admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-27T17:00:20.661560+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-27 17:03:43 +00:00
parent accb1e81db
commit aee4b92168
175 changed files with 6298 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2017/CVE-2017-125xx/CVE-2017-12588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-12588",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-06T14:29:00.227",
"lastModified": "2024-11-21T03:09:48.777",
"lastModified": "2024-12-27T16:15:21.503",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -140,6 +140,10 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0009/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2017/CVE-2017-89xx/CVE-2017-8923.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-8923",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-05-12T20:29:00.500",
"lastModified": "2024-11-21T03:34:59.200",
"lastModified": "2024-12-27T16:15:22.243",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -135,6 +135,10 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0007/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2018/CVE-2018-121xx/CVE-2018-12121.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-12121",
"sourceIdentifier": "cve-request@iojs.org",
"published": "2018-11-28T17:29:00.337",
"lastModified": "2024-11-21T03:44:38.177",
"lastModified": "2024-12-27T16:15:22.400",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -294,6 +294,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0008/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2018/CVE-2018-200xx/CVE-2018-20060.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-20060",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-12-11T17:29:00.380",
"lastModified": "2024-11-21T04:00:49.450",
"lastModified": "2024-12-27T16:15:22.593",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -236,6 +236,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0010/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://usn.ubuntu.com/3990-1/",
"source": "af854a3a-2127-422b-91ae-364da2661108"

6
CVE-2020/CVE-2020-247xx/CVE-2020-24723.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-24723",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-18T13:15:11.267",
"lastModified": "2024-11-21T05:15:58.427",
"lastModified": "2024-12-27T15:55:35.150",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:user_registration_\\&_login_and_user_management_system_project:user_registration_\\&_login_and_user_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB13821-FAB1-40A7-8566-8581E68F30D1"
"criteria": "cpe:2.3:a:phpgurukul:user_registration_\\&_login_and_user_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C64BEC4-EB4F-4362-B98F-074DB2196D0B"
}
]
}

6
CVE-2020/CVE-2020-259xx/CVE-2020-25952.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-25952",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-16T16:15:14.710",
"lastModified": "2024-11-21T05:19:00.827",
"lastModified": "2024-12-27T15:55:35.150",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:user_registration_\\&_login_and_user_management_system_project:user_registration_\\&_login_and_user_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB13821-FAB1-40A7-8566-8581E68F30D1"
"criteria": "cpe:2.3:a:phpgurukul:user_registration_\\&_login_and_user_management_system:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C64BEC4-EB4F-4362-B98F-074DB2196D0B"
}
]
}

6
CVE-2021/CVE-2021-462xx/CVE-2021-46200.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-46200",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-21T16:15:08.033",
"lastModified": "2024-11-21T06:33:45.340",
"lastModified": "2024-12-27T15:55:35.150",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_music_cloud_community_system_project:simple_music_cloud_community_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A83AE-A97F-442D-B243-660F2CBE8483"
"criteria": "cpe:2.3:a:oretnom23:simple_music_cloud_community_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCDFD7A-76C7-4760-901F-F7CDE78D9863"
}
]
}

6
CVE-2023/CVE-2023-524xx/CVE-2023-52439.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52439",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T21:15:08.213",
"lastModified": "2024-11-21T08:39:45.820",
"lastModified": "2024-12-27T16:15:23.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -257,6 +257,10 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0006/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

94
CVE-2024/CVE-2024-04xx/CVE-2024-0438.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0438",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:11.853",
"lastModified": "2024-11-21T08:46:35.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T15:51:18.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,41 +36,115 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leevio:happy_addons_for_elementor:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "3.10.2",
"matchCriteriaId": "A91AEA55-8FE4-4995-9681-EA7831CCDF85"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-08xx/CVE-2024-0838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0838",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:29.613",
"lastModified": "2024-11-21T08:47:29.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T15:57:28.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leevio:happy_addons_for_elementor:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "3.10.2",
"matchCriteriaId": "ABCEB951-0856-4067-81A4-FBCE120577F9"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-09xx/CVE-2024-0983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0983",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:34.067",
"lastModified": "2024-11-21T08:47:57.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T16:05:07.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.14",
"matchCriteriaId": "68E98689-9AB9-4C4D-8201-6D992D9CFBD4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve",
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-09xx/CVE-2024-0984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0984",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:34.237",
"lastModified": "2024-11-21T08:47:57.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T16:08:43.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.14",
"matchCriteriaId": "68E98689-9AB9-4C4D-8201-6D992D9CFBD4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve",
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-10xx/CVE-2024-1089.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1089",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:39.383",
"lastModified": "2024-11-21T08:49:46.367",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T15:26:53.030",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.14",
"matchCriteriaId": "CD8DED9B-43A3-431E-9E3D-EC137E57A535"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve",
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-10xx/CVE-2024-1090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1090",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:39.530",
"lastModified": "2024-11-21T08:49:46.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T15:41:41.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.14",
"matchCriteriaId": "CD8DED9B-43A3-431E-9E3D-EC137E57A535"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve",
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-10xx/CVE-2024-1091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1091",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:39.690",
"lastModified": "2024-11-21T08:49:46.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T15:45:27.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,22 +39,64 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagerecycle:imagerecycle_pdf_\\&_image_compression:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.14",
"matchCriteriaId": "CD8DED9B-43A3-431E-9E3D-EC137E57A535"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve",
"source": "security@wordfence.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-116xx/CVE-2024-11607.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-11607",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-12-21T06:15:20.813",
"lastModified": "2024-12-21T06:15:20.813",
"vulnStatus": "Received",
"lastModified": "2024-12-27T15:15:09.637",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
},
{
"lang": "es",
"value": "El complemento GTPayment Donations de WordPress hasta la versi\u00f3n 1.0.0 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta desinfecci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/132b5193-156b-40b8-b5c7-08646e1f6866/",

64
CVE-2024/CVE-2024-128xx/CVE-2024-12856.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-12856",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-12-27T16:15:23.403",
"lastModified": "2024-12-27T16:15:23.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://ducklingstudio.blog.fc2.com/blog-entry-392.html",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/four-faith-time",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/blog/four-faith-cve-2024-12856",
"source": "disclosure@vulncheck.com"
}
]
}

6
CVE-2024/CVE-2024-129xx/CVE-2024-12908.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12908",
"sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a",
"published": "2024-12-26T16:15:06.050",
"lastModified": "2024-12-26T16:15:06.050",
"lastModified": "2024-12-27T15:15:10.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -59,6 +59,10 @@
{
"url": "https://trust.delinea.com/",
"source": "1443cd92-d354-46d2-9290-d812316ca43a"
},
{
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12926.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12926",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-25T20:15:22.147",
"lastModified": "2024-12-25T20:15:22.147",
"lastModified": "2024-12-27T15:15:10.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.467933",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12927.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-25T23:15:17.430",
"lastModified": "2024-12-25T23:15:17.430",
"lastModified": "2024-12-27T15:15:10.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.467992",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zzkk0173/CVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12928.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12928",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T00:15:21.740",
"lastModified": "2024-12-26T00:15:21.740",
"lastModified": "2024-12-27T15:15:10.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.468108",
"source": "cna@vuldb.com"
},
{
"url": "https://code-projects.org/simple-admin-panel-in-php-with-source-code/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12929.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12929",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T00:15:22.300",
"lastModified": "2024-12-26T00:15:22.300",
"lastModified": "2024-12-27T15:15:10.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.468120",
"source": "cna@vuldb.com"
},
{
"url": "https://code-projects.org/student-management-system-using-php-source-code/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12930.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12930",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T02:15:23.210",
"lastModified": "2024-12-26T02:15:23.210",
"lastModified": "2024-12-27T15:15:10.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.468121",
"source": "cna@vuldb.com"
},
{
"url": "https://code-projects.org/simple-admin-panel-in-php-with-source-code/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12943.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12943",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T09:15:06.747",
"lastModified": "2024-12-26T09:15:06.747",
"lastModified": "2024-12-27T15:15:11.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.468375",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Wind-liberty/CVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12944",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T09:15:07.030",
"lastModified": "2024-12-26T09:15:07.030",
"lastModified": "2024-12-27T15:15:11.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.468376",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Wind-liberty/CVE/issues/2",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12949",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T12:15:05.997",
"lastModified": "2024-12-26T12:15:05.997",
"lastModified": "2024-12-27T15:15:11.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.468541",
"source": "cna@vuldb.com"
},
{
"url": "https://code-projects.org/travel-management-system-using-php-source-code/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12958.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12958",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-26T16:15:25.667",
"lastModified": "2024-12-26T16:15:25.667",
"lastModified": "2024-12-27T15:15:11.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.468799",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/dawatermelon/CVE/blob/main/Portfolio%20Management%20System%20MCA%20Project/README6.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12982.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12982",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T06:15:23.680",
"lastModified": "2024-12-27T06:15:23.680",
"lastModified": "2024-12-27T16:15:23.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.469202",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.469202",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

8
CVE-2024/CVE-2024-129xx/CVE-2024-12983.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12983",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T07:15:11.180",
"lastModified": "2024-12-27T07:15:11.180",
"lastModified": "2024-12-27T16:15:23.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.469215",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Rocky-Bull/myCVE/blob/main/Hospital_Management_System_XSS.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

141
CVE-2024/CVE-2024-129xx/CVE-2024-12984.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12984",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T15:15:11.957",
"lastModified": "2024-12-27T15:15:11.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289377",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289377",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.461109",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-129xx/CVE-2024-12985.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12985",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T15:15:12.183",
"lastModified": "2024-12-27T16:15:23.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.289378",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289378",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.462387",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.462387",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

141
CVE-2024/CVE-2024-129xx/CVE-2024-12986.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12986",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T16:15:23.927",
"lastModified": "2024-12-27T16:15:23.927",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://netsecfish.notion.site/Command-Injection-in-apmcfgupptim-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c80b9ad8cc37b93273bf6?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289379",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289379",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.468794",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-129xx/CVE-2024-12987.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12987",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-27T16:15:24.143",
"lastModified": "2024-12-27T16:15:24.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f?pvs=4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289380",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289380",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.468795",
"source": "cna@vuldb.com"
}
]
}

188
CVE-2024/CVE-2024-214xx/CVE-2024-21436.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21436",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:52.550",
"lastModified": "2024-11-21T08:54:21.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-27T16:25:32.740",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -49,16 +49,196 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21436",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21436",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-30xx/CVE-2024-3056.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3056",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-02T21:16:30.950",
"lastModified": "2024-10-16T05:15:14.297",
"lastModified": "2024-12-27T16:15:24.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:H",
@ -62,7 +62,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -144,6 +144,10 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0002/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2024/CVE-2024-388xx/CVE-2024-38816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38816",
"sourceIdentifier": "security@vmware.com",
"published": "2024-09-13T06:15:11.190",
"lastModified": "2024-09-13T14:06:04.777",
"lastModified": "2024-12-27T16:15:24.313",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -43,6 +43,10 @@
{
"url": "https://spring.io/security/cve-2024-38816",
"source": "security@vmware.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0001/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

8
CVE-2024/CVE-2024-411xx/CVE-2024-41123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41123",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-01T15:15:13.213",
"lastModified": "2024-10-10T12:56:29.837",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-27T16:15:24.577",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -134,6 +134,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0005/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

14
CVE-2024/CVE-2024-471xx/CVE-2024-47153.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47153",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2024-12-26T12:15:07.183",
"lastModified": "2024-12-26T12:15:07.183",
"lastModified": "2024-12-27T15:15:12.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://www.honor.com/global/security/cve-2024-47153/",

14
CVE-2024/CVE-2024-471xx/CVE-2024-47154.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47154",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2024-12-26T12:15:07.303",
"lastModified": "2024-12-26T12:15:07.303",
"lastModified": "2024-12-27T15:15:12.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://www.honor.com/global/security/cve-2024-47154/",

14
CVE-2024/CVE-2024-471xx/CVE-2024-47155.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47155",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2024-12-26T12:15:07.433",
"lastModified": "2024-12-26T12:15:07.433",
"lastModified": "2024-12-27T15:15:12.723",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://www.honor.com/global/security/cve-2024-47155/",

14
CVE-2024/CVE-2024-471xx/CVE-2024-47157.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47157",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2024-12-26T12:15:07.547",
"lastModified": "2024-12-26T12:15:07.547",
"lastModified": "2024-12-27T15:15:12.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.honor.com/global/security/cve-2024-47157/",

8
CVE-2024/CVE-2024-489xx/CVE-2024-48949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48949",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-10T01:15:11.127",
"lastModified": "2024-10-15T14:07:04.057",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-27T16:15:24.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -83,6 +83,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0003/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

10
CVE-2024/CVE-2024-497xx/CVE-2024-49761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49761",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-28T15:15:05.157",
"lastModified": "2024-11-05T16:41:46.660",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-27T16:15:24.890",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -86,7 +86,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -134,6 +134,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0004/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

60
CVE-2024/CVE-2024-565xx/CVE-2024-56507.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-56507",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-27T16:15:25.043",
"lastModified": "2024-12-27T16:15:25.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the \"URL\" field of the \"Edit Link\" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim\u2019s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Kovah/LinkAce/commit/c7cd6a323a03ccd89c7f905f7d9f2afc265b7b67",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-cjcg-wj4p-pgc5",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-565xx/CVE-2024-56508.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-56508",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-27T16:15:25.187",
"lastModified": "2024-12-27T16:15:25.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the \"Import Bookmarks\" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-565xx/CVE-2024-56509.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-56509",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-27T16:15:25.333",
"lastModified": "2024-12-27T16:15:25.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/dgtlmoon/changedetection.io/commit/f7e9846c9b40a229813d19cdb66bf60fbe5e6a2a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-j5vv-6wjg-cfr8",
"source": "security-advisories@github.com"
}
]
}

18
CVE-2024/CVE-2024-565xx/CVE-2024-56527.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-56527",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T06:15:23.880",
"lastModified": "2024-12-27T06:15:23.880",
"lastModified": "2024-12-27T15:15:13.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -12,7 +12,23 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1",
"source": "cve@mitre.org"

25
CVE-2024/CVE-2024-565xx/CVE-2024-56550.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56550",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:13.737",
"lastModified": "2024-12-27T15:15:13.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/stacktrace: Use break instead of return statement\n\narch_stack_walk_user_common() contains a return statement instead of a\nbreak statement in case store_ip() fails while trying to store a callchain\nentry of a user space process.\nThis may lead to a missing pagefault_enable() call.\n\nIf this happens any subsequent page fault of the process won't be resolved\nby the page fault handler and this in turn will lead to the process being\nkilled.\n\nUse a break instead of a return statement to fix this."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/20c26357826457dc7c8145297e60ddc012e18914",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/588a9836a4ef7ec3bfcffda526dfa399637e6cfc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56551.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56551",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:13.850",
"lastModified": "2024-12-27T15:15:13.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix usage slab after free\n\n[ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147\n\n[ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1\n[ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000016] Call Trace:\n[ +0.000008] <TASK>\n[ +0.000009] dump_stack_lvl+0x76/0xa0\n[ +0.000017] print_report+0xce/0x5f0\n[ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] ? srso_return_thunk+0x5/0x5f\n[ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200\n[ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] kasan_report+0xbe/0x110\n[ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000023] __asan_report_load8_noabort+0x14/0x30\n[ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? enable_work+0x124/0x220\n[ +0.000015] ? __pfx_enable_work+0x10/0x10\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? free_large_kmalloc+0x85/0xf0\n[ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched]\n[ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu]\n[ +0.000735] ? __kasan_check_read+0x11/0x20\n[ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu]\n[ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu]\n[ +0.000679] ? mutex_unlock+0x80/0xe0\n[ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu]\n[ +0.000662] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? mutex_unlock+0x80/0xe0\n[ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu]\n[ +0.000663] drm_minor_release+0xc9/0x140 [drm]\n[ +0.000081] drm_release+0x1fd/0x390 [drm]\n[ +0.000082] __fput+0x36c/0xad0\n[ +0.000018] __fput_sync+0x3c/0x50\n[ +0.000014] __x64_sys_close+0x7d/0xe0\n[ +0.000014] x64_sys_call+0x1bc6/0x2680\n[ +0.000014] do_syscall_64+0x70/0x130\n[ +0.000014] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit+0x43/0x50\n[ +0.000012] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? exc_page_fault+0x7c/0x110\n[ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000014] RIP: 0033:0x7ffff7b14f67\n[ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff\n[ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67\n[ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003\n[ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000\n[ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8\n[ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040\n[ +0.000020] </TASK>\n\n[ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s:\n[ +0.000014] kasan_save_stack+0x28/0x60\n[ +0.000008] kasan_save_track+0x18/0x70\n[ +0.000007] kasan_save_alloc_info+0x38/0x60\n[ +0.000007] __kasan_kmalloc+0xc1/0xd0\n[ +0.000007] kmalloc_trace_noprof+0x180/0x380\n[ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched]\n[ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu]\n[ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu]\n[ +0.000662] amdgpu_pci_p\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56552.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56552",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:13.970",
"lastModified": "2024-12-27T15:15:13.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc_submit: fix race around suspend_pending\n\nCurrently in some testcases we can trigger:\n\nxe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed!\n....\nWARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe]\nxe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57\n\nLooking at a snippet of corresponding ftrace for this GuC id we can see:\n\n162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674089: xe_exec_queue_kill: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674108: xe_exec_queue_close: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.674488: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.678452: xe_exec_queue_deregister: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa1, flags=0x0\n\nIt looks like we try to suspend the queue (opcode=3), setting\nsuspend_pending and triggering a disable_scheduling. The user then\ncloses the queue. However the close will also forcefully signal the\nsuspend fence after killing the queue, later when the G2H response for\ndisable_scheduling comes back we have now cleared suspend_pending when\nsignalling the suspend fence, so the disable_scheduling now incorrectly\ntries to also deregister the queue. This leads to warnings since the queue\nhas yet to even be marked for destruction. We also seem to trigger\nerrors later with trying to double unregister the same queue.\n\nTo fix this tweak the ordering when handling the response to ensure we\ndon't race with a disable_scheduling that didn't actually intend to\nperform an unregister. The destruction path should now also correctly\nwait for any pending_disable before marking as destroyed.\n\n(cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ddcb50b700221fa7d7be2adcb3d7d7afe8633dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87651f31ae4e6e6e7e6c7270b9b469405e747407",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56553.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56553",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.073",
"lastModified": "2024-12-27T15:15:14.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix memleak of proc->delivered_freeze\n\nIf a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION\nbefore calling binder_freeze_notification_done(), then it is detached\nfrom its reference (e.g. ref->freeze) but the work remains queued in\nproc->delivered_freeze. This leads to a memory leak when the process\nexits as any pending entries in proc->delivered_freeze are not freed:\n\n unreferenced object 0xffff38e8cfa36180 (size 64):\n comm \"binder-util\", pid 655, jiffies 4294936641\n hex dump (first 32 bytes):\n b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8..\n 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K.....\n backtrace (crc 95983b32):\n [<000000000d0582cf>] kmemleak_alloc+0x34/0x40\n [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280\n [<00000000313b1704>] binder_thread_write+0xdec/0x439c\n [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc\n [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190\n [<00000000b439adee>] invoke_syscall+0x6c/0x254\n [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230\n [<0000000084f72311>] do_el0_svc+0x40/0x58\n [<000000008b872457>] el0_svc+0x38/0x78\n [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c\n [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194\n\nThis patch fixes the leak by ensuring that any pending entries in\nproc->delivered_freeze are freed during binder_deferred_release()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1db76ec2b4b206ff943e292a0b55e68ff3443598",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8b77712142fb146fe18d2253bc8a798d522e427",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56554.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56554",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.183",
"lastModified": "2024-12-27T15:15:14.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix freeze UAF in binder_release_work()\n\nWhen a binder reference is cleaned up, any freeze work queued in the\nassociated process should also be removed. Otherwise, the reference is\nfreed while its ref->freeze.work is still queued in proc->work leading\nto a use-after-free issue as shown by the following KASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in binder_release_work+0x398/0x3d0\n Read of size 8 at addr ffff31600ee91488 by task kworker/5:1/211\n\n CPU: 5 UID: 0 PID: 211 Comm: kworker/5:1 Not tainted 6.11.0-rc7-00382-gfc6c92196396 #22\n Hardware name: linux,dummy-virt (DT)\n Workqueue: events binder_deferred_func\n Call trace:\n binder_release_work+0x398/0x3d0\n binder_deferred_func+0xb60/0x109c\n process_one_work+0x51c/0xbd4\n worker_thread+0x608/0xee8\n\n Allocated by task 703:\n __kmalloc_cache_noprof+0x130/0x280\n binder_thread_write+0xdb4/0x42a0\n binder_ioctl+0x18f0/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n invoke_syscall+0x6c/0x254\n\n Freed by task 211:\n kfree+0xc4/0x230\n binder_deferred_func+0xae8/0x109c\n process_one_work+0x51c/0xbd4\n worker_thread+0x608/0xee8\n ==================================================================\n\nThis commit fixes the issue by ensuring any queued freeze work is removed\nwhen cleaning up a binder reference."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e20434cbca814cb91a0a261ca0106815ef48e5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe39e0ea2d0ba7f508ff453c4c9a44a95ec0de29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56555.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56555",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.297",
"lastModified": "2024-12-27T15:15:14.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix OOB in binder_add_freeze_work()\n\nIn binder_add_freeze_work() we iterate over the proc->nodes with the\nproc->inner_lock held. However, this lock is temporarily dropped to\nacquire the node->lock first (lock nesting order). This can race with\nbinder_deferred_release() which removes the nodes from the proc->nodes\nrbtree and adds them into binder_dead_nodes list. This leads to a broken\niteration in binder_add_freeze_work() as rb_next() will use data from\nbinder_dead_nodes, triggering an out-of-bounds access:\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124\n Read of size 8 at addr ffffcb84285f7170 by task freeze/660\n\n CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n rb_next+0xfc/0x124\n binder_add_freeze_work+0x344/0x534\n binder_ioctl+0x1e70/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n The buggy address belongs to the variable:\n binder_dead_nodes+0x10/0x40\n [...]\n ==================================================================\n\nThis is possible because proc->nodes (rbtree) and binder_dead_nodes\n(list) share entries in binder_node through a union:\n\n\tstruct binder_node {\n\t[...]\n\t\tunion {\n\t\t\tstruct rb_node rb_node;\n\t\t\tstruct hlist_node dead_node;\n\t\t};\n\nFix the race by checking that the proc is still alive. If not, simply\nbreak out of the iteration."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/011e69a1b23011c0db3af4b8293fdd4522cc97b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b1be1da1f8279cf091266e71b5153c5b02aaff6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56556.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56556",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.410",
"lastModified": "2024-12-27T15:15:14.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix node UAF in binder_add_freeze_work()\n\nIn binder_add_freeze_work() we iterate over the proc->nodes with the\nproc->inner_lock held. However, this lock is temporarily dropped in\norder to acquire the node->lock first (lock nesting order). This can\nrace with binder_node_release() and trigger a use-after-free:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n Write of size 4 at addr ffff53c04c29dd04 by task freeze/640\n\n CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n _raw_spin_lock+0xe4/0x19c\n binder_add_freeze_work+0x148/0x478\n binder_ioctl+0x1e70/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n Allocated by task 637:\n __kmalloc_cache_noprof+0x12c/0x27c\n binder_new_node+0x50/0x700\n binder_transaction+0x35ac/0x6f74\n binder_thread_write+0xfb8/0x42a0\n binder_ioctl+0x18f0/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n Freed by task 637:\n kfree+0xf0/0x330\n binder_thread_read+0x1e88/0x3a68\n binder_ioctl+0x16d8/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n ==================================================================\n\nFix the race by taking a temporary reference on the node before\nreleasing the proc->inner lock. This ensures the node remains alive\nwhile in use."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/38fbefeb2c140b581ed7de8117a5c90d6dd89c22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc8aea47b928cc153b591b3558829ce42f685074",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-565xx/CVE-2024-56557.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56557",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.520",
"lastModified": "2024-12-27T15:15:14.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer\n\nThe AD7923 was updated to support devices with 8 channels, but the size\nof tx_buf and ring_xfer was not increased accordingly, leading to a\npotential buffer overflow in ad7923_update_scan_mode()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00663d3e000c31d0d49ef86a809f5c107c2d09cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/218ecc35949129171ca39bcc0d407c8dc4cd0bbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a4187ec454e19903fd15f6e1825a4b84e59a4cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e5cac32721997cb8bcb208a29f4598b3faf46338",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56558.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56558",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.633",
"lastModified": "2024-12-27T15:15:14.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: make sure exp active before svc_export_show\n\nThe function `e_show` was called with protection from RCU. This only\nensures that `exp` will not be freed. Therefore, the reference count for\n`exp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `exp_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `exp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 819 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n...\nCall Trace:\n <TASK>\n e_show+0x20b/0x230 [nfsd]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1cecfdbc6bfc89c516d286884c7f29267b95de2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6cefcadd34e3c71c81ea64b899a0daa86314a51a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7365d1f8de63cffdbbaa2287ce0205438e1a922f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7fd29d284b55c2274f7a748e6c5f25b4758b8da5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be8f982c369c965faffa198b46060f8853e0f1f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2fa0d0e327279a8defb87b263cd0bf288fd9261",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56559.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56559",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.760",
"lastModified": "2024-12-27T15:15:14.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation\n\nWhen compiling kernel source 'make -j $(nproc)' with the up-and-running\nKASAN-enabled kernel on a 256-core machine, the following soft lockup is\nshown:\n\nwatchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760]\nCPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95\nWorkqueue: events drain_vmap_area_work\nRIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0\nCode: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75\nRSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202\nRAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949\nRDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50\nRBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800\nR10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39\nR13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003\nFS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0\nCall Trace:\n <IRQ>\n ? watchdog_timer_fn+0x2cd/0x390\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x300/0x6d0\n ? sched_clock_cpu+0x69/0x4e0\n ? __pfx___hrtimer_run_queues+0x10/0x10\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get_update_offsets_now+0x7f/0x2a0\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? hrtimer_interrupt+0x2ca/0x760\n ? __sysvec_apic_timer_interrupt+0x8c/0x2b0\n ? sysvec_apic_timer_interrupt+0x6a/0x90\n </IRQ>\n <TASK>\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? smp_call_function_many_cond+0x1d8/0xbb0\n ? __pfx_do_kernel_range_flush+0x10/0x10\n on_each_cpu_cond_mask+0x20/0x40\n flush_tlb_kernel_range+0x19b/0x250\n ? srso_return_thunk+0x5/0x5f\n ? kasan_release_vmalloc+0xa7/0xc0\n purge_vmap_node+0x357/0x820\n ? __pfx_purge_vmap_node+0x10/0x10\n __purge_vmap_area_lazy+0x5b8/0xa10\n drain_vmap_area_work+0x21/0x30\n process_one_work+0x661/0x10b0\n worker_thread+0x844/0x10e0\n ? srso_return_thunk+0x5/0x5f\n ? __kthread_parkme+0x82/0x140\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2a5/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\nDebugging Analysis:\n\n 1. The following ftrace log shows that the lockup CPU spends too much\n time iterating vmap_nodes and flushing TLB when purging vm_area\n structures. (Some info is trimmed).\n\n kworker: funcgraph_entry: | drain_vmap_area_work() {\n kworker: funcgraph_entry: | mutex_lock() {\n kworker: funcgraph_entry: 1.092 us | __cond_resched();\n kworker: funcgraph_exit: 3.306 us | }\n ... ...\n kworker: funcgraph_entry: | flush_tlb_kernel_range() {\n ... ...\n kworker: funcgraph_exit: # 7533.649 us | }\n ... ...\n kworker: funcgraph_entry: 2.344 us | mutex_unlock();\n kworker: funcgraph_exit: $ 23871554 us | }\n\n The drain_vmap_area_work() spends over 23 seconds.\n\n There are 2805 flush_tlb_kernel_range() calls in the ftrace log.\n * One is called in __purge_vmap_area_lazy().\n * Others are called by purge_vmap_node->kasan_release_vmalloc.\n purge_vmap_node() iteratively releases kasan vmalloc\n allocations and flushes TLB for each vmap_area.\n - [Rough calculation] Each flush_tlb_kernel_range() runs\n about 7.5ms.\n -- 2804 * 7.5ms = 21.03 seconds.\n -- That's why a soft lock is triggered.\n\n 2. Extending the soft lockup time can work around the issue (For example,\n # echo\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e9e085effe9b7e342138fde3cf8577d22509932",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9a18889aad9b4c19c6c4550c67ad4f9ed2a354f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56560.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56560",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.873",
"lastModified": "2024-12-27T15:15:14.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nslab: Fix too strict alignment check in create_cache()\n\nOn m68k, where the minimum alignment of unsigned long is 2 bytes:\n\n Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22\n CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783\n Stack from 0102fe5c:\n\t 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b\n\t 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044\n\t 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007\n\t 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4\n\t 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004\n\t 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88\n Call Trace: [<00425e78>] dump_stack+0xc/0x10\n [<0041eb74>] panic+0xd8/0x26c\n [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8\n [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8\n [<0041e5f0>] memset+0x0/0x8c\n [<005f67c0>] io_uring_init+0x54/0xd2\n\nThe minimal alignment of an integral type may differ from its size,\nhence is not safe to assume that an arbitrary freeptr_t (which is\nbasically an unsigned long) is always aligned to 4 or 8 bytes.\n\nAs nothing seems to require the additional alignment, it is safe to fix\nthis by relaxing the check to the actual minimum alignment of freeptr_t."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56561.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56561",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:14.983",
"lastModified": "2024-12-27T15:15:14.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()\n\npci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI\ndomain ID, but there are two issues:\n\n - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already\n freed by device_unregister(), leading to a use-after-free issue.\n\n - Domain ID corresponds to the EPC device parent, so passing 'epc->dev'\n is also wrong.\n\nFix these issues by passing 'epc->dev.parent' to\npci_bus_release_domain_nr() and also do it before device_unregister().\n\n[mani: reworded subject and description]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4acc902ed3743edd4ac2d3846604a99d17104359",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c74a1df6c2a2df7dd45c3fc1a5edc29a075dcf22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56562.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56562",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.087",
"lastModified": "2024-12-27T15:15:15.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()\n\nif (dev->boardinfo && dev->boardinfo->init_dyn_addr)\n ^^^ here check \"init_dyn_addr\"\n\ti3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...)\n\t\t\t\t\t\t ^^^^\n\t\t\t\t\t\t\tfree \"dyn_addr\"\nFix copy/paste error \"dyn_addr\" by replacing it with \"init_dyn_addr\"."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/093ecc6d82ff1d2e0cbf6f2000438b6c698145cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0cb21f1ea3a2e19ee314a8fcf95461b5c453c59e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0e8ab955c6d06f9d907761c07c02d1492f0a8ac1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3082990592f7c6d7510a9133afa46e31bbe26533",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/991e33a99fd3b5d432f0629565f532f563fe019a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2f0ce241154b04f2fc150ff16ad82d9b8fdfa4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce30d11b39e8d637fed4704a5b43e9d556990475",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56563.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56563",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.197",
"lastModified": "2024-12-27T15:15:15.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix cred leak in ceph_mds_check_access()\n\nget_current_cred() increments the reference counter, but the\nput_cred() call was missing."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/c5cf420303256dcd6ff175643e9e9558543c2047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3d1c9e2b811f13bdbbb962c2b17a6091c28522c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56564.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56564",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.297",
"lastModified": "2024-12-27T15:15:15.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: pass cred pointer to ceph_mds_auth_match()\n\nThis eliminates a redundant get_current_cred() call, because\nceph_mds_check_access() has already obtained this pointer.\n\nAs a side effect, this also fixes a reference leak in\nceph_mds_auth_match(): by omitting the get_current_cred() call, no\nadditional cred reference is taken."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23426309a4064b25a961e1c72961d8bfc7c8c990",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffa6ba7bdb7f07f49c9e9150b0176df066520f62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56565.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56565",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.400",
"lastModified": "2024-12-27T15:15:15.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to drop all discards after creating snapshot on lvm device\n\nPiergiorgio reported a bug in bugzilla as below:\n\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330\nRIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs]\nCall Trace:\n __issue_discard_cmd+0x1ca/0x350 [f2fs]\n issue_discard_thread+0x191/0x480 [f2fs]\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nw/ below testcase, it can reproduce this bug quickly:\n- pvcreate /dev/vdb\n- vgcreate myvg1 /dev/vdb\n- lvcreate -L 1024m -n mylv1 myvg1\n- mount /dev/myvg1/mylv1 /mnt/f2fs\n- dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20\n- sync\n- rm /mnt/f2fs/file\n- sync\n- lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1\n- umount /mnt/f2fs\n\nThe root cause is: it will update discard_max_bytes of mounted lvm\ndevice to zero after creating snapshot on this lvm device, then,\n__submit_discard_cmd() will pass parameter @nr_sects w/ zero value\nto __blkdev_issue_discard(), it returns a NULL bio pointer, result\nin panic.\n\nThis patch changes as below for fixing:\n1. Let's drop all remained discards in f2fs_unfreeze() if snapshot\nof lvm device is created.\n2. Checking discard_max_bytes before submitting discard during\n__submit_discard_cmd()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15136c3861a3341db261ebdbb6ae4ae1765635e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc8aeb04fd80cb8cfae3058445c84410fd0beb5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed24ab98242f8d22b66fbe0452c97751b5ea4e22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56566.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56566",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.517",
"lastModified": "2024-12-27T15:15:15.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: Avoid list corruption when removing a slab from the full list\n\nBoot with slub_debug=UFPZ.\n\nIf allocated object failed in alloc_consistency_checks, all objects of\nthe slab will be marked as used, and then the slab will be removed from\nthe partial list.\n\nWhen an object belonging to the slab got freed later, the remove_full()\nfunction is called. Because the slab is neither on the partial list nor\non the full list, it eventually lead to a list corruption (actually a\nlist poison being detected).\n\nSo we need to mark and isolate the slab page with metadata corruption,\ndo not put it back in circulation.\n\nBecause the debug caches avoid all the fastpaths, reusing the frozen bit\nto mark slab page with metadata corruption seems to be fine.\n\n[ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100)\n[ 4277.387023] ------------[ cut here ]------------\n[ 4277.387880] kernel BUG at lib/list_debug.c:56!\n[ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1\n[ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs]\n[ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91\n[ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082\n[ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000\n[ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff\n[ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0\n[ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910\n[ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0\n[ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000\n[ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0\n[ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4277.410000] PKRU: 55555554\n[ 4277.410645] Call Trace:\n[ 4277.411234] <TASK>\n[ 4277.411777] ? die+0x32/0x80\n[ 4277.412439] ? do_trap+0xd6/0x100\n[ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.414158] ? do_error_trap+0x6a/0x90\n[ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.415915] ? exc_invalid_op+0x4c/0x60\n[ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.417675] ? asm_exc_invalid_op+0x16/0x20\n[ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.420410] free_to_partial_list+0x515/0x5e0\n[ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs]\n[ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs]\n[ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs]\n[ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs]\n[ 4277.428567] xfs_inactive+0x22d/0x290 [xfs]\n[ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.430479] process_one_work+0x171/0x340\n[ 4277.431227] worker_thread+0x277/0x390\n[ 4277.431962] ? __pfx_worker_thread+0x10/0x10\n[ 4277.432752] kthread+0xf0/0x120\n[ 4277.433382] ? __pfx_kthread+0x10/0x10\n[ 4277.434134] ret_from_fork+0x2d/0x50\n[ 4277.434837] ? __pfx_kthread+0x10/0x10\n[ 4277.435566] ret_from_fork_asm+0x1b/0x30\n[ 4277.436280] </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/33a213c04faff6c3a7fe77e947db81bc7270fe32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/943c0f601cd28c1073b92b5f944c6c6c2643e709",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbc16915279a548a204154368da23d402c141c81",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56567.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56567",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.630",
"lastModified": "2024-12-27T15:15:15.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nad7780: fix division by zero in ad7780_write_raw()\n\nIn the ad7780_write_raw() , val2 can be zero, which might lead to a\ndivision by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw()\nis based on iio_info's write_raw. While val is explicitly declared that\ncan be zero (in read mode), val2 is not specified to be non-zero."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/022e13518ba6cc1b4fdd291f49e4f57b2d5718e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/18fb33df1de83a014d7f784089f9b124facc157f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68e79b848196a0b0ec006009cc69da1f835d1ae8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e3a8ea3d1ada7f707de5d9d504774b4191eab66",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c174b53e95adf2eece2afc56cd9798374919f99a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f25a9f1df1f6738acf1fa05595fb6060a2c08ff1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-565xx/CVE-2024-56568.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-56568",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.733",
"lastModified": "2024-12-27T15:15:15.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu->streamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56569.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56569",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.840",
"lastModified": "2024-12-27T15:15:15.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix regression with module command in stack_trace_filter\n\nWhen executing the following command:\n\n # echo \"write*:mod:ext3\" > /sys/kernel/tracing/stack_trace_filter\n\nThe current mod command causes a null pointer dereference. While commit\n0f17976568b3f (\"ftrace: Fix regression with module command in stack_trace_filter\")\nhas addressed part of the issue, it left a corner case unhandled, which still\nresults in a kernel crash."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19cacabdd5a8487ae566cbecb4d03bcb038a067e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43ca32ce12888fb0eeb2d74dfc558dea60d3473e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/45af52e7d3b8560f21d139b3759735eead8b1653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5dabb7af57bc72308a6e2e81a5dd756eef283803",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ae27880de3482e063fcc1f72d9a298d0d391407",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/885109aa0c70639527dd6a65c82e63c9ac055e3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a92dc4df89c50bdb26667419ea70e0abbce456e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56570.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56570",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:15.963",
"lastModified": "2024-12-27T15:15:15.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Filter invalid inodes with missing lookup function\n\nAdd a check to the ovl_dentry_weird() function to prevent the\nprocessing of directory inodes that lack the lookup function.\nThis is important because such inodes can cause errors in overlayfs\nwhen passed to the lowerstack."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/065bf5dd21639f80e68450de16bda829784dbb8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f86e79c0b2287ffdabe6c1b305a36c4e0f40fe3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72014e7745cc8250bb8f27bd78694dfd3f1b5773",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/749eac5a6687ec99116e0691d0d71225254654e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8b359dddb418c60df1a69beea01d1b3322bfe83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff43d008bbf9b27ada434d6455f039a5ef6cee53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-565xx/CVE-2024-56571.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-56571",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.077",
"lastModified": "2024-12-27T15:15:16.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Require entities to have a non-zero unique ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nSo, deny allocating an entity with ID 0 or an ID that belongs to a unit\nthat is already added to the list of entities.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] <TASK>\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1fd/0x290\n[ 21.056413] uvc_probe+0x380e/0x3dc0\n[ 21.056676] ? __lock_acquire+0x5aa/0x26e0\n[ 21.056946] ? find_held_lock+0x33/0xa0\n[ 21.057196] ? kernfs_activate+0x70/0x80\n[ 21.057533] ? usb_match_dy\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19464d73225224dca31e2fd6e7d6418facf5facb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f74bd307f078c0605b9f6f1edb8337dee35fa2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72ed66623953106d15825513c82533a03ba29ecd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b11813bc2f4eee92695075148c9ba996f54feeba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bde4e7c1527151b596089b3f984818ab537eeb7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56572.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56572",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.210",
"lastModified": "2024-12-27T15:15:16.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()\n\nThe buffer in the loop should be released under the exception path,\notherwise there may be a memory leak here.\n\nTo mitigate this, free the buffer when allegro_alloc_buffer fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f514068fbc5d4d189c817adc7c4e32cffdc2e47",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17e5613666209be4e5be1f1894f1a6014a8a0658",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64f72a738864b506ab50b4a6cb3ce3c3e04b71af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6712a28a4f923ffdf51cff267ad05a634ee1babc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/74a65313578b35e1239966adfa7ac2bdd60caf00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/891b5790bee8fc6ddba17874dd87a646128d0b99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf642904be39ae0d441dbdfa8f485e0a46260be4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56573.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56573",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.320",
"lastModified": "2024-12-27T15:15:16.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/libstub: Free correct pointer on failure\n\ncmdline_ptr is an out parameter, which is not allocated by the function\nitself, and likely points into the caller's stack.\n\ncmdline refers to the pool allocation that should be freed when cleaning\nup after a failure, so pass this instead to free_pool()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/06d39d79cbd5a91a33707951ebf2512d0e759847",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d173aee5709bd0994d216d60589ec67f8b11376a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eaafbcf0a5782ae412ca7de12ef83fc48ccea4cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56574.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56574",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.420",
"lastModified": "2024-12-27T15:15:16.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ts2020: fix null-ptr-deref in ts2020_probe()\n\nKASAN reported a null-ptr-deref issue when executing the following\ncommand:\n\n # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020]\n RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809\n RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010\n RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6\n R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790\n R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001\n FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n ts2020_probe+0xad/0xe10 [ts2020]\n i2c_device_probe+0x421/0xb40\n really_probe+0x266/0x850\n ...\n\nThe cause of the problem is that when using sysfs to dynamically register\nan i2c device, there is no platform data, but the probe process of ts2020\nneeds to use platform data, resulting in a null pointer being accessed.\n\nSolve this problem by adding checks to platform data."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a058b34b52ed3feb1f3ff6fd26aefeeeed20cba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a53f97cd5977911850b695add057f9965c1a2d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/901070571bc191d1d8d7a1379bc5ba9446200999",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2ed3b780f34e4a6403064208bc2c99d1ed85026",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6208d1567f929105011bcdfd738f59a6bdc1088",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ced1c04e82e3ecc246b921b9733f0df0866aa50d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc03866b5f4aa2668946f8384a1e5286ae53bbaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-565xx/CVE-2024-56575.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-56575",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.537",
"lastModified": "2024-12-27T15:15:16.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Ensure power suppliers be suspended before detach them\n\nThe power suppliers are always requested to suspend asynchronously,\ndev_pm_domain_detach() requires the caller to ensure proper\nsynchronization of this function with power management callbacks.\notherwise the detach may led to kernel panic, like below:\n\n[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040\n[ 1457.116777] Mem abort info:\n[ 1457.119589] ESR = 0x0000000096000004\n[ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1457.128692] SET = 0, FnV = 0\n[ 1457.131764] EA = 0, S1PTW = 0\n[ 1457.134920] FSC = 0x04: level 0 translation fault\n[ 1457.139812] Data abort info:\n[ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000\n[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000\n[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]\n[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66\n[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 1457.199236] Workqueue: pm pm_runtime_work\n[ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290\n[ 1457.214886] lr : __rpm_callback+0x48/0x1d8\n[ 1457.218968] sp : ffff80008250bc50\n[ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000\n[ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240\n[ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008\n[ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff\n[ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674\n[ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002\n[ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0\n[ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000\n[ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000\n[ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000\n[ 1457.293510] Call trace:\n[ 1457.295946] genpd_runtime_suspend+0x20/0x290\n[ 1457.300296] __rpm_callback+0x48/0x1d8\n[ 1457.304038] rpm_callback+0x6c/0x78\n[ 1457.307515] rpm_suspend+0x10c/0x570\n[ 1457.311077] pm_runtime_work+0xc4/0xc8\n[ 1457.314813] process_one_work+0x138/0x248\n[ 1457.318816] worker_thread+0x320/0x438\n[ 1457.322552] kthread+0x110/0x114\n[ 1457.325767] ret_from_fork+0x10/0x20"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f86d104539fab9181ea7b5721f40e7b92a8bf67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7a830bbc25da0f641e3ef2bac3b1766b2777a8b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3c4e088ec01cae45931a18ddf7cae0f4d72e1c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd0af4cd35da0eb550ef682b71cda70a4e36f6b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56576.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56576",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.657",
"lastModified": "2024-12-27T15:15:16.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix crash in the probe error path when using polling\n\nIf an error occurs in the probe() function, we should remove the polling\ntimer that was alarmed earlier, otherwise the timer is called with\narguments that are already freed, which results in a crash.\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268\nModules linked in:\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\npstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __run_timers+0x244/0x268\nlr : __run_timers+0x1d4/0x268\nsp : ffffff80eff2baf0\nx29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00\nx26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00\nx23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000\nx20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff\nx17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e\nx14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000\nx11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009\nx8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480\nx5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240\nx2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0\nCall trace:\n\u00a0__run_timers+0x244/0x268\n\u00a0timer_expire_remote+0x50/0x68\n\u00a0tmigr_handle_remote+0x388/0x39c\n\u00a0run_timer_softirq+0x38/0x44\n\u00a0handle_softirqs+0x138/0x298\n\u00a0__do_softirq+0x14/0x20\n\u00a0____do_softirq+0x10/0x1c\n\u00a0call_on_irq_stack+0x24/0x4c\n\u00a0do_softirq_own_stack+0x1c/0x2c\n\u00a0irq_exit_rcu+0x9c/0xcc\n\u00a0el1_interrupt+0x48/0xc0\n\u00a0el1h_64_irq_handler+0x18/0x24\n\u00a0el1h_64_irq+0x7c/0x80\n\u00a0default_idle_call+0x34/0x68\n\u00a0do_idle+0x23c/0x294\n\u00a0cpu_startup_entry+0x38/0x3c\n\u00a0secondary_start_kernel+0x128/0x160\n\u00a0__secondary_switched+0xb8/0xbc\n---[ end trace 0000000000000000 ]---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56577.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56577",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.767",
"lastModified": "2024-12-27T15:15:16.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix null-ptr-deref during unload module\n\nThe workqueue should be destroyed in mtk_jpeg_core.c since commit\n09aea13ecf6f (\"media: mtk-jpeg: refactor some variables\"), otherwise\nthe below calltrace can be easily triggered.\n\n[ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023\n[ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n...\n[ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17\n...\n[ 677.882838] pc : destroy_workqueue+0x3c/0x770\n[ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[ 677.884314] sp : ffff80008ad974f0\n[ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070\n[ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690\n[ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000\n[ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0\n[ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10\n[ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d\n[ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90\n[ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001\n[ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000\n[ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118\n[ 677.893977] Call trace:\n[ 677.894297] destroy_workqueue+0x3c/0x770\n[ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[ 677.895677] devm_action_release+0x50/0x90\n[ 677.896211] release_nodes+0xe8/0x170\n[ 677.896688] devres_release_all+0xf8/0x178\n[ 677.897219] device_unbind_cleanup+0x24/0x170\n[ 677.897785] device_release_driver_internal+0x35c/0x480\n[ 677.898461] device_release_driver+0x20/0x38\n...\n[ 677.912665] ---[ end trace 0000000000000000 ]---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ba08c21c6a92e6512e73644555120427c9a49d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17af2b39daf12870cac61ffc360e62bc35798afb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc3889a39baf783c64c6d628bbb74d76ce164bb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-565xx/CVE-2024-56578.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-56578",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.873",
"lastModified": "2024-12-27T15:15:16.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ade59d28eade49194eb09765afdeb0ba717c39a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68efeff2f7fccdfedc55f92e92be32997127d16e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b88556e82dc18cb708744d062770853a2d5095b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2b7ecc26bd5406d5ba927be1748aa99c568696c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f68bb1210fbea252552d97242757f69a219e942b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-565xx/CVE-2024-56579.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56579",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.983",
"lastModified": "2024-12-27T15:15:16.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/182b9edc02c4cbb6fe6b97105c23c7047a3340d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8cbb1a7bd5973b57898b26eb804fe44af440bb63",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/988cc10ddbdee0369fe1f193d389da38ad760492",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cfe96c7c3382293179e291f66644d789e39e99f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56580.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56580",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.093",
"lastModified": "2024-12-27T15:15:17.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: fix error path on configuration of power domains\n\nThere is a chance to meet runtime issues during configuration of CAMSS\npower domains, because on the error path dev_pm_domain_detach() is\nunexpectedly called with NULL or error pointer.\n\nOne of the simplest ways to reproduce the problem is to probe CAMSS\ndriver before registration of CAMSS power domains, for instance if\na platform CAMCC driver is simply not built.\n\nWarning backtrace example:\n\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a2\n\n <snip>\n\n pc : dev_pm_domain_detach+0x8/0x48\n lr : camss_probe+0x374/0x9c0\n\n <snip>\n\n Call trace:\n dev_pm_domain_detach+0x8/0x48\n platform_probe+0x70/0xf0\n really_probe+0xc4/0x2a8\n __driver_probe_device+0x80/0x140\n driver_probe_device+0x48/0x170\n __device_attach_driver+0xc0/0x148\n bus_for_each_drv+0x88/0xf0\n __device_attach+0xb0/0x1c0\n device_initial_probe+0x1c/0x30\n bus_probe_device+0xb4/0xc0\n deferred_probe_work_func+0x90/0xd0\n process_one_work+0x164/0x3e0\n worker_thread+0x310/0x420\n kthread+0x120/0x130\n ret_from_fork+0x10/0x20"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f45d65b781499d2a79eca12155532739c876aa2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c98586d8d01c9e860e7acc3807c2afeb1dc14e8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56581.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56581",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.207",
"lastModified": "2024-12-27T15:15:17.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ref-verify: fix use-after-free after invalid ref action\n\nAt btrfs_ref_tree_mod() after we successfully inserted the new ref entry\n(local variable 'ref') into the respective block entry's rbtree (local\nvariable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,\nwe error out and free the ref entry without removing it from the block\nentry's rbtree. Then in the error path of btrfs_ref_tree_mod() we call\nbtrfs_free_ref_cache(), which iterates over all block entries and then\ncalls free_block_entry() for each one, and there we will trigger a\nuse-after-free when we are called against the block entry to which we\nadded the freed ref entry to its rbtree, since the rbtree still points\nto the block entry, as we didn't remove it from the rbtree before freeing\nit in the error path at btrfs_ref_tree_mod(). Fix this by removing the\nnew ref entry from the rbtree before freeing it.\n\nSyzbot report this with the following stack traces:\n\n BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314\n btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline]\n btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23\n btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482\n btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293\n vfs_unlink+0x365/0x650 fs/namei.c:4469\n do_unlinkat+0x4ae/0x830 fs/namei.c:4533\n __do_sys_unlinkat fs/namei.c:4576 [inline]\n __se_sys_unlinkat fs/namei.c:4569 [inline]\n __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n BTRFS error (device loop0 state EA): Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1\n __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521\n update_ref_for_cow+0x96a/0x11f0\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline]\n __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137\n __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171\n btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313\n prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586\n relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611\n btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081\n btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377\n __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161\n btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538\n BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n btrfs_update_delayed_i\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4275ac2741941c9c7c2293619fdbacb9f70ba85b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6370db28af9a8ae3bbdfe97f8a48f8f995e144cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fd018aa168e472ce35be32296d109db6adb87ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7c4e39f9d2af4abaf82ca0e315d1fd340456620f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6f9e7a0bf1185c9070c0de03bb85eafb9abd650",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2b85ce0561fde894e28fa01bd5d32820d585006",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dfb9fe7de61f34cc241ab3900bdde93341096e0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56582.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56582",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.333",
"lastModified": "2024-12-27T15:15:17.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free in btrfs_encoded_read_endio()\n\nShinichiro reported the following use-after free that sometimes is\nhappening in our CI system when running fstests' btrfs/284 on a TCMU\nrunner device:\n\n BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780\n Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219\n\n CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0xa0\n ? lock_release+0x708/0x780\n print_report+0x174/0x505\n ? lock_release+0x708/0x780\n ? __virt_addr_valid+0x224/0x410\n ? lock_release+0x708/0x780\n kasan_report+0xda/0x1b0\n ? lock_release+0x708/0x780\n ? __wake_up+0x44/0x60\n lock_release+0x708/0x780\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? lock_is_held_type+0x9a/0x110\n _raw_spin_unlock_irqrestore+0x1f/0x60\n __wake_up+0x44/0x60\n btrfs_encoded_read_endio+0x14b/0x190 [btrfs]\n btrfs_check_read_bio+0x8d9/0x1360 [btrfs]\n ? lock_release+0x1b0/0x780\n ? trace_lock_acquire+0x12f/0x1a0\n ? __pfx_btrfs_check_read_bio+0x10/0x10 [btrfs]\n ? process_one_work+0x7e3/0x1460\n ? lock_acquire+0x31/0xc0\n ? process_one_work+0x7e3/0x1460\n process_one_work+0x85c/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5e6/0xfc0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2c3/0x3a0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n\n Allocated by task 3661:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n btrfs_encoded_read_regular_fill_pages+0x16c/0x6d0 [btrfs]\n send_extent_data+0xf0f/0x24a0 [btrfs]\n process_extent+0x48a/0x1830 [btrfs]\n changed_cb+0x178b/0x2ea0 [btrfs]\n btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n _btrfs_ioctl_send+0x117/0x330 [btrfs]\n btrfs_ioctl+0x184a/0x60a0 [btrfs]\n __x64_sys_ioctl+0x12e/0x1a0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 3661:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x4f/0x70\n kfree+0x143/0x490\n btrfs_encoded_read_regular_fill_pages+0x531/0x6d0 [btrfs]\n send_extent_data+0xf0f/0x24a0 [btrfs]\n process_extent+0x48a/0x1830 [btrfs]\n changed_cb+0x178b/0x2ea0 [btrfs]\n btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n _btrfs_ioctl_send+0x117/0x330 [btrfs]\n btrfs_ioctl+0x184a/0x60a0 [btrfs]\n __x64_sys_ioctl+0x12e/0x1a0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff888106a83f00\n which belongs to the cache kmalloc-rnd-07-96 of size 96\n The buggy address is located 24 bytes inside of\n freed 96-byte region [ffff888106a83f00, ffff888106a83f60)\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106a83800 pfn:0x106a83\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: f5(slab)\n raw: 0017ffffc0000000 ffff888100053680 ffffea0004917200 0000000000000004\n raw: ffff888106a83800 0000000080200019 00000001f5000000 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888106a83e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff888106a83e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n >ffff888106a83f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ^\n ffff888106a83f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff888106a84000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ==================================================================\n\nFurther analyzing the trace and \n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05b36b04d74a517d6675bf2f90829ff1ac7e28dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8a5129e4a9fc3f6aa3f137513253b51b31b94d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56583.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56583",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.453",
"lastModified": "2024-12-27T15:15:17.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix warning in migrate_enable for boosted tasks\n\nWhen running the following command:\n\nwhile true; do\n stress-ng --cyclic 30 --timeout 30s --minimize --quiet\ndone\n\na warning is eventually triggered:\n\nWARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794\nsetup_new_dl_entity+0x13e/0x180\n...\nCall Trace:\n <TASK>\n ? show_trace_log_lvl+0x1c4/0x2df\n ? enqueue_dl_entity+0x631/0x6e0\n ? setup_new_dl_entity+0x13e/0x180\n ? __warn+0x7e/0xd0\n ? report_bug+0x11a/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n enqueue_dl_entity+0x631/0x6e0\n enqueue_task_dl+0x7d/0x120\n __do_set_cpus_allowed+0xe3/0x280\n __set_cpus_allowed_ptr_locked+0x140/0x1d0\n __set_cpus_allowed_ptr+0x54/0xa0\n migrate_enable+0x7e/0x150\n rt_spin_unlock+0x1c/0x90\n group_send_sig_info+0xf7/0x1a0\n ? kill_pid_info+0x1f/0x1d0\n kill_pid_info+0x78/0x1d0\n kill_proc_info+0x5b/0x110\n __x64_sys_kill+0x93/0xc0\n do_syscall_64+0x5c/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7f0dab31f92b\n\nThis warning occurs because set_cpus_allowed dequeues and enqueues tasks\nwith the ENQUEUE_RESTORE flag set. If the task is boosted, the warning\nis triggered. A boosted task already had its parameters set by\nrt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,\nhence the WARN_ON call.\n\nCheck if we are requeueing a boosted task and avoid calling\nsetup_new_dl_entity if that's the case."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-565xx/CVE-2024-56584.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56584",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.567",
"lastModified": "2024-12-27T15:15:17.567",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/tctx: work around xa_store() allocation error issue\n\nsyzbot triggered the following WARN_ON:\n\nWARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51\n\nwhich is the\n\nWARN_ON_ONCE(!xa_empty(&tctx->xa));\n\nsanity check in __io_uring_free() when a io_uring_task is going through\nits final put. The syzbot test case includes injecting memory allocation\nfailures, and it very much looks like xa_store() can fail one of its\nmemory allocations and end up with ->head being non-NULL even though no\nentries exist in the xarray.\n\nUntil this issue gets sorted out, work around it by attempting to\niterate entries in our xarray, and WARN_ON_ONCE() if one is found."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/42882b583095dcf747da6e3af1daeff40e27033e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7eb75ce7527129d7f1fee6951566af409a37a1c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94ad56f61b873ffeebcc620d451eacfbdf9d40f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d5b2ddf1f90c7248eff9630b95895c8950f2f36d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-565xx/CVE-2024-56585.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-56585",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.677",
"lastModified": "2024-12-27T15:15:17.677",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix sleeping in atomic context for PREEMPT_RT\n\nCommit bab1c299f3945ffe79 (\"LoongArch: Fix sleeping in atomic context in\nsetup_tlb_handler()\") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC\nfor alloc_pages_node(). However, for PREEMPT_RT kernels we can still get\na \"sleeping in atomic context\" error:\n\n[ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.372268] preempt_count: 1, expected: 0\n[ 0.372270] RCU nest depth: 1, expected: 1\n[ 0.372272] 3 locks held by swapper/1/0:\n[ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60\n[ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140\n[ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0\n[ 0.372314] irq event stamp: 0\n[ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0\n[ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0\n[ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0\n[ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0\n[ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891\n[ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022\n[ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000\n[ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788\n[ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001\n[ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0\n[ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003\n[ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003\n[ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004\n[ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000\n[ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000\n[ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.372537] ...\n[ 0.372540] Call Trace:\n[ 0.372542] [<9000000005924778>] show_stack+0x38/0x180\n[ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4\n[ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260\n[ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140\n[ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0\n[ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60\n[ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820\n[ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298\n[ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140\n[ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60\n[ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0\n[ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c\n\nThis is because in PREEMPT_RT kernels normal spinlocks are replaced by\nrt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling\nNUMA optimization completely for PREEMPT_RT kernels."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/08715b741f9b2a925d6485491e4907f3b29bac70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6575e0867bd478a5d7ef1783ca1e73160807d238",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88fd2b70120d52c1010257d36776876941375490",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5f89458a2ea0800866b9fc690d3fa8367dc8f8d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56586.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56586",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.800",
"lastModified": "2024-12-27T15:15:17.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.\n\ncreating a large files during checkpoint disable until it runs out of\nspace and then delete it, then remount to enable checkpoint again, and\nthen unmount the filesystem triggers the f2fs_bug_on as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:896!\nCPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:f2fs_evict_inode+0x58c/0x610\nCall Trace:\n __die_body+0x15/0x60\n die+0x33/0x50\n do_trap+0x10a/0x120\n f2fs_evict_inode+0x58c/0x610\n do_error_trap+0x60/0x80\n f2fs_evict_inode+0x58c/0x610\n exc_invalid_op+0x53/0x60\n f2fs_evict_inode+0x58c/0x610\n asm_exc_invalid_op+0x16/0x20\n f2fs_evict_inode+0x58c/0x610\n evict+0x101/0x260\n dispose_list+0x30/0x50\n evict_inodes+0x140/0x190\n generic_shutdown_super+0x2f/0x150\n kill_block_super+0x11/0x40\n kill_f2fs_super+0x7d/0x140\n deactivate_locked_super+0x2a/0x70\n cleanup_mnt+0xb3/0x140\n task_work_run+0x61/0x90\n\nThe root cause is: creating large files during disable checkpoint\nperiod results in not enough free segments, so when writing back root\ninode will failed in f2fs_enable_checkpoint. When umount the file\nsystem after enabling checkpoint, the root inode is dirty in\nf2fs_evict_inode function, which triggers BUG_ON. The steps to\nreproduce are as follows:\n\ndd if=/dev/zero of=f2fs.img bs=1M count=55\nmount f2fs.img f2fs_dir -o checkpoint=disable:10%\ndd if=/dev/zero of=big bs=1M count=50\nsync\nrm big\nmount -o remount,checkpoint=enable f2fs_dir\numount f2fs_dir\n\nLet's redirty inode when there is not free segments during checkpoint\nis disable."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9669b28f81e0ec6305af7773846fbe2cef1e7d61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e28513fd2858911dcf47b84160a8824587536b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a365de2fbfbe1e6740bfb75ab5c3245cf7bbe4d7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d5c367ef8287fb4d235c46a2f8c8d68715f3a0ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dff561e4060d28edc9a2960d4a87f3c945a96aa3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef517d2d21c3d8e2ad35b2bb728bd1c90a31e617",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56587.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56587",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:17.917",
"lastModified": "2024-12-27T15:15:17.917",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: class: Protect brightness_show() with led_cdev->led_access mutex\n\nThere is NULL pointer issue observed if from Process A where hid device\nbeing added which results in adding a led_cdev addition and later a\nanother call to access of led_cdev attribute from Process B can result\nin NULL pointer issue.\n\nUse mutex led_cdev->led_access to protect access to led->cdev and its\nattribute inside brightness_show() and max_brightness_show() and also\nupdate the comment for mutex that it should be used to protect the led\nclass device fields.\n\n\tProcess A \t\t\t\tProcess B\n\n kthread+0x114\n worker_thread+0x244\n process_scheduled_works+0x248\n uhid_device_add_worker+0x24\n hid_add_device+0x120\n device_add+0x268\n bus_probe_device+0x94\n device_initial_probe+0x14\n __device_attach+0xfc\n bus_for_each_drv+0x10c\n __device_attach_driver+0x14c\n driver_probe_device+0x3c\n __driver_probe_device+0xa0\n really_probe+0x190\n hid_device_probe+0x130\n ps_probe+0x990\n ps_led_register+0x94\n devm_led_classdev_register_ext+0x58\n led_classdev_register_ext+0x1f8\n device_create_with_groups+0x48\n device_create_groups_vargs+0xc8\n device_add+0x244\n kobject_uevent+0x14\n kobject_uevent_env[jt]+0x224\n mutex_unlock[jt]+0xc4\n __mutex_unlock_slowpath+0xd4\n wake_up_q+0x70\n try_to_wake_up[jt]+0x48c\n preempt_schedule_common+0x28\n __schedule+0x628\n __switch_to+0x174\n\t\t\t\t\t\tel0t_64_sync+0x1a8/0x1ac\n\t\t\t\t\t\tel0t_64_sync_handler+0x68/0xbc\n\t\t\t\t\t\tel0_svc+0x38/0x68\n\t\t\t\t\t\tdo_el0_svc+0x1c/0x28\n\t\t\t\t\t\tel0_svc_common+0x80/0xe0\n\t\t\t\t\t\tinvoke_syscall+0x58/0x114\n\t\t\t\t\t\t__arm64_sys_read+0x1c/0x2c\n\t\t\t\t\t\tksys_read+0x78/0xe8\n\t\t\t\t\t\tvfs_read+0x1e0/0x2c8\n\t\t\t\t\t\tkernfs_fop_read_iter+0x68/0x1b4\n\t\t\t\t\t\tseq_read_iter+0x158/0x4ec\n\t\t\t\t\t\tkernfs_seq_show+0x44/0x54\n\t\t\t\t\t\tsysfs_kf_seq_show+0xb4/0x130\n\t\t\t\t\t\tdev_attr_show+0x38/0x74\n\t\t\t\t\t\tbrightness_show+0x20/0x4c\n\t\t\t\t\t\tdualshock4_led_get_brightness+0xc/0x74\n\n[ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 3313.874301][ T4013] Mem abort info:\n[ 3313.874303][ T4013] ESR = 0x0000000096000006\n[ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 3313.874307][ T4013] SET = 0, FnV = 0\n[ 3313.874309][ T4013] EA = 0, S1PTW = 0\n[ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault\n[ 3313.874313][ T4013] Data abort info:\n[ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000\n..\n\n[ 3313.874332][ T4013] Dumping ftrace buffer:\n[ 3313.874334][ T4013] (ftrace buffer empty)\n..\n..\n[ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader\n[ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60\n[ 3313.874656][ T4013] sp : ffffffc0b910bbd0\n..\n..\n[ 3313.874685][ T4013] Call trace:\n[ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874690][ T4013] brightness_show+0x20/0x4c\n[ 3313.874692][ T4013] dev_attr_show+0x38/0x74\n[ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130\n[ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54\n[ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec\n[ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4\n[ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8\n[ 3313.874711][ T4013] ksys_read+0x78/0xe8\n[ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c\n[ 3313.874718][ T4013] invoke_syscall+0x58/0x114\n[ 3313.874721][ T4013] el0_svc_common+0x80/0xe0\n[ 3313.874724][ T4013] do_el0_svc+0x1c/0x28\n[ 3313.874727][ T4013] el0_svc+0x38/0x68\n[ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc\n[ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ca7cd938725a4050dcd62ae9472e931d603118d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50d9f68e4adf86901cbab1bd5b91f710aa9141b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84b42d5b5fcd767c9b7f30b0b32065ed949fe804",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb4a6236a430cfc3713f470f3a969f39d6d4ca25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ddcfc5708da9972ac23a9121b3d819b0a53d6f21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6d6fb563e4be245a17bc4261a4b294e8bf8a31e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56588.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56588",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.040",
"lastModified": "2024-12-27T15:15:18.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Create all dump files during debugfs initialization\n\nFor the current debugfs of hisi_sas, after user triggers dump, the\ndriver allocate memory space to save the register information and create\ndebugfs files to display the saved information. In this process, the\ndebugfs files created after each dump.\n\nTherefore, when the dump is triggered while the driver is unbind, the\nfollowing hang occurs:\n\n[67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[67840.862947] Mem abort info:\n[67840.865855] ESR = 0x0000000096000004\n[67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits\n[67840.875125] SET = 0, FnV = 0\n[67840.878291] EA = 0, S1PTW = 0\n[67840.881545] FSC = 0x04: level 0 translation fault\n[67840.886528] Data abort info:\n[67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000\n[67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000\n[67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[67841.003628] pc : down_write+0x30/0x98\n[67841.007546] lr : start_creating.part.0+0x60/0x198\n[67841.012495] sp : ffff8000b979ba20\n[67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40\n[67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8\n[67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18\n[67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020\n[67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff\n[67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18\n[67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18\n[67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9\n[67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001\n[67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0\n[67841.089759] Call trace:\n[67841.092456] down_write+0x30/0x98\n[67841.096017] start_creating.part.0+0x60/0x198\n[67841.100613] debugfs_create_dir+0x48/0x1f8\n[67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw]\n[67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw]\n[67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw]\n[67841.125115] full_proxy_write+0x68/0xc8\n[67841.129175] vfs_write+0xd8/0x3f0\n[67841.132708] ksys_write+0x70/0x108\n[67841.136317] __arm64_sys_write+0x24/0x38\n[67841.140440] invoke_syscall+0x50/0x128\n[67841.144385] el0_svc_common.constprop.0+0xc8/0xf0\n[67841.149273] do_el0_svc+0x24/0x38\n[67841.152773] el0_svc+0x38/0xd8\n[67841.156009] el0t_64_sync_handler+0xc0/0xc8\n[67841.160361] el0t_64_sync+0x1a4/0x1a8\n[67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05)\n[67841.170443] ---[ end trace 0000000000000000 ]---\n\nTo fix this issue, create all directories and files during debugfs\ninitialization. In this way, the driver only needs to allocate memory\nspace to save information each time the user triggers dumping."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6c55f99123075e5429850b41b06f7dfffcb708eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f564f15f88490b484e02442dc4c4b11640ea172",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2024/CVE-2024-565xx/CVE-2024-56589.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-56589",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.150",
"lastModified": "2024-12-27T15:15:18.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Add cond_resched() for no forced preemption model\n\nFor no forced preemption model kernel, in the scenario where the\nexpander is connected to 12 high performance SAS SSDs, the following\ncall trace may occur:\n\n[ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211]\n[ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 214.575224][ C240] pc : fput_many+0x8c/0xdc\n[ 214.579480][ C240] lr : fput+0x1c/0xf0\n[ 214.583302][ C240] sp : ffff80002de2b900\n[ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000\n[ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000\n[ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000\n[ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001\n[ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000\n[ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000\n[ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0\n[ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff\n[ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c\n[ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0\n[ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001\n[ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080\n[ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554\n[ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020\n[ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8\n[ 214.677191][ C240] Call trace:\n[ 214.680320][ C240] fput_many+0x8c/0xdc\n[ 214.684230][ C240] fput+0x1c/0xf0\n[ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc\n[ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140\n[ 214.696917][ C240] bio_endio+0x160/0x1bc\n[ 214.701001][ C240] blk_update_request+0x1c8/0x3bc\n[ 214.705867][ C240] scsi_end_request+0x3c/0x1f0\n[ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0\n[ 214.715249][ C240] scsi_finish_command+0x104/0x140\n[ 214.720200][ C240] scsi_softirq_done+0x90/0x180\n[ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70\n[ 214.730016][ C240] scsi_mq_done+0x48/0xac\n[ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas]\n[ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw]\n[ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw]\n[ 214.752179][ C240] irq_thread_fn+0x34/0xa4\n[ 214.756435][ C240] irq_thread+0xc4/0x130\n[ 214.760520][ C240] kthread+0x108/0x13c\n[ 214.764430][ C240] ret_from_fork+0x10/0x18\n\nThis is because in the hisi_sas driver, both the hardware interrupt\nhandler and the interrupt thread are executed on the same CPU. In the\nperformance test scenario, function irq_wait_for_interrupt() will always\nreturn 0 if lots of interrupts occurs and the CPU will be continuously\nconsumed. As a result, the CPU cannot run the watchdog thread. When the\nwatchdog time exceeds the specified time, call trace occurs.\n\nTo fix it, add cond_resched() to execute the watchdog thread."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2024/CVE-2024-565xx/CVE-2024-56590.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-56590",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.263",
"lastModified": "2024-12-27T15:15:18.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix not checking skb length on hci_acldata_packet\n\nThis fixes not checking if skb really contains an ACL header otherwise\nthe code may attempt to access some uninitilized/invalid memory past the\nvalid skb->data."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/219960a48771b35a3857a491b955c31d6c33d581",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3fe288a8214e7dd784d1f9b7c9e448244d316b47",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/559b1c7ac2e212a23b3833d3baf3bd957771d02e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e50d12cc6e95e1fde08f5db6992b616f714b0fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93a6160dc198ffe5786da8bd8588cfd17f53b29a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56591.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56591",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.383",
"lastModified": "2024-12-27T15:15:18.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Use disable_delayed_work_sync\n\nThis makes use of disable_delayed_work_sync instead\ncancel_delayed_work_sync as it not only cancel the ongoing work but also\ndisables new submit which is disarable since the object holding the work\nis about to be freed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b0f2fc9ed62e73c95df1fa8ed2ba3dac54699df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c55a4c5a04bae40dcdc1e1c19d8eb79a06fb3397",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-565xx/CVE-2024-56592.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-56592",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.500",
"lastModified": "2024-12-27T15:15:18.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (&htab->lockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n <TASK>\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab's lock (s->cpu_slab->lock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock's type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for ->map_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes ->map_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab->extra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn't support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn't have the problem, so kept\nit as\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10e8a2dec9ff1b81de8e892b0850924038adbc6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a50b4aa3007e63a590d501341f304676ebc74b3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9e9ed90b10c82a4e9d4d70a2890f06bfcdd3b78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56593.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56593",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.613",
"lastModified": "2024-12-27T15:15:18.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()\n\nThis patch fixes a NULL pointer dereference bug in brcmfmac that occurs\nwhen a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs\nare sent from the pkt queue.\n\nThe problem is the number of entries in the pre-allocated sgtable, it is\nnents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1.\nGiven the default [rt]xglom_size=32 it's actually 35 which is too small.\nWorst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB\nis added for each original SKB if tailroom isn't enough to hold tail_pad.\nAt least one sg entry is needed for each SKB. So, eventually the \"skb_queue_walk loop\"\nin brcmf_sdiod_sglist_rw may run out of sg entries. This makes sg_next return\nNULL and this causes the oops.\n\nThe patch sets nents to max(rxglom_size, txglom_size) * 2 to be able handle\nthe worst-case.\nBtw. this requires only 64-35=29 * 16 (or 20 if CONFIG_NEED_SG_DMA_LENGTH) = 464\nadditional bytes of memory."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07c020c6d14d29e5a3ea4e4576b8ecf956a80834",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/342f87d263462c2670b77ea9a32074cab2ac6fa1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/34941321b516bd7c6103bd01287d71a1804d19d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/67a25ea28f8ec1da8894f2f115d01d3becf67dc7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7522d7d745d13fbeff3350fe6aa56c8dae263571",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/857282b819cbaa0675aaab1e7542e2c0579f52d7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dfb3f9d3f602602de208da7bdcc0f6d5ee74af68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56594.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56594",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.727",
"lastModified": "2024-12-27T15:15:18.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: set the right AMDGPU sg segment limitation\n\nThe driver needs to set the correct max_segment_size;\notherwise debug_dma_map_sg() will complain about the\nover-mapping of the AMDGPU sg length as following:\n\nWARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370\n[ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd\n[ 364.049532] ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii\n[ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492\n[ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021\n[ 364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370\n[ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05\n[ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286\n[ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027\n[ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680\n[ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930\n[ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000\n[ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800\n[ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000\n[ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0\n[ 364.049605] Call Trace:\n[ 364.049607] <TASK>\n[ 364.049609] ? show_regs+0x6d/0x80\n[ 364.049614] ? __warn+0x8c/0x140\n[ 364.049618] ? debug_dma_map_sg+0x2dc/0x370\n[ 364.049621] ? report_bug+0x193/0x1a0\n[ 364.049627] ? handle_bug+0x46/0x80\n[ 364.049631] ? exc_invalid_op+0x1d/0x80\n[ 364.049635] ? asm_exc_invalid_op+0x1f/0x30\n[ 364.049642] ? debug_dma_map_sg+0x2dc/0x370\n[ 364.049647] __dma_map_sg_attrs+0x90/0xe0\n[ 364.049651] dma_map_sgtable+0x25/0x40\n[ 364.049654] amdgpu_bo_move+0x59a/0x850 [amdgpu]\n[ 364.049935] ? srso_return_thunk+0x5/0x5f\n[ 364.049939] ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu]\n[ 364.050095] ttm_bo_handle_move_mem+0xc3/0x180 [ttm]\n[ 364.050103] ttm_bo_validate+0xc1/0x160 [ttm]\n[ 364.050108] ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu]\n[ 364.050263] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu]\n[ 364.050473] kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu]\n[ 364.050680] kfd_ioctl+0x3c2/0x530 [amdgpu]\n[ 364.050866] ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu]\n[ 364.05105\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13c3a54f48a612a117dfd82a9dd91732261e869d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76581147b05c2adb6b47bbc697521725f10224e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76649ccf97e2cd72b62e34ed2fba6e0f89497eab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5807a08954fdf914ef80b49aaa6cda965ecc95c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9e52a96ec92245bf15dabba1d3d862d7a03efb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2e97435783979124ba92d6870415c57ecfef6a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff0346a74627a5f607a33a3852586f8c7f678329",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56595.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56595",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.843",
"lastModified": "2024-12-27T15:15:18.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add a check to prevent array-index-out-of-bounds in dbAdjTree\n\nWhen the value of lp is 0 at the beginning of the for loop, it will\nbecome negative in the next assignment and we should bail out."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/368a533152220b0a6f1142327d96c6b6361f3002",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3b5d21b56c3774bc84eab0a93aaac22a4475e2c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/491487eeddccc4bb49f2e59d8c8f35bec89c15ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a4311bbde702362fe7412045d06ab6767235dac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a174706ba4dad895c40b1d2277bade16dfacdcd9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a3d408870bc19b794646871bc4c3a5daa66f91c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56596.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56596",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:18.963",
"lastModified": "2024-12-27T15:15:18.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in jfs_readdir\n\nThe stbl might contain some invalid values. Added a check to\nreturn error code in that case."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56597.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56597",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.080",
"lastModified": "2024-12-27T15:15:19.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix shift-out-of-bounds in dbSplit\n\nWhen dmt_budmin is less than zero, it causes errors\nin the later stages. Added a check to return an error beforehand\nin dbAllocCtl itself."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/51a203470f502a64a3da8dcea51c4748e8267a6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52756a57e978e2706543a254f88f266cc6702f36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6676034aa753aa448beb30dbd75630927ba7cd96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c56245baf3fd1f79145dd7408e3ead034b74255c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/df7c76636952670b31bd6c12b3aed3c502122273",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-565xx/CVE-2024-56598.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56598",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.200",
"lastModified": "2024-12-27T15:15:19.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: array-index-out-of-bounds fix in dtReadFirst\n\nThe value of stbl can be sometimes out of bounds due\nto a bad filesystem. Added a check with appopriate return\nof error code in that case."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/22dcbf7661c6ffc3247978c254dc40b833a0d429",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2eea5fda5556ef03defebf07b0a12fcd2c5210f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/823d573f5450ca6be80b36f54d1902ac7cd23fb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c97a4d5463a1c972ef576ac499ea9b05f956097",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca84a2c9be482836b86d780244f0357e5a778c46",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd993b2180b4c373af8b99aa28d4dcda5c2a8f10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-565xx/CVE-2024-56599.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56599",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.307",
"lastModified": "2024-12-27T15:15:19.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: avoid NULL pointer error during sdio remove\n\nWhen running 'rmmod ath10k', ath10k_sdio_remove() will free sdio\nworkqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON\nis set to yes, kernel panic will happen:\nCall trace:\n destroy_workqueue+0x1c/0x258\n ath10k_sdio_remove+0x84/0x94\n sdio_bus_remove+0x50/0x16c\n device_release_driver_internal+0x188/0x25c\n device_driver_detach+0x20/0x2c\n\nThis is because during 'rmmod ath10k', ath10k_sdio_remove() will call\nath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release()\nwill finally be called in ath10k_core_destroy(). This function will free\nstruct cfg80211_registered_device *rdev and all its members, including\nwiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio\nworkqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON.\n\nAfter device release, destroy_workqueue() will use NULL pointer then the\nkernel panic happen.\n\nCall trace:\nath10k_sdio_remove\n ->ath10k_core_unregister\n \u2026\u2026\n ->ath10k_core_stop\n ->ath10k_hif_stop\n ->ath10k_sdio_irq_disable\n ->ath10k_hif_power_down\n ->del_timer_sync(&ar_sdio->sleep_timer)\n ->ath10k_core_destroy\n ->ath10k_mac_destroy\n ->ieee80211_free_hw\n ->wiphy_free\n \u2026\u2026\n ->wiphy_dev_release\n ->destroy_workqueue\n\nNeed to call destroy_workqueue() before ath10k_core_destroy(), free\nthe work queue buffer first and then free pointer of work queue by\nath10k_core_destroy(). This order matches the error path order in\nath10k_sdio_probe().\n\nNo work will be queued on sdio workqueue between it is destroyed and\nath10k_core_destroy() is called. Based on the call_stack above, the\nreason is:\nOnly ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and\nath10k_sdio_irq_disable() will queue work on sdio workqueue.\nSleep timer will be deleted before ath10k_core_destroy() in\nath10k_hif_power_down().\nath10k_sdio_irq_disable() only be called in ath10k_hif_stop().\nath10k_core_unregister() will call ath10k_hif_power_down() to stop hif\nbus, so ath10k_sdio_hif_tx_sg() won't be called anymore.\n\nTested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/543c0924d446b21f35701ca084d7feca09511220",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95c38953cb1ecf40399a676a1f85dfe2b5780a9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-566xx/CVE-2024-56600.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56600",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.410",
"lastModified": "2024-12-27T15:15:19.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/276a473c956fb55a6f3affa9ff232e10fffa7b43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/35360255ca30776dee34d9fa764cffa24d0a5f65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/706b07b7b37f886423846cb38919132090bc40da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/79e16a0d339532ea832d85798eb036fc4f9e0cea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9df99c395d0f55fb444ef39f4d6f194ca437d884",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f44fceb71d72d29fb00e0ac84cdf9c081b03cd06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-566xx/CVE-2024-56601.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56601",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.527",
"lastModified": "2024-12-27T15:15:19.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/25447c6aaa7235f155292b0c58a067347e8ae891",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2bc34d8c8898ae9fddf4612501aabb22d76c2b2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e8258070b0f2aba66b3ef18883de229674fb288",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/691d6d816f93b2a1008c14178399061466e674ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4513cfd3a10c03c660d5d3d26c2e322efbfdd9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-566xx/CVE-2024-56602.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-56602",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:19.650",
"lastModified": "2024-12-27T15:15:19.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: do not leave a dangling sk pointer in ieee802154_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If ieee802154_create() fails later, the allocated sk object is\nfreed, but the dangling pointer remains in the provided sock object, which\nmay allow use-after-free.\n\nClear the sk pointer in the sock object on error."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03caa9bfb9fde97fb53d33decd7364514e6825cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/14959fd7538b3be6d7617d9e60e404d6a8d4fd1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b46994a6e76c8cc5556772932b9b60d03a55cd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4982fbf13042e3bb33e04eddfea8b1506b5ea65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8bd6c5f5dc2234b4ea714380aedeea12a781754",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More