From d546e05b23b92ff01dd1aa14cbb79bf8f6531df1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 24 Dec 2024 15:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-12-24T15:00:19.932028+00:00 --- CVE-2021/CVE-2021-469xx/CVE-2021-46988.json | 198 +++++++++++++++-- CVE-2021/CVE-2021-469xx/CVE-2021-46990.json | 232 ++++++++++++++++++-- CVE-2021/CVE-2021-469xx/CVE-2021-46992.json | 165 ++++++++++++-- CVE-2021/CVE-2021-469xx/CVE-2021-46993.json | 131 +++++++++-- CVE-2021/CVE-2021-469xx/CVE-2021-46997.json | 114 +++++++++- CVE-2024/CVE-2024-530xx/CVE-2024-53089.json | 89 +++++++- CVE-2024/CVE-2024-530xx/CVE-2024-53090.json | 89 +++++++- CVE-2024/CVE-2024-530xx/CVE-2024-53091.json | 117 +++++++++- CVE-2024/CVE-2024-530xx/CVE-2024-53092.json | 105 ++++++++- README.md | 41 ++-- _state.csv | 66 +++--- 11 files changed, 1188 insertions(+), 159 deletions(-) diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json index 30d47c74299..54a76f7a43a 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46988.json @@ -2,7 +2,7 @@ "id": "CVE-2021-46988", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.640", - "lastModified": "2024-11-21T06:35:08.027", + "lastModified": "2024-12-24T14:25:32.130", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -15,63 +15,229 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: userfaultfd: publicar p\u00e1gina en ruta de error para evitar BUG_ON Considere la siguiente secuencia de eventos: 1. Userspace emite un ioctl UFFD, que termina llamando a shmem_mfill_atomic_pte(). Contamos con \u00e9xito los bloques, usamos shmem_alloc_page(), pero luego copy_from_user() falla. Volvemos -ENOENT. No publicamos la p\u00e1gina que asignamos. 2. Nuestra persona que llama detecta este c\u00f3digo de error, intenta copiar_from_user() despu\u00e9s de descartar mmap_lock y vuelve a intentarlo, volviendo a llamar a shmem_mfill_atomic_pte(). 3. Mientras tanto, digamos que otro proceso llen\u00f3 los tmpfs que se estaban utilizando. 4. Entonces shmem_mfill_atomic_pte() no logra bloquear la cuenta esta vez y regresa inmediatamente, sin liberar la p\u00e1gina. Esto desencadena un BUG_ON en nuestra persona que llama, que afirma que la p\u00e1gina siempre debe consumirse, a menos que se devuelva -ENOENT. Para solucionar este problema, detectar si tenemos esa p\u00e1gina \"colgante\" cuando falla la contabilidad y, en caso afirmativo, liberarla antes de regresar." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.11", + "versionEndExcluding": "4.14.233", + "matchCriteriaId": "3CEB4F43-643B-4BF2-BC3B-FB797EC75463" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.191", + "matchCriteriaId": "5B6E6817-19A8-4C0A-8807-71DA48CF9191" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.120", + "matchCriteriaId": "2BDC71CF-4451-4D53-93E9-61DE7C4E25B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.38", + "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.22", + "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.5", + "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "DA09B732-04F8-452C-94CF-97644E78684D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E5371152-7515-4908-BB7E-494805EA5DF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "D7788E5B-D54E-45BF-9043-2C7B77842FD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "A935F9F1-DA8B-49F4-BF2B-FA01A92F113E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "DF0AF673-12B7-4274-9090-411D4939CB62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc7:*:*:*:*:*:*", + "matchCriteriaId": "06AE06A6-A0C3-4556-BFFA-3D6E4BAC43C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/07c9b834c97d0fa3402fb7f3f3b32df370a6ff1f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/140cfd9980124aecb6c03ef2e69c72d0548744de", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2d59a0ed8b26b8f3638d8afc31f839e27759f1f6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/319116227e52d49eee671f0aa278bac89b3c1b69", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ed9d238c7dbb1fdb63ad96a6184985151b0171c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ad53127973034c63b5348715a1043d0e80ceb330", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3f1731c6d7fbc1ebe3ed8eff6d6bec56d76ff43", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/07c9b834c97d0fa3402fb7f3f3b32df370a6ff1f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/140cfd9980124aecb6c03ef2e69c72d0548744de", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2d59a0ed8b26b8f3638d8afc31f839e27759f1f6", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/319116227e52d49eee671f0aa278bac89b3c1b69", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7ed9d238c7dbb1fdb63ad96a6184985151b0171c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ad53127973034c63b5348715a1043d0e80ceb330", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b3f1731c6d7fbc1ebe3ed8eff6d6bec56d76ff43", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json index d7b67c46b20..a359dd14539 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46990.json @@ -2,7 +2,7 @@ "id": "CVE-2021-46990", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.733", - "lastModified": "2024-11-21T06:35:08.370", + "lastModified": "2024-12-24T14:30:57.310", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -15,79 +15,271 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/64s: soluciona fallas al alternar la barrera de descarga de entrada. La mitigaci\u00f3n de descarga de entrada se puede habilitar/deshabilitar en tiempo de ejecuci\u00f3n a trav\u00e9s de un archivo debugfs (entry_flush), lo que hace que el kernel se parchee a s\u00ed mismo. habilitar/deshabilitar las mitigaciones relevantes. Sin embargo, dependiendo de la mitigaci\u00f3n que estemos usando, puede que no sea seguro aplicar ese parche mientras otras CPU est\u00e1n activas. Por ejemplo, el siguiente bloqueo: durmiente[15639]: segfault (11) en c000000000004c20 nip c000000000004c20 lr c000000000004c20 Muestra que regresamos al espacio de usuario con un LR corrupto que apunta al kernel, debido a la ejecuci\u00f3n de la llamada parcialmente parcheada a la entrada de respaldo descarga ( es decir, nos perdimos la restauraci\u00f3n de LR). Arr\u00e9glelo haciendo el parche debajo de detener la m\u00e1quina. Las CPU que no est\u00e9n aplicando los parches girar\u00e1n en el n\u00facleo de la l\u00f3gica de detenci\u00f3n de la m\u00e1quina. Actualmente, eso es suficiente para nuestros prop\u00f3sitos, porque ninguno de los parches que hacemos se aplica a ese c\u00f3digo ni a ning\u00fan lugar cercano." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4.245", + "versionEndExcluding": "4.4.269", + "matchCriteriaId": "99E8C04F-867F-487B-913C-B3704B8232E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9.245", + "versionEndExcluding": "4.9.269", + "matchCriteriaId": "DDF10571-1100-4E56-B422-CD9F92FC7812" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.208", + "versionEndExcluding": "4.14.233", + "matchCriteriaId": "C28A4D9B-B741-4832-92FE-F2DC9EB8B85B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.159", + "versionEndExcluding": "4.19.191", + "matchCriteriaId": "7AB9F40F-0FCE-4166-B98E-92F5910D7E30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.79", + "versionEndExcluding": "5.4.120", + "matchCriteriaId": "570ECFEC-D2E2-4B02-9B0F-5E7BF80EF287" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndExcluding": "5.10.38", + "matchCriteriaId": "8051E54C-C4D7-4B79-90C8-3C0B5A772262" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.22", + "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.5", + "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", + "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", + "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", + "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", + "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", + "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc7:*:*:*:*:*:*", + "matchCriteriaId": "F63101C7-E7A3-4C74-9CD5-B5FC5F53F5C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json index 12c41823da7..813b8fa9300 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46992.json @@ -2,8 +2,8 @@ "id": "CVE-2021-46992", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.833", - "lastModified": "2024-11-21T06:35:08.643", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:34:12.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,63 +15,194 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nftables: evitar desbordamientos en nft_hash_buckets() N\u00famero de dep\u00f3sitos almacenados en variables de 32 bits, debemos asegurarnos de que no se produzcan desbordamientos en nft_hash_buckets() syzbot inyect\u00f3 un tama\u00f1o == 0x40000000 e inform\u00f3: UBSAN: desplazamiento fuera de los l\u00edmites en ./include/linux/log2.h:57:13 el exponente de desplazamiento 64 es demasiado grande para el tipo de 64 bits 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:79 [en l\u00ednea] dump_stack +0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 __roundup_pow_of_two include/linux/log2.h:57 [en l\u00ednea] nft_hash_buckets net/netfilter/nft_set_hash.c:411 [en l\u00ednea] nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652 nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [en l\u00ednea] nf_tables_newset+0xe62 /0x3110 net/filtro de red /nf_tables_api.c:4322 nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [en l\u00ednea] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630 netlink_unicast_kernel net/ netlink/af_netlink.c:1312 [en l\u00ednea] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [en l\u00ednea] sock_sendmsg +0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_sys llamada_64+0x2d /0x70 arco/x86/entry/common.c:46" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9", + "versionEndExcluding": "4.14.233", + "matchCriteriaId": "F2310EE5-3A70-44AB-A6C2-C2C815BFB7A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.191", + "matchCriteriaId": "5B6E6817-19A8-4C0A-8807-71DA48CF9191" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.120", + "matchCriteriaId": "2BDC71CF-4451-4D53-93E9-61DE7C4E25B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.38", + "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.22", + "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.5", + "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json index bf829da0b39..a5437409718 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46993.json @@ -2,8 +2,8 @@ "id": "CVE-2021-46993", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:37.880", - "lastModified": "2024-11-21T06:35:08.777", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:40:13.420", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,152 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: corrige el acceso fuera de los l\u00edmites en uclamp Util-clamp coloca las tareas en diferentes dep\u00f3sitos seg\u00fan sus valores de fijaci\u00f3n por razones de rendimiento. Sin embargo, el tama\u00f1o de los dep\u00f3sitos se calcula actualmente mediante una divisi\u00f3n de redondeo, lo que puede provocar un error de uno por uno en algunas configuraciones. Por ejemplo, con 20 dep\u00f3sitos, el tama\u00f1o del dep\u00f3sito ser\u00e1 1024/20=51. Una tarea con una abrazadera de 1024 se asignar\u00e1 al ID del dep\u00f3sito 1024/51=20. Lamentablemente, los \u00edndices correctos est\u00e1n en el rango [0,19], lo que provoca un acceso a la memoria fuera de los l\u00edmites. Sujete la identificaci\u00f3n del dep\u00f3sito para solucionar el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.3", + "versionEndExcluding": "5.4.120", + "matchCriteriaId": "E868B513-59E3-4DE6-AC7C-E0219F1AD2C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.38", + "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.22", + "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.5", + "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json index f6d72fbd5e4..e6bf7953068 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46997.json @@ -2,8 +2,8 @@ "id": "CVE-2021-46997", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-28T09:15:38.047", - "lastModified": "2024-11-21T06:35:09.237", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:42:47.170", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,131 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: entrada: configure siempre GIC_PRIO_PSR_I_SET durante la entrada Zenghui informa que al iniciar un kernel con \"irqchip.gicv3_pseudo_nmi=1\" en la l\u00ednea de comando aparece una advertencia durante la entrada del kernel, debido a la forma manipulamos el PMR. Al principio de la secuencia de entrada, llamamos a lockdep_hardirqs_off() para informar a lockdep que las interrupciones han sido enmascaradas (ya que el HW configura DAIF cuando ingresa una excepci\u00f3n). Desde el punto de vista arquitect\u00f3nico, PMR_EL1 no se ve afectado por la entrada de excepci\u00f3n y no configuramos GIC_PRIO_PSR_I_SET en el PMR al principio de la secuencia de entrada de excepci\u00f3n, por lo que al principio de la entrada de excepci\u00f3n el PMR puede indicar que las interrupciones est\u00e1n desenmascaradas aunque est\u00e9n enmascaradas por DAIF. Si se selecciona DEBUG_LOCKDEP, lockdep_hardirqs_off() verificar\u00e1 que las interrupciones est\u00e9n enmascaradas, antes de configurar GIC_PRIO_PSR_I_SET en cualquiera de las rutas de entrada de excepci\u00f3n y, por lo tanto, lockdep_hardirqs_off() ADVERTENCIA() que algo anda mal. Podemos evitar esto configurando consistentemente GIC_PRIO_PSR_I_SET durante la entrada de excepciones para que el c\u00f3digo del kernel vea un entorno consistente. Tambi\u00e9n debemos actualizar local_daif_inherit() para deshacer esto, ya que actualmente solo toca DAIF. Para otras rutas, local_daif_restore() actualizar\u00e1 tanto DAIF como PMR. Una vez hecho esto, podemos eliminar los casos especiales existentes que configuran esto m\u00e1s adelante en el c\u00f3digo de entrada. Siempre usamos (GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET) para mantener la coherencia con local_daif_save(), ya que esto avisar\u00e1 si alguna vez encuentra (GIC_PRIO_IRQOFF | GIC_PRIO_PSR_I_SET), y nunca lo configura por s\u00ed mismo. Esto coincide con gic_prio_kentry_setup que debemos conservar para ret_to_user. El s\u00edmbolo original del informe de Zenghui fue: | DEBUG_LOCKS_WARN_ON(!irqs_disabled()) | ADVERTENCIA: CPU: 3 PID: 125 en kernel/locking/lockdep.c:4258 lockdep_hardirqs_off+0xd4/0xe8 | M\u00f3dulos enlazados en: | CPU: 3 PID: 125 Comunicaciones: modprobe Contaminado: GW 5.12.0-rc8+ #463 | Nombre del hardware: M\u00e1quina virtual QEMU KVM, BIOS 0.0.0 06/02/2015 | pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO BTYPE=--) | ordenador personal: lockdep_hardirqs_off+0xd4/0xe8 | lr: lockdep_hardirqs_off+0xd4/0xe8 | sp: ffff80002a39bad0 | pmr_save: 000000e0 | x29: ffff80002a39bad0 x28: ffff0000de214bc0 | x27: ffff0000de1c0400 x26: 000000000049b328 | x25: 0000000000406f30 x24: ffff0000de1c00a0 | x23: 0000000020400005 x22: ffff8000105f747c | x21: 0000000096000044 x20: 0000000000498ef9 | x19: ffff80002a39bc88 x18: ffffffffffffffff | x17: 0000000000000000 x16: ffff800011c61eb0 | x15: ffff800011700a88 x14: 0720072007200720 | x13: 0720072007200720 x12: 0720072007200720 | x11: 0720072007200720 x10: 0720072007200720 | x9: ffff80002a39bad0 x8: ffff80002a39bad0 | x7: ffff8000119f0800 x6: c0000000ffff7fff | x5: ffff8000119f07a8 x4: 0000000000000001 | x3: 9bcdab23f2432800 x2: ffff800011730538 | x1: 9bcdab23f2432800 x0: 0000000000000000 | Rastreo de llamadas: | lockdep_hardirqs_off+0xd4/0xe8 | enter_from_kernel_mode.isra.5+0x7c/0xa8 | el1_abort+0x24/0x100 | el1_sync_handler+0x80/0xd0 | el1_sync+0x6c/0x100 | __arch_clear_user+0xc/0x90 | load_elf_binary+0x9fc/0x1450 | bprm_execve+0x404/0x880 | kernel_execve+0x180/0x188 | call_usermodehelper_exec_async+0xdc/0x158 | ret_from_fork+0x10/0x18" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10", + "versionEndExcluding": "5.10.38", + "matchCriteriaId": "8051E54C-C4D7-4B79-90C8-3C0B5A772262" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.11.22", + "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.12", + "versionEndExcluding": "5.12.5", + "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4d6a38da8e79e94cbd1344aa90876f0f805db705", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51524fa8b5f7b879ba569227738375d283b79382", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d8d52005f57bbb4a4ec02f647e2555d327135c68", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e67a83f078005461b59b4c776e6b5addd11725fa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4d6a38da8e79e94cbd1344aa90876f0f805db705", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51524fa8b5f7b879ba569227738375d283b79382", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d8d52005f57bbb4a4ec02f647e2555d327135c68", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e67a83f078005461b59b4c776e6b5addd11725fa", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json index f541942f5dc..77b26872342 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53089.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53089", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:11.817", - "lastModified": "2024-11-21T19:15:11.817", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:48:13.423", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,94 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: KVM: Marcar hrtimer para que caduque en un contexto de interrupci\u00f3n dura Como en el commit 2c0d278f3293f (\"KVM: LAPIC: Marcar hrtimer para que caduque en un contexto de interrupci\u00f3n dura\") y el commit 9090825fa9974 (\"KVM: arm/arm64: Dejar que el temporizador caduque en un contexto de hardirq en RT\"), en los kernels con PREEMPT_RT habilitado, los hrtimers sin marcar se mueven al modo de caducidad de interrupci\u00f3n suave de forma predeterminada. Luego, los temporizadores se cancelan desde un notificador de preempci\u00f3n que se invoca con la preempci\u00f3n deshabilitada, lo que no est\u00e1 permitido en PREEMPT_RT. La devoluci\u00f3n de llamada del temporizador es corta, por lo que podr\u00eda invocarse en un contexto de hard-IRQ. Por lo tanto, deje que el temporizador caduque en un contexto de hard-IRQ incluso en -RT. Esto corrige un error de \"programaci\u00f3n mientras es at\u00f3mico\" para los kernels con PREEMPT_RT habilitado: ERROR: programaci\u00f3n mientras es at\u00f3mico: qemu-system-loo/1011/0x00000002 M\u00f3dulos vinculados en: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Contaminado: GW 6.12.0-rc2+ #1774 Contaminado: [W]=WARN Nombre del hardware: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 21/10/2022 Pila: ffffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000 90000001167475a0 0000000000000000 90000001167475a8 9000000005644830 90000000058dc000 90000000058dbff8 9000000116747420 000000000000001 0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140 00000000000003fe 0000000000000001 000000000000000d 0000000000000003 0000000000000030 00000000000003f3 000000000790c000 9000000116747830 90000000057ef000 0000000000000000 900000005644830 0000000000000004 0000000000000000 90000000057f4b58 0000000000000001 9000000116747868 900000000451b600 9000000005644830 900000003a13998 0000000010000020 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Seguimiento de llamadas: [<9000000003a13998>] show_stack+0x38/0x180 [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0 [<9000000003a71708>] __schedule_bug+0x48/0x60 [<9000000004e45734>] __schedule+0x1114/0x1660 [<9000000004e46040>] schedule_rtlock+0x20/0x60 [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0 [<9000000004e4f038>] rt_spin_lock+0x58/0x80 [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0 [<9000000003b02e30>] hrtimer_cancel+0x70/0x80 [] kvm_restore_timer+0x50/0x1a0 [kvm] [] kvm_arch_vcpu_load+0x68/0x2a0 [kvm] [] kvm_sched_in+0x34/0x60 [kvm] [<9000000003a749a0>] finalizar_conmutaci\u00f3n_de_tareas.isra.0+0x140/0x2e0 [<9000000004e44a70>] __programaci\u00f3n+0x450/0x1660 [<9000000004e45cb0>] programaci\u00f3n+0x30/0x180 [] kvm_vcpu_block+0x70/0x120 [kvm] [] kvm_vcpu_halt+0x60/0x3e0 [kvm] [] kvm_handle_gspr+0x3f4/0x4e0 [kvm] [] kvm_handle_exit+0x1c8/0x260 [kvm]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.11.9", + "matchCriteriaId": "5163F80F-8D8E-4FFD-B327-624A8CAF902D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1e4c384a4be9ed1e069e24f388ab2ee9951b77b5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73adbd92f3223dc0c3506822b71c6b259d5d537b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json index 8753863fef7..e26870b7c89 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53090.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53090", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.010", - "lastModified": "2024-11-21T19:15:12.010", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:52:35.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,94 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: Fix lock recursion afs_wake_up_async_call() puede generar recursi\u00f3n de bloqueo. El problema es que se llama desde AF_RXRPC mientras se mantiene el ->notify_lock, pero intenta tomar una referencia en la estructura afs_call para pasarla a una cola de trabajo; pero si afs_call ya est\u00e1 en cola, entonces tenemos una referencia extra\u00f1a que se debe poner... sin embargo, llamar a afs_put_call() puede volver a llamar a AF_RXRPC a trav\u00e9s de rxrpc_kernel_shutdown_call(), que podr\u00eda intentar tomar el ->notify_lock nuevamente. Sin embargo, este caso no es muy com\u00fan, por lo que se debe diferir a una cola de trabajo. El error se parece a algo como esto: ERROR: recursi\u00f3n de spinlock en CPU#0, krxrpcio/7001/1646 bloqueo: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0 CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 No contaminado 6.12.0-rc2-build3+ #4351 Nombre del hardware: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Seguimiento de llamadas: dump_stack_lvl+0x47/0x70 do_raw_spin_lock+0x3c/0x90 rxrpc_input_call_event+0xad/0x6b0 rxrpc_input_packet_on_conn+0x1e1/0x210 rxrpc_input_packet+0x3f2/0x4d0 rxrpc_io_thread+0x243/0x410 ? __pfx_rxrpc_io_thread+0x10/0x10 kthread+0xcf/0xe0 ? __pfx_kthread+0x10/0x10 ret_de_la_bifurcaci\u00f3n+0x24/0x40 ? __pfx_kthread+0x10/0x10 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.11.9", + "matchCriteriaId": "5163F80F-8D8E-4FFD-B327-624A8CAF902D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/610a79ffea02102899a1373fe226d949944a7ed6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d7cbf81df996b1eae2dee8deb6df08e2eba78661", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json index bf97fcb8e70..7db867f5725 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53091.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53091", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.177", - "lastModified": "2024-11-21T19:15:12.177", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:55:45.720", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,124 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Agregar comprobaci\u00f3n de sk_is_inet e IS_ICSK en tls_sw_has_ctx_tx/rx Como la introducci\u00f3n del soporte para vsock y sockets unix en sockmap, tls_sw_has_ctx_tx/rx no puede presumir que el socket pasado debe ser IS_ICSK. Los sockets vsock y af_unix tienen vsock_sock y unix_sock en lugar de inet_connection_sock. Para estos sockets, tls_get_ctx puede devolver un puntero no v\u00e1lido y causar un error de p\u00e1gina en la funci\u00f3n tls_sw_ctx_rx. ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000040030 Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:sk_psock_strp_data_ready+0x23/0x60 Call Trace: ? __die+0x81/0xc3 ? no_context+0x194/0x350 ? do_page_fault+0x30/0x110 ? async_page_fault+0x3e/0x50 ? sk_psock_strp_data_ready+0x23/0x60 virtio_transport_recv_pkt+0x750/0x800 ? update_load_avg+0x7e/0x620 vsock_loopback_work+0xd0/0x100 process_one_work+0x1a7/0x360 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? __kthread_cancel_work+0x40/0x40 ret_from_fork+0x1f/0x40 v2: - Add IS_ICSK check v3: - Update the commits in Fixes" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "6.6.62", + "matchCriteriaId": "D16ADAC8-D39A-40A8-BB83-2F61D51C3E08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.9", + "matchCriteriaId": "759504D4-BE53-492C-BA9B-70F6A9F409CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", + "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/44d0469f79bd3d0b3433732877358df7dc6b17b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6781cfa93a6a1b7f5be6819a5a2dd8f30f47ca26", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a078a480ff3f43d74d8a024ae10c3c7daf6db149", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json b/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json index 612d2f7bffb..d26f317cc27 100644 --- a/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json +++ b/CVE-2024/CVE-2024-530xx/CVE-2024-53092.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53092", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-21T19:15:12.380", - "lastModified": "2024-11-21T19:15:12.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-12-24T14:57:21.500", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,110 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio_pci: Arreglar la limpieza de admin vq usando el puntero de informaci\u00f3n correcto vp_modern_avq_cleanup() y vp_del_vqs() limpian los recursos de admin vq mediante el puntero virtio_pci_vq_info. El puntero de informaci\u00f3n de admin vq se almacena en vp_dev->admin_vq.info en lugar de vp_dev->vqs[]. Usar el puntero de informaci\u00f3n de vp_dev->vqs[] para admin vq causa un error de desreferencia de puntero NULL en el kernel. En vp_modern_avq_cleanup() y vp_del_vqs(), obtener el puntero de informaci\u00f3n de vp_dev->admin_vq.info para admin vq para limpiar los recursos. Tambi\u00e9n hacer que info ptr como argumento de vp_del_vq() sea sim\u00e9trico con vp_setup_vq(). vp_reset llama a vp_modern_avq_cleanup y provoca el seguimiento de llamadas: ===================================================================== ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n:000000000000000 ... CPU: 49 UID: 0 PID: 4439 Comm: modprobe No contaminado 6.11.0-rc5 #1 RIP: 0010:vp_reset+0x57/0x90 [virtio_pci] Seguimiento de llamadas: ... ? vp_reset+0x57/0x90 [virtio_pci] ? vp_reset+0x38/0x90 [virtio_pci] virtio_reset_device+0x1d/0x30 remove_vq_common+0x1c/0x1a0 [virtio_net] virtnet_remove+0xa1/0xc0 [virtio_net] virtio_dev_remove+0x46/0xa0 ... virtio_pci_driver_exit+0x14/0x810 [virtio_pci] ==================================================================" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.9", + "matchCriteriaId": "1364F9AE-C86A-4A29-94FF-A80AD3B090FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", + "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", + "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", + "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/018d3d4ad4be7fbc95d8a2367642a32d21df55c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/97ee04feb682c906a1fa973ebe586fe91567d165", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 465170a2e50..fd5236a65d8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-24T13:00:20.073177+00:00 +2024-12-24T15:00:19.932028+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-24T12:15:24.670000+00:00 +2024-12-24T14:57:21.500000+00:00 ``` ### Last Data Feed Release @@ -38,38 +38,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `24` +Recently added CVEs: `0` -- [CVE-2024-10584](CVE-2024/CVE-2024-105xx/CVE-2024-10584.json) (`2024-12-24T11:15:05.670`) -- [CVE-2024-10856](CVE-2024/CVE-2024-108xx/CVE-2024-10856.json) (`2024-12-24T11:15:07.260`) -- [CVE-2024-11726](CVE-2024/CVE-2024-117xx/CVE-2024-11726.json) (`2024-12-24T11:15:07.443`) -- [CVE-2024-12268](CVE-2024/CVE-2024-122xx/CVE-2024-12268.json) (`2024-12-24T11:15:07.623`) -- [CVE-2024-43441](CVE-2024/CVE-2024-434xx/CVE-2024-43441.json) (`2024-12-24T12:15:21.697`) -- [CVE-2024-53145](CVE-2024/CVE-2024-531xx/CVE-2024-53145.json) (`2024-12-24T12:15:22.507`) -- [CVE-2024-53146](CVE-2024/CVE-2024-531xx/CVE-2024-53146.json) (`2024-12-24T12:15:22.653`) -- [CVE-2024-53147](CVE-2024/CVE-2024-531xx/CVE-2024-53147.json) (`2024-12-24T12:15:22.777`) -- [CVE-2024-53148](CVE-2024/CVE-2024-531xx/CVE-2024-53148.json) (`2024-12-24T12:15:22.887`) -- [CVE-2024-53149](CVE-2024/CVE-2024-531xx/CVE-2024-53149.json) (`2024-12-24T12:15:23.007`) -- [CVE-2024-53150](CVE-2024/CVE-2024-531xx/CVE-2024-53150.json) (`2024-12-24T12:15:23.117`) -- [CVE-2024-53151](CVE-2024/CVE-2024-531xx/CVE-2024-53151.json) (`2024-12-24T12:15:23.240`) -- [CVE-2024-53152](CVE-2024/CVE-2024-531xx/CVE-2024-53152.json) (`2024-12-24T12:15:23.353`) -- [CVE-2024-53153](CVE-2024/CVE-2024-531xx/CVE-2024-53153.json) (`2024-12-24T12:15:23.467`) -- [CVE-2024-53154](CVE-2024/CVE-2024-531xx/CVE-2024-53154.json) (`2024-12-24T12:15:23.580`) -- [CVE-2024-53155](CVE-2024/CVE-2024-531xx/CVE-2024-53155.json) (`2024-12-24T12:15:23.700`) -- [CVE-2024-53156](CVE-2024/CVE-2024-531xx/CVE-2024-53156.json) (`2024-12-24T12:15:23.833`) -- [CVE-2024-53157](CVE-2024/CVE-2024-531xx/CVE-2024-53157.json) (`2024-12-24T12:15:23.970`) -- [CVE-2024-53158](CVE-2024/CVE-2024-531xx/CVE-2024-53158.json) (`2024-12-24T12:15:24.097`) -- [CVE-2024-53159](CVE-2024/CVE-2024-531xx/CVE-2024-53159.json) (`2024-12-24T12:15:24.217`) -- [CVE-2024-53160](CVE-2024/CVE-2024-531xx/CVE-2024-53160.json) (`2024-12-24T12:15:24.340`) -- [CVE-2024-53161](CVE-2024/CVE-2024-531xx/CVE-2024-53161.json) (`2024-12-24T12:15:24.453`) -- [CVE-2024-53162](CVE-2024/CVE-2024-531xx/CVE-2024-53162.json) (`2024-12-24T12:15:24.567`) -- [CVE-2024-53163](CVE-2024/CVE-2024-531xx/CVE-2024-53163.json) (`2024-12-24T12:15:24.670`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `9` +- [CVE-2021-46988](CVE-2021/CVE-2021-469xx/CVE-2021-46988.json) (`2024-12-24T14:25:32.130`) +- [CVE-2021-46990](CVE-2021/CVE-2021-469xx/CVE-2021-46990.json) (`2024-12-24T14:30:57.310`) +- [CVE-2021-46992](CVE-2021/CVE-2021-469xx/CVE-2021-46992.json) (`2024-12-24T14:34:12.700`) +- [CVE-2021-46993](CVE-2021/CVE-2021-469xx/CVE-2021-46993.json) (`2024-12-24T14:40:13.420`) +- [CVE-2021-46997](CVE-2021/CVE-2021-469xx/CVE-2021-46997.json) (`2024-12-24T14:42:47.170`) +- [CVE-2024-53089](CVE-2024/CVE-2024-530xx/CVE-2024-53089.json) (`2024-12-24T14:48:13.423`) +- [CVE-2024-53090](CVE-2024/CVE-2024-530xx/CVE-2024-53090.json) (`2024-12-24T14:52:35.750`) +- [CVE-2024-53091](CVE-2024/CVE-2024-530xx/CVE-2024-53091.json) (`2024-12-24T14:55:45.720`) +- [CVE-2024-53092](CVE-2024/CVE-2024-530xx/CVE-2024-53092.json) (`2024-12-24T14:57:21.500`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 143fd6cac89..cd7dc30a37f 100644 --- a/_state.csv +++ b/_state.csv @@ -187153,16 +187153,16 @@ CVE-2021-46984,0,0,d9cce9d726ee3d6403e2144a0618518d03488b8f6aa8580231d506cf0d7c3 CVE-2021-46985,0,0,b55f7da4d8af6b538e5342c699879b38a7eac54f39c8d2da26b510610f029cd8,2024-12-06T15:02:17.187000 CVE-2021-46986,0,0,e8bf96e7d68a0a39498049c9247d2d34f593bd8c73d1f880d85fb602a45b9951,2024-11-21T06:35:07.760000 CVE-2021-46987,0,0,8b30e27b6b209d80685bed3bea9ab3c4c2b966757291dae1784881a91a36c579,2024-12-06T15:07:49.483000 -CVE-2021-46988,0,0,3b15bb837bebef43d012e0d42e3ab332c067b372741b7cebd52f2c926b49ffd3,2024-11-21T06:35:08.027000 +CVE-2021-46988,0,1,bb3f06f2c641a7a082c9b77fe59ee802148066b3526dd5bd0f2f235d296ad089,2024-12-24T14:25:32.130000 CVE-2021-46989,0,0,600337192eb6414d45bda3482618305f3b218774e0cae5d5e975853340f7b41b,2024-11-21T06:35:08.167000 -CVE-2021-46990,0,0,88dd8b8fc61071cc133b80e2bf77a197a5c20f319560c20679048d42575af936,2024-11-21T06:35:08.370000 +CVE-2021-46990,0,1,d815e81975a79b2e3a047c66789857803c479a6177bbf16cdf6205d5ed9b46db,2024-12-24T14:30:57.310000 CVE-2021-46991,0,0,2f6445f008d8252daec57a306462580e4e81cb2e8269cb435b7460491da39731,2024-12-06T15:27:56.500000 -CVE-2021-46992,0,0,4ff33012149fdcb030499f48deac05a791f647c58648509c4ce5734b413b683e,2024-11-21T06:35:08.643000 -CVE-2021-46993,0,0,079fc2d95bf23e191f45ae7ebf2260ba1051715c28718f98442d713a0ef700f0,2024-11-21T06:35:08.777000 +CVE-2021-46992,0,1,19c99c300bb6998a5850e0973feda19b3c49096e5600119628f0575bd055a56f,2024-12-24T14:34:12.700000 +CVE-2021-46993,0,1,4174cc77477502e59614df8d700469da9d9c4c2c348540bb8233d1949572daef,2024-12-24T14:40:13.420000 CVE-2021-46994,0,0,5c26f1bffad42113527c03012feabb3100b9729be111faf4a3e0339d6d4c855a,2024-12-06T14:42:34.983000 CVE-2021-46995,0,0,04279b80c7aa4fa88f6ee3921cc621493bb5af4103005f0ffdf207d8a315335e,2024-12-06T14:55:32.277000 CVE-2021-46996,0,0,452e5f54c471438a622b93c6c092100d01f800bbb0e695a93e2c585fff40203f,2024-12-06T14:55:54.497000 -CVE-2021-46997,0,0,ea9a15aa119211eb36ed3e50a9a90dfb100e15bd01c3139286d5549b53cff4a0,2024-11-21T06:35:09.237000 +CVE-2021-46997,0,1,61d6b9618d306a93c2e7646f6f7b951e35e5d58e6d33870c7bac1e1668d0d48a,2024-12-24T14:42:47.170000 CVE-2021-46998,0,0,ff4906a7e8c07b0c23bb35c4e304cafbec2df7e7b473dfe12365d5e630a6c30d,2024-12-06T14:56:48.477000 CVE-2021-46999,0,0,51831d9c39f3cb89a8b291d8ff015c1f88bbf8af6cb6470705314f8e84c43809,2024-11-21T06:35:09.490000 CVE-2021-47000,0,0,3002e6f38616a18026c7e04e06bcce3007305ba819808a406d0baa5378bf5d3b,2024-11-21T06:35:09.613000 @@ -243536,7 +243536,7 @@ CVE-2024-1058,0,0,f55efbbe1000b59a93d67502d5a09284d2f9f41bdec59caa8cc00ef68357b5 CVE-2024-10580,0,0,7cbec3926b1e0a5918766b8a0adb238fb5e9aded2f47a47f3fe18631e2f40ea4,2024-11-27T07:15:07.920000 CVE-2024-10582,0,0,081ced1e3bee3a0a102c94bdff81bc48301372e830a54bd85e35429dcce93b3b,2024-11-19T21:17:53.003000 CVE-2024-10583,0,0,2dd8fa86d783214098b78ecf15207bb297f91c4a4766bbf054ba7ce346e63980,2024-12-12T07:15:05.570000 -CVE-2024-10584,1,1,8c7b6519131adad7fa81ba687e097a0fa4b2a44cb531dbf703074793d62582da,2024-12-24T11:15:05.670000 +CVE-2024-10584,0,0,8c7b6519131adad7fa81ba687e097a0fa4b2a44cb531dbf703074793d62582da,2024-12-24T11:15:05.670000 CVE-2024-10586,0,0,b69dc43541a3d4ba79cbec846432fae4b52e3fc26bdbf2ae2d19921cf034fb0f,2024-11-12T13:56:54.483000 CVE-2024-10587,0,0,d6724952982058693533d93eda32abe5adf3dfced7d03365b0a9849e1c3651d6,2024-12-04T03:15:04.037000 CVE-2024-10588,0,0,abb174590e2c3805aae308cc65206f91b43bf77d5c69f89364fb1f1e9e31b3d2,2024-11-12T13:56:24.513000 @@ -243767,7 +243767,7 @@ CVE-2024-10852,0,0,88fb8de98b83210c82faaa8e1b095564877022a37a1a43fabad4deb9c385a CVE-2024-10853,0,0,add694a740bab97bc9cd56d06dbb885f02fcec8f590e9f750238303d6750f5de,2024-11-13T17:01:16.850000 CVE-2024-10854,0,0,afc7bc69a1b6288540bb663e3abfd7c0b6a784132b70b7f35e98f7b2cc506cd5,2024-11-13T17:01:16.850000 CVE-2024-10855,0,0,ae24b9251832889f0ab5093466f5bbce4d7ad6d8dd4bf7a8321d2155c2606591,2024-11-26T20:34:02.857000 -CVE-2024-10856,1,1,251c7531c17b6f3b0ed919ef9a67ac2f96c713f0018b87cf93ecb45c7c80519e,2024-12-24T11:15:07.260000 +CVE-2024-10856,0,0,251c7531c17b6f3b0ed919ef9a67ac2f96c713f0018b87cf93ecb45c7c80519e,2024-12-24T11:15:07.260000 CVE-2024-10857,0,0,957ae8afb2b021b5a39096260dcb79ccdc7e257258c659d883b9a23a31df5c0b,2024-11-26T07:15:05.003000 CVE-2024-1086,0,0,688e2fb2892801c230e1dfe45afd0a98166e64f80974b1a593d490f3471fc0dd,2024-11-21T08:49:46.013000 CVE-2024-10861,0,0,a0a9ed450f8163c1435b46341b966a17dde352d3f4e975547d6d20959f88110b,2024-11-18T17:11:17.393000 @@ -244468,7 +244468,7 @@ CVE-2024-11721,0,0,476bad2ae1181a71ee1e909e9b2944d8737010e4d5a814100bd6b1844c536 CVE-2024-11722,0,0,75cb60b5eb4ea9d09b52d1e1e4055e2e26017dc0ef3344e31ce543e08644d731,2024-12-21T10:15:07.367000 CVE-2024-11723,0,0,d555056e56adae6d2817421636f03f202df11e8bc291dc8225ccc2e718d1c709,2024-12-12T05:15:09.247000 CVE-2024-11724,0,0,05e5e5fa479e9093ec1673d131b2e00f2d4111914ddf22019f00bb0b00e67aae,2024-12-12T07:15:08.600000 -CVE-2024-11726,1,1,d04c53bbeede2c8e9ddb1dccc50575467bbc326dd496f7a6d0a176abbdeb495b,2024-12-24T11:15:07.443000 +CVE-2024-11726,0,0,d04c53bbeede2c8e9ddb1dccc50575467bbc326dd496f7a6d0a176abbdeb495b,2024-12-24T11:15:07.443000 CVE-2024-11727,0,0,74ce7fa8cdfe22d5e7361f3d2dc50d23f9504f53bdcf31e2233dafec5ae3422b,2024-12-12T07:15:09.107000 CVE-2024-11728,0,0,6b4bed5fd27460e210abe0c2b9d4d46303cd8332bea3bc720df94689692e5ca9,2024-12-06T10:15:05.853000 CVE-2024-11729,0,0,efdcf50f70e4aaed57e8feef0a7a962846d2881b2d7c26550ce5bf699f2f41d7,2024-12-06T11:15:07.837000 @@ -244818,7 +244818,7 @@ CVE-2024-12262,0,0,8ec2a15063c99a2ece13211a7279c6a76a6a3bffd489dd7a1525f6aa0b49d CVE-2024-12263,0,0,183574df079ffbee27d57051711c108d812463b16a94004cdf52784fa08d4f65,2024-12-12T06:15:23.960000 CVE-2024-12265,0,0,4ecaf6258b9c646985803002f662a35d37ddc850eb892429f8568423d5e8ff62,2024-12-12T06:15:24.143000 CVE-2024-12266,0,0,1d7106cc2c49b744bdb4d729e342d386ad6363e95bef155c87eaefa9b1480a20,2024-12-24T05:15:06.433000 -CVE-2024-12268,1,1,de0d16e82fc665a0e026b29b66216e9a0dec9a54b17a86489bcd3b7f12025a82,2024-12-24T11:15:07.623000 +CVE-2024-12268,0,0,de0d16e82fc665a0e026b29b66216e9a0dec9a54b17a86489bcd3b7f12025a82,2024-12-24T11:15:07.623000 CVE-2024-1227,0,0,2b74966c63acb4b53db9100814c0ea98b900c2b18de594c13a326b21bfb265c8,2024-11-21T08:50:06.103000 CVE-2024-12270,0,0,a59b36ad08a62409fa966fc5cef53e6796ba20371cadd9c7e001162bc2771bae,2024-12-07T10:15:06.200000 CVE-2024-12271,0,0,e756524ee3996486f46fc9dfb0848744c8a90daec55e50296545ffd31d194dcb,2024-12-12T13:15:07.570000 @@ -263274,7 +263274,7 @@ CVE-2024-43438,0,0,73d1b28c6f38899287538d919cdc80ec31dafefe92f6661fe9a36214164d9 CVE-2024-43439,0,0,40ba494cdfdd48b88a4840d8431101c7f1fdc9c475043690f5f31b7b91efbc66,2024-11-12T15:35:10.043000 CVE-2024-4344,0,0,f2fc8cf2dc3e9a916d8c0e02c7965d497c7aae8ae1650868477b4aff5dcf5623,2024-11-21T09:42:40.023000 CVE-2024-43440,0,0,0d10351622646300ab78c6feb395f887255f528f4060e11d93edde30e1c5afaa,2024-11-08T19:01:03.880000 -CVE-2024-43441,1,1,82d66dd0d1494a3b8fd89d59d7d5aff81d4208bdba8428a1179a98d74629a843,2024-12-24T12:15:21.697000 +CVE-2024-43441,0,0,82d66dd0d1494a3b8fd89d59d7d5aff81d4208bdba8428a1179a98d74629a843,2024-12-24T12:15:21.697000 CVE-2024-43442,0,0,7cf6887173b63e3e2077127f17ebb1f8864349b85ded2485a70c9170e31ad69f,2024-08-26T16:35:12.860000 CVE-2024-43443,0,0,01387b83c9d3faae4be2489d643851ab28bd718e216da87fe7730786e406c157,2024-08-26T12:47:20.187000 CVE-2024-43444,0,0,01fa601f2d9572951dd3491c52e1bfaeb60836d6e72e0f6dc396e203847ee36c,2024-08-26T12:47:20.187000 @@ -269660,11 +269660,11 @@ CVE-2024-53085,0,0,db43a23aa4ea866f3b074e07a4671e81f0c60fcc3d0c3938a1539ef4f6119 CVE-2024-53086,0,0,d0c5a6f9b29805135a822175817c12952cd90be4f8038231a7f1f3bfc58b499c,2024-11-27T20:01:08.447000 CVE-2024-53087,0,0,88c97ca951e6c20d6fd1b05e32b4816c3d191c0660b87da1f2fcce849343a92f,2024-11-27T20:08:11.740000 CVE-2024-53088,0,0,3659c4c077779826813a306fcbf4f887f3021a3495c6459af271d6e6ba52437a,2024-11-25T13:38:07.723000 -CVE-2024-53089,0,0,915b327707cac1fcd927b1e2cdda5530e88db847763c2e0a52d40d95b557fb44,2024-11-21T19:15:11.817000 +CVE-2024-53089,0,1,257f148a1a0af7fd1629dd3269cd38b1e10185f56510f88a4db0204716b8f157,2024-12-24T14:48:13.423000 CVE-2024-5309,0,0,18ebf89fe4bb75804396d3a19ce6e1ba6418764fa3491b0682a6a84ef2d066e6,2024-09-11T16:33:17.950000 -CVE-2024-53090,0,0,aef8b45e9ca902c6950f836f0785950efc94b61f8e5e9608d2c965a707773f3c,2024-11-21T19:15:12.010000 -CVE-2024-53091,0,0,b90611c39f6da8492d3e7c89d05abb7282da6f915944966829e34d4cc02caa08,2024-11-21T19:15:12.177000 -CVE-2024-53092,0,0,ee25ae9389221a8fd3f87b6557518a8392cfa52c1ae7ad03993e2f990153d4c6,2024-11-21T19:15:12.380000 +CVE-2024-53090,0,1,e8bc7d4418a4586cef8d07d6587e7857778916783eb6733dbca966a4b050fcce,2024-12-24T14:52:35.750000 +CVE-2024-53091,0,1,a724824bb6eff4c2f24a98050c4d383cf225104a7883ed901dcbb199e1f8cdcf,2024-12-24T14:55:45.720000 +CVE-2024-53092,0,1,7648140eeea3dbcba07b87610f5bab990445287d13346f351e0a3179515b109f,2024-12-24T14:57:21.500000 CVE-2024-53093,0,0,0b1ffe0cbf7e6add64831bca9441175a9526161082432387b6da8cb757f63c97,2024-11-21T19:15:12.530000 CVE-2024-53094,0,0,f1a0dc1efc57f282ebd7a57d4c607431bc6931153b042ad504320d6789390fc0,2024-11-21T19:15:12.680000 CVE-2024-53095,0,0,4e724c82098942c519f58d8d0672f065c3504379b32765b65ae8d7e7c202ab88,2024-12-11T15:15:17.940000 @@ -269722,26 +269722,26 @@ CVE-2024-53141,0,0,c4eea5c2fe51a3898acccfa414620e41964aab3e73f12af77b5d7bb35ff9f CVE-2024-53142,0,0,fc23c3e378fb46ab5615da6a919ab3136de551312d5d21e741724005200e92a7,2024-12-14T21:15:38.707000 CVE-2024-53143,0,0,7d8fba7c24860a89d1b840b90918c133ee3933019e46b80ab5b9ae6d981cb066,2024-12-13T14:15:22.443000 CVE-2024-53144,0,0,9d107c35ff0dca61e5b14e7d0131ac8dad4f8c1aeabd45b2baa64b7fc7411808,2024-12-18T08:15:05.687000 -CVE-2024-53145,1,1,a794d4ac0b712d63b5a4f5c614911e162b6ce3248946604583a1f97c35593a48,2024-12-24T12:15:22.507000 -CVE-2024-53146,1,1,a59f9cf9608bdc70e51346d9812220bfb3cb08ec15173e6580771158820e1e31,2024-12-24T12:15:22.653000 -CVE-2024-53147,1,1,11198985e4392f153f9573138ec2dd67e24a0a9f9bb11f1ad2b2bdf3312f7d4a,2024-12-24T12:15:22.777000 -CVE-2024-53148,1,1,14d55888245050ee61a327176f07bde5d880b1095e6870181ddcd71f73ae4e47,2024-12-24T12:15:22.887000 -CVE-2024-53149,1,1,11b437334d0edbcdb3fc948d5f31b8485d631dadd73b0fb345614b5924d03674,2024-12-24T12:15:23.007000 +CVE-2024-53145,0,0,a794d4ac0b712d63b5a4f5c614911e162b6ce3248946604583a1f97c35593a48,2024-12-24T12:15:22.507000 +CVE-2024-53146,0,0,a59f9cf9608bdc70e51346d9812220bfb3cb08ec15173e6580771158820e1e31,2024-12-24T12:15:22.653000 +CVE-2024-53147,0,0,11198985e4392f153f9573138ec2dd67e24a0a9f9bb11f1ad2b2bdf3312f7d4a,2024-12-24T12:15:22.777000 +CVE-2024-53148,0,0,14d55888245050ee61a327176f07bde5d880b1095e6870181ddcd71f73ae4e47,2024-12-24T12:15:22.887000 +CVE-2024-53149,0,0,11b437334d0edbcdb3fc948d5f31b8485d631dadd73b0fb345614b5924d03674,2024-12-24T12:15:23.007000 CVE-2024-5315,0,0,cfc4383f1c53119936ccfb248038372daec91d7a497e742b345000be072ec700,2024-11-21T09:47:24.927000 -CVE-2024-53150,1,1,d6f8d9f411199489faad977a7b1b179c34ae56352e067ac5275ecbc595a8512e,2024-12-24T12:15:23.117000 -CVE-2024-53151,1,1,0a19bb456823afa10dca91713c047b675836e5cb2e0724e10d1ca125957f78e5,2024-12-24T12:15:23.240000 -CVE-2024-53152,1,1,4345f691f419382725fc59641477cd780f4dd28af83df1a57a7b6c008c6b3887,2024-12-24T12:15:23.353000 -CVE-2024-53153,1,1,2bd4df6d3a8af20f12ebf92d9aea0464d13d2ba03495b557ea06067f63e159c8,2024-12-24T12:15:23.467000 -CVE-2024-53154,1,1,7f7012c3517a686211b5c8167a36c7f44327539ccde74ba846d5b1547d31c5ae,2024-12-24T12:15:23.580000 -CVE-2024-53155,1,1,f288f236d00f69151667c74688b0faa6af5945d9c4e2a7549317a56847a1db98,2024-12-24T12:15:23.700000 -CVE-2024-53156,1,1,2107f159859e8c34d6c03a643d52c5af7a2ac1aaf8d89468d90a64ffc346b3d1,2024-12-24T12:15:23.833000 -CVE-2024-53157,1,1,cce375a08583bd4138c992b3c43ddf0afa03cf57324ceea72c8f1a3942bfad6e,2024-12-24T12:15:23.970000 -CVE-2024-53158,1,1,92e67e49dfa885f342ca09dc0b53e0a2a4cab4ad2dd50508b4ef7c274845bae3,2024-12-24T12:15:24.097000 -CVE-2024-53159,1,1,1a9e3c600cdaf3c4c33cb3c1a2280c94d3c2a8b10e67c8ed84dc60edfb740caa,2024-12-24T12:15:24.217000 -CVE-2024-53160,1,1,ff254e02cac78a07c63aec4bee692adfccd26dd44365edfa283e8f1b144c6102,2024-12-24T12:15:24.340000 -CVE-2024-53161,1,1,4c889d5326cb457d8a3e33cf6bc06ad8054072494111666dc71c53124ff17e4c,2024-12-24T12:15:24.453000 -CVE-2024-53162,1,1,68c59ac64dee7b71afad079ff17be1238407665149bddd0b27b657c5b48b01d9,2024-12-24T12:15:24.567000 -CVE-2024-53163,1,1,95ccc2d9839e1df02d7976d62d1f670c0803478f2bc2be176b260986c38c459b,2024-12-24T12:15:24.670000 +CVE-2024-53150,0,0,d6f8d9f411199489faad977a7b1b179c34ae56352e067ac5275ecbc595a8512e,2024-12-24T12:15:23.117000 +CVE-2024-53151,0,0,0a19bb456823afa10dca91713c047b675836e5cb2e0724e10d1ca125957f78e5,2024-12-24T12:15:23.240000 +CVE-2024-53152,0,0,4345f691f419382725fc59641477cd780f4dd28af83df1a57a7b6c008c6b3887,2024-12-24T12:15:23.353000 +CVE-2024-53153,0,0,2bd4df6d3a8af20f12ebf92d9aea0464d13d2ba03495b557ea06067f63e159c8,2024-12-24T12:15:23.467000 +CVE-2024-53154,0,0,7f7012c3517a686211b5c8167a36c7f44327539ccde74ba846d5b1547d31c5ae,2024-12-24T12:15:23.580000 +CVE-2024-53155,0,0,f288f236d00f69151667c74688b0faa6af5945d9c4e2a7549317a56847a1db98,2024-12-24T12:15:23.700000 +CVE-2024-53156,0,0,2107f159859e8c34d6c03a643d52c5af7a2ac1aaf8d89468d90a64ffc346b3d1,2024-12-24T12:15:23.833000 +CVE-2024-53157,0,0,cce375a08583bd4138c992b3c43ddf0afa03cf57324ceea72c8f1a3942bfad6e,2024-12-24T12:15:23.970000 +CVE-2024-53158,0,0,92e67e49dfa885f342ca09dc0b53e0a2a4cab4ad2dd50508b4ef7c274845bae3,2024-12-24T12:15:24.097000 +CVE-2024-53159,0,0,1a9e3c600cdaf3c4c33cb3c1a2280c94d3c2a8b10e67c8ed84dc60edfb740caa,2024-12-24T12:15:24.217000 +CVE-2024-53160,0,0,ff254e02cac78a07c63aec4bee692adfccd26dd44365edfa283e8f1b144c6102,2024-12-24T12:15:24.340000 +CVE-2024-53161,0,0,4c889d5326cb457d8a3e33cf6bc06ad8054072494111666dc71c53124ff17e4c,2024-12-24T12:15:24.453000 +CVE-2024-53162,0,0,68c59ac64dee7b71afad079ff17be1238407665149bddd0b27b657c5b48b01d9,2024-12-24T12:15:24.567000 +CVE-2024-53163,0,0,95ccc2d9839e1df02d7976d62d1f670c0803478f2bc2be176b260986c38c459b,2024-12-24T12:15:24.670000 CVE-2024-5317,0,0,c2af981f2442def6d43cf11dee826712fdb79df4e8b131d1c0815426b050d563,2024-11-21T09:47:25.040000 CVE-2024-5318,0,0,87e97b53a33051fc1fa3c078212ad6afb68bf37151bd321e62e233d7b2989703,2024-12-13T17:04:31.133000 CVE-2024-5321,0,0,0f218b8b6fcc3fc0b4ccef7040ede5ee801dc8e00258e6450bd3f123b6e73ca4,2024-11-21T09:47:25.283000