admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 10:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-21T02:00:18.731812+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-21 02:03:14 +00:00
parent d4651fbcd5
commit c91693dc4a
590 changed files with 2603 additions and 824 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2006/CVE-2006-15xx/CVE-2006-1547.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2006-03-30T22:02:00.000",
"lastModified": "2017-07-20T01:30:41.647",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-21",
"cisaActionDue": "2022-07-21",

2
CVE-2010/CVE-2010-02xx/CVE-2010-0232.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2010-01-21T19:30:00.900",
"lastModified": "2023-12-07T18:38:56.693",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2011/CVE-2011-18xx/CVE-2011-1889.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2011-06-16T20:55:02.543",
"lastModified": "2018-10-12T22:01:05.957",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2011/CVE-2011-35xx/CVE-2011-3544.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2011-10-19T21:55:01.097",
"lastModified": "2018-01-06T02:29:19.410",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2013/CVE-2013-33xx/CVE-2013-3346.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@adobe.com",
"published": "2013-08-30T20:55:06.230",
"lastModified": "2017-09-19T01:36:40.247",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2013/CVE-2013-39xx/CVE-2013-3906.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2013-11-06T15:55:05.860",
"lastModified": "2023-12-07T18:38:56.693",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-15",
"cisaActionDue": "2022-08-15",

2
CVE-2013/CVE-2013-50xx/CVE-2013-5065.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2013-11-28T00:55:04.677",
"lastModified": "2018-10-12T22:05:24.417",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"evaluatorComment": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms14-002\n\n\"This security update also addresses the vulnerability first described in Microsoft Security Advisory 2814486.\"",
"cisaExploitAdd": "2022-03-03",

2
CVE-2014/CVE-2014-17xx/CVE-2014-1761.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2014-03-25T13:24:01.067",
"lastModified": "2018-10-30T16:27:52.390",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-15",
"cisaActionDue": "2022-08-15",

2
CVE-2014/CVE-2014-17xx/CVE-2014-1776.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2014-04-27T10:55:03.340",
"lastModified": "2018-10-12T22:06:04.047",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-28",
"cisaActionDue": "2022-07-28",

2
CVE-2014/CVE-2014-44xx/CVE-2014-4404.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "product-security@apple.com",
"published": "2014-09-18T10:55:09.827",
"lastModified": "2019-03-08T16:06:31.107",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2014/CVE-2014-62xx/CVE-2014-6271.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@debian.org",
"published": "2014-09-24T18:48:04.477",
"lastModified": "2021-11-17T22:15:35.810",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-28",
"cisaActionDue": "2022-07-28",

2
CVE-2014/CVE-2014-63xx/CVE-2014-6352.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2014-10-22T14:55:06.247",
"lastModified": "2018-10-12T22:07:43.067",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-25",
"cisaActionDue": "2022-08-25",

2
CVE-2014/CVE-2014-71xx/CVE-2014-7169.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2014-09-25T01:55:04.367",
"lastModified": "2021-11-17T22:15:37.063",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-28",
"cisaActionDue": "2022-07-28",

2
CVE-2015/CVE-2015-20xx/CVE-2015-2051.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2015-02-23T17:59:08.320",
"lastModified": "2024-07-03T01:35:16.440",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2015/CVE-2015-49xx/CVE-2015-4902.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2015-10-22T00:00:03.093",
"lastModified": "2022-05-13T14:38:26.663",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2015/CVE-2015-74xx/CVE-2015-7450.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2016-01-02T21:59:15.800",
"lastModified": "2017-09-08T01:29:50.763",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",

2
CVE-2016/CVE-2016-00xx/CVE-2016-0099.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2016-03-09T11:59:09.590",
"lastModified": "2018-10-12T22:11:03.800",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2016/CVE-2016-30xx/CVE-2016-3088.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert@redhat.com",
"published": "2016-06-01T20:59:04.123",
"lastModified": "2023-11-07T02:32:07.937",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2016/CVE-2016-51xx/CVE-2016-5195.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2016-11-10T21:59:00.197",
"lastModified": "2023-11-07T02:33:23.770",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2016/CVE-2016-71xx/CVE-2016-7193.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2016-10-14T02:59:38.013",
"lastModified": "2018-10-12T22:14:06.967",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2016/CVE-2016-85xx/CVE-2016-8562.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2016-11-18T21:59:02.033",
"lastModified": "2022-04-12T10:15:09.537",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-00xx/CVE-2017-0001.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-03-17T00:59:00.167",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-01xx/CVE-2017-0144.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-03-17T00:59:04.010",
"lastModified": "2018-06-21T01:29:00.433",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2017/CVE-2017-01xx/CVE-2017-0145.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-03-17T00:59:04.040",
"lastModified": "2018-06-21T01:29:00.510",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2017/CVE-2017-02xx/CVE-2017-0222.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-05-12T14:29:02.143",
"lastModified": "2017-07-08T01:29:03.287",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-25",
"cisaActionDue": "2022-08-25",

2
CVE-2017/CVE-2017-02xx/CVE-2017-0263.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-05-12T14:29:05.097",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2017/CVE-2017-102xx/CVE-2017-10271.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2017-10-19T17:29:01.747",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-08-10",

2
CVE-2017/CVE-2017-67xx/CVE-2017-6736.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2017-07-17T21:29:00.213",
"lastModified": "2018-01-08T02:29:00.690",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-67xx/CVE-2017-6737.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2017-07-17T21:29:00.243",
"lastModified": "2019-10-09T23:28:58.450",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-67xx/CVE-2017-6738.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2017-07-17T21:29:00.290",
"lastModified": "2019-10-09T23:28:59.107",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-67xx/CVE-2017-6739.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2017-07-17T21:29:00.337",
"lastModified": "2019-10-09T23:28:59.687",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2017/CVE-2017-85xx/CVE-2017-8540.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-05-26T20:29:00.427",
"lastModified": "2017-08-13T01:29:22.163",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-24",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0167.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:00.907",
"lastModified": "2019-10-09T23:31:22.237",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0173.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:01.170",
"lastModified": "2019-10-09T23:31:22.940",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0174.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:01.233",
"lastModified": "2019-10-09T23:31:23.190",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0175.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:01.280",
"lastModified": "2019-10-09T23:31:23.347",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0179.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:01.467",
"lastModified": "2019-10-09T23:31:23.817",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-01xx/CVE-2018-0180.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-03-28T22:29:01.547",
"lastModified": "2019-10-09T23:31:24.037",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2018/CVE-2018-133xx/CVE-2018-13382.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@fortinet.com",
"published": "2019-06-04T21:29:00.373",
"lastModified": "2021-06-03T11:15:08.413",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",

2
CVE-2018/CVE-2018-202xx/CVE-2018-20250.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@checkpoint.com",
"published": "2019-02-05T20:29:00.243",
"lastModified": "2019-10-09T23:39:36.057",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-15",
"cisaActionDue": "2022-08-15",

2
CVE-2018/CVE-2018-84xx/CVE-2018-8453.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2018-10-10T13:29:02.557",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-21",
"cisaActionDue": "2022-07-21",

2
CVE-2019/CVE-2019-15xx/CVE-2019-1579.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2019-07-19T22:15:11.557",
"lastModified": "2020-08-24T17:37:01.140",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",

4
CVE-2019/CVE-2019-166xx/CVE-2019-16638.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en la puerta de enlace de la serie Ruijie EG-2000. Un atacante puede volcar f\u00e1cilmente las contrase\u00f1as almacenadas en texto plano en /data/config.text con XOR simples. Esto afecta a EG-2000SE EG_RGOS 11.1(1)B1."
}
],
"metrics": {},

4
CVE-2019/CVE-2019-166xx/CVE-2019-16639.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en la puerta de enlace de la serie Ruijie EG-2000. Hay una interfaz API newcli.php sin control de acceso, que puede permitir a un atacante (que solo tiene acceso a la interfaz web) usar comandos TELNET y/o mostrar contrase\u00f1as de administrador a trav\u00e9s de la subcadena mode_url=exec&command=. Esto afecta a EG-2000SE EG_RGOS 11.9 B11P1."
}
],
"metrics": {},

4
CVE-2019/CVE-2019-166xx/CVE-2019-16640.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en upload.php en la puerta de enlace de la serie Ruijie EG-2000. Un par\u00e1metro pasado a la clase UploadFile est\u00e1 mal manejado (%00 y /var/./html no est\u00e1n marcados), lo que puede permitir a un atacante cargar cualquier archivo en la puerta de enlace. Esto afecta a EG-2000SE EG_RGOS 11.9 B11P1."
}
],
"metrics": {},

4
CVE-2019/CVE-2019-166xx/CVE-2019-16641.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en la puerta de enlace de la serie Ruijie EG-2000. Hay un desbordamiento del b\u00fafer en client.so. En consecuencia, un atacante puede utilizar login.php para iniciar sesi\u00f3n en cualquier cuenta, sin proporcionar su contrase\u00f1a. Esto afecta a EG-2000SE EG_RGOS 11.1(1)B1."
}
],
"metrics": {},

2
CVE-2019/CVE-2019-169xx/CVE-2019-16928.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-27T21:15:10.017",
"lastModified": "2023-11-07T03:06:03.593",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

4
CVE-2019/CVE-2019-251xx/CVE-2019-25154.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "La implementaci\u00f3n inadecuada en iframe en Google Chrome anterior a 77.0.3865.75 permit\u00eda a un atacante remoto realizar potencialmente un escape de la sandbox a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},

2
CVE-2019/CVE-2019-76xx/CVE-2019-7609.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "bressers@elastic.co",
"published": "2019-03-25T19:29:02.147",
"lastModified": "2023-09-08T23:15:07.477",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",

2
CVE-2019/CVE-2019-96xx/CVE-2019-9670.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2019-05-29T22:29:01.507",
"lastModified": "2021-06-26T13:15:07.523",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-10",
"cisaActionDue": "2022-07-10",

2
CVE-2020/CVE-2020-07xx/CVE-2020-0787.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-03-12T16:15:15.203",
"lastModified": "2022-07-12T17:42:04.277",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-28",
"cisaActionDue": "2022-07-28",

2
CVE-2020/CVE-2020-118xx/CVE-2020-11899.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2020-06-17T11:15:10.210",
"lastModified": "2022-07-10T21:15:10.760",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2020/CVE-2020-119xx/CVE-2020-11978.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2020-07-17T00:15:10.337",
"lastModified": "2023-09-19T18:15:16.607",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-07-18",

2
CVE-2020/CVE-2020-136xx/CVE-2020-13671.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "mlhess@drupal.org",
"published": "2020-11-20T16:15:15.433",
"lastModified": "2023-11-07T03:16:47.453",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-07-18",

2
CVE-2020/CVE-2020-19xx/CVE-2020-1938.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@apache.org",
"published": "2020-02-24T22:15:12.057",
"lastModified": "2023-11-07T03:19:36.830",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

4
CVE-2020/CVE-2020-258xx/CVE-2020-25836.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Exposure of Sensitive Information\nto an Unauthorized Access vulnerability in OpenText NetIQ Directory and\nResource Administrator. This issue affects NetIQ Directory and Resource\nAdministrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10."
},
{
"lang": "es",
"value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de acceso no autorizado en el administrador de recursos y directorio de OpenText NetIQ. Este problema afecta a las versiones de NetIQ Directory y Resource Administrator anteriores a la 10.0.2 y anteriores a la 9.2.1, parche 10."
}
],
"metrics": {

4
CVE-2020/CVE-2020-367xx/CVE-2020-36765.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n insuficiente de pol\u00edticas en la navegaci\u00f3n en Google Chrome antes de la versi\u00f3n 85.0.4183.83 permiti\u00f3 que un atacante remoto filtrara datos de or\u00edgenes cruzados a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},

2
CVE-2021/CVE-2021-213xx/CVE-2021-21315.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-02-16T17:15:13.050",
"lastModified": "2023-11-07T03:29:47.047",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-02-01",

2
CVE-2021/CVE-2021-252xx/CVE-2021-25296.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-15T13:15:12.683",
"lastModified": "2023-08-08T14:21:49.707",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-02-01",

2
CVE-2021/CVE-2021-252xx/CVE-2021-25297.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-15T13:15:12.793",
"lastModified": "2023-08-08T14:21:49.707",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-02-01",

2
CVE-2021/CVE-2021-252xx/CVE-2021-25298.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "cve@mitre.org",
"published": "2021-02-15T13:15:12.857",
"lastModified": "2023-08-08T14:21:49.707",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-02-01",

2
CVE-2021/CVE-2021-337xx/CVE-2021-33766.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-07-14T18:15:10.380",
"lastModified": "2023-12-28T23:15:20.547",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-01-18",
"cisaActionDue": "2022-02-01",

2
CVE-2021/CVE-2021-369xx/CVE-2021-36934.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-07-22T07:15:11.013",
"lastModified": "2023-12-28T23:15:43.247",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-10",
"cisaActionDue": "2022-02-24",

2
CVE-2021/CVE-2021-413xx/CVE-2021-41379.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-11-10T01:19:32.127",
"lastModified": "2023-12-28T16:15:54.133",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

4
CVE-2021/CVE-2021-476xx/CVE-2021-47622.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: Fix a deadlock in the error handler\n\nThe following deadlock has been observed on a test setup:\n\n - All tags allocated\n\n - The SCSI error handler calls ufshcd_eh_host_reset_handler()\n\n - ufshcd_eh_host_reset_handler() queues work that calls\n ufshcd_err_handler()\n\n - ufshcd_err_handler() locks up as follows:\n\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt\nCall trace:\n __switch_to+0x298/0x5d8\n __schedule+0x6cc/0xa94\n schedule+0x12c/0x298\n blk_mq_get_tag+0x210/0x480\n __blk_mq_alloc_request+0x1c8/0x284\n blk_get_request+0x74/0x134\n ufshcd_exec_dev_cmd+0x68/0x640\n ufshcd_verify_dev_init+0x68/0x35c\n ufshcd_probe_hba+0x12c/0x1cb8\n ufshcd_host_reset_and_restore+0x88/0x254\n ufshcd_reset_and_restore+0xd0/0x354\n ufshcd_err_handler+0x408/0xc58\n process_one_work+0x24c/0x66c\n worker_thread+0x3e8/0xa4c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nFix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved\nrequest."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: ufs: corrige un punto muerto en el controlador de errores Se ha observado el siguiente punto muerto en una configuraci\u00f3n de prueba: - Todas las etiquetas asignadas - El controlador de errores SCSI llama a ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler( ) las colas funcionan que llaman a ufshcd_err_handler() - ufshcd_err_handler() se bloquea de la siguiente manera: Cola de trabajo: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Rastreo de llamadas: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 Schedule+0x12c/0x298 get_tag+0x210/0x480 __blk_mq_alloc_request+0x1c8/ 0x284 blk_get_request+0x74/0x134 ufshcd_exec_dev_cmd+0x68/0x640 ufshcd_verify_dev_init+0x68/0x35c ufshcd_probe_hba+0x12c/0x1cb8 ufshcd_host_reset_and_restore+0x88/0x254 _reset_and_restore+0xd0/0x354 ufshcd_err_handler+0x408/0xc58 proceso_one_work+0x24c/0x66c trabajador_thread+0x3e8/0xa4c kthread+0x150/ 0x1b4 ret_from_fork+0x10/0x30 Solucione este bloqueo haciendo que ufshcd_exec_dev_cmd() asigne una solicitud reservada."
}
],
"metrics": {},

4
CVE-2021/CVE-2021-476xx/CVE-2021-47623.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fixmap: Fix VM debug warning on unmap\n\nUnmapping a fixmap entry is done by calling __set_fixmap()\nwith FIXMAP_PAGE_CLEAR as flags.\n\nToday, powerpc __set_fixmap() calls map_kernel_page().\n\nmap_kernel_page() is not happy when called a second time\nfor the same page.\n\n\tWARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8\n\tCPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty #682\n\tNIP: c0017cd4 LR: c00187f0 CTR: 00000010\n\tREGS: e1011d50 TRAP: 0700 Not tainted (5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty)\n\tMSR: 00029032 <EE,ME,IR,DR,RI> CR: 42000208 XER: 00000000\n\n\tGPR00: c0165fec e1011e10 c14c0000 c0ee2550 ff800000 c0f3d000 00000000 c001686c\n\tGPR08: 00001000 b00045a9 00000001 c0f58460 c0f50000 00000000 c0007e10 00000000\n\tGPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\n\tGPR24: 00000000 00000000 c0ee2550 00000000 c0f57000 00000ff8 00000000 ff800000\n\tNIP [c0017cd4] set_pte_at+0xc/0x1e8\n\tLR [c00187f0] map_kernel_page+0x9c/0x100\n\tCall Trace:\n\t[e1011e10] [c0736c68] vsnprintf+0x358/0x6c8 (unreliable)\n\t[e1011e30] [c0165fec] __set_fixmap+0x30/0x44\n\t[e1011e40] [c0c13bdc] early_iounmap+0x11c/0x170\n\t[e1011e70] [c0c06cb0] ioremap_legacy_serial_console+0x88/0xc0\n\t[e1011e90] [c0c03634] do_one_initcall+0x80/0x178\n\t[e1011ef0] [c0c0385c] kernel_init_freeable+0xb4/0x250\n\t[e1011f20] [c0007e34] kernel_init+0x24/0x140\n\t[e1011f30] [c0016268] ret_from_kernel_thread+0x5c/0x64\n\tInstruction dump:\n\t7fe3fb78 48019689 80010014 7c630034 83e1000c 5463d97e 7c0803a6 38210010\n\t4e800020 81250000 712a0001 41820008 <0fe00000> 9421ffe0 93e1001c 48000030\n\nImplement unmap_kernel_page() which clears an existing pte."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/fixmap: corrige la advertencia de depuraci\u00f3n de VM al desasignar La desasignaci\u00f3n de una entrada de fixmap se realiza llamando a __set_fixmap() con FIXMAP_PAGE_CLEAR como indicadores. Hoy, powerpc __set_fixmap() llama a map_kernel_page(). map_kernel_page() no est\u00e1 contento cuando se le llama por segunda vez para la misma p\u00e1gina. ADVERTENCIA: CPU: 0 PID: 1 en arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8 CPU: 0 PID: 1 Comm: swapper No contaminado 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d- sucio #682 NIP: c0017cd4 LR: c00187f0 CTR: 00000010 REGS: e1011d50 TRAP: 0700 No contaminado (5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty) MSR: 00029032 CR: 42000208 XER: 00000000 GPR00: c0165fec e1011e10 c14c0000 c0ee2550 ff800000 c0f3d000 00000000 c001686c GPR08: 00001000 b00045a9 00000001 c 0f58460 c0f50000 00000000 c0007e10 00000000 GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 GPR24: 00000000 00000000 c0ee2550 00000000 c0f57000 00000ff8 00000000 ff800000 PIN [c0017cd4 ] set_pte_at+0xc/0x1e8 LR [c00187f0] map_kernel_page+0x9c/0x100 Seguimiento de llamadas: [e1011e10] [c0736c68] vsnprintf+0x358/0x6c8 (no confiable) [e1011e30] [c0165fec] x44 [e1011e40] [c0c13bdc] early_iounmap +0x11c/0x170 [e1011e70] [c0c06cb0] ioremap_legacy_serial_console+0x88/0xc0 [e1011e90] [c0c03634] do_one_initcall+0x80/0x178 [e1011ef0] [c0c0385c] kernel_init_freeable+0xb4 /0x250 [e1011f20] [c0007e34] kernel_init+0x24/0x140 [e1011f30 ] [c0016268] ret_from_kernel_thread+0x5c/0x64 Volcado de instrucciones: 7fe3fb78 48019689 80010014 7c630034 83e1000c 5463d97e 7c0803a6 38210010 4e800020 0 712a0001 41820008 &lt;0fe00000&gt; 9421ffe0 93e1001c 48000030 Implemente unmap_kernel_page() que borra un pte existente."
}
],
"metrics": {},

4
CVE-2021/CVE-2021-476xx/CVE-2021-47624.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change\n\nThe refcount leak issues take place in an error handling path. When the\n3rd argument buf doesn't match with \"offline\", \"online\" or \"remove\", the\nfunction simply returns -EINVAL and forgets to decrease the reference\ncount of a rpc_xprt object and a rpc_xprt_switch object increased by\nrpc_sysfs_xprt_kobj_get_xprt() and\nrpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of\nboth unused objects.\n\nFix this issue by jumping to the error handling path labelled with\nout_put when buf matches none of \"offline\", \"online\" or \"remove\"."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/sunrpc: corrige fugas de recuento de referencias en rpc_sysfs_xprt_state_change Los problemas de fugas de recuento tienen lugar en una ruta de manejo de errores. Cuando el tercer argumento buf no coincide con \"fuera de l\u00ednea\", \"en l\u00ednea\" o \"eliminar\", la funci\u00f3n simplemente devuelve -EINVAL y se olvida de disminuir el recuento de referencias de un objeto rpc_xprt y un objeto rpc_xprt_switch aumentado en rpc_sysfs_xprt_kobj_get_xprt() y rpc_sysfs_xprt_kobj_get_xprt_switch (), lo que provoca fugas en el recuento de referencias de ambos objetos no utilizados. Solucione este problema saltando a la ruta de manejo de errores etiquetada con out_put cuando buf no coincida con \"fuera de l\u00ednea\", \"en l\u00ednea\" o \"eliminar\"."
}
],
"metrics": {},

2
CVE-2022/CVE-2022-206xx/CVE-2022-20699.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-02-10T18:15:08.980",
"lastModified": "2023-11-07T03:42:39.557",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2022/CVE-2022-207xx/CVE-2022-20700.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-02-10T18:15:09.033",
"lastModified": "2023-11-07T03:42:39.740",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2022/CVE-2022-207xx/CVE-2022-20701.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-02-10T18:15:09.087",
"lastModified": "2023-11-07T03:42:39.943",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2022/CVE-2022-207xx/CVE-2022-20703.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-02-10T18:15:09.197",
"lastModified": "2023-11-07T03:42:40.330",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2022/CVE-2022-207xx/CVE-2022-20708.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-02-10T18:15:09.467",
"lastModified": "2023-11-07T03:42:41.357",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-03-03",
"cisaActionDue": "2022-03-17",

2
CVE-2022/CVE-2022-218xx/CVE-2022-21882.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-01-11T21:15:11.507",
"lastModified": "2023-12-21T01:15:21.003",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-04",
"cisaActionDue": "2022-02-18",

2
CVE-2022/CVE-2022-231xx/CVE-2022-23134.json
View File

@ -3,7 +3,7 @@
"sourceIdentifier": "security@zabbix.com",
"published": "2022-01-13T16:15:08.227",
"lastModified": "2023-11-07T03:44:04.983",
"vulnStatus": "Modified",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2022-02-22",
"cisaActionDue": "2022-03-08",

4
CVE-2022/CVE-2022-356xx/CVE-2022-35640.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933."
},
{
"lang": "es",
"value": "IBM Sterling Partner Engagement Manager 6.2.2 podr\u00eda permitir a un atacante local obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado. ID de IBM X-Force: 230933."
}
],
"metrics": {

4
CVE-2022/CVE-2022-454xx/CVE-2022-45449.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n de informaci\u00f3n confidencial debido a privilegios excesivos asignados a Acronis Agent. Los siguientes productos se ven afectados: Acronis Cyber Protect 15 (Windows, Linux) antes de la compilaci\u00f3n 30984."
}
],
"metrics": {

4
CVE-2022/CVE-2022-487xx/CVE-2022-48773.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create\n\nIf there are failures then we must not leave the non-NULL pointers with\nthe error value, otherwise `rpcrdma_ep_destroy` gets confused and tries\nfree them, resulting in an Oops."
},
{
"lang": "es",
"value": "En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: xprtrdma: corrige derefs de puntero en casos de error de rpcrdma_ep_create Si hay fallos entonces no debemos dejar los punteros no NULL con el valor de error, de lo contrario `rpcrdma_ep_destroy` se confunde y prueba free ellos, lo que resulta en un Ups."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48774.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ptdma: Fix the error handling path in pt_core_init()\n\nIn order to free resources correctly in the error handling path of\npt_core_init(), 2 goto's have to be switched. Otherwise, some resources\nwill leak and we will try to release things that have not been allocated\nyet.\n\nAlso move a dev_err() to a place where it is more meaningful."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ptdma: corrige la ruta de manejo de errores en pt_core_init() Para liberar recursos correctamente en la ruta de manejo de errores de pt_core_init(), se deben cambiar 2 goto. De lo contrario, algunos recursos se filtrar\u00e1n e intentaremos liberar cosas que a\u00fan no se han asignado. Tambi\u00e9n mueva un dev_err() a un lugar donde sea m\u00e1s significativo."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48775.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()?\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: corrige la p\u00e9rdida de memoria en vmbus_add_channel_kobj kobject_init_and_add() toma referencia incluso cuando falla. \u00bfSeg\u00fan el documento de kobject_init_and_add()? Si esta funci\u00f3n devuelve un error, se debe llamar a kobject_put() para limpiar adecuadamente la memoria asociada con el objeto. Solucione la p\u00e9rdida de memoria llamando a kobject_put()."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48776.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix missing free for pparts in cleanup\n\nMtdpart doesn't free pparts when a cleanup function is declared.\nAdd missing free for pparts in cleanup function for smem to fix the\nleak."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: parsers: qcom: Corrige la falta de espacio libre para pparts en la limpieza Mtdpart no libera pparts cuando se declara una funci\u00f3n de limpieza. Agregue piezas libres faltantes en la funci\u00f3n de limpieza para que smem arregle la fuga."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48777.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: qcom: Fix kernel panic on skipped partition\n\nIn the event of a skipped partition (case when the entry name is empty)\nthe kernel panics in the cleanup function as the name entry is NULL.\nRework the parser logic by first checking the real partition number and\nthen allocate the space and set the data for the valid partitions.\n\nThe logic was also fundamentally wrong as with a skipped partition, the\nparts number returned was incorrect by not decreasing it for the skipped\npartitions."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: parsers: qcom: corrige el p\u00e1nico del kernel en la partici\u00f3n omitida En el caso de una partici\u00f3n omitida (caso cuando el nombre de la entrada est\u00e1 vac\u00edo), el kernel entra en p\u00e1nico en la funci\u00f3n de limpieza como el nombre la entrada es NULA. Vuelva a trabajar la l\u00f3gica del analizador verificando primero el n\u00famero de partici\u00f3n real y luego asigne el espacio y configure los datos para las particiones v\u00e1lidas. La l\u00f3gica tambi\u00e9n era fundamentalmente err\u00f3nea, ya que con una partici\u00f3n omitida, el n\u00famero de pieza devuelto era incorrecto al no disminuirlo para las particiones omitidas."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48778.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: gpmi: don't leak PM reference in error path\n\nIf gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be\ndropped."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mtd: rawnand: gpmi: no filtrar la referencia de PM en la ruta de error Si gpmi_nfc_apply_timings() falla, se debe descartar el contador de uso del tiempo de ejecuci\u00f3n de PM."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48779.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: fix use-after-free in ocelot_vlan_del()\n\nocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so if\nthis is the same as the port's pvid_vlan which we access afterwards,\nwhat we're accessing is freed memory.\n\nFix the bug by determining whether to clear ocelot_port->pvid_vlan prior\nto calling ocelot_vlan_member_del()."
},
{
"lang": "es",
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net: mscc: ocelot: fix use-after-free en ocelot_vlan_del() ocelot_vlan_member_del() liberar\u00e1 la estructura ocelot_bridge_vlan, por lo que si es la misma que la pvid_vlan del puerto al que accedemos despu\u00e9s, a lo que accedemos es a la memoria liberada. Corrija el error determinando si se debe borrar ocelot_port-&gt;pvid_vlan antes de llamar a ocelot_vlan_member_del()."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48780.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: evite sobrescribir las copias de las funciones de devoluci\u00f3n de llamada de clcsock. Las funciones de devoluci\u00f3n de llamada de clcsock se guardar\u00e1n y reemplazar\u00e1n durante la reserva. Pero si el retroceso ocurre m\u00e1s de una vez, las copias de estas funciones de devoluci\u00f3n de llamada se sobrescribir\u00e1n incorrectamente, lo que provocar\u00e1 un problema de llamada en bucle: clcsk-&gt;sk_error_report |- smc_fback_error_report() &lt;------------ ------------------| |- smc_fback_forward_wakeup() | (bucle) |- clcsock_callback() (sobrescrito incorrectamente) | |- smc-&gt;clcsk_error_report() ------------------| Por lo tanto, este parche soluciona el problema al guardar estos punteros de funci\u00f3n solo una vez en el respaldo y evitar la sobrescritura."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48781.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - get rid of alg_memory_allocated\n\nalg_memory_allocated does not seem to be really used.\n\nalg_proto does have a .memory_allocated field, but no\ncorresponding .sysctl_mem.\n\nThis means sk_has_account() returns true, but all sk_prot_mem_limits()\nusers will trigger a NULL dereference [1].\n\nTHis was not a problem until SO_RESERVE_MEM addition.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 3591 Comm: syz-executor153 Not tainted 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline]\nRIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000\nCode: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48\nRSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120\nRBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025\nR10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840\nR13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001\nFS: 0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n sock_setsockopt+0x14a9/0x3a30 net/core/sock.c:1446\n __sys_setsockopt+0x5af/0x980 net/socket.c:2176\n __do_sys_setsockopt net/socket.c:2191 [inline]\n __se_sys_setsockopt net/socket.c:2188 [inline]\n __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2188\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fc7440fddc9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe98f07968 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc7440fddc9\nRDX: 0000000000000049 RSI: 0000000000000001 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000004 R09: 00007ffe98f07990\nR10: 0000000020000000 R11: 0000000000000246 R12: 00007ffe98f0798c\nR13: 00007ffe98f079a0 R14: 00007ffe98f079e0 R15: 0000000000000000\n </TASK>\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline]\nRIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000\nCode: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48\nRSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120\nRBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025\nR10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840\nR13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001\nFS: 0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: af_alg - deshacerse de alg_memory_allocated alg_memory_allocated no parece usarse realmente. alg_proto tiene un campo .memory_allocated, pero ning\u00fan .sysctl_mem correspondiente. Esto significa que sk_has_account() devuelve verdadero, pero todos los usuarios de sk_prot_mem_limits() activar\u00e1n una desreferencia NULL [1]. Esto no fue un problema hasta la adici\u00f3n de SO_RESERVE_MEM. falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en rango [0x0000000000000008-0x0000000000000000f] CPU: 1 PID: 3591 Comm: No contaminado 5.17.0 -rc3-syzkaller-00316-gb81b1829e7e3 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [en l\u00ednea] RIP: 0010: sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000 C\u00f3digo: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 48b9 00 00 00 00 00 fc ff df &lt;80&gt; 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48 RSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000 RDX : 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120 RBP: 0000000000000008 R08: dffffc0000000000 R09: ffffbfff21c3025 R10: ffffbfff21c3 025 R11: 0000000000000000 R12: ffffffff8d109840 R13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001 FS: 0000555556e08300 (0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007FC74416F130 DR6: 0000000000FFFE0FF0 DR7: 0000000000000400 TRACE DE LLAMADA: Sock_SetSockOpt+0x14a9/0x3a30 net/core/sock.c:1446 __sys_setsockopt+0x5af/0x980 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2191 [en l\u00ednea] __se_sys_setsockopt net/socket.c:2188 [en l\u00ednea] 0xc0 neto/ socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc7440fddc9 C\u00f3digo: 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe98f07968 EFLAGS: 00000246 ORIG_RAX: 00000000000000036 RAX: ffffffffffffffda RBX: 003 RCX: 00007fc7440fddc9 RDX: 0000000000000049 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000000 R08: 00000000000000004 R09 : 00007ffe98f07990 R10: 0000000020000000 R11: 0000000000000246 R12: 00007ffe98f0798c R13: 00007ffe98f079a0 R14: 00007ffe98f079e0 R15: 0000000000000 M\u00f3dulos vinculados en: ---[ end trace 0000000000000000 ]--- RIP: 0010:sk_prot_mem_limits include/net/sock. h:1523 [en l\u00ednea] RIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000 C\u00f3digo: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df &lt;80&gt; 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48 RSP 0018:ffffc900 01f1fb68EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000 RDX: 0000000000000001 RSI: 00000000000000008 RDI: ffffffff90e18120 RBP: 000000008 R08: dffffc0000000000 R09: ffffbfff21c3025 R10: ffffbfff21c3025 R11: 00000000000000000 R12: ffffffff8d109840 R13: 0000000000000001002 0000000000000001 R15: 0000000000000001 FS: 0000555556e08300(0000 ) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc74416f130 CR3: 0000000073d9e 000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000"
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48782.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: fix use after free\n\nClang static analysis reports this problem\nroute.c:425:4: warning: Use of memory after it is freed\n trace_mctp_key_acquire(key);\n ^~~~~~~~~~~~~~~~~~~~~~~~~~~\nWhen mctp_key_add() fails, key is freed but then is later\nused in trace_mctp_key_acquire(). Add an else statement\nto use the key only when mctp_key_add() is successful."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mctp: corregir el use after free El an\u00e1lisis est\u00e1tico de Clang informa este problema route.c:425:4: advertencia: uso de la memoria despu\u00e9s de liberarla trace_mctp_key_acquire(key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ Cuando mctp_key_add() falla, la clave se libera pero luego se usa en trace_mctp_key_acquire(). Agregue una declaraci\u00f3n else para usar la clave solo cuando mctp_key_add() sea exitoso."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48783.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: lantiq_gswip: fix use after free in gswip_remove()\n\nof_node_put(priv->ds->slave_mii_bus->dev.of_node) should be\ndone before mdiobus_free(priv->ds->slave_mii_bus)."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: lantiq_gswip: corregir el use after free en gswip_remove() of_node_put(priv-&gt;ds-&gt;slave_mii_bus-&gt;dev.of_node) debe realizarse antes de mdiobus_free(priv-&gt; ds-&gt;slave_mii_bus)."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48784.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: fix race in netlink owner interface destruction\n\nMy previous fix here to fix the deadlock left a race where\nthe exact same deadlock (see the original commit referenced\nbelow) can still happen if cfg80211_destroy_ifaces() already\nruns while nl80211_netlink_notify() is still marking some\ninterfaces as nl_owner_dead.\n\nThe race happens because we have two loops here - first we\ndev_close() all the netdevs, and then we destroy them. If we\nalso have two netdevs (first one need only be a wdev though)\nthen we can find one during the first iteration, close it,\nand go to the second iteration -- but then find two, and try\nto destroy also the one we didn't close yet.\n\nFix this by only iterating once."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cfg80211: corrige la ejecuci\u00f3n en la destrucci\u00f3n de la interfaz del propietario de netlink. Mi soluci\u00f3n anterior aqu\u00ed para arreglar el punto muerto dej\u00f3 una ejecuci\u00f3n donde exactamente el mismo punto muerto (consulte la confirmaci\u00f3n original a la que se hace referencia a continuaci\u00f3n) a\u00fan puede ocurrir si cfg80211_destroy_ifaces () ya se ejecuta mientras nl80211_netlink_notify() todav\u00eda marca algunas interfaces como nl_owner_dead. La ejecuci\u00f3n ocurre porque tenemos dos bucles aqu\u00ed: primero dev_close() todos los netdevs y luego los destruimos. Si tambi\u00e9n tenemos dos netdevs (aunque el primero solo necesita ser un wdev), entonces podemos encontrar uno durante la primera iteraci\u00f3n, cerrarlo e ir a la segunda iteraci\u00f3n, pero luego encontrar dos e intentar destruir tambi\u00e9n el que tenemos. A\u00fan no ha cerrado. Solucione este problema iterando solo una vez."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48785.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: use rcu-safe version of ipv6_get_lladdr()\n\nSome time ago 8965779d2c0e (\"ipv6,mcast: always hold idev->lock before mca_lock\")\nswitched ipv6_get_lladdr() to __ipv6_get_lladdr(), which is rcu-unsafe\nversion. That was OK, because idev->lock was held for these codepaths.\n\nIn 88e2ca308094 (\"mld: convert ifmcaddr6 to RCU\") these external locks were\nremoved, so we probably need to restore the original rcu-safe call.\n\nOtherwise, we occasionally get a machine crashed/stalled with the following\nin dmesg:\n\n[ 3405.966610][T230589] general protection fault, probably for non-canonical address 0xdead00000000008c: 0000 [#1] SMP NOPTI\n[ 3405.982083][T230589] CPU: 44 PID: 230589 Comm: kworker/44:3 Tainted: G O 5.15.19-cloudflare-2022.2.1 #1\n[ 3405.998061][T230589] Hardware name: SUPA-COOL-SERV\n[ 3406.009552][T230589] Workqueue: mld mld_ifc_work\n[ 3406.017224][T230589] RIP: 0010:__ipv6_get_lladdr+0x34/0x60\n[ 3406.025780][T230589] Code: 57 10 48 83 c7 08 48 89 e5 48 39 d7 74 3e 48 8d 82 38 ff ff ff eb 13 48 8b 90 d0 00 00 00 48 8d 82 38 ff ff ff 48 39 d7 74 22 <66> 83 78 32 20 77 1b 75 e4 89 ca 23 50 2c 75 dd 48 8b 50 08 48 8b\n[ 3406.055748][T230589] RSP: 0018:ffff94e4b3fc3d10 EFLAGS: 00010202\n[ 3406.065617][T230589] RAX: dead00000000005a RBX: ffff94e4b3fc3d30 RCX: 0000000000000040\n[ 3406.077477][T230589] RDX: dead000000000122 RSI: ffff94e4b3fc3d30 RDI: ffff8c3a31431008\n[ 3406.089389][T230589] RBP: ffff94e4b3fc3d10 R08: 0000000000000000 R09: 0000000000000000\n[ 3406.101445][T230589] R10: ffff8c3a31430000 R11: 000000000000000b R12: ffff8c2c37887100\n[ 3406.113553][T230589] R13: ffff8c3a39537000 R14: 00000000000005dc R15: ffff8c3a31431000\n[ 3406.125730][T230589] FS: 0000000000000000(0000) GS:ffff8c3b9fc80000(0000) knlGS:0000000000000000\n[ 3406.138992][T230589] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3406.149895][T230589] CR2: 00007f0dfea1db60 CR3: 000000387b5f2000 CR4: 0000000000350ee0\n[ 3406.162421][T230589] Call Trace:\n[ 3406.170235][T230589] <TASK>\n[ 3406.177736][T230589] mld_newpack+0xfe/0x1a0\n[ 3406.186686][T230589] add_grhead+0x87/0xa0\n[ 3406.195498][T230589] add_grec+0x485/0x4e0\n[ 3406.204310][T230589] ? newidle_balance+0x126/0x3f0\n[ 3406.214024][T230589] mld_ifc_work+0x15d/0x450\n[ 3406.223279][T230589] process_one_work+0x1e6/0x380\n[ 3406.232982][T230589] worker_thread+0x50/0x3a0\n[ 3406.242371][T230589] ? rescuer_thread+0x360/0x360\n[ 3406.252175][T230589] kthread+0x127/0x150\n[ 3406.261197][T230589] ? set_kthread_struct+0x40/0x40\n[ 3406.271287][T230589] ret_from_fork+0x22/0x30\n[ 3406.280812][T230589] </TASK>\n[ 3406.288937][T230589] Modules linked in: ... [last unloaded: kheaders]\n[ 3406.476714][T230589] ---[ end trace 3525a7655f2f3b9e ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipv6: mcast: use la versi\u00f3n rcu-safe de ipv6_get_lladdr() Hace alg\u00fan tiempo 8965779d2c0e (\"ipv6,mcast: siempre mantenga presionado idev-&gt;lock antes de mca_lock\") cambi\u00f3 ipv6_get_lladdr() a __ipv6_get_lladdr(), que es una versi\u00f3n insegura para rcu. Eso estuvo bien, porque se mantuvo idev-&gt;lock para estas rutas de c\u00f3digo. En 88e2ca308094 (\"mld: convert ifmcaddr6 to RCU\") se eliminaron estos bloqueos externos, por lo que probablemente necesitemos restaurar la llamada rcu-safe original. De lo contrario, ocasionalmente obtenemos una m\u00e1quina que falla o se bloquea con lo siguiente en dmesg: [3405.966610][T230589] falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdead00000000008c: 0000 [#1] SMP NOPTI [3405.982083][T230589] CPU: 44 PID: 230589 Comm: kworker/44:3 Tainted: GO 5.15.19-cloudflare-2022.2.1 #1 [ 3405.998061][T230589] Nombre de hardware: SUPA-COOL-SERV [ 3406.009552][T230589] Cola de trabajo: mld mld_ifc_work [ 3406 .017224 ][T230589] RIP: 0010:__ipv6_get_lladdr+0x34/0x60 [ 3406.025780][T230589] C\u00f3digo: 57 10 48 83 c7 08 48 89 e5 48 39 d7 74 3e 48 8d 82 38 ff ff ff eb 13 48 8b 90 d0 00 00 00 48 8d 82 38 ff ff ff 48 39 d7 74 22 &lt;66&gt; 83 78 32 20 77 1b 75 e4 89 ca 23 50 2c 75 dd 48 8b 50 08 48 8b [ 3406.055748][T230589] 0018:ffff94e4b3fc3d10 EFLAGS: 00010202 [ 3406.065617][T230589] RAX: muerto00000000005a RBX: ffff94e4b3fc3d30 RCX: 00000000000000040 [ 3406.077477][T230589] RDX: muerto0000000001 22 RSI: ffff94e4b3fc3d30 RDI: ffff8c3a31431008 [ 3406.089389][T230589] RBP: ffff94e4b3fc3d10 R08: 0000000000000000 R09: 0000000000000000000000 [ 34 06.101445][ T230589] R10: ffff8c3a31430000 R11: 000000000000000b R12: ffff8c2c37887100 [ 3406.113553][T230589] R13: ffff8c3a39537000 R14: 0000000000 0005dc R15: ffff8c3a31431000 [ 3406.125730][T230589] FS: 0000000000000000(0000) GS:ffff8c3b9fc80000(0000) knlGS:0000000000000000 [ 3406.1 38992] [T230589] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3406.149895][T230589] CR2: 00007f0dfea1db60 CR3: 000000387b5f2000 CR4: 0350ee0 [ 3406.162421][T230589] Seguimiento de llamadas: [ 3406.170235][T230589] [ 3406.177736 ] [T230589] Mld_newpack+0xfe/0x1a0 [3406.186686] [T230589] add_grhead+0x87/0xa0 [3406.195498] [T230589] add_grec+0x485/0x4e0 [3406.204310] newidle_balance+0x126/0x3f0 [ 3406.214024][T230589] mld_ifc_work+0x15d/0x450 [ 3406.223279][T230589] Process_one_work+0x1e6/0x380 [ 3406.232982][T230589] +0x50/0x3a0 [ 3406.242371][T230589] ? hilo_rescate+0x360/0x360 [ 3406.252175][T230589] kthread+0x127/0x150 [ 3406.261197][T230589] ? set_kthread_struct+0x40/0x40 [ 3406.271287][T230589] ret_from_fork+0x22/0x30 [ 3406.280812][T230589] [ 3406.288937][T230589] M\u00f3dulos vinculados en: ... [\u00faltima descarga: kheaders] 3406.476714][T230589 ] ---[ final de seguimiento 3525a7655f2f3b9e ]---"
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48786.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: elimina vsock de la tabla conectada cuando la conexi\u00f3n es interrumpida por una se\u00f1al vsock_connect() espera que el socket ya est\u00e9 en el estado TCP_ESTABLISHED cuando la tarea de conexi\u00f3n se activa con una se\u00f1al pendiente. Si esto sucede, el socket estar\u00e1 en la tabla conectada y no se eliminar\u00e1 cuando se restablezca el estado del socket. En esta situaci\u00f3n, es com\u00fan que el proceso vuelva a intentar conectar() y, si la conexi\u00f3n es exitosa, el socket se agregar\u00e1 a la tabla conectada por segunda vez, corrompiendo la lista. Evite esto llamando a vsock_remove_connected() si se recibe una se\u00f1al mientras se espera una conexi\u00f3n. Esto es inofensivo si el socket no est\u00e1 en la tabla conectada, y si est\u00e1 en la tabla, eliminarlo evitar\u00e1 la corrupci\u00f3n de la lista debido a una doble adici\u00f3n. Nota para la compatibilidad: este parche requiere d5afa82c977e (\"vsock: eliminaci\u00f3n correcta del socket de la lista\"), que se encuentra en todos los \u00e1rboles estables actuales excepto 4.9.y."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48787.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: fix use-after-free\n\nIf no firmware was present at all (or, presumably, all of the\nfirmware files failed to parse), we end up unbinding by calling\ndevice_release_driver(), which calls remove(), which then in\niwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However\nthe new code I added will still erroneously access it after it\nwas freed.\n\nSet 'failure=false' in this case to avoid the access, all data\nwas already freed anyway."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iwlwifi: corrige el use-after-free Si no hab\u00eda ning\u00fan firmware presente (o, presumiblemente, no se pudieron analizar todos los archivos de firmware), terminamos desvincul\u00e1ndolo llamando a device_release_driver( ), que llama a remove(), que luego en iwlwifi llama a iwl_drv_stop(), liberando la estructura 'drv'. Sin embargo, el nuevo c\u00f3digo que agregu\u00e9 seguir\u00e1 accediendo err\u00f3neamente a \u00e9l despu\u00e9s de que se haya liberado. Establezca 'failure=false' en este caso para evitar el acceso; todos los datos ya se liberaron de todos modos."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48788.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_rdma_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-rdma: soluciona el posible use-after-free en el transporte error_recovery work Mientras nvme_rdma_submit_async_event_work verifica el control y el estado de la cola antes de preparar el comando AER y programar io_work, para evitar completamente una ejecuci\u00f3n donde esta verificaci\u00f3n no es confiable, el trabajo de recuperaci\u00f3n de errores debe eliminar async_event_work antes de continuar destruyendo la cola de administraci\u00f3n despu\u00e9s de configurar el estado de control en RESETTING de manera que no haya ejecuci\u00f3n .submit_async_event y el propio controlador de recuperaci\u00f3n de errores cambie el estado de control."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48789.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix possible use-after-free in transport error_recovery work\n\nWhile nvme_tcp_submit_async_event_work is checking the ctrl and queue\nstate before preparing the AER command and scheduling io_work, in order\nto fully prevent a race where this check is not reliable the error\nrecovery work must flush async_event_work before continuing to destroy\nthe admin queue after setting the ctrl state to RESETTING such that\nthere is no race .submit_async_event and the error recovery handler\nitself changing the ctrl state."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-tcp: soluciona el posible use-after-free en el transporte error_recovery work Mientras nvme_tcp_submit_async_event_work verifica el control y el estado de la cola antes de preparar el comando AER y programar io_work, para evitar completamente una ejecuci\u00f3n donde esta verificaci\u00f3n no es confiable, el trabajo de recuperaci\u00f3n de errores debe eliminar async_event_work antes de continuar destruyendo la cola de administraci\u00f3n despu\u00e9s de configurar el estado de control en RESETTING de manera que no haya ejecuci\u00f3n .submit_async_event y el propio controlador de recuperaci\u00f3n de errores cambie el estado de control."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48790.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix a possible use-after-free in controller reset during load\n\nUnlike .queue_rq, in .submit_async_event drivers may not check the ctrl\nreadiness for AER submission. This may lead to a use-after-free\ncondition that was observed with nvme-tcp.\n\nThe race condition may happen in the following scenario:\n1. driver executes its reset_ctrl_work\n2. -> nvme_stop_ctrl - flushes ctrl async_event_work\n3. ctrl sends AEN which is received by the host, which in turn\n schedules AEN handling\n4. teardown admin queue (which releases the queue socket)\n5. AEN processed, submits another AER, calling the driver to submit\n6. driver attempts to send the cmd\n==> use-after-free\n\nIn order to fix that, add ctrl state check to validate the ctrl\nis actually able to accept the AER submission.\n\nThis addresses the above race in controller resets because the driver\nduring teardown should:\n1. change ctrl state to RESETTING\n2. flush async_event_work (as well as other async work elements)\n\nSo after 1,2, any other AER command will find the\nctrl state to be RESETTING and bail out without submitting the AER."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme: corrige un posible use-after-free en el reinicio del controlador durante la carga. A diferencia de .queue_rq, en .submit_async_event es posible que los controladores no verifiquen la preparaci\u00f3n de Ctrl para el env\u00edo de AER. Esto puede provocar una condici\u00f3n de use-after-free que se observ\u00f3 con nvme-tcp. La condici\u00f3n de ejecuci\u00f3n puede ocurrir en el siguiente escenario: 1. el controlador ejecuta su reset_ctrl_work 2. -&gt; nvme_stop_ctrl - vac\u00eda ctrl async_event_work 3. ctrl env\u00eda AEN que es recibido por el host, que a su vez programa el manejo de AEN 4. desmontaje de la cola de administraci\u00f3n (que libera el socket de la cola) 5. AEN procesado, env\u00eda otro AER, llamando al controlador para enviar 6. el controlador intenta enviar el cmd ==&gt; use-after-free Para solucionar eso, agregue la verificaci\u00f3n de estado de ctrl para validar que ctrl es realmente capaz de aceptar la presentaci\u00f3n de la ARE. Esto soluciona la ejecuci\u00f3n anterior en los reinicios del controlador porque el controlador durante el desmontaje debe: 1. cambiar el estado de Ctrl a RESTABLECER 2. vaciar async_event_work (as\u00ed como otros elementos de trabajo as\u00edncronos) Entonces, despu\u00e9s de 1,2, cualquier otro comando AER encontrar\u00e1 el estado de Ctrl estar RESETING y rescatar sin presentar la AER."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48791.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted TMF sas_task\n\nCurrently a use-after-free may occur if a TMF sas_task is aborted before we\nhandle the IO completion in mpi_ssp_completion(). The abort occurs due to\ntimeout.\n\nWhen the timeout occurs, the SAS_TASK_STATE_ABORTED flag is set and the\nsas_task is freed in pm8001_exec_internal_tmf_task().\n\nHowever, if the I/O completion occurs later, the I/O completion still\nthinks that the sas_task is available. Fix this by clearing the ccb->task\nif the TMF times out - the I/O completion handler does nothing if this\npointer is cleared."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: pm8001: Correcci\u00f3n de use-after-free para TMF sas_task abortada Actualmente, puede ocurrir un use-after-free si se cancela una TMF sas_task antes de que manejemos la finalizaci\u00f3n de IO en mpi_ssp_completion( ). El aborto se produce debido al tiempo de espera. Cuando se agota el tiempo de espera, se establece el indicador SAS_TASK_STATE_ABORTED y sas_task se libera en pm8001_exec_internal_tmf_task(). Sin embargo, si la finalizaci\u00f3n de E/S se produce m\u00e1s tarde, la finalizaci\u00f3n de E/S todav\u00eda piensa que sas_task est\u00e1 disponible. Solucione este problema borrando la tarea ccb-&gt; si se agota el tiempo de espera del TMF; el controlador de finalizaci\u00f3n de E/S no hace nada si se borra este puntero."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48792.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task\n\nCurrently a use-after-free may occur if a sas_task is aborted by the upper\nlayer before we handle the I/O completion in mpi_ssp_completion() or\nmpi_sata_completion().\n\nIn this case, the following are the two steps in handling those I/O\ncompletions:\n\n - Call complete() to inform the upper layer handler of completion of\n the I/O.\n\n - Release driver resources associated with the sas_task in\n pm8001_ccb_task_free() call.\n\nWhen complete() is called, the upper layer may free the sas_task. As such,\nwe should not touch the associated sas_task afterwards, but we do so in the\npm8001_ccb_task_free() call.\n\nFix by swapping the complete() and pm8001_ccb_task_free() calls ordering."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: pm8001: Corrige el use-after-free para sas_task SSP/STP abortado. Actualmente, puede ocurrir un use-after-free si la capa superior cancela una sas_task antes de que manejemos el Finalizaci\u00f3n de E/S en mpi_ssp_completion() o mpi_sata_completion(). En este caso, los siguientes son los dos pasos para manejar esas finalizaciones de E/S: - Llamar a complete() para informar al controlador de la capa superior de la finalizaci\u00f3n de la E/S. - Liberar los recursos del controlador asociados con sas_task en la llamada pm8001_ccb_task_free(). Cuando se llama a complete(), la capa superior puede liberar sas_task. Como tal, no debemos tocar el sas_task asociado despu\u00e9s, pero lo hacemos en la llamada pm8001_ccb_task_free(). Se soluciona intercambiando el orden de las llamadas complete() y pm8001_ccb_task_free()."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48793.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: nSVM: fix potential NULL derefernce on nested migration\n\nTurns out that due to review feedback and/or rebases\nI accidentally moved the call to nested_svm_load_cr3 to be too early,\nbefore the NPT is enabled, which is very wrong to do.\n\nKVM can't even access guest memory at that point as nested NPT\nis needed for that, and of course it won't initialize the walk_mmu,\nwhich is main issue the patch was addressing.\n\nFix this for real."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: KVM: x86: nSVM: corrige una posible desreferencia NULL en la migraci\u00f3n anidada Resulta que, debido a los comentarios de revisi\u00f3n y/o cambios de base, accidentalmente mov\u00ed la llamada a nested_svm_load_cr3 para que fuera demasiado pronto, antes de NPT est\u00e1 habilitado, lo cual es muy incorrecto. KVM ni siquiera puede acceder a la memoria del invitado en ese momento, ya que para eso se necesita NPT anidado y, por supuesto, no inicializar\u00e1 walk_mmu, que es el principal problema que solucionaba el parche. Arregla esto de verdad."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48794.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb's\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the 'is_tx = 0' cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate 'was_tx' boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ieee802154: at86rf230: Detener la fuga de skb. En caso de error, no se llama al asistente ieee802154_xmit_complete(). Solo se llama manualmente a ieee802154_wake_queue(). En el caso de Tx, filtramos la estructura skb. Libere la estructura skb en caso de error antes de regresar cuando sea apropiado. Como 'is_tx = 0' no se puede mover en el controlador completo debido a una posible ejecuci\u00f3n entre el retraso en el cambio a STATE_RX_AACK_ON y una nueva interrupci\u00f3n, introducimos un booleano intermedio 'was_tx' solo para este prop\u00f3sito. No se aplica ninguna etiqueta de Correcciones aqu\u00ed, se han realizado muchos cambios en esta \u00e1rea y el problema siempre existi\u00f3."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48795.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix data TLB miss in sba_unmap_sg\n\nRolf Eike Beer reported the following bug:\n\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\n[1274934.746891] Hardware name: 9000/785/C8000\n[1274934.746891]\n[1274934.746891] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\n[1274934.746891] r00-03 000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\n[1274934.746891] r04-07 0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\n[1274934.746891] r08-11 0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\n[1274934.746891] r12-15 0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\n[1274934.746891] r16-19 0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\n[1274934.746891] r20-23 0000000000000006 000000004a368950 0000000000000000 0000000000000001\n[1274934.746891] r24-27 0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\n[1274934.746891] r28-31 0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\n[1274934.746891] sr00-03 00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\n[1274934.746891] sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n[1274934.746891]\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\n[1274934.746891] IIR: 48780030 ISR: 0000000000000000 IOR: 0000004140000018\n[1274934.746891] CPU: 3 CR30: 00000040e3a9c000 CR31: ffffffffffffffff\n[1274934.746891] ORIG_R28: 0000000040acdd58\n[1274934.746891] IAOQ[0]: sba_unmap_sg+0xb0/0x118\n[1274934.746891] IAOQ[1]: sba_unmap_sg+0xb4/0x118\n[1274934.746891] RP(r2): sba_unmap_sg+0xac/0x118\n[1274934.746891] Backtrace:\n[1274934.746891] [<00000000402740cc>] dma_unmap_sg_attrs+0x6c/0x70\n[1274934.746891] [<000000004074d6bc>] scsi_dma_unmap+0x54/0x60\n[1274934.746891] [<00000000407a3488>] mptscsih_io_done+0x150/0xd70\n[1274934.746891] [<0000000040798600>] mpt_interrupt+0x168/0xa68\n[1274934.746891] [<0000000040255a48>] __handle_irq_event_percpu+0xc8/0x278\n[1274934.746891] [<0000000040255c34>] handle_irq_event_percpu+0x3c/0xd8\n[1274934.746891] [<000000004025ecb4>] handle_percpu_irq+0xb4/0xf0\n[1274934.746891] [<00000000402548e0>] generic_handle_irq+0x50/0x70\n[1274934.746891] [<000000004019a254>] call_on_stack+0x18/0x24\n[1274934.746891]\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\n\nThe bug is caused by overrunning the sglist and incorrectly testing\nsg_dma_len(sglist) before nents. Normally this doesn't cause a crash,\nbut in this case sglist crossed a page boundary. This occurs in the\nfollowing code:\n\n\twhile (sg_dma_len(sglist) && nents--) {\n\nThe fix is simply to test nents first and move the decrement of nents\ninto the loop."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: parisc: corregir la falta de TLB de datos en sba_unmap_sg Rolf Eike Beer inform\u00f3 el siguiente error: [1274934.746891] Direcci\u00f3n incorrecta (\u00bfpuntero nulo deref?): C\u00f3digo = 15 (falla de falta de TLB de datos) en direcci\u00f3n 0000004140000018 [1274934.746891] CPU: 3 PID: 5549 Comunicaciones: cmake No contaminado 5.15.4-gentoo-parisc64 #4 [1274934.746891] Nombre de hardware: 9000/785/C8000 [1274934.746891 ] [1274934.746891] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [1274934.746891] PSW: 000010000000010011111111000001110 No contaminado [1274934.746891] r00-03 000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000 [1274934.746891] r04-07 0b693c0 0000004140000000 000000004a2b08b0 0000000000000001 [1274934.746891] r08-11 0000000041f98810 0000000000000000 00000000 4a0a7000 0000000000000001 [1274934.746891] r12-15 0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0 [1274934.746891 ] r16-19 0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007 [1274934.746891] r20-23 0000000000000006 000000004a368950 0000000000000000 0000000000000001 [1274934.746891 ] r24-27 0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0 [1274934.746891] r28-31 0000000000000001 00000000 41f988b0 0000000041f98840 000000004a171118 [1274934.746891] sr00-03 00000000066e5800 0000000000000000 0000000000000000 000000 00066e5800 [1274934.746891] sr04-07 0000000000000000 0000000000000000 00000000000000000 0000000000000000 [1274934.746891] [1274934.746891] IASQ: 0000000000000000 00000000000000000 IAOQ: 00000000406760e8 00000000406760 ec [1274934.746891] IIR: 48780030 ISR: 0000000000000000 IOR: 0000004140000018 [1274934.746891] CPU: 3 CR30: 00000040e3a9c000 CR31: 1274934.746891] ORIG_R28: 0000000040acdd58 [1274934.746891] IAOQ[ 0]: sba_unmap_sg+0xb0/0x118 [1274934.746891] IAOQ[1]: sba_unmap_sg+0xb4/0x118 [1274934.746891] RP(r2): sba_unmap_sg+0xac/0x118 [1274934.746891] seguimiento: [1274934.746891] [&lt;00000000402740cc&gt;] dma_unmap_sg_attrs+0x6c /0x70 [1274934.746891] [&lt;000000004074d6bc&gt;] scsi_dma_unmap+0x54/0x60 [1274934.746891] [&lt;00000000407a3488&gt;] mptscsih_io_done+0x150/0xd70 4.746891] [&lt;0000000040798600&gt;] mpt_interrupt+0x168/0xa68 [1274934.746891] [&lt;0000000040255a48&gt;] __handle_irq_event_percpu +0xc8/0x278 [1274934.746891] [&lt;0000000040255c34&gt;] handle_irq_event_percpu+0x3c/0xd8 [1274934.746891] [&lt;000000004025ecb4&gt;] handle_percpu_irq+0xb4/0xf0 [1 274934.746891] [&lt;00000000402548e0&gt;] generic_handle_irq+0x50/0x70 [1274934.746891] [&lt;000000004019a254&gt; ] call_on_stack+0x18/0x24 [1274934.746891] [1274934.746891] P\u00e1nico del kernel - no se sincroniza: Direcci\u00f3n incorrecta (\u00bfpuntero nulo deref?) El error se debe a que se sobrepasa sglist y se prueba incorrectamente sg_dma_len(sglist) antes de nents. Normalmente esto no causa un bloqueo, pero en este caso sglist cruz\u00f3 el l\u00edmite de una p\u00e1gina. Esto ocurre en el siguiente c\u00f3digo: while (sg_dma_len(sglist) &amp;&amp; nents--) { La soluci\u00f3n es simplemente probar nents primero y mover la disminuci\u00f3n de nents al bucle."
}
],
"metrics": {},

4
CVE-2022/CVE-2022-487xx/CVE-2022-48796.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix potential use-after-free during probe\n\nKasan has reported the following use after free on dev->iommu.\nwhen a device probe fails and it is in process of freeing dev->iommu\nin dev_iommu_free function, a deferred_probe_work_func runs in parallel\nand tries to access dev->iommu->fwspec in of_iommu_configure path thus\ncausing use after free.\n\nBUG: KASAN: use-after-free in of_iommu_configure+0xb4/0x4a4\nRead of size 8 at addr ffffff87a2f1acb8 by task kworker/u16:2/153\n\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n dump_backtrace+0x0/0x33c\n show_stack+0x18/0x24\n dump_stack_lvl+0x16c/0x1e0\n print_address_description+0x84/0x39c\n __kasan_report+0x184/0x308\n kasan_report+0x50/0x78\n __asan_load8+0xc0/0xc4\n of_iommu_configure+0xb4/0x4a4\n of_dma_configure_id+0x2fc/0x4d4\n platform_dma_configure+0x40/0x5c\n really_probe+0x1b4/0xb74\n driver_probe_device+0x11c/0x228\n __device_attach_driver+0x14c/0x304\n bus_for_each_drv+0x124/0x1b0\n __device_attach+0x25c/0x334\n device_initial_probe+0x24/0x34\n bus_probe_device+0x78/0x134\n deferred_probe_work_func+0x130/0x1a8\n process_one_work+0x4c8/0x970\n worker_thread+0x5c8/0xaec\n kthread+0x1f8/0x220\n ret_from_fork+0x10/0x18\n\nAllocated by task 1:\n ____kasan_kmalloc+0xd4/0x114\n __kasan_kmalloc+0x10/0x1c\n kmem_cache_alloc_trace+0xe4/0x3d4\n __iommu_probe_device+0x90/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFreed by task 1:\n kasan_set_track+0x4c/0x84\n kasan_set_free_info+0x28/0x4c\n ____kasan_slab_free+0x120/0x15c\n __kasan_slab_free+0x18/0x28\n slab_free_freelist_hook+0x204/0x2fc\n kfree+0xfc/0x3a4\n __iommu_probe_device+0x284/0x394\n probe_iommu_group+0x70/0x9c\n bus_for_each_dev+0x11c/0x19c\n bus_iommu_probe+0xb8/0x7d4\n bus_set_iommu+0xcc/0x13c\n arm_smmu_bus_init+0x44/0x130 [arm_smmu]\n arm_smmu_device_probe+0xb88/0xc54 [arm_smmu]\n platform_drv_probe+0xe4/0x13c\n really_probe+0x2c8/0xb74\n driver_probe_device+0x11c/0x228\n device_driver_attach+0xf0/0x16c\n __driver_attach+0x80/0x320\n bus_for_each_dev+0x11c/0x19c\n driver_attach+0x38/0x48\n bus_add_driver+0x1dc/0x3a4\n driver_register+0x18c/0x244\n __platform_driver_register+0x88/0x9c\n init_module+0x64/0xff4 [arm_smmu]\n do_one_initcall+0x17c/0x2f0\n do_init_module+0xe8/0x378\n load_module+0x3f80/0x4a40\n __se_sys_finit_module+0x1a0/0x1e4\n __arm64_sys_finit_module+0x44/0x58\n el0_svc_common+0x100/0x264\n do_el0_svc+0x38/0xa4\n el0_svc+0x20/0x30\n el0_sync_handler+0x68/0xac\n el0_sync+0x160/0x180\n\nFix this by setting dev->iommu to NULL first and\nthen freeing dev_iommu structure in dev_iommu_free\nfunction."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iommu: corrige el posible use-after-free durante la prueba Kasan ha informado el siguiente use-after-free en dev-&gt;iommu. cuando falla la sonda de un dispositivo y est\u00e1 en proceso de liberar dev-&gt;iommu en la funci\u00f3n dev_iommu_free, una deferred_probe_work_func se ejecuta en paralelo e intenta acceder a dev-&gt;iommu-&gt;fwspec en la ruta of_iommu_configure, lo que provoca el use-after-free. ERROR: KASAN: use-after-free en of_iommu_configure+0xb4/0x4a4 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffff87a2f1acb8 por tarea kworker/u16:2/153 Cola de trabajo: events_unbound deferred_probe_work_func Seguimiento de llamadas: dump_backtrace+0x0/0x33c show_stack+0x18/0x24 dump_stack_ nivel+ 0x16c/0x1e0 print_address_description+0x84/0x39c __kasan_report+0x184/0x308 kasan_report+0x50/0x78 __asan_load8+0xc0/0xc4 of_iommu_configure+0xb4/0x4a4 of_dma_configure_id+0x2fc/0x4d4 platform_ dma_configure+0x40/0x5c very_probe+0x1b4/0xb74 driver_probe_device+0x11c/0x228 __device_attach_driver+ 6 970 work_thread+0x5c8/0xaec kthread+0x1f8/0x220 ret_from_fork+0x10/0x18 Asignado por tarea 1: ____kasan_kmalloc+0xd4/0x114 __kasan_kmalloc+0x10/0x1c kmem_cache_alloc_trace+0xe4/0x3d4 __iommu_probe_device+0x90/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_ iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu ] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c very_probe+0x2c8/0xb74 driver_probe_device+0x11c/0x228 dispositivo_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 _for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 driver_register +0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+ 0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/0x264 do_el0_svc+0x38 /0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/0x180 Liberado por la tarea 1: kasan_set_track+0x4c/0x84 kasan_set_free_info+0x28/0x4c ____kasan_slab_free+0x120/0x15c 0x18/0x28 slab_free_freelist_hook+0x204/0x2fc kfree+0xfc /0x3a4 __iommu_probe_device+0x284/0x394 probe_iommu_group+0x70/0x9c bus_for_each_dev+0x11c/0x19c bus_iommu_probe+0xb8/0x7d4 bus_set_iommu+0xcc/0x13c arm_smmu_bus_init+0x44/0x130 [arm_smmu] arm_smmu_device_probe+0xb88/0xc54 [arm_smmu] platform_drv_probe+0xe4/0x13c realmente_probe+ 0x2c8/0xb74 driver_probe_device+0x11c/0x228 dispositivo_driver_attach+0xf0/0x16c __driver_attach+0x80/0x320 bus_for_each_dev+0x11c/0x19c driver_attach+0x38/0x48 bus_add_driver+0x1dc/0x3a4 ister+0x18c/0x244 __platform_driver_register+0x88/0x9c init_module+0x64/0xff4 [arm_smmu ] do_one_initcall+0x17c/0x2f0 do_init_module+0xe8/0x378 load_module+0x3f80/0x4a40 __se_sys_finit_module+0x1a0/0x1e4 __arm64_sys_finit_module+0x44/0x58 el0_svc_common+0x100/ 0x264 do_el0_svc+0x38/0xa4 el0_svc+0x20/0x30 el0_sync_handler+0x68/0xac el0_sync+0x160/ 0x180 Solucione este problema configurando dev-&gt;iommu en NULL primero y luego liberando la estructura dev_iommu en la funci\u00f3n dev_iommu_free."
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More