admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-03T16:00:38.407154+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-03 16:03:30 +00:00
parent 278dee4771
commit b86cdeade9
42 changed files with 2460 additions and 837 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2022/CVE-2022-486xx/CVE-2022-48670.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-48670",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.377",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npeci: cpu: Fix use-after-free in adev_release()\n\nWhen auxiliary_device_add() returns an error, auxiliary_device_uninit()\nis called, which causes refcount for device to be decremented and\n.release callback will be triggered.\n\nBecause adev_release() re-calls auxiliary_device_uninit(), it will cause\nuse-after-free:\n[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15\n[ 1269.464007] refcount_t: underflow; use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2022/CVE-2022-486xx/CVE-2022-48671.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48671",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.433",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2022/CVE-2022-486xx/CVE-2022-48672.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2022-48672",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.480",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: fdt: fix off-by-one error in unflatten_dt_nodes()\n\nCommit 78c44d910d3e (\"drivers/of: Fix depth when unflattening devicetree\")\nforgot to fix up the depth check in the loop body in unflatten_dt_nodes()\nwhich makes it possible to overflow the nps[] buffer...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2022/CVE-2022-486xx/CVE-2022-48673.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-48673",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.530",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S OE 5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <IRQ>\n _raw_spin_lock_irqsave+0x30/0x40\n mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n tasklet_action_common.isra.21+0x66/0x100\n __do_softirq+0xd5/0x29c\n asm_call_irq_on_stack+0x12/0x20\n </IRQ>\n do_softirq_own_stack+0x37/0x40\n irq_exit_rcu+0x9d/0xa0\n sysvec_call_function_single+0x34/0x80\n asm_sysvec_call_function_single+0x12/0x20"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-486xx/CVE-2022-48674.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48674",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.580",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix pcluster use-after-free on UP platforms\n\nDuring stress testing with CONFIG_SMP disabled, KASAN reports as below:\n\n==================================================================\nBUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30\nRead of size 8 at addr ffff8881094223f8 by task stress/7789\n\nCPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n <TASK>\n..\n __mutex_lock+0xe5/0xc30\n..\n z_erofs_do_read_page+0x8ce/0x1560\n..\n z_erofs_readahead+0x31c/0x580\n..\nFreed by task 7787\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x20/0x30\n kasan_set_free_info+0x20/0x40\n __kasan_slab_free+0x10c/0x190\n kmem_cache_free+0xed/0x380\n rcu_core+0x3d5/0xc90\n __do_softirq+0x12d/0x389\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x97/0xb0\n call_rcu+0x3d/0x3f0\n erofs_shrink_workstation+0x11f/0x210\n erofs_shrink_scan+0xdc/0x170\n shrink_slab.constprop.0+0x296/0x530\n drop_slab+0x1c/0x70\n drop_caches_sysctl_handler+0x70/0x80\n proc_sys_call_handler+0x20a/0x2f0\n vfs_write+0x555/0x6c0\n ksys_write+0xbe/0x160\n do_syscall_64+0x3b/0x90\n\nThe root cause is that erofs_workgroup_unfreeze() doesn't reset to\norig_val thus it causes a race that the pcluster reuses unexpectedly\nbefore freeing.\n\nSince UP platforms are quite rare now, such path becomes unnecessary.\nLet's drop such specific-designed path directly instead."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f44013e39984c127c6efedf70e6b5f4e9dcf315",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ddd001cef5e82d19192e6861068463ecca5f556",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94c34faaafe7b55adc2d8d881db195b646959b9e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-486xx/CVE-2022-48675.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48675",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.627",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix a nested dead lock as part of ODP flow\n\nFix a nested dead lock as part of ODP flow by using mmput_async().\n\nFrom the below call trace [1] can see that calling mmput() once we have\nthe umem_odp->umem_mutex locked as required by\nib_umem_odp_map_dma_and_lock() might trigger in the same task the\nexit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which\nmay dead lock when trying to lock the same mutex.\n\nMoving to use mmput_async() will solve the problem as the above\nexit_mmap() flow will be called in other task and will be executed once\nthe lock will be available.\n\n[1]\n[64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid:\n2 flags:0x00004000\n[64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]\n[64843.077719] Call Trace:\n[64843.077722] <TASK>\n[64843.077724] __schedule+0x23d/0x590\n[64843.077729] schedule+0x4e/0xb0\n[64843.077735] schedule_preempt_disabled+0xe/0x10\n[64843.077740] __mutex_lock.constprop.0+0x263/0x490\n[64843.077747] __mutex_lock_slowpath+0x13/0x20\n[64843.077752] mutex_lock+0x34/0x40\n[64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib]\n[64843.077808] __mmu_notifier_release+0x1a4/0x200\n[64843.077816] exit_mmap+0x1bc/0x200\n[64843.077822] ? walk_page_range+0x9c/0x120\n[64843.077828] ? __cond_resched+0x1a/0x50\n[64843.077833] ? mutex_lock+0x13/0x40\n[64843.077839] ? uprobe_clear_state+0xac/0x120\n[64843.077860] mmput+0x5f/0x140\n[64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core]\n[64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib]\n[64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib]\n[64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560\n[mlx5_ib]\n[64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib]\n[64843.078051] process_one_work+0x22b/0x3d0\n[64843.078059] worker_thread+0x53/0x410\n[64843.078065] ? process_one_work+0x3d0/0x3d0\n[64843.078073] kthread+0x12a/0x150\n[64843.078079] ? set_kthread_struct+0x50/0x50\n[64843.078085] ret_from_fork+0x22/0x30\n[64843.078093] </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/819110054b14d7272b4188db997a3d80f75ab785",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83c43fd872e32c8071d5582eb7c40f573a8342f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/85eaeb5058f0f04dffb124c97c86b4f18db0b833",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8de6cb5755eae7b793d8c00c8696c8667d44a7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2022/CVE-2022-486xx/CVE-2022-48686.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2022-48686",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.673",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2022/CVE-2022-486xx/CVE-2022-48687.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2022-48687",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.723",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix out-of-bounds read when setting HMAC data.\n\nThe SRv6 layer allows defining HMAC data that can later be used to sign IPv6\nSegment Routing Headers. This configuration is realised via netlink through\nfour attributes: SEG6_ATTR_HMACKEYID, SEG6_ATTR_SECRET, SEG6_ATTR_SECRETLEN and\nSEG6_ATTR_ALGID. Because the SECRETLEN attribute is decoupled from the actual\nlength of the SECRET attribute, it is possible to provide invalid combinations\n(e.g., secret = \"\", secretlen = 64). This case is not checked in the code and\nwith an appropriately crafted netlink message, an out-of-bounds read of up\nto 64 bytes (max secret length) can occur past the skb end pointer and into\nskb_shared_info:\n\nBreakpoint 1, seg6_genl_sethmac (skb=<optimized out>, info=<optimized out>) at net/ipv6/seg6.c:208\n208\t\tmemcpy(hinfo->secret, secret, slen);\n(gdb) bt\n #0 seg6_genl_sethmac (skb=<optimized out>, info=<optimized out>) at net/ipv6/seg6.c:208\n #1 0xffffffff81e012e9 in genl_family_rcv_msg_doit (skb=skb@entry=0xffff88800b1f9f00, nlh=nlh@entry=0xffff88800b1b7600,\n extack=extack@entry=0xffffc90000ba7af0, ops=ops@entry=0xffffc90000ba7a80, hdrlen=4, net=0xffffffff84237580 <init_net>, family=<optimized out>,\n family=<optimized out>) at net/netlink/genetlink.c:731\n #2 0xffffffff81e01435 in genl_family_rcv_msg (extack=0xffffc90000ba7af0, nlh=0xffff88800b1b7600, skb=0xffff88800b1f9f00,\n family=0xffffffff82fef6c0 <seg6_genl_family>) at net/netlink/genetlink.c:775\n #3 genl_rcv_msg (skb=0xffff88800b1f9f00, nlh=0xffff88800b1b7600, extack=0xffffc90000ba7af0) at net/netlink/genetlink.c:792\n #4 0xffffffff81dfffc3 in netlink_rcv_skb (skb=skb@entry=0xffff88800b1f9f00, cb=cb@entry=0xffffffff81e01350 <genl_rcv_msg>)\n at net/netlink/af_netlink.c:2501\n #5 0xffffffff81e00919 in genl_rcv (skb=0xffff88800b1f9f00) at net/netlink/genetlink.c:803\n #6 0xffffffff81dff6ae in netlink_unicast_kernel (ssk=0xffff888010eec800, skb=0xffff88800b1f9f00, sk=0xffff888004aed000)\n at net/netlink/af_netlink.c:1319\n #7 netlink_unicast (ssk=ssk@entry=0xffff888010eec800, skb=skb@entry=0xffff88800b1f9f00, portid=portid@entry=0, nonblock=<optimized out>)\n at net/netlink/af_netlink.c:1345\n #8 0xffffffff81dff9a4 in netlink_sendmsg (sock=<optimized out>, msg=0xffffc90000ba7e48, len=<optimized out>) at net/netlink/af_netlink.c:1921\n...\n(gdb) p/x ((struct sk_buff *)0xffff88800b1f9f00)->head + ((struct sk_buff *)0xffff88800b1f9f00)->end\n$1 = 0xffff88800b1b76c0\n(gdb) p/x secret\n$2 = 0xffff88800b1b76c0\n(gdb) p slen\n$3 = 64 '@'\n\nThe OOB data can then be read back from userspace by dumping HMAC state. This\ncommit fixes this by ensuring SECRETLEN cannot exceed the actual length of\nSECRET."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2022/CVE-2022-486xx/CVE-2022-48688.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48688",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.783",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during module removal\n\nThe driver incorrectly frees client instance and subsequent\ni40e module removal leads to kernel crash.\n\nReproducer:\n1. Do ethtool offline test followed immediately by another one\nhost# ethtool -t eth0 offline; ethtool -t eth0 offline\n2. Remove recursively irdma module that also removes i40e module\nhost# modprobe -r irdma\n\nResult:\n[ 8675.035651] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.193774] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.201316] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.358921] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.496921] i40e 0000:3d:00.0: IRDMA hardware initialization FAILED init_state=2 status=-110\n[ 8686.188955] i40e 0000:3d:00.1: i40e_ptp_stop: removed PHC on eno2\n[ 8686.943890] i40e 0000:3d:00.1: Deleted LAN device PF1 bus=0x3d dev=0x00 func=0x01\n[ 8686.952669] i40e 0000:3d:00.0: i40e_ptp_stop: removed PHC on eno1\n[ 8687.761787] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[ 8687.768755] #PF: supervisor read access in kernel mode\n[ 8687.773895] #PF: error_code(0x0000) - not-present page\n[ 8687.779034] PGD 0 P4D 0\n[ 8687.781575] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 8687.785935] CPU: 51 PID: 172891 Comm: rmmod Kdump: loaded Tainted: G W I 5.19.0+ #2\n[ 8687.794800] Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.0X.02.0001.051420190324 05/14/2019\n[ 8687.805222] RIP: 0010:i40e_lan_del_device+0x13/0xb0 [i40e]\n[ 8687.810719] Code: d4 84 c0 0f 84 b8 25 01 00 e9 9c 25 01 00 41 bc f4 ff ff ff eb 91 90 0f 1f 44 00 00 41 54 55 53 48 8b 87 58 08 00 00 48 89 fb <48> 8b 68 30 48 89 ef e8 21 8a 0f d5 48 89 ef e8 a9 78 0f d5 48 8b\n[ 8687.829462] RSP: 0018:ffffa604072efce0 EFLAGS: 00010202\n[ 8687.834689] RAX: 0000000000000000 RBX: ffff8f43833b2000 RCX: 0000000000000000\n[ 8687.841821] RDX: 0000000000000000 RSI: ffff8f4b0545b298 RDI: ffff8f43833b2000\n[ 8687.848955] RBP: ffff8f43833b2000 R08: 0000000000000001 R09: 0000000000000000\n[ 8687.856086] R10: 0000000000000000 R11: 000ffffffffff000 R12: ffff8f43833b2ef0\n[ 8687.863218] R13: ffff8f43833b2ef0 R14: ffff915103966000 R15: ffff8f43833b2008\n[ 8687.870342] FS: 00007f79501c3740(0000) GS:ffff8f4adffc0000(0000) knlGS:0000000000000000\n[ 8687.878427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8687.884174] CR2: 0000000000000030 CR3: 000000014276e004 CR4: 00000000007706e0\n[ 8687.891306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8687.898441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8687.905572] PKRU: 55555554\n[ 8687.908286] Call Trace:\n[ 8687.910737] <TASK>\n[ 8687.912843] i40e_remove+0x2c0/0x330 [i40e]\n[ 8687.917040] pci_device_remove+0x33/0xa0\n[ 8687.920962] device_release_driver_internal+0x1aa/0x230\n[ 8687.926188] driver_detach+0x44/0x90\n[ 8687.929770] bus_remove_driver+0x55/0xe0\n[ 8687.933693] pci_unregister_driver+0x2a/0xb0\n[ 8687.937967] i40e_exit_module+0xc/0xf48 [i40e]\n\nTwo offline tests cause IRDMA driver failure (ETIMEDOUT) and this\nfailure is indicated back to i40e_client_subtask() that calls\ni40e_client_del_instance() to free client instance referenced\nby pf->cinst and sets this pointer to NULL. During the module\nremoval i40e_remove() calls i40e_lan_del_device() that dereferences\npf->cinst that is NULL -> crash.\nDo not remove client instance when client open callbacks fails and\njust clear __I40E_CLIENT_INSTANCE_OPENED bit. The driver also needs\nto take care about this situation (when netdev is up and client\nis NOT opened) in i40e_notify_client_of_netdev_close() and\ncalls client close callback only when __I40E_CLIENT_INSTANCE_OPENED\nis set."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ed94383f3a2693dbf5bc47c514b42524bd8f9ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/342d77769a6cceb3df7720a1e18baa4339eee3fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38af35bec59a8431a1eb29da994a0a45cba275d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5332a094514852d5e58c278cf4193adb937337fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c49f320e2492738d478bc427dcd54ccfe0cba746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb8396aeda5872369a8ed6d2301e2c86e303c520",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-486xx/CVE-2022-48689.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48689",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.833",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: TX zerocopy should not sense pfmemalloc status\n\nWe got a recent syzbot report [1] showing a possible misuse\nof pfmemalloc page status in TCP zerocopy paths.\n\nIndeed, for pages coming from user space or other layers,\nusing page_is_pfmemalloc() is moot, and possibly could give\nfalse positives.\n\nThere has been attempts to make page_is_pfmemalloc() more robust,\nbut not using it in the first place in this context is probably better,\nremoving cpu cycles.\n\nNote to stable teams :\n\nYou need to backport 84ce071e38a6 (\"net: introduce\n__skb_fill_page_desc_noacc\") as a prereq.\n\nRace is more probable after commit c07aea3ef4d4\n(\"mm: add a signature in struct page\") because page_is_pfmemalloc()\nis now using low order bit from page->lru.next, which can change\nmore often than page->index.\n\nLow order bit should never be set for lru.next (when used as an anchor\nin LRU list), so KCSAN report is mostly a false positive.\n\nBackporting to older kernel versions seems not necessary.\n\n[1]\nBUG: KCSAN: data-race in lru_add_fn / tcp_build_frag\n\nwrite to 0xffffea0004a1d2c8 of 8 bytes by task 18600 on cpu 0:\n__list_add include/linux/list.h:73 [inline]\nlist_add include/linux/list.h:88 [inline]\nlruvec_add_folio include/linux/mm_inline.h:105 [inline]\nlru_add_fn+0x440/0x520 mm/swap.c:228\nfolio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246\nfolio_batch_add_and_move mm/swap.c:263 [inline]\nfolio_add_lru+0xf1/0x140 mm/swap.c:490\nfilemap_add_folio+0xf8/0x150 mm/filemap.c:948\n__filemap_get_folio+0x510/0x6d0 mm/filemap.c:1981\npagecache_get_page+0x26/0x190 mm/folio-compat.c:104\ngrab_cache_page_write_begin+0x2a/0x30 mm/folio-compat.c:116\next4_da_write_begin+0x2dd/0x5f0 fs/ext4/inode.c:2988\ngeneric_perform_write+0x1d4/0x3f0 mm/filemap.c:3738\next4_buffered_write_iter+0x235/0x3e0 fs/ext4/file.c:270\next4_file_write_iter+0x2e3/0x1210\ncall_write_iter include/linux/fs.h:2187 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x468/0x760 fs/read_write.c:578\nksys_write+0xe8/0x1a0 fs/read_write.c:631\n__do_sys_write fs/read_write.c:643 [inline]\n__se_sys_write fs/read_write.c:640 [inline]\n__x64_sys_write+0x3e/0x50 fs/read_write.c:640\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffffea0004a1d2c8 of 8 bytes by task 18611 on cpu 1:\npage_is_pfmemalloc include/linux/mm.h:1740 [inline]\n__skb_fill_page_desc include/linux/skbuff.h:2422 [inline]\nskb_fill_page_desc include/linux/skbuff.h:2443 [inline]\ntcp_build_frag+0x613/0xb20 net/ipv4/tcp.c:1018\ndo_tcp_sendpages+0x3e8/0xaf0 net/ipv4/tcp.c:1075\ntcp_sendpage_locked net/ipv4/tcp.c:1140 [inline]\ntcp_sendpage+0x89/0xb0 net/ipv4/tcp.c:1150\ninet_sendpage+0x7f/0xc0 net/ipv4/af_inet.c:833\nkernel_sendpage+0x184/0x300 net/socket.c:3561\nsock_sendpage+0x5a/0x70 net/socket.c:1054\npipe_to_sendpage+0x128/0x160 fs/splice.c:361\nsplice_from_pipe_feed fs/splice.c:415 [inline]\n__splice_from_pipe+0x222/0x4d0 fs/splice.c:559\nsplice_from_pipe fs/splice.c:594 [inline]\ngeneric_splice_sendpage+0x89/0xc0 fs/splice.c:743\ndo_splice_from fs/splice.c:764 [inline]\ndirect_splice_actor+0x80/0xa0 fs/splice.c:931\nsplice_direct_to_actor+0x305/0x620 fs/splice.c:886\ndo_splice_direct+0xfb/0x180 fs/splice.c:974\ndo_sendfile+0x3bf/0x910 fs/read_write.c:1249\n__do_sys_sendfile64 fs/read_write.c:1317 [inline]\n__se_sys_sendfile64 fs/read_write.c:1303 [inline]\n__x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1303\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x0000000000000000 -> 0xffffea0004a1d288\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 18611 Comm: syz-executor.4 Not tainted 6.0.0-rc2-syzkaller-00248-ge022620b5d05-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3261400639463a853ba2b3be8bd009c2a8089775",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6730c48ed6b0cd939fc9b30b2d621ce0b89bea83",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8527c9a6bf8e54fef0a8d3d7d8874a48c725c915",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-486xx/CVE-2022-48691.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48691",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.887",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: clean up hook list when offload flags check fails\n\nsplice back the hook list so nft_chain_release_hook() has a chance to\nrelease the hooks.\n\nBUG: memory leak\nunreferenced object 0xffff88810180b100 (size 96):\n comm \"syz-executor133\", pid 3619, jiffies 4294945714 (age 12.690s)\n hex dump (first 32 bytes):\n 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#.....\n 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................\n backtrace:\n [<ffffffff83a8c59b>] kmalloc include/linux/slab.h:600 [inline]\n [<ffffffff83a8c59b>] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901\n [<ffffffff83a9239a>] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline]\n [<ffffffff83a9239a>] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073\n [<ffffffff83a9b14b>] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218\n [<ffffffff83a9c41b>] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593\n [<ffffffff83a3d6a6>] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517\n [<ffffffff83a3db79>] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline]\n [<ffffffff83a3db79>] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656\n [<ffffffff83a13b17>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n [<ffffffff83a13b17>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n [<ffffffff83a13fd6>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n [<ffffffff83865ab6>] sock_sendmsg_nosec net/socket.c:714 [inline]\n [<ffffffff83865ab6>] sock_sendmsg+0x56/0x80 net/socket.c:734\n [<ffffffff8386601c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482\n [<ffffffff8386a918>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536\n [<ffffffff8386aaa8>] __sys_sendmsg+0x88/0x100 net/socket.c:2565\n [<ffffffff845e5955>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [<ffffffff845e5955>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ce55ec5cb7c573c983dffbe290b8d17caf1f157",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/77972a36ecc4db7fc7c68f0e80714263c5f03f65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/910891a2a44cdc49efcc4fe7459c1085ba00d0f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94ed8eeb8d9aeb00e4f4e19b83a2e28b6442fbc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2022/CVE-2022-486xx/CVE-2022-48692.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-48692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.943",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Set scmnd->result only when scmnd is not NULL\n\nThis change fixes the following kernel NULL pointer dereference\nwhich is reproduced by blktests srp/007 occasionally.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000170\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014\nWorkqueue: 0x0 (kblockd)\nRIP: 0010:srp_recv_done+0x176/0x500 [ib_srp]\nCode: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9\nRSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282\nRAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000\nRDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff\nRBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001\nR10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000\nR13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0\nCall Trace:\n <IRQ>\n __ib_process_cq+0xb7/0x280 [ib_core]\n ib_poll_handler+0x2b/0x130 [ib_core]\n irq_poll_softirq+0x93/0x150\n __do_softirq+0xee/0x4b8\n irq_exit_rcu+0xf7/0x130\n sysvec_apic_timer_interrupt+0x8e/0xc0\n </IRQ>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2022/CVE-2022-486xx/CVE-2022-48693.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48693",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:07.990",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2022/CVE-2022-486xx/CVE-2022-48694.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2022-48694",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-03T15:15:08.040",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix drain SQ hang with no completion\n\nSW generated completions for outstanding WRs posted on SQ\nafter QP is in error target the wrong CQ. This causes the\nib_drain_sq to hang with no completion.\n\nFix this to generate completions on the right CQ.\n\n[ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds.\n[ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1\n[ 863.986588] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 863.996997] task:kworker/u52:2 state:D stack: 0 pid: 671 ppid: 2 flags:0x00004000\n[ 864.007272] Workqueue: xprtiod xprt_autoclose [sunrpc]\n[ 864.014056] Call Trace:\n[ 864.017575] __schedule+0x206/0x580\n[ 864.022296] schedule+0x43/0xa0\n[ 864.026736] schedule_timeout+0x115/0x150\n[ 864.032185] __wait_for_common+0x93/0x1d0\n[ 864.037717] ? usleep_range_state+0x90/0x90\n[ 864.043368] __ib_drain_sq+0xf6/0x170 [ib_core]\n[ 864.049371] ? __rdma_block_iter_next+0x80/0x80 [ib_core]\n[ 864.056240] ib_drain_sq+0x66/0x70 [ib_core]\n[ 864.062003] rpcrdma_xprt_disconnect+0x82/0x3b0 [rpcrdma]\n[ 864.069365] ? xprt_prepare_transmit+0x5d/0xc0 [sunrpc]\n[ 864.076386] xprt_rdma_close+0xe/0x30 [rpcrdma]\n[ 864.082593] xprt_autoclose+0x52/0x100 [sunrpc]\n[ 864.088718] process_one_work+0x1e8/0x3c0\n[ 864.094170] worker_thread+0x50/0x3b0\n[ 864.099109] ? rescuer_thread+0x370/0x370\n[ 864.104473] kthread+0x149/0x170\n[ 864.109022] ? set_kthread_struct+0x40/0x40\n[ 864.114713] ret_from_fork+0x22/0x30"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/14d148401c5202fec3a071e24785481d540b22c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5becc531a3fa8da75158a8993f56cc3e0717716e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ead54ced6321099978d30d62dc49c282a6e70574",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41816.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41816",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:08.163",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178874",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41817.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41817",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:08.390",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178875",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41818.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41818",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:08.580",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-921"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178876",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41819.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41819",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:08.777",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178877",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41820.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41820",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:08.970",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178878",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41821.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41821",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:09.160",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178879",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41822.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41822",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:09.347",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178704",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41823.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41823",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:09.540",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178705",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41824.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41824",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:09.733",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178865",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41825.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41825",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:09.923",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178866",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41826.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41826",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:10.120",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178703",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41828.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41828",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:10.310",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.\u00a0\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178701",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2023/CVE-2023-418xx/CVE-2023-41830.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41830",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:10.517",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178702",
"source": "psirt@lenovo.com"
}
]
}

32
CVE-2023/CVE-2023-63xx/CVE-2023-6363.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6363",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-05-03T14:15:10.730",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\nThis issue affects Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
}
]
}

32
CVE-2024/CVE-2024-10xx/CVE-2024-1067.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-1067",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-05-03T14:15:10.813",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations.\u00a0On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.\nThis issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
}
]
}

32
CVE-2024/CVE-2024-13xx/CVE-2024-1395.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-1395",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-05-03T14:15:10.883",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\nThis issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
}
]
}

4
CVE-2024/CVE-2024-24xx/CVE-2024-2410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2410",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-05-03T13:15:21.700",
"lastModified": "2024-05-03T13:15:21.700",
"vulnStatus": "Received",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-294xx/CVE-2024-29417.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-29417",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T15:15:08.103",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-31xx/CVE-2024-3108.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3108",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:10.957",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn implicit intent vulnerability was reported for Motorola\u2019s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.\u00a0\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178863",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2024/CVE-2024-31xx/CVE-2024-3109.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3109",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T14:15:11.157",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178863",
"source": "psirt@lenovo.com"
}
]
}

4
CVE-2024/CVE-2024-337xx/CVE-2024-33786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33786",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T13:15:21.983",
"lastModified": "2024-05-03T13:15:21.983",
"vulnStatus": "Received",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-337xx/CVE-2024-33787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33787",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T13:15:22.060",
"lastModified": "2024-05-03T13:15:22.060",
"vulnStatus": "Received",
"lastModified": "2024-05-03T14:17:53.690",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

28
CVE-2024/CVE-2024-338xx/CVE-2024-33844.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-33844",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T15:15:08.157",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE."
}
],
"metrics": {},
"references": [
{
"url": "http://anafi.com",
"source": "cve@mitre.org"
},
{
"url": "http://nvd-cwe-other.com",
"source": "cve@mitre.org"
},
{
"url": "https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501",
"source": "cve@mitre.org"
}
]
}

36
CVE-2024/CVE-2024-344xx/CVE-2024-34446.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-34446",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-03T15:15:08.210",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mullvad/mullvadvpn-app/blob/main/CHANGELOG.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mullvad/mullvadvpn-app/commit/0c39306a40f426853d617e20d596942e41091f13",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/mullvad/mullvadvpn-app/tags",
"source": "cve@mitre.org"
},
{
"url": "https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=40247604",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-34xx/CVE-2024-3479.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3479",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T15:15:08.270",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nAn improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178947",
"source": "psirt@lenovo.com"
}
]
}

55
CVE-2024/CVE-2024-34xx/CVE-2024-3480.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3480",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-05-03T15:15:08.450",
"lastModified": "2024-05-03T15:32:19.637",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-927"
}
]
}
],
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178948",
"source": "psirt@lenovo.com"
}
]
}

67
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-03T14:00:40.918594+00:00
2024-05-03T16:00:38.407154+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-03T13:15:22.060000+00:00
2024-05-03T15:32:19.637000+00:00
```
### Last Data Feed Release
@ -33,48 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
248507
248544
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `37`
- [CVE-2024-2410](CVE-2024/CVE-2024-24xx/CVE-2024-2410.json) (`2024-05-03T13:15:21.700`)
- [CVE-2024-33786](CVE-2024/CVE-2024-337xx/CVE-2024-33786.json) (`2024-05-03T13:15:21.983`)
- [CVE-2024-33787](CVE-2024/CVE-2024-337xx/CVE-2024-33787.json) (`2024-05-03T13:15:22.060`)
- [CVE-2024-4466](CVE-2024/CVE-2024-44xx/CVE-2024-4466.json) (`2024-05-03T12:15:12.160`)
- [CVE-2022-48693](CVE-2022/CVE-2022-486xx/CVE-2022-48693.json) (`2024-05-03T15:15:07.990`)
- [CVE-2022-48694](CVE-2022/CVE-2022-486xx/CVE-2022-48694.json) (`2024-05-03T15:15:08.040`)
- [CVE-2023-41816](CVE-2023/CVE-2023-418xx/CVE-2023-41816.json) (`2024-05-03T14:15:08.163`)
- [CVE-2023-41817](CVE-2023/CVE-2023-418xx/CVE-2023-41817.json) (`2024-05-03T14:15:08.390`)
- [CVE-2023-41818](CVE-2023/CVE-2023-418xx/CVE-2023-41818.json) (`2024-05-03T14:15:08.580`)
- [CVE-2023-41819](CVE-2023/CVE-2023-418xx/CVE-2023-41819.json) (`2024-05-03T14:15:08.777`)
- [CVE-2023-41820](CVE-2023/CVE-2023-418xx/CVE-2023-41820.json) (`2024-05-03T14:15:08.970`)
- [CVE-2023-41821](CVE-2023/CVE-2023-418xx/CVE-2023-41821.json) (`2024-05-03T14:15:09.160`)
- [CVE-2023-41822](CVE-2023/CVE-2023-418xx/CVE-2023-41822.json) (`2024-05-03T14:15:09.347`)
- [CVE-2023-41823](CVE-2023/CVE-2023-418xx/CVE-2023-41823.json) (`2024-05-03T14:15:09.540`)
- [CVE-2023-41824](CVE-2023/CVE-2023-418xx/CVE-2023-41824.json) (`2024-05-03T14:15:09.733`)
- [CVE-2023-41825](CVE-2023/CVE-2023-418xx/CVE-2023-41825.json) (`2024-05-03T14:15:09.923`)
- [CVE-2023-41826](CVE-2023/CVE-2023-418xx/CVE-2023-41826.json) (`2024-05-03T14:15:10.120`)
- [CVE-2023-41828](CVE-2023/CVE-2023-418xx/CVE-2023-41828.json) (`2024-05-03T14:15:10.310`)
- [CVE-2023-41830](CVE-2023/CVE-2023-418xx/CVE-2023-41830.json) (`2024-05-03T14:15:10.517`)
- [CVE-2023-6363](CVE-2023/CVE-2023-63xx/CVE-2023-6363.json) (`2024-05-03T14:15:10.730`)
- [CVE-2024-1067](CVE-2024/CVE-2024-10xx/CVE-2024-1067.json) (`2024-05-03T14:15:10.813`)
- [CVE-2024-1395](CVE-2024/CVE-2024-13xx/CVE-2024-1395.json) (`2024-05-03T14:15:10.883`)
- [CVE-2024-29417](CVE-2024/CVE-2024-294xx/CVE-2024-29417.json) (`2024-05-03T15:15:08.103`)
- [CVE-2024-3108](CVE-2024/CVE-2024-31xx/CVE-2024-3108.json) (`2024-05-03T14:15:10.957`)
- [CVE-2024-3109](CVE-2024/CVE-2024-31xx/CVE-2024-3109.json) (`2024-05-03T14:15:11.157`)
- [CVE-2024-33844](CVE-2024/CVE-2024-338xx/CVE-2024-33844.json) (`2024-05-03T15:15:08.157`)
- [CVE-2024-34446](CVE-2024/CVE-2024-344xx/CVE-2024-34446.json) (`2024-05-03T15:15:08.210`)
- [CVE-2024-3479](CVE-2024/CVE-2024-34xx/CVE-2024-3479.json) (`2024-05-03T15:15:08.270`)
- [CVE-2024-3480](CVE-2024/CVE-2024-34xx/CVE-2024-3480.json) (`2024-05-03T15:15:08.450`)
### CVEs modified in the last Commit
Recently modified CVEs: `793`
Recently modified CVEs: `3`
- [CVE-2024-33947](CVE-2024/CVE-2024-339xx/CVE-2024-33947.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-34031](CVE-2024/CVE-2024-340xx/CVE-2024-34031.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34032](CVE-2024/CVE-2024-340xx/CVE-2024-34032.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34033](CVE-2024/CVE-2024-340xx/CVE-2024-34033.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34062](CVE-2024/CVE-2024-340xx/CVE-2024-34062.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-34063](CVE-2024/CVE-2024-340xx/CVE-2024-34063.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-34072](CVE-2024/CVE-2024-340xx/CVE-2024-34072.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-34073](CVE-2024/CVE-2024-340xx/CVE-2024-34073.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-34391](CVE-2024/CVE-2024-343xx/CVE-2024-34391.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34392](CVE-2024/CVE-2024-343xx/CVE-2024-34392.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34393](CVE-2024/CVE-2024-343xx/CVE-2024-34393.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34394](CVE-2024/CVE-2024-343xx/CVE-2024-34394.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34401](CVE-2024/CVE-2024-344xx/CVE-2024-34401.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34402](CVE-2024/CVE-2024-344xx/CVE-2024-34402.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34403](CVE-2024/CVE-2024-344xx/CVE-2024-34403.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34404](CVE-2024/CVE-2024-344xx/CVE-2024-34404.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-34408](CVE-2024/CVE-2024-344xx/CVE-2024-34408.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-3637](CVE-2024/CVE-2024-36xx/CVE-2024-3637.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-3692](CVE-2024/CVE-2024-36xx/CVE-2024-3692.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-3703](CVE-2024/CVE-2024-37xx/CVE-2024-3703.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-4140](CVE-2024/CVE-2024-41xx/CVE-2024-4140.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-4215](CVE-2024/CVE-2024-42xx/CVE-2024-4215.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-4216](CVE-2024/CVE-2024-42xx/CVE-2024-4216.json) (`2024-05-03T12:50:34.250`)
- [CVE-2024-4439](CVE-2024/CVE-2024-44xx/CVE-2024-4439.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-4461](CVE-2024/CVE-2024-44xx/CVE-2024-4461.json) (`2024-05-03T12:48:41.067`)
- [CVE-2024-2410](CVE-2024/CVE-2024-24xx/CVE-2024-2410.json) (`2024-05-03T14:17:53.690`)
- [CVE-2024-33786](CVE-2024/CVE-2024-337xx/CVE-2024-33786.json) (`2024-05-03T14:17:53.690`)
- [CVE-2024-33787](CVE-2024/CVE-2024-337xx/CVE-2024-33787.json) (`2024-05-03T14:17:53.690`)
## Download and Usage

1631
_state.csv
View File

File diff suppressed because it is too large Load Diff