CVE-2024-50017,0,0,f197fab2448a05a2d2cabec81e981b67753477ab29cefc2f0a1ac6c3746fcbcf,2024-10-21T19:15:05.043000 -CVE-2024-50018,0,0,e61c42de23ac70a8b7dfe6acc1a6567293aee16725c673fdeef594cc676a5348,2024-10-21T19:15:05.123000 -CVE-2024-50019,0,0,cbb287c8633689427f38851cc0239f9757bf9915fb89d42096ae94e9fa5e5757,2024-10-21T20:15:15.510000 +CVE-2024-50010,0,1,719c9dfbef8438b722e214bb4144425701839515de68fd900ca2439cbf367998,2024-10-23T15:13:25.583000 +CVE-2024-50011,0,1,980130793609ba85d978ac3897743b36e06d03e5578449cd8463c6a50ef6140e,2024-10-23T15:13:25.583000 +CVE-2024-50012,0,1,6824ea7cd046916e5a46602bc6bf106039cd8c4524a0aa5c1d68ccb97cc90580,2024-10-23T15:13:25.583000 +CVE-2024-50013,0,1,e7dcb33b5a8b3baabdc44a24528c311c52a525f369b10c0876273d89b7dc19b8,2024-10-23T15:13:25.583000 +CVE-2024-50014,0,1,1b9d9129c629d7a256ee3df690e7fe663397d99e76b77d5144d84fc7840136c0,2024-10-23T15:13:25.583000 +CVE-2024-50015,0,1,6d4bf18cde3e91eef710a5b6ca23cc98ba4179d8758cab4bc07f83164bcd0fab,2024-10-23T15:13:25.583000 +CVE-2024-50016,0,1,150cc155a5101207172a6ab21de9b50c216ceecbad4a50f73bb2b1561ac16362,2024-10-23T15:13:25.583000 +CVE-2024-50017,0,1,4fcef121f58bca52e096970b6b422944c415a23596af63574c5ac44a02eb4de0,2024-10-23T15:13:25.583000 +CVE-2024-50018,0,1,0ab552b7de0854c620630fdbc4c5dd46fd08e7915ae706c165d1b10fd64bea68,2024-10-23T15:13:25.583000 +CVE-2024-50019,0,1,99e77dd699dbe9a522853392f88ef6266dc3d0a01734496b75cba5bdb8aef72f,2024-10-23T15:12:34.673000 CVE-2024-5002,0,0,28b740bd033d1abfd76c98a370fcc8a1a0efc6df8c7198f0eedf875190207207,2024-08-01T13:59:37.720000 -CVE-2024-50020,0,0,20e7dcb18b7cff318c41c4cb12cf93f059cf494ec49ee4401c2c60b1d6795f0a,2024-10-21T20:15:15.573000 -CVE-2024-50021,0,0,a45ccb84243633ca75617bcf0bac7b407aa8e502d7b6be23514f6af4dac1dbd0,2024-10-21T20:15:15.630000 -CVE-2024-50022,0,0,9d59c6abd8f8b8c4b9d5277a2ff7021a63d7ee1a681efa5f78ea97b9fd8e6208,2024-10-21T20:15:15.690000 -CVE-2024-50023,0,0,37d2a53073f14ccab5fad125d93dbb07996160f8377ac498e1c4b7fc9232a834,2024-10-21T20:15:15.763000 -CVE-2024-50024,0,0,23bb14f749e0ff00090db76adda8ffffbdfd89c3ced4d30c3fe654bab5ad4776,2024-10-21T20:15:15.850000 -CVE-2024-50025,0,0,a9a2ffb95d9049b1d0f3b5c92e7345060d015d1847e90374e928a341c983f2fe,2024-10-21T20:15:15.930000 -CVE-2024-50026,0,0,10d6bd1bf65686521e063ae744bc64199a1fa3eccd383487f66291d1513531c3,2024-10-21T20:15:15.993000 -CVE-2024-50027,0,0,ea24396ffe206891d48ed674035750bb0f10e5820a8687a3666569d113e801b2,2024-10-21T20:15:16.093000 -CVE-2024-50028,0,0,5bddbbbf1b498cc47b05663d60d38dcaa892daeb07018f2947d7f79ea6f5e85c,2024-10-21T20:15:16.163000 -CVE-2024-50029,0,0,908ccdc28f219977da34e942b527add1c79f6bf0c75e220e1391bf77cf76a5e0,2024-10-21T20:15:16.227000 +CVE-2024-50020,0,1,411f12f61c92a528485eff6d7c3ae3c74ad69154b48f54563f0b8203992999de,2024-10-23T15:12:34.673000 +CVE-2024-50021,0,1,ff4b3176fa12cf909811c80c853a89d71c3fe0bbbbefcbf82bbfff4512213e7e,2024-10-23T15:12:34.673000 +CVE-2024-50022,0,1,ea418e48f6505f27f5db2025c81734733949c8de5ba46fcbcb6d0ffa98a3cc17,2024-10-23T15:12:34.673000 +CVE-2024-50023,0,1,439a0fe98f12f9d7d705bbe6bc5fced5ee3b2f50f863bc6f6833062fce3be5c0,2024-10-23T15:12:34.673000 +CVE-2024-50024,0,1,48c5c81407c92e4819c5004b2f1a0f924c1171ce728f5887bef940da75b05309,2024-10-23T15:12:34.673000 +CVE-2024-50025,0,1,c18eec9799463d58747187173a379279804fb3bd44cdd70ace4fc4c67cf8994a,2024-10-23T15:12:34.673000 +CVE-2024-50026,0,1,8c359b43a83ed1f500f190e5655944e29d49cfecebb7baaf0d603b29102f3148,2024-10-23T15:12:34.673000 +CVE-2024-50027,0,1,f3793817d49adb3d8a1f6f18c6ee3a297e09900f04a0e68dca6150f747a239d3,2024-10-23T15:12:34.673000 +CVE-2024-50028,0,1,4dca9dda6427e2b77ea004dac42687b499391510225f390364dba3406e2be0a1,2024-10-23T15:12:34.673000 +CVE-2024-50029,0,1,5f6107d7d4831614ddc9053b9e55e8540424e84fb4dc9d79b8ce0bbe1b1d84d6,2024-10-23T15:12:34.673000 CVE-2024-5003,0,0,657f01af6ae4ffebd5508957e0a4ee664437c9c42d64fc0c4eaff54aefed6593,2024-07-18T16:18:33.020000 -CVE-2024-50030,0,0,2820ca347e96bb99ae01165c561178d1f4b2b30d597a22bb8c66fb9dcd7cf12b,2024-10-21T20:15:16.290000 -CVE-2024-50031,0,0,5577e00e592f411d2925477599390ea1179feed62f2414eef683c5b5f6f62a91,2024-10-21T20:15:16.350000 -CVE-2024-50032,0,0,58741c2b03e923c21b4caf61e31dd44b07c3797453f4d018386cbf66e695e8d2,2024-10-21T20:15:16.417000 -CVE-2024-50033,0,0,d9c247041dad42666c83a61b37ab976e615eee25bba516ade70e0a578ab243d5,2024-10-21T20:15:16.477000 -CVE-2024-50034,0,0,3e68e1bfc2822ddf6c1a9385983634f53894326fe8bdd8bfb279b53886d96c67,2024-10-21T20:15:16.553000 -CVE-2024-50035,0,0,1a993d1601899fa65f25d1f6798aef8e0748632c10d4cf038c7544c632b7ff64,2024-10-21T20:15:16.640000 -CVE-2024-50036,0,0,08017c23066132093c7c8be825ab7913669dac7377e3ab67bec46c91aec762bc,2024-10-21T20:15:16.717000 -CVE-2024-50037,0,0,ebb18a5f46464009313e33743691c82bd7bcdabcd751592516e3847e9f870703,2024-10-21T20:15:16.790000 -CVE-2024-50038,0,0,4a8fc5089115369ff65aee23f026b751831c2b31eb6829afe1e5be8f6daef12d,2024-10-21T20:15:16.877000 -CVE-2024-50039,0,0,5eb4ab27e6920e114dcd1ebbc38bd9562f77cd742a1de8fc32358ee77562a1dc,2024-10-21T20:15:16.957000 +CVE-2024-50030,0,1,0347086f25dca26915e1436dcfd2de7f4b8fab3635e9fbe7eb8d2175af5dab95,2024-10-23T15:12:34.673000 +CVE-2024-50031,0,1,cc20af791cbec3a7c1c3bd59071b20e2915a6a03702994dd9f9650b8797df511,2024-10-23T15:12:34.673000 +CVE-2024-50032,0,1,9431344800434d7ee15e18d71c026f970a422c249ecc1b3c7c4159bc2d6ab597,2024-10-23T15:12:34.673000 +CVE-2024-50033,0,1,c4783e4124030a679795d5a36f640033093e5797281cfae939df4742960d09ed,2024-10-23T15:12:34.673000 +CVE-2024-50034,0,1,36b290bc69fb0970f5239d91ff72d9a2ae2fe9bece8fba61d1e7bb3293756060,2024-10-23T15:12:34.673000 +CVE-2024-50035,0,1,627272532496610a9cf027bbba85665ddf6863f7df3ac770ae831e28bf6db798,2024-10-23T15:12:34.673000 +CVE-2024-50036,0,1,28901e0166f56dd1988eca00f958e5283f611146fde3cc7b000114e6ee533ed9,2024-10-23T15:12:34.673000 +CVE-2024-50037,0,1,4ee031bfddc4e8f99ddb949f282f6ad1a356c779ae1c3537126fd37e56dbeca8,2024-10-23T15:12:34.673000 +CVE-2024-50038,0,1,13f261ea139b7c77c532175eab38c9e4be7c3afe3db507ae1ed5105376d28292,2024-10-23T15:12:34.673000 +CVE-2024-50039,0,1,75801edb89c7be222bf7c69a5ad76563c04d4f50df342fe887cbc18b83b75ff9,2024-10-23T15:12:34.673000 CVE-2024-5004,0,0,dbb46916d3eaa00ba190ac36848b4f73f0fcf9ebf3415c8f81f52119cf8e2d54,2024-08-01T13:59:37.913000 -CVE-2024-50040,0,0,d6b1a90b7498a56545a72c4cfa538c889ed69357db0a1e79146f8f0158f45a9f,2024-10-21T20:15:17.050000 -CVE-2024-50041,0,0,d6f144471017b965b7206de68b5899d2aaf7aa50537f9c39e7b30bd6697f9cd5,2024-10-21T20:15:17.133000 -CVE-2024-50042,0,0,df8d52719d5c5939c3110b5fc299627d5eba6e1633761af5feae5616c2186b39,2024-10-21T20:15:17.200000 -CVE-2024-50043,0,0,05f6b3b96d98d7a8e68358e323b35f8e9baea184211ec6f5e5da7b1a7a8f60b3,2024-10-21T20:15:17.263000 -CVE-2024-50044,0,0,9c51415ddda45d9289d71098414c12a2c2afb532f8a3c39af5c8877bbca544ce,2024-10-21T20:15:17.313000 -CVE-2024-50045,0,0,a02c27392f36375d0e00db128405326c4d32c7194ab61b670d5f636807bf269c,2024-10-21T20:15:17.373000 -CVE-2024-50046,0,0,b53bab411a7fde18d223f7c717d17b432252f7f98229b0fc90e5bfb323bd1967,2024-10-21T20:15:17.437000 -CVE-2024-50047,0,0,1648a7adf144e3172b18c7815c0bd1fb4c77ae00b67b3bade48ac7b55e27ea2c,2024-10-21T20:15:17.507000 -CVE-2024-50048,0,0,2446bfba00b9ae3aec430ee57d03fc34dacfb6108b2b3b3b22181060be701461,2024-10-21T20:15:17.580000 -CVE-2024-50049,0,0,740df24ddd739c0044b6838c10c264c6e739a76dd6342b699d037285f4e120ce,2024-10-21T20:15:17.687000 +CVE-2024-50040,0,1,981131558689eff63e7408bc26260009c579c8ae379b09b9fc858d45385e4ec1,2024-10-23T15:12:34.673000 +CVE-2024-50041,0,1,fef3c0699535cb60d05a11827c9c4db8904e57356336ade90447872a123f9f27,2024-10-23T15:12:34.673000 +CVE-2024-50042,0,1,47d7a84ed9d469b00f4e210ab7562f73a18e6669a1c07a4576676ffef293e83f,2024-10-23T15:12:34.673000 +CVE-2024-50043,0,1,6fa8e9fd6b09a93abfe49cae2c2b3b9e1564d5e68284b44e286cd6f9b0d9f6f1,2024-10-23T15:12:34.673000 +CVE-2024-50044,0,1,99adc3b386d7b0b967167aa7a713bc7f801d66056d94b4526b6f57fba90cb805,2024-10-23T15:12:34.673000 +CVE-2024-50045,0,1,fe55a30d3128e36327b37c82ba94a1ff0132cabb54f3adbbcc568b84d8fc966e,2024-10-23T15:12:34.673000 +CVE-2024-50046,0,1,4e255f676ca189e5e9e50101b26a65e95afe2fd8c7d6b981181f54054bdf130d,2024-10-23T15:12:34.673000 +CVE-2024-50047,0,1,2b207a2a293c77a5b4c3a31569dc164f8277d0179d455cd9b507078393309111,2024-10-23T15:12:34.673000 +CVE-2024-50048,0,1,bbd23138e80805a57e396cc9887dad63617290c67454d76acda269e557ea2f54,2024-10-23T15:12:34.673000 +CVE-2024-50049,0,1,09afa0a2be58ba607560df205b0898b8b28ee2e6ee587a6115c8699c00e8bc60,2024-10-23T15:12:34.673000 CVE-2024-5005,0,0,28bdb1683e492d24b33087981d0823dd42f49eeb8c271eabba28b1e925e506ca,2024-10-15T12:58:51.050000 -CVE-2024-50055,0,0,8bd61933350af1166da21bf2ca1be74290bd9d7366a90972c29b58636d50b70a,2024-10-21T20:15:17.770000 -CVE-2024-50056,0,0,444857506fba3c76533324304e863d594f5bf4e73ccb8869fbfe082e0e19398d,2024-10-21T20:15:17.853000 -CVE-2024-50057,0,0,2c92e6aa013f2f07906ab2ccc4c5ced84993d19b57ea4a30c645d2ccb546a028,2024-10-21T20:15:17.933000 -CVE-2024-50058,0,0,d4967b66a672f6ad3e3ef66310d5c3c123bd93183433e377509491b4687a3629,2024-10-21T20:15:17.993000 -CVE-2024-50059,0,0,816f93c86ac255501b5de5777044500171097c3ec70953ee9f1a3a7d571fce38,2024-10-21T20:15:18.057000 +CVE-2024-50050,1,1,75d86e88f7994c1f3b20bb87cac7d396514a1e4ee924d9d29743f3bd699759ce,2024-10-23T15:12:34.673000 +CVE-2024-50055,0,1,10b598d3a0269b0f307eaabbc2b716f722fcf5535b65c85d86a0eaf85ce88670,2024-10-23T15:12:34.673000 +CVE-2024-50056,0,1,67d5758c0ace6615570a11511305d2b63ab44abb1709d3f0417dc90e404e22ad,2024-10-23T15:12:34.673000 +CVE-2024-50057,0,1,f555ac9c828db06432a047b9e7eb871f60ff001319e6c1d4d6ade5425ae58ba9,2024-10-23T15:12:34.673000 +CVE-2024-50058,0,1,c4f2f522ded53fa0475123933c29f621ce5dd5483ec6a179037df3352956be04,2024-10-23T15:12:34.673000 +CVE-2024-50059,0,1,1a780b20170c340af075dbf31665516511f24a1a8d6b1513298259637be6503b,2024-10-23T15:12:34.673000 CVE-2024-5006,0,0,275a7db4a7750ed7acf4e95109b09b599d0f03c3ae61db2773b61bbc80a38eed,2024-06-11T17:36:24 -CVE-2024-50060,0,0,8c6274c881b862e2c60714c4398ea997354579ddc09e90ef5a5a485bd52a4dea,2024-10-21T20:15:18.117000 -CVE-2024-50061,0,0,77aa399b1d69012adec6d3543af38358452290eb74c54ff4cbf41cf090c9502e,2024-10-21T20:15:18.210000 -CVE-2024-50062,0,0,6f5ca0ab24218bdc3a66845ef7a25d33f8fee4816aeb71f302bd0b77f4dbdce2,2024-10-21T20:15:18.280000 -CVE-2024-50063,0,0,d759cd8b06ee26350df3838a67993a2f428080f68be3d878c568416e1030f14f,2024-10-21T20:15:18.360000 -CVE-2024-50064,0,0,a9c0a9e4f0c519a4c22abec4357d9c45d0d914896a8ed6df430d438f3ba7542c,2024-10-21T20:15:18.440000 -CVE-2024-50065,0,0,8b2909d6581c9e4861514583ddb674698f4fdfdf8c4f85ae747650769c9c2972,2024-10-21T20:15:18.520000 -CVE-2024-50066,0,0,f285282ac4ec0f12fc9db20caf087bc402ef18a772b938e146fd347faa930bc5,2024-10-23T06:15:10.467000 +CVE-2024-50060,0,1,01f3d5625dc49ef407dd1399459de4e55c9dc18499ec441f495a2f6b728ede8c,2024-10-23T15:12:34.673000 +CVE-2024-50061,0,1,bc3a7751cc02130d6e355a5fd87d288a623ee842a3c5388e63bd720da58709ae,2024-10-23T15:12:34.673000 +CVE-2024-50062,0,1,1537eaa0ebc19268aec1be9df183deb52cc4159c434eceb6998e096f5503bcf3,2024-10-23T15:12:34.673000 +CVE-2024-50063,0,1,1d1881a47d554fc29d203efb6c8521669e1b28611f2bbf99ab231399dab599e1,2024-10-23T15:12:34.673000 +CVE-2024-50064,0,1,c980eae6fee1a420ecee8691838857535f4e51105a3766ff7633430adb0de9f6,2024-10-23T15:12:34.673000 +CVE-2024-50065,0,1,798ea878f6caa10adb303d247fc046bf695b098e873c9993ee906b7bb5d17e5c,2024-10-23T15:12:34.673000 +CVE-2024-50066,0,1,d94429be94d535aee100ff68d7809fe3a46ae84c5531ba245573459a38823316,2024-10-23T15:12:34.673000 CVE-2024-5008,0,0,41c3cff745583fe16908c309126d70e41415ad78f2790f83925cbb0a70eb9065,2024-09-06T22:43:49.557000 CVE-2024-5009,0,0,4fd7bfd86519955de695550b550ff6287bae2637bb330aab0edb8e0b318761f0,2024-09-06T22:43:04.747000 CVE-2024-5010,0,0,3c850c266940942fbe09adbb4c98bc7afc61c3edf80ecba9d04f15eeefca6109,2024-09-06T22:42:39.017000 @@ -263133,8 +263149,8 @@ CVE-2024-5024,0,0,9dd3417f324a3df55f488e05c68d1854a15dd73bd49fdda06475c54e037a76 CVE-2024-5025,0,0,5975a4de967bb092ff1a32c8663c734972c139617eb709a92a7c0cc78b284359,2024-05-22T12:46:53.887000 CVE-2024-5028,0,0,6e4747168a055d3478d0389157f1378a0e5efd7245fc9814fa65e0cf7f805db7,2024-08-01T13:59:38.360000 CVE-2024-5031,0,0,5b0fce1eabb88a37a871d927606cb4ca5166c3808ddca60f777848c692bab12e,2024-05-22T12:46:53.887000 -CVE-2024-50311,0,0,673baaa29832ec29e40ef2e3d47df34dc1d10d7389d03beb5f8c46a2e87a0ff0,2024-10-22T14:15:19.450000 -CVE-2024-50312,0,0,3572eb7dd454215d0d1b5e6c17ada3f23ecefb37603e3a364a3dc2c4253bc71e,2024-10-22T18:35:11.263000 +CVE-2024-50311,0,1,2a5a791ea9a6ed953dd59786f3feebf3d6f42a9a801f740efbdba1fdb4b4c644,2024-10-23T15:12:34.673000 +CVE-2024-50312,0,1,e1c46649456e4db99a8bc5fe6e245d8f0cb367071dbc5cb51f03a7f5cb1f8348,2024-10-23T15:12:34.673000 CVE-2024-5032,0,0,e2dd01f18d9397a3c892e6f9436384b2c9baea7d6f6081290ca836f05f0fc527,2024-08-01T13:59:38.540000 CVE-2024-5033,0,0,34cd1f889798bbfeb338d8d711a920994993596df17d9daf9b428477bffed7c1,2024-08-01T13:59:38.730000 CVE-2024-5034,0,0,ecc1ebd0e8a7a2aea01c9ce5ac07669525947175e7e55790f4a8e8a0b317bae8,2024-08-01T13:59:38.920000 @@ -263275,7 +263291,7 @@ CVE-2024-5182,0,0,58b8232fd0b5e70f15eeeb5297ff44723ef92c555fd120d8b123a01ca786d6 CVE-2024-5184,0,0,913e376e9213bf80a4ef6a0008bd230beba5d0e3fbd42416956e3dc16ba16e7b,2024-06-18T17:06:20.257000 CVE-2024-5185,0,0,0c09010aee9423412314c9f1cbba57fc2fd9ee19c760646e6502f5738cacb7fd,2024-08-30T19:15:16.340000 CVE-2024-5186,0,0,7baed0c201f742c44896dec767d6237c8df7ae961ab3d7ec09eb8b65736716f7,2024-09-24T14:04:47.170000 -CVE-2024-5187,0,1,88fb29ce759c452b913d57a873a63220e31c82d475ca2c84fa3b804bf9736023,2024-10-23T13:36:11.643000 +CVE-2024-5187,0,0,88fb29ce759c452b913d57a873a63220e31c82d475ca2c84fa3b804bf9736023,2024-10-23T13:36:11.643000 CVE-2024-5188,0,0,b2a939863f7779e6dba1e0e2aecd4047c60710495b7cac734003aec732566505,2024-06-11T17:41:17.087000 CVE-2024-5189,0,0,87ea6bb70c0f4e8e0e95d6725175819a83c6ff33cc484fc5f525db9ad5e385e9,2024-06-13T18:36:45.417000 CVE-2024-5190,0,0,d58b9fdaecdb1abec20ccf7764e52a460a4959870ee8917a6c4a9f4c686657e6,2024-05-22T03:15:08.273000 @@ -263788,6 +263804,7 @@ CVE-2024-5760,0,0,84cde3c23d2d2e368735b1ee1e1e7d1f39f88e3f7859decf6fc372d134ed6f CVE-2024-5761,0,0,1fdad964c86313b412878f67fac5999c9a1ea015b844614bc58b000414661a53,2024-06-07T19:15:24.467000 CVE-2024-5762,0,0,d5bc2d8a653cdaa83874769146506405c53a3f453aeae45d89ba66c89c40de90,2024-08-23T16:43:19.497000 CVE-2024-5763,0,0,d5febd3ba0b5169f42bc622129fe03814ec411b220c3b4a777b37231365ea7a6,2024-09-03T20:31:30.480000 +CVE-2024-5764,1,1,31e3298afdc9cd74c2730b21de915c71c5c8497c7f903dd9b130cd3900e69e30,2024-10-23T15:15:32.340000 CVE-2024-5765,0,0,79117abfade54ce3ab13d72bbbbedb2fc58ed3797b29d0ebf953e2abb4b24073,2024-08-01T13:59:59.193000 CVE-2024-5766,0,0,1263d0917882c36f131e194bb6b44630da06ab1a17b9faa93d76c1b934e8029c,2024-06-10T02:52:08.267000 CVE-2024-5767,0,0,8d9d357fa8f1e1cae5533e88ea0736375963b6a4fbe13fa9a151a36ba280f19a,2024-07-09T16:23:07.280000 @@ -265295,7 +265312,7 @@ CVE-2024-7582,0,0,b5d30de3379d4f1314d865a318bcbb3d58683288c246ed462b107435220335 CVE-2024-7583,0,0,b2c70b6258cd9101ea44bd72a9a7bee40fdef17b5833e45029641b6b1054cda6,2024-08-08T20:54:35.117000 CVE-2024-7584,0,0,58c542dacfa48ee04742b2465e6c98b02792727755b744f4b1b1705eb4a002a6,2024-09-11T19:25:04.143000 CVE-2024-7585,0,0,c8cbc83b6349dead88df56624342a371a1668d621fa6cda31e8fc0e9835fc3d7,2024-09-11T19:32:34.007000 -CVE-2024-7587,0,0,7d54e70c6462b328be1e14c9d8027263a76fb061c7ebf9765cabe73f2f8cde96,2024-10-22T23:15:02.367000 +CVE-2024-7587,0,1,b086df9ba9c9e35cb68175a78444a97a0037f8982487b6f9056de9a978eca195,2024-10-23T15:12:34.673000 CVE-2024-7588,0,0,5a601951792deb0c1a10bd51703f1f9beff37d3a9397ce091c3662d925878616,2024-08-14T13:00:37.107000 CVE-2024-7589,0,0,aa1647eb6c306ec7b876b5795f9775a883f5cc7b06ae7ba418ac0c8e49665270,2024-08-13T16:58:08.793000 CVE-2024-7590,0,0,7c97d5aae327ca695e1cd419af58bc8aaacb7517411055405e5e64d98b0261a2,2024-08-13T12:58:25.437000 @@ -265977,7 +265994,7 @@ CVE-2024-8488,0,0,0a3c72da0e3d6042858531d99f20f7d46ebd7634c2988e0b42f58011241f99 CVE-2024-8490,0,0,5ff62dababbd8edfb72d0a97e4807df424b78f87491e2373479d6c84fbd14d32,2024-09-27T18:36:00.053000 CVE-2024-8497,0,0,903ccc83158de7417bc6f3ffdca83d1bf1fc40ad14228b01a3e1e063e242f9a9,2024-09-26T13:32:02.803000 CVE-2024-8499,0,0,a066f12eb0db45b577c1044e88855b3e531b0d4e8e1575f5845b6487effebb39,2024-10-04T13:50:43.727000 -CVE-2024-8500,0,0,36d003e1e764b01afd0645a7576b0d1e8e252197433f4ef20f1f4429094b6c43,2024-10-23T11:15:13.490000 +CVE-2024-8500,0,1,b9ac05910a5b7e1a6e51770e5450f02754b11b55ccc3b4b83d62180b3722d198,2024-10-23T15:12:34.673000 CVE-2024-8503,0,0,9f803200a857fcdb413b5557fdfb30066c33963fff9f6132df8887c5f7ded0b9,2024-09-11T16:26:11.920000 CVE-2024-8504,0,0,8357da8291f04353fac31874868f2eb40b31e26be1555ef771437bf9554e80e3,2024-09-12T14:35:23.173000 CVE-2024-8505,0,0,1c04e90354babae2df3035dc354852183330b8445c04d1f2331a89a32b3e4a48,2024-10-07T19:26:53 @@ -266185,7 +266202,7 @@ CVE-2024-8802,0,0,8bf5ff4db31e0529cbd08652ac36154d0a1e65a032bdeeb095aa4e8638ac05 CVE-2024-8803,0,0,1e0c20c4da3042f287bedde6aa980588230b643699023347d741bb81db132ef8,2024-10-02T17:15:12.677000 CVE-2024-8804,0,0,08d968e195b0f36220a0a723a12b9b939996510ce1ddcb52b8152a63b9728d80,2024-10-10T20:56:49.403000 CVE-2024-8850,0,0,60f99c260767f82bf00cc7954ec3e058985003b965020b8d3dac7a45b3ea5f64,2024-09-25T18:49:53.397000 -CVE-2024-8852,0,0,0b1182c776835fe068a3207b2af26f5dc7665473cb89eeae771b708ff2a9a60a,2024-10-22T06:15:04.890000 +CVE-2024-8852,0,1,6e707f169e582bf83d369eb398c611abfab4370a43b37b2dee2a472eac3455de,2024-10-23T15:12:34.673000 CVE-2024-8853,0,0,b5a3b0675f8f2657c7381537f08c47ae3a3694c18acf1b18976370e35c278f0e,2024-09-25T17:49:25.653000 CVE-2024-8858,0,0,a55a2b45b2b7a3f3c60e0d8077307a88defc4d63f2b498893a25b1463c90c22f,2024-10-02T18:41:29.067000 CVE-2024-8861,0,0,d76e122800aa09ccce1d9be4ecd54fe7a1857f12f95213a173e1ba2fbaa723db,2024-10-01T13:41:27.213000 @@ -266214,7 +266231,7 @@ CVE-2024-8891,0,0,aa12a440054ffbd9bbb7dd25787b2c9efe1fc6e33a09eaeb1daa5594da775b CVE-2024-8892,0,0,b5404a9c6df12d8f66b57eddda13f138d35d7b48bdd71ae1e8b3a805c49716e0,2024-10-07T17:10:26.673000 CVE-2024-8897,0,0,73bf9affb964d11dd95d3adbb34f86a16b9ae0fd786e64b4bbd48b1e4387bb49,2024-09-25T19:49:02.493000 CVE-2024-8900,0,0,7e1ef63767445d80c050e52e96753e1c9a46fb23d2b1e0137f2a2c5bdcba53e3,2024-10-01T16:15:10.293000 -CVE-2024-8901,0,0,387261e4d9f7c689fc19714b6468df0c6119ffd6b5f9b69c009671da4bac328b,2024-10-22T00:15:03.667000 +CVE-2024-8901,0,1,5296fd97c17e19a2d9fe2e0dab7936fdd9516207bfc538f5a85aa6e6692205b3,2024-10-23T15:12:34.673000 CVE-2024-8902,0,0,e5dace8ff5577040ad4e028bf354543120981f772810138844b5cb4413778526,2024-10-15T12:57:46.880000 CVE-2024-8903,0,0,2ce54562e46551a15b98a64a6437d41656e447939ac76ef855f5d59decf764b8,2024-09-26T13:32:55.343000 CVE-2024-8904,0,0,d8dcf25b3cbae62dbf75fa5380e6989346805c7240b139b8d28c46adffd353f1,2024-09-20T12:30:51.220000 @@ -266262,7 +266279,7 @@ CVE-2024-8970,0,0,ac6a340d484c123a9130b7a8da1b91e0090b1836f7865857c5a2324dbb60a4 CVE-2024-8974,0,0,47fcb9de64a47ab7d6fd39981189c5f91c3407e2aae34c6aae2197da9ba195e7,2024-10-04T17:30:18.803000 CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000 CVE-2024-8977,0,0,5252c9de61b84aeddd3ec48f8829f82be03db26645b8f09321099ae149149381,2024-10-16T17:10:13.220000 -CVE-2024-8980,0,0,ab8ec6030d8159f710ee21cdfc696408d9afd11cf59f459033246e03d1a15983,2024-10-22T15:15:07.337000 +CVE-2024-8980,0,1,894cfd0b1733edb37c8d2e45f12b2b4473bfabbb5f8f90f6649787e6fa72a1d3,2024-10-23T15:12:34.673000 CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000 CVE-2024-8983,0,0,a5894726a3c72e301955e62952254bf05f92543b19c3d4bf59f7d30236266e8c,2024-10-10T12:57:21.987000 CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000 @@ -266309,7 +266326,7 @@ CVE-2024-9046,0,0,8656f1201ca0039377fd822b96252cedb47d7d532a98f822fda06fa6ad4421 CVE-2024-9047,0,0,4ea7d0b1b11f6de8ec31e11947f5e76892006c92ffae382a37fca981e56bba3b,2024-10-15T12:57:46.880000 CVE-2024-9048,0,0,f4eeb8fc17937a04134cb85e4ff1d8e798c7887dad672c6adf3a86ffdd0c5d34,2024-09-30T13:00:48.613000 CVE-2024-9049,0,0,43c64cc2e53580aadfacb0d92c10ebf9c72fa78495b0a90bf4d0f0f029260a77,2024-10-04T18:53:10.910000 -CVE-2024-9050,0,0,f0d7dce5c5b75d92bad6ba8a0ca9dbbcf73894e969ec4d9bd2a291c4d7c7c545,2024-10-23T11:15:13.713000 +CVE-2024-9050,0,1,8ac1b90da19d750d070a32f9119a6a0ab35aa6b65dec91c9f80b3bbab527b059,2024-10-23T15:12:34.673000 CVE-2024-9051,0,0,e0f892f6090989bc65bfe2c27d48e7e51216899c12a8aa5d44d38bf2b4829ddc,2024-10-15T12:58:51.050000 CVE-2024-9054,0,0,8ac0760d3aa06e14d98991152c0b4a90664b0b925ad15b2f9f9f67c478cb9754,2024-10-17T15:19:32.803000 CVE-2024-9057,0,0,1e7730ffd6c424e386d911bdf2bfee9e4291e522521f210193a354376f62eabc,2024-10-15T13:58:19.960000 @@ -266362,7 +266379,7 @@ CVE-2024-9123,0,0,cd45c56b30b54bc08d10b45e423a2871895647b4b30e564898eb326d52a5c6 CVE-2024-9124,0,0,ed784b79f60c57333454c5582ccee1e6855416a99a054b161105f40c65181fb5,2024-10-10T12:56:30.817000 CVE-2024-9125,0,0,178fee32dc964661b9c65fa72adfd723833bc712092eacf5141ac942799ac520,2024-10-01T14:00:52.460000 CVE-2024-9127,0,0,2a57398f5cef1966c50482248e5fdb86e0eae0bed7d0a3c554fbb9c182ab0a8a,2024-10-01T14:09:26.017000 -CVE-2024-9129,0,0,134f7ece5b3cefa919b3f6de8c2759de84aa703b1114c3e9b5f02710bae06ae5,2024-10-22T17:15:06.557000 +CVE-2024-9129,0,1,156eaf7bc9b578e645b2cd31b998e3c79292935e3b301a3570b23f38eb7c94cd,2024-10-23T15:12:34.673000 CVE-2024-9130,0,0,c55ec493e0918bdc6346df7de1c7b50119b1912e830881716d5b60020f91e1cd,2024-10-04T17:18:59.130000 CVE-2024-9136,0,0,9b9746749b73403d8dc2b7a33b5935315a467feb0aa3698e70e44d08c2289a1f,2024-10-01T14:28:31.027000 CVE-2024-9137,0,0,264d67370ab0f50b8c3f1048814084fcd11d0d542a946dd3f8623532739c7355,2024-10-15T12:57:46.880000 @@ -266414,7 +266431,7 @@ CVE-2024-9222,0,0,aa75daaaa6f167f771e02be32b7ac6d9115eba757cf38ea3ae7fe336f82931 CVE-2024-9224,0,0,1efb870d30ff5afb9078703fdeff1bc29463ebfa0c91ad435c25d902219ffec9,2024-10-07T19:19:38.157000 CVE-2024-9225,0,0,d9b0065994459fe38d594a136ae9cff90cf19d12b5b0208b359cee9d6c2409ea,2024-10-07T20:24:41.420000 CVE-2024-9228,0,0,cb0dad29f14eeb8fed9baf1de8b4ba619c5e35c4fffb0932ef40f0c6748e195d,2024-10-07T19:01:04.960000 -CVE-2024-9231,0,0,43b348cb1f26ce930c938ed6416160a951ca812f14fcaf3d9080322a9cc8b3d0,2024-10-22T10:15:07.313000 +CVE-2024-9231,0,1,d9b97ab1a46e2ec8ce00428658a043128c841292d1f959cb3918d04f7f0f3dde,2024-10-23T15:12:34.673000 CVE-2024-9232,0,0,a07f526496bb68b184ee001c7d6cd9744d3cb563b91260e8d60bd9b70cac4bda,2024-10-15T12:58:51.050000 CVE-2024-9234,0,0,304bee6ceb91eca0cdc00d7cdc49b4c339c82fe3a2287348525c06a570d629da,2024-10-15T12:58:51.050000 CVE-2024-9237,0,0,fb69e6f6fcfba2cfafb660a24001833586540d01b0ed897e2ee22df678729e15,2024-10-16T15:10:08.390000 @@ -266443,7 +266460,7 @@ CVE-2024-9282,0,0,55016f43807b8bd2c7051116cb1e6375d4d2b410c86e99396c4800f5d9843f CVE-2024-9283,0,0,a5233c3b589826e3e09dfcafb866e56b060b301af37e2de0e699930a9008fdfe,2024-09-30T12:45:57.823000 CVE-2024-9284,0,0,e077aa9b3331db7cd8049b8d7f3273d870b80909d1916943a385cf9659e49d1c,2024-09-30T12:45:57.823000 CVE-2024-9286,0,0,c80c050c0c81c8eb62f751fd5198d6e48229164de5cbb6d6309b72371d27a18e,2024-10-10T12:51:56.987000 -CVE-2024-9287,0,0,3de2c43f5b9341b2c2d4d558e92dd45b9e29b5a5149d5bb65c4e8390fe8f56dd,2024-10-22T17:15:06.697000 +CVE-2024-9287,0,1,01199c404d57b1e8eecbc65367d66af6a025095a110abc1f609ce03c8e993fb9,2024-10-23T15:12:34.673000 CVE-2024-9289,0,0,06a6a34a1543252ca19c46e940aea37797a21c2bfa8e6ac1935900ffb41badd0,2024-10-07T18:25:21.380000 CVE-2024-9291,0,0,e3e60de040a8e25c6f8c9bce959d91ab605417a7bb6a76f30e8af4524d979a49,2024-10-07T16:13:44.433000 CVE-2024-9292,0,0,a7bdba47009ed945081e4090ae3ff19a132a10f1ea840ac7ca884beb20641078,2024-10-10T12:57:21.987000 @@ -266572,7 +266589,7 @@ CVE-2024-9520,0,0,043b00f2bf4932488b29ee05bd55762d90704159cb97bf4c710160da6d1296 CVE-2024-9521,0,0,09a594ea849fc5009e458f6cc46742d3176f440810ef4457104bfe2103f1d0c7,2024-10-16T16:38:14.557000 CVE-2024-9522,0,0,884c9004d667a145fae3b3526c4cb56c9d9a1365bd2a57b2af580c0e3b9c19a1,2024-10-15T14:27:41.553000 CVE-2024-9528,0,0,ad76266403ba94311c1f58d7258b765d914c39ddcd1148706c2e05f82ca92e87,2024-10-07T17:48:28.117000 -CVE-2024-9530,0,0,a2d78cef2d630943931f7b4b12b5dbee1eb57e5382f2678c2e86faa781e217f7,2024-10-23T08:15:03.770000 +CVE-2024-9530,0,1,c8501e0bb039e166d52c4ac8c3106fb221a4406a702b0c3915afb70bff44dc96,2024-10-23T15:12:34.673000 CVE-2024-9532,0,0,b7f2aba05edad35ecf41f43ec9640effe332d3189a3ed38d97f2bf49866ac50d,2024-10-09T11:18:49.027000 CVE-2024-9533,0,0,483ea201fb3f13623de51b6a803ec3c9d4b4a9f8d222ab5b1546c8a9a88ca771,2024-10-09T11:18:34.560000 CVE-2024-9534,0,0,c826e79c155e2dcea2a83d95fd56ee360f3177c126ff744e515a5e5c9099e0fc,2024-10-09T11:18:23.607000 @@ -266582,7 +266599,7 @@ CVE-2024-9537,0,0,aa6888a9cfaabe7c166bed0948898b65f4ee4b8fc4b3ec78f2bc1cb749794a CVE-2024-9538,0,0,11f6571425b77352661bef56e196d840faf334a919cdd5771fb07fb3f313a4e6,2024-10-15T12:58:51.050000 CVE-2024-9539,0,0,a0cbd26a327675fb40fcaea93c0a3ea911dbc683021df526355995459666c7a0,2024-10-15T12:57:46.880000 CVE-2024-9540,0,0,155792833f2c3d33a8c6cc679a0bdb6a5ac3f76d67aede19f5592875c2f877b6,2024-10-16T16:38:14.557000 -CVE-2024-9541,0,0,37a497829fb6688726bec25e4ec82df021bfe297c5f02b3adcabd9b0442eb806,2024-10-22T08:15:02.920000 +CVE-2024-9541,0,1,fbfc6bf257239e94a920ef8216e53bcd44e7b1a868cd0ef0ec6d341767434436,2024-10-23T15:12:34.673000 CVE-2024-9543,0,0,2a7de8e1e43a15761699f58c8b8bbb57c7e560a2fb555c13127ead0f3f3c7fd9,2024-10-15T12:58:51.050000 CVE-2024-9546,0,0,ea5318b51e997216e9c0b4c2992b7385f781b09c9935f9fcf746ecd59aedacb8,2024-10-17T13:34:27.890000 CVE-2024-9548,0,0,23f20b2ca80b43ded081582273555d31a6ef11043d80544e9c344a73e21ef886,2024-10-17T13:46:07.997000 @@ -266616,13 +266633,13 @@ CVE-2024-9575,0,0,902a179ba291c73f1ff19f974c0569ed05c8dbb3d8914c4f7409455feb2bd5 CVE-2024-9576,0,0,7a96a155cd09492144b259aa00c523497a7aeb66fdb84ed492d68f7654aa3880,2024-10-07T17:47:48.410000 CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7c3,2024-10-15T14:28:35.283000 CVE-2024-9582,0,0,6ec198135418f168eaebdeafd2e2fe73c3f44201fb3d949937a7b4e70c974bf6,2024-10-16T16:38:14.557000 -CVE-2024-9583,0,0,4e2383151ac5b9c2acd8fcf3ac201e2935142bdaea8e4140c8c137167c2756dc,2024-10-23T07:15:03.283000 +CVE-2024-9583,0,1,96a827cbc19af74fe76ad020e867993041c429a8306e57b84a2f78dbfd5710d1,2024-10-23T15:12:34.673000 CVE-2024-9586,0,0,a482a25f032ea940edbd74f8dc11272d0d4fecf517c5613466c04b8bd798dc3e,2024-10-15T12:58:51.050000 CVE-2024-9587,0,0,081ae6ebdba381265a40b327141c3458d6ec1c5b94d7fb86236bf633a93923d3,2024-10-15T12:58:51.050000 -CVE-2024-9588,0,0,6a3f9ab7e270d754b223fcdbf2cacc2d2bdde581661fe0dd749d86129cb2d158,2024-10-22T08:15:03.563000 -CVE-2024-9589,0,0,4b97bb7a7602c59472c74c941766dbe3191eb96927ec363e1555bcd9eeb5971a,2024-10-22T08:15:04.227000 -CVE-2024-9590,0,0,50428524a2f924e57bb2292f9c22e5a61116c4eb6b73a328593eda0dd37b7aaa,2024-10-22T08:15:04.807000 -CVE-2024-9591,0,0,f44a7253ab70ea0f90dc982d8d950abd1e258eda0deecae702437d3d14e87c84,2024-10-22T08:15:05.273000 +CVE-2024-9588,0,1,65aff2b1cd3b1280d8083f78d790697b85257a07a6c6e6516ccebd73625a92dc,2024-10-23T15:12:34.673000 +CVE-2024-9589,0,1,12420b2f38d2c93f0b54cb162fd986b1e3bc035cb82aa25afa709b3dca72935b,2024-10-23T15:12:34.673000 +CVE-2024-9590,0,1,f04908a66c8eee122a17cc23cd10db8f2eac72ab6acc6c9d623f58ed2f5d06ed,2024-10-23T15:12:34.673000 +CVE-2024-9591,0,1,18f850846f634f78ac97108e7dec46e1c5c5e29d9be70684269dc0702592824d,2024-10-23T15:12:34.673000 CVE-2024-9592,0,0,6f7f83fab1eebba9a1f954ec84a1bbaa3c51a5f9b9c0e4a02c7010d63a53fba8,2024-10-15T12:57:46.880000 CVE-2024-9593,0,0,cce5b3ee491d6630c052fcb33edfbddbd5dba3d44ec1ac1a1bc92ad9d40ee350,2024-10-21T17:10:22.857000 CVE-2024-9594,0,0,76152af657dea527c4e562a1c5799c4834f4bf18cf4ca885159373bfd78ad4ca,2024-10-16T16:38:14.557000 @@ -266637,7 +266654,7 @@ CVE-2024-9620,0,0,6bab3b47a8124e2f6e45a39c3f1a067698db02be0764fadf48434470b2bdf7 CVE-2024-9621,0,0,9e376b0f3dfa34027ae088e771a22694180917eee238e690ac2f4896caf46a6b,2024-10-10T12:56:30.817000 CVE-2024-9622,0,0,616f2c897f0ea8915fa743288697302d927eccd4a4b981ffaaf2224bd032869d,2024-10-10T12:56:30.817000 CVE-2024-9623,0,0,86dd85464498f6d194e548538328537f5fc627208085718de66c1a06e69de686,2024-10-16T16:59:36.817000 -CVE-2024-9627,0,0,c53a4fffe57ddcb530aac48ba4bd57b269f2a71e63ad0678519398b89567837e,2024-10-22T07:15:02.687000 +CVE-2024-9627,0,1,ab5726be759a332c53fc28be3ad1e688481f8077248af16a587354d8ff7a5b98,2024-10-23T15:12:34.673000 CVE-2024-9634,0,0,d64c376a2cd176bba19f7a8121026bf8ac88c7cb95243ab4e56bfc5d5fa1c1d3,2024-10-16T16:38:14.557000 CVE-2024-9647,0,0,6da0b5c2c888d90e6f29cb1f98cdc0c7a4315eaaa058e1c781c3c46d5b8615f9,2024-10-16T16:38:14.557000 CVE-2024-9649,0,0,f2ab83afff02bfae827ac0ac8958125c0d2707e9b7d72806aa0e09daf73ca0d7,2024-10-16T16:38:14.557000 @@ -266648,7 +266665,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000 CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000 CVE-2024-9676,0,0,d31717e3bcb8586d94edf5a821882c847af5c510cf5d1e8e5ea8ab53ee1286ab,2024-10-16T16:38:43.170000 -CVE-2024-9677,0,0,7cf8d43d57c2900d9443e482797783848d861069497504cccb5159525ba63cae,2024-10-22T02:15:04.380000 +CVE-2024-9677,0,1,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000 CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000 CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000 CVE-2024-9685,0,0,a93c724a8b2ee6ce4a46c54a35028c939ad55b1fb441a5b479f473edc57de420,2024-10-15T14:30:00.483000 @@ -266700,7 +266717,7 @@ CVE-2024-9821,0,0,847982287e8db8d54661c5522d18fa833c3d9091b2ddb2afe78ab1e8077a47 CVE-2024-9822,0,0,3245ced109c1c371c55834b9b14d881a9e8b7fd7c32c19b6e9a742506d7d4c79,2024-10-15T12:58:51.050000 CVE-2024-9823,0,0,918595934cb9b43f50abc93ebc9bbb9148088fae18c39570ebc344ac634d3e40,2024-10-15T12:57:46.880000 CVE-2024-9824,0,0,0b6b46e52b34b071e6f48e5304d76a541526a4368e490338503476fca424894a,2024-10-15T12:57:46.880000 -CVE-2024-9829,0,0,d830908c21d8114fe90e9bd180eef5e6d1b9af8f4bd56c24f825c37f79c0df45,2024-10-23T06:15:11.007000 +CVE-2024-9829,0,1,29ca684ca29e3e308110c39b518fe6192e70d69bdef130a555a51f12503b47bb,2024-10-23T15:12:34.673000 CVE-2024-9837,0,0,bb6af129df538114e71c369a037f26903d10504dcd81ada4fc7f4b05786c12dd,2024-10-15T12:57:46.880000 CVE-2024-9848,0,0,b402d34d635014e43cf3d9b875728458bb9e45308a715285ac01e2036b42d252,2024-10-22T16:42:25.867000 CVE-2024-9855,0,0,f4067d5f9739a4a46f27ed071acd023bca1d9a27db9968d98f329af2e8d70e8b,2024-10-15T12:58:51.050000 @@ -266743,12 +266760,12 @@ CVE-2024-9922,0,0,88ad74a9a80ef6250cad160a6da905c26f5539449069265fbdbc38c65f6e69 CVE-2024-9923,0,0,1744d806aab87c1cbef5524d43cf9cad10cdae75dc6a2cfd8b34f2d3877dca94,2024-10-15T12:57:46.880000 CVE-2024-9924,0,0,4d0aa49bc1047e2e0a23ab80e176dbdf70a0af5e82bea53f63a116cd5905286e,2024-10-15T12:57:46.880000 CVE-2024-9925,0,0,d9114846b6ab22497d9820c775f40ff778b3a4311afada5c7a947fe6aafbbadc,2024-10-17T18:09:40.537000 -CVE-2024-9927,0,0,5dded3cf948971c198f725f290262f789bfb61e29a3f6bc3cc4557807d2417de,2024-10-23T02:15:07.467000 +CVE-2024-9927,0,1,96920f248127734453deaf748492c280118aa5ea5b9c599a9138ad17f83910cb,2024-10-23T15:12:34.673000 CVE-2024-9936,0,0,9b9410743fe1ca2f5a844c24ad20043ec989ced54414fa626e93bdc74b6425ff,2024-10-15T12:57:46.880000 CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d38d,2024-10-16T16:38:14.557000 CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000 CVE-2024-9944,0,0,0b8e9f26d6b78f71e8a64eb7650f72f57e1c6a31a17ce0fafe5b6b8377b71371,2024-10-17T20:47:35.817000 -CVE-2024-9947,0,0,740bc028aa20a59832eb7d25da2505972d1214d46e60732a3d1d1371d903a794,2024-10-23T07:15:04.560000 +CVE-2024-9947,0,1,6d7ad994cc9a7fac36825c8cc7c424fb9dcf9e1f8fd3a9311a9b488ef62fd2d0,2024-10-23T15:12:34.673000 CVE-2024-9951,0,0,5d941c75af8c4072e469beaa1d6ae2855b0ca23ecdce87314ecd326f6a54014a,2024-10-18T12:52:33.507000 CVE-2024-9952,0,0,d5c643eb1b76a39b13753ce231704557bf9fa9c82efce6d96f1e313e65eab479,2024-10-16T15:05:13.467000 CVE-2024-9953,0,0,d45e8bc6b31e34e84fbff0a12af100dea5cf3de9adda836e3ebc3a7410262455,2024-10-17T20:59:01.940000 @@ -266783,4 +266800,4 @@ CVE-2024-9983,0,0,05b40e9cfe77e2a0c57e66e13edd76f3cb7232b22c3913645dde67dce84859 CVE-2024-9984,0,0,8e8b1dff68b77e14ce417f91873fee227d0458654a790688014355062c7539a9,2024-10-16T22:03:23.407000 CVE-2024-9985,0,0,35f031595deb3bfd21882874fada51cff590c3c6a37f03f4259fa4136f5b9157,2024-10-16T22:02:08.117000 CVE-2024-9986,0,0,f83b3609bd670a0cfc3a1c687a45465cc896c6d69e9f1c37efb33a43ca882e79,2024-10-21T13:07:47.700000 -CVE-2024-9987,0,0,fd5a09f27e03f79e4a400586884b3c95544fe1d8a5f7708ec6616a1762b8949a,2024-10-22T09:15:03.497000 +CVE-2024-9987,0,1,2fc9d3fa3d6f4a94d8c02299e2f4be1487dde9c0790750bfc65dc5695ac94c18,2024-10-23T15:12:34.673000