admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-21T22:00:29.106281+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-21 22:03:30 +00:00
parent e2479bf478
commit e4f66fd6e7
194 changed files with 8203 additions and 435 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2019/CVE-2019-251xx/CVE-2019-25154.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-25154",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:10.407",
"lastModified": "2024-07-17T13:34:20.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:16:21.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,74 @@
"value": "La implementaci\u00f3n inadecuada en iframe en Google Chrome anterior a 77.0.3865.75 permit\u00eda a un atacante remoto realizar potencialmente un escape de la sandbox a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "77.0.3865.75",
"matchCriteriaId": "35E0B140-F006-4C6D-86AB-D822C9827E15"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://issues.chromium.org/issues/40094752",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking"
]
}
]
}

53
CVE-2022/CVE-2022-489xx/CVE-2022-48946.json Normal file
View File

@ -0,0 +1,53 @@
{
"id": "CVE-2022-48946",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.020",
"lastModified": "2024-10-21T20:15:06.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48947.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48947",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.150",
"lastModified": "2024-10-21T20:15:06.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix u8 overflow\n\nBy keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases\nmultiple times and eventually it will wrap around the maximum number\n(i.e., 255).\nThis patch prevents this by adding a boundary check with\nL2CAP_MAX_CONF_RSP\n\nBtmon log:\nBluetooth monitor ver 5.64\n= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594\n= Note: Bluetooth subsystem version 2.22 0.264636\n@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191\n= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604\n@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741\n= Open Index: 00:00:00:00:00:00 [hci0] 13.900426\n(...)\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106\n invalid packet size (12 != 1033)\n 08 00 01 00 02 01 04 00 01 10 ff ff ............\n> ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561\n invalid packet size (14 != 1547)\n 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......\n> ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932\n invalid packet size (16 != 2061)\n 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......\n= bluetoothd: Bluetooth daemon 5.43 14.401828\n> ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753\n invalid packet size (12 != 1033)\n 08 00 01 00 04 01 04 00 40 00 00 00 ........@..."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

53
CVE-2022/CVE-2022-489xx/CVE-2022-48948.json Normal file
View File

@ -0,0 +1,53 @@
{
"id": "CVE-2022-48948",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.230",
"lastModified": "2024-10-21T20:15:06.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Prevent buffer overflow in setup handler\n\nSetup function uvc_function_setup permits control transfer\nrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),\ndata stage handler for OUT transfer uses memcpy to copy req->actual\nbytes to uvc_event->data.data array of size 60. This may result\nin an overflow of 4 bytes."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48949.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48949",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.337",
"lastModified": "2024-10-21T20:15:06.337",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Initialize mailbox message for VF reset\n\nWhen a MAC address is not assigned to the VF, that portion of the message\nsent to the VF is not set. The memory, however, is allocated from the\nstack meaning that information may be leaked to the VM. Initialize the\nmessage buffer to 0 so that no information is passed to the VM in this\ncase."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48950.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48950",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.440",
"lastModified": "2024-10-21T20:15:06.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix perf_pending_task() UaF\n\nPer syzbot it is possible for perf_pending_task() to run after the\nevent is free()'d. There are two related but distinct cases:\n\n - the task_work was already queued before destroying the event;\n - destroying the event itself queues the task_work.\n\nThe first cannot be solved using task_work_cancel() since\nperf_release() itself might be called from a task_work (____fput),\nwhich means the current->task_works list is already empty and\ntask_work_cancel() won't be able to find the perf_pending_task()\nentry.\n\nThe simplest alternative is extending the perf_event lifetime to cover\nthe task_work.\n\nThe second is just silly, queueing a task_work while you know the\nevent is going away makes no sense and is easily avoided by\nre-arranging how the event is marked STATE_DEAD and ensuring it goes\nthrough STATE_OFF on the way down."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/517e6a301f34613bff24a8e35b5455884f2d83d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78e1317a174edbfd1182599bf76c092a2877672c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48951.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48951",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.530",
"lastModified": "2024-10-21T20:15:06.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()\n\nThe bounds checks in snd_soc_put_volsw_sx() are only being applied to the\nfirst channel, meaning it is possible to write out of bounds values to the\nsecond channel in stereo controls. Add appropriate checks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1798b62d642e7b3d4ea3403914c3caf4e438465d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/18a168d85eadcfd45f015b5ecd2a97801b959e43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56288987843c3cb343e81e5fa51549cbaf541bd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9796d07c753164b7e6b0d7ef23fb4482840a9ef8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97eea946b93961fffd29448dcda7398d0d51c4b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf1c225f1927891ae388562b78ced7840c3723b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf611d786796ec33da09d8c83d7d7f4e557b27de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-489xx/CVE-2022-48952.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-48952",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.617",
"lastModified": "2024-10-21T20:15:06.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mt7621: Add sentinel to quirks table\n\nCurrent driver is missing a sentinel in the struct soc_device_attribute\narray, which causes an oops when assessed by the\nsoc_device_match(mt7621_pcie_quirks_match) call.\n\nThis was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr\nwas fixed to register the SOC as a device, in:\n\ncommit 7c18b64bba3b (\"mips: ralink: mt7621: do not use kzalloc too early\")\n\nFix it by adding the required sentinel."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/19098934f910b4d47cb30251dd39ffa57bef9523",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e9c395ef2d52975b2c2894d2da09d6db2958bc6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a4997bae1b5b012c8a6e2643e26578a7bc2cae36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb7323ece786f243f6d6ccf2e5b2b27b736bdc04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-489xx/CVE-2022-48953.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-48953",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.700",
"lastModified": "2024-10-21T20:15:06.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48954.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48954",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.783",
"lastModified": "2024-10-21T20:15:06.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: fix use-after-free in hsci\n\nKASAN found that addr was dereferenced after br2dev_event_work was freed.\n\n==================================================================\nBUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0\nRead of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540\nCPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1\nHardware name: IBM 8561 T01 703 (LPAR)\nWorkqueue: 0.0.8000_event qeth_l2_br2dev_worker\nCall Trace:\n [<000000016944d4ce>] dump_stack_lvl+0xc6/0xf8\n [<000000016942cd9c>] print_address_description.constprop.0+0x34/0x2a0\n [<000000016942d118>] print_report+0x110/0x1f8\n [<0000000167a7bd04>] kasan_report+0xfc/0x128\n [<000000016938d79a>] qeth_l2_br2dev_worker+0x5ba/0x6b0\n [<00000001673edd1e>] process_one_work+0x76e/0x1128\n [<00000001673ee85c>] worker_thread+0x184/0x1098\n [<000000016740718a>] kthread+0x26a/0x310\n [<00000001672c606a>] __ret_from_fork+0x8a/0xe8\n [<00000001694711da>] ret_from_fork+0xa/0x40\nAllocated by task 108338:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n __kasan_kmalloc+0xa0/0xc0\n qeth_l2_switchdev_event+0x25a/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nFreed by task 540:\n kasan_save_stack+0x40/0x68\n kasan_set_track+0x36/0x48\n kasan_save_free_info+0x4c/0x68\n ____kasan_slab_free+0x14e/0x1a8\n __kasan_slab_free+0x24/0x30\n __kmem_cache_free+0x168/0x338\n qeth_l2_br2dev_worker+0x154/0x6b0\n process_one_work+0x76e/0x1128\n worker_thread+0x184/0x1098\n kthread+0x26a/0x310\n __ret_from_fork+0x8a/0xe8\n ret_from_fork+0xa/0x40\nLast potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n insert_work+0x56/0x2e8\n __queue_work+0x4ce/0xd10\n queue_work_on+0xf4/0x100\n qeth_l2_switchdev_event+0x520/0x738\n atomic_notifier_call_chain+0x9c/0xf8\n br_switchdev_fdb_notify+0xf4/0x110\n fdb_notify+0x122/0x180\n fdb_add_entry.constprop.0.isra.0+0x312/0x558\n br_fdb_add+0x59e/0x858\n rtnl_fdb_add+0x58a/0x928\n rtnetlink_rcv_msg+0x5f8/0x8d8\n netlink_rcv_skb+0x1f2/0x408\n netlink_unicast+0x570/0x790\n netlink_sendmsg+0x752/0xbe0\n sock_sendmsg+0xca/0x110\n ____sys_sendmsg+0x510/0x6a8\n ___sys_sendmsg+0x12a/0x180\n __sys_sendmsg+0xe6/0x168\n __do_sys_socketcall+0x3c8/0x468\n do_syscall+0x22c/0x328\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nSecond to last potentially related work creation:\n kasan_save_stack+0x40/0x68\n __kasan_record_aux_stack+0xbe/0xd0\n kvfree_call_rcu+0xb2/0x760\n kernfs_unlink_open_file+0x348/0x430\n kernfs_fop_release+0xc2/0x320\n __fput+0x1ae/0x768\n task_work_run+0x1bc/0x298\n exit_to_user_mode_prepare+0x1a0/0x1a8\n __do_syscall+0x94/0xf0\n system_call+0x82/0xb0\nThe buggy address belongs to the object at 00000000fdcea400\n which belongs to the cache kmalloc-96 of size 96\nThe buggy address is located 64 bytes inside of\n 96-byte region [00000000fdcea400, 00000000fdcea460)\nThe buggy address belongs to the physical page:\npage:000000005a9c26e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfdcea\nflags: 0x3ffff00000000200(slab|node=0|zone=1|lastcpupid=0x1ffff)\nraw: 3ffff00000000200 0000000000000000 0000000100000122 000000008008cc00\nraw: 0000000000000000 0020004100000000 ffffffff00000001 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n 00000000fdcea300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n 00000000fdcea380: fb fb fb fb fb fb f\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/bde0dfc7c4569406a6ddeec363d04a1df7b3073f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db6343a5b0d9661f2dd76f653c6d274d38234d2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ebaaadc332cd21e9df4dcf9ce12552d9354bbbe4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48955.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48955",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.870",
"lastModified": "2024-10-21T20:15:06.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: thunderbolt: fix memory leak in tbnet_open()\n\nWhen tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in\ntb_xdomain_alloc_out_hopid() is not released. Add\ntb_xdomain_release_out_hopid() to the error path to release ida."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9274dbe399952a8175db2e1ee148b7c9ba2b538",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed6e955f3b7e0e622c080f4bcb5427a5e1af4c2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2022/CVE-2022-489xx/CVE-2022-48956.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2022-48956",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:06.973",
"lastModified": "2024-10-21T20:15:06.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid use-after-free in ip6_fragment()\n\nBlamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.\n\nIt seems to not be always true, at least for UDP stack.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline]\nBUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\nRead of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618\n\nCPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00012-g4312098baf37 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x45d mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n ip6_dst_idev include/net/ip6_fib.h:245 [inline]\n ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951\n __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]\n ip6_finish_output+0x9a3/0x1170 net/ipv6/ip6_output.c:206\n NF_HOOK_COND include/linux/netfilter.h:291 [inline]\n ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227\n dst_output include/net/dst.h:445 [inline]\n ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:161\n ip6_send_skb+0xbb/0x340 net/ipv6/ip6_output.c:1966\n udp_v6_send_skb+0x82a/0x18a0 net/ipv6/udp.c:1286\n udp_v6_push_pending_frames+0x140/0x200 net/ipv6/udp.c:1313\n udpv6_sendmsg+0x18da/0x2c80 net/ipv6/udp.c:1606\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg+0xd3/0x120 net/socket.c:734\n sock_write_iter+0x295/0x3d0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2191 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x9ed/0xdd0 fs/read_write.c:584\n ksys_write+0x1ec/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fde3588c0d9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9\nRDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a\nRBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000\n </TASK>\n\nAllocated by task 7618:\n kasan_save_stack+0x22/0x40 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x82/0x90 mm/kasan/common.c:325\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slab.h:737 [inline]\n slab_alloc_node mm/slub.c:3398 [inline]\n slab_alloc mm/slub.c:3406 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3413 [inline]\n kmem_cache_alloc+0x2b4/0x3d0 mm/slub.c:3422\n dst_alloc+0x14a/0x1f0 net/core/dst.c:92\n ip6_dst_alloc+0x32/0xa0 net/ipv6/route.c:344\n ip6_rt_pcpu_alloc net/ipv6/route.c:1369 [inline]\n rt6_make_pcpu_route net/ipv6/route.c:1417 [inline]\n ip6_pol_route+0x901/0x1190 net/ipv6/route.c:2254\n pol_lookup_func include/net/ip6_fib.h:582 [inline]\n fib6_rule_lookup+0x52e/0x6f0 net/ipv6/fib6_rules.c:121\n ip6_route_output_flags_noref+0x2e6/0x380 net/ipv6/route.c:2625\n ip6_route_output_flags+0x76/0x320 net/ipv6/route.c:2638\n ip6_route_output include/net/ip6_route.h:98 [inline]\n ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1092\n ip6_dst_lookup_flow+0x90/0x1d0 net/ipv6/ip6_output.c:1222\n ip6_sk_dst_lookup_flow+0x553/0x980 net/ipv6/ip6_output.c:1260\n udpv6_sendmsg+0x151d/0x2c80 net/ipv6/udp.c:1554\n inet6_sendmsg+0x9d/0xe0 net/ipv6/af_inet6.c:665\n sock_sendmsg_nosec n\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/803e84867de59a1e5d126666d25eb4860cfd2ebe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8208d7e56b1e579320b9ff3712739ad2e63e1f86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b1a468a455d8319041528778d0e684a4c062792",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48957.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48957",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:07.090",
"lastModified": "2024-10-21T20:15:07.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()\n\nThe cmd_buff needs to be freed when error happened in\ndpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fad22a1281c500f15b172c9d261eff347ca634b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/54d830e24247fa8361b016dd2069362866f45cb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/785ee7a82297e1512d9061aae91699212ed65796",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48958.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48958",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:07.270",
"lastModified": "2024-10-21T20:15:07.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: aeroflex: fix potential skb leak in greth_init_rings()\n\nThe greth_init_rings() function won't free the newly allocated skb when\ndma_mapping_error() returns error, so add dev_kfree_skb() to fix it.\n\nCompile tested only."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-489xx/CVE-2022-48959.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-48959",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:07.460",
"lastModified": "2024-10-21T20:15:07.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()\n\nWhen dsa_devlink_region_create failed in sja1105_setup_devlink_regions(),\npriv->regions is not released."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4be43e46c3f945fc7dd9e23c73a7a66927a3b814",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78a9ea43fc1a7c06a420b132d2d47cbf4344a5df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e5e59629654b8826f0167dae480d0e3fa0f8f038",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3b5dda26cd0535aac09ed09c5d83f19b979ec9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48960.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48960",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:07.663",
"lastModified": "2024-10-21T20:15:07.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hix5hd2_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48961.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48961",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:07.887",
"lastModified": "2024-10-21T20:15:07.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix unbalanced fwnode reference count in mdio_device_release()\n\nThere is warning report about of_node refcount leak\nwhile probing mdio device:\n\nOF: ERROR: memory leak, expected refcount 1 instead of 2,\nof_node_get()/of_node_put() unbalanced - destroy cset entry:\nattach overlay node /spi/soc@0/mdio@710700c0/ethernet@4\n\nIn of_mdiobus_register_device(), we increase fwnode refcount\nby fwnode_handle_get() before associating the of_node with\nmdio device, but it has never been decreased in normal path.\nSince that, in mdio_device_release(), it needs to call\nfwnode_handle_put() in addition instead of calling kfree()\ndirectly.\n\nAfter above, just calling mdio_device_free() in the error handle\npath of of_mdiobus_register_device() is enough to keep the\nrefcount balanced."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/16854177745a5648f8ec322353b432e18460f43a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cb37617687f2bfa5b675df7779f869147c9002bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48962.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48962",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.117",
"lastModified": "2024-10-21T20:15:08.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\n\nThe skb is delivered to napi_gro_receive() which may free it, after\ncalling this, dereferencing skb may trigger use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48963.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48963",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.273",
"lastModified": "2024-10-21T20:15:08.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_mux_init()\n\nWhen failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux\nis not released."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23353efc26e98b61b925274ecbb8f0610f69a8aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e21478d0054f63eec7ce833296cf9788764a0ec7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48964.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48964",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.377",
"lastModified": "2024-10-21T20:15:08.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix potential use-after-free in ravb_rx_gbeth()\n\nThe skb is delivered to napi_gro_receive() which may free it, after calling this,\ndereferencing skb may trigger use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a5a3e564de6a8db987410c5c2f4748d50ea82b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e63c681494dcc0527c625a0a4f59bf10259f5ee0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48965.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48965",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.470",
"lastModified": "2024-10-21T20:15:08.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio/rockchip: fix refcount leak in rockchip_gpiolib_register()\n\nThe node returned by of_get_parent() with refcount incremented,\nof_node_put() needs be called when finish using it. So add it in the\nend of of_pinctrl_get()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/033c79b7ee8a7bf1c1a13ac3addc91184425cbae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5cb8f1a784fd6115be58282fe15105572319d8be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63ff545af73f759d1bd04198af8ed8577fb739fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48966.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48966",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.573",
"lastModified": "2024-10-21T20:15:08.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\n\nThe pp->indir[0] value comes from the user. It is passed to:\n\n\tif (cpu_online(pp->rxq_def))\n\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\nto ensure that it is not beyond the end of the cpu bitmap."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48967.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48967",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.757",
"lastModified": "2024-10-21T20:15:08.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Bounds check struct nfc_target arrays\n\nWhile running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:\n\n memcpy: detected field-spanning write (size 129) of single field \"target->sensf_res\" at net/nfc/nci/ntf.c:260 (size 18)\n\nThis appears to be a legitimate lack of bounds checking in\nnci_add_new_protocol(). Add the missing checks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e329e71013c9b5a4535b099208493c7826ee4a64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a79cefae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48968.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48968",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:08.897",
"lastModified": "2024-10-21T20:15:08.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential memory leak in otx2_init_tc()\n\nIn otx2_init_tc(), if rhashtable_init() failed, it does not free\ntc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2022/CVE-2022-489xx/CVE-2022-48969.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2022-48969",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.037",
"lastModified": "2024-10-21T20:15:09.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: Fix NULL sring after live migration\n\nA NAPI is setup for each network sring to poll data to kernel\nThe sring with source host is destroyed before live migration and\nnew sring with target host is setup after live migration.\nThe NAPI for the old sring is not deleted until setup new sring\nwith target host after migration. With busy_poll/busy_read enabled,\nthe NAPI can be polled before got deleted when resume VM.\n\nBUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\nIP: xennet_poll+0xae/0xd20\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCall Trace:\n finish_task_switch+0x71/0x230\n timerqueue_del+0x1d/0x40\n hrtimer_try_to_cancel+0xb5/0x110\n xennet_alloc_rx_buffers+0x2a0/0x2a0\n napi_busy_loop+0xdb/0x270\n sock_poll+0x87/0x90\n do_sys_poll+0x26f/0x580\n tracing_map_insert+0x1d4/0x2f0\n event_hist_trigger+0x14a/0x260\n\n finish_task_switch+0x71/0x230\n __schedule+0x256/0x890\n recalc_sigpending+0x1b/0x50\n xen_sched_clock+0x15/0x20\n __rb_reserve_next+0x12d/0x140\n ring_buffer_lock_reserve+0x123/0x3d0\n event_triggers_call+0x87/0xb0\n trace_event_buffer_commit+0x1c4/0x210\n xen_clocksource_get_cycles+0x15/0x20\n ktime_get_ts64+0x51/0xf0\n SyS_ppoll+0x160/0x1a0\n SyS_ppoll+0x160/0x1a0\n do_syscall_64+0x73/0x130\n entry_SYSCALL_64_after_hwframe+0x41/0xa6\n...\nRIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900\nCR2: 0000000000000008\n---[ end trace f8601785b354351c ]---\n\nxen frontend should remove the NAPIs for the old srings before live\nmigration as the bond srings are destroyed\n\nThere is a tiny window between the srings are set to NULL and\nthe NAPIs are disabled, It is safe as the NAPI threads are still\nfrozen at that time"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48970.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48970",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.177",
"lastModified": "2024-10-21T20:15:09.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Get user_ns from in_skb in unix_diag_get_exact().\n\nWei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed\nthe root cause: in unix_diag_get_exact(), the newly allocated skb does not\nhave sk. [2]\n\nWe must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to\nsk_diag_fill().\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000270\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 12bbce067 P4D 12bbce067 PUD 12bc40067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 0 PID: 27942 Comm: syz-executor.0 Not tainted 6.1.0-rc5-next-20221118 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014\nRIP: 0010:sk_user_ns include/net/sock.h:920 [inline]\nRIP: 0010:sk_diag_dump_uid net/unix/diag.c:119 [inline]\nRIP: 0010:sk_diag_fill+0x77d/0x890 net/unix/diag.c:170\nCode: 89 ef e8 66 d4 2d fd c7 44 24 40 00 00 00 00 49 8d 7c 24 18 e8\n54 d7 2d fd 49 8b 5c 24 18 48 8d bb 70 02 00 00 e8 43 d7 2d fd <48> 8b\n9b 70 02 00 00 48 8d 7b 10 e8 33 d7 2d fd 48 8b 5b 10 48 8d\nRSP: 0018:ffffc90000d67968 EFLAGS: 00010246\nRAX: ffff88812badaa48 RBX: 0000000000000000 RCX: ffffffff840d481d\nRDX: 0000000000000465 RSI: 0000000000000000 RDI: 0000000000000270\nRBP: ffffc90000d679a8 R08: 0000000000000277 R09: 0000000000000000\nR10: 0001ffffffffffff R11: 0001c90000d679a8 R12: ffff88812ac03800\nR13: ffff88812c87c400 R14: ffff88812ae42210 R15: ffff888103026940\nFS: 00007f08b4e6f700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 000000012c58b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n unix_diag_get_exact net/unix/diag.c:285 [inline]\n unix_diag_handler_dump+0x3f9/0x500 net/unix/diag.c:317\n __sock_diag_cmd net/core/sock_diag.c:235 [inline]\n sock_diag_rcv_msg+0x237/0x250 net/core/sock_diag.c:266\n netlink_rcv_skb+0x13e/0x250 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x24/0x40 net/core/sock_diag.c:277\n netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]\n netlink_unicast+0x5e9/0x6b0 net/netlink/af_netlink.c:1356\n netlink_sendmsg+0x739/0x860 net/netlink/af_netlink.c:1932\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n ____sys_sendmsg+0x38f/0x500 net/socket.c:2476\n ___sys_sendmsg net/socket.c:2530 [inline]\n __sys_sendmsg+0x197/0x230 net/socket.c:2559\n __do_sys_sendmsg net/socket.c:2568 [inline]\n __se_sys_sendmsg net/socket.c:2566 [inline]\n __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x4697f9\nCode: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f08b4e6ec48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000077bf80 RCX: 00000000004697f9\nRDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003\nRBP: 00000000004d29e9 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000077bf80\nR13: 0000000000000000 R14: 000000000077bf80 R15: 00007ffdb36bc6c0\n </TASK>\nModules linked in:\nCR2: 0000000000000270\n\n[1]: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/\n[2]: https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/575a6266f63dbb3b8eb1da03671451f0d81b8034",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c014eb0ed6c8c57f483e94cc6e90f34ce426d91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c1d6f79a2c7b8221dcec27defc6dc461052ead4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3abe42e94900bdd045c472f9c9be620ba5ce553",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c66d78aee55dab72c92020ebfbebc464d4f5dd2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2022/CVE-2022-489xx/CVE-2022-48971.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2022-48971",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.260",
"lastModified": "2024-10-21T20:15:09.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n <TASK>\n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48972.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48972",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.343",
"lastModified": "2024-10-21T20:15:09.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()\n\nKernel fault injection test reports null-ptr-deref as follows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114\nCall Trace:\n <TASK>\n raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87\n call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944\n unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982\n unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879\n register_netdevice+0x9a8/0xb90 net/core/dev.c:10083\n ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659\n ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229\n mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316\n\nieee802154_if_add() allocates wpan_dev as netdev's private data, but not\ninit the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage\nthe list when device register/unregister, and may lead to null-ptr-deref.\n\nUse INIT_LIST_HEAD() on it to initialize it correctly."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48973.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48973",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.430",
"lastModified": "2024-10-21T20:15:09.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: amd8111: Fix PCI device reference count leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() after the 'out' label. Since pci_dev_put() can handle NULL\ninput parameter, there is no problem for the 'Device not found' branch.\nFor the normal path, add pci_dev_put() in amd_gpio_exit()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48974.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48974",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.517",
"lastModified": "2024-10-21T20:15:09.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix using __this_cpu_add in preemptible\n\nCurrently in nf_conntrack_hash_check_insert(), when it fails in\nnf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the\npreemptible context, a call trace can be triggered:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636\n caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]\n ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]\n nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]\n netlink_rcv_skb+0x50/0x100\n nfnetlink_rcv+0x65/0x144 [nfnetlink]\n netlink_unicast+0x1ae/0x290\n netlink_sendmsg+0x257/0x4f0\n sock_sendmsg+0x5f/0x70\n\nThis patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for\nnf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),\nas well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().\n\nNote that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is\nsafe to use NF_CT_STAT_INC(), as it's under local_bh_disable()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9464d0b68f11a9bc768370c3260ec02b3550447b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9bf1138a5db419db13bd9fcd3a7178d6bb20f7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48975.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48975",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.597",
"lastModified": "2024-10-21T20:15:09.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() & gcdev_unregister() would call device_add() &\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc->ngpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It's not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev->descs variable."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/371363716398ed718e389bea8c5e9843a79dde4e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6daaa84b621485fe28c401be18debf92ae8ef04a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec851b23084b3a0af8bf0f5e51d33a8d678bdc49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48976.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48976",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.680",
"lastModified": "2024-10-21T20:15:09.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable_offload: fix using __this_cpu_add in preemptible\n\nflow_offload_queue_work() can be called in workqueue without\nbh disabled, like the call trace showed in my act_ct testing,\ncalling NF_FLOW_TABLE_STAT_INC() there would cause a call\ntrace:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560\n caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n nf_flow_table_iterate+0x138/0x170 [nf_flow_table]\n nf_flow_table_free+0x140/0x1a0 [nf_flow_table]\n tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct]\n process_one_work+0x6a3/0x1030\n worker_thread+0x8a/0xdf0\n\nThis patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC()\ninstead in flow_offload_queue_work().\n\nNote that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(),\nit may not be called in preemptible path, but it's good to use\nNF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in\nflow_offload_queue_work()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a220a11fda012fba506b35929672374c2723ae6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a81047154e7ce4eb8769d5d21adcbc9693542a79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48977.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48977",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.763",
"lastModified": "2024-10-21T20:15:09.763",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rcv_filter\n\nAnalogue to commit 8aa59e355949 (\"can: af_can: fix NULL pointer\ndereference in can_rx_register()\") we need to check for a missing\ninitialization of ml_priv in the receive path of CAN frames.\n\nSince commit 4e096a18867a (\"net: introduce CAN specific pointer in the\nstruct net_device\") the check for dev->type to be ARPHRD_CAN is not\nsufficient anymore since bonding or tun netdevices claim to be CAN\ndevices but do not initialize ml_priv accordingly."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0acc442309a0a1b01bcdaa135e56e6398a49439c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3982652957e8d79ac32efcb725450580650a8644",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c142cba37de29f740a3852f01f59876af8ae462a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c42221efb1159d6a3c89e96685ee38acdce86b6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fcc63f2f7ee3038d53216edd0d8291e57c752557",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48978.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48978",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.850",
"lastModified": "2024-10-21T20:15:09.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type 'int'\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n <IRQ>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type 'int', resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/151493fe5a6ed1a88decc929a7368a3f2a246914",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/809783f8b4b600c7fb3bccb10fefef822601ea3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e14f20e12224ee2429f75a5c9418a700e26a8d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc03f809da78fc79e4aee132d4e5c6a2b3aeec73",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db1ed1b3fb4ec0d19080a102956255769bc45c79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec61b41918587be530398b0d1c9a0d16619397e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f755d11c55b29049b77da5cd9ab2faae96eb33c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48979.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48979",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:09.947",
"lastModified": "2024-10-21T20:15:09.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix array index out of bound error in DCN32 DML\n\n[Why&How]\nLinkCapacitySupport array is indexed with the number of voltage states and\nnot the number of max DPPs. Fix the error by changing the array\ndeclaration to use the correct (larger) array size of total number of\nvoltage states."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d8a298b2e83b98042e6ec726e934f535b23e6aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aeffc8fb2174f017a10df114bc312f899904dc68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48980.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48980",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.037",
"lastModified": "2024-10-21T20:15:10.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()\n\nThe SJA1105 family has 45 L2 policing table entries\n(SJA1105_MAX_L2_POLICING_COUNT) and SJA1110 has 110\n(SJA1110_MAX_L2_POLICING_COUNT). Keeping the table structure but\naccounting for the difference in port count (5 in SJA1105 vs 10 in\nSJA1110) does not fully explain the difference. Rather, the SJA1110 also\nhas L2 ingress policers for multicast traffic. If a packet is classified\nas multicast, it will be processed by the policer index 99 + SRCPORT.\n\nThe sja1105_init_l2_policing() function initializes all L2 policers such\nthat they don't interfere with normal packet reception by default. To have\na common code between SJA1105 and SJA1110, the index of the multicast\npolicer for the port is calculated because it's an index that is out of\nbounds for SJA1105 but in bounds for SJA1110, and a bounds check is\nperformed.\n\nThe code fails to do the proper thing when determining what to do with the\nmulticast policer of port 0 on SJA1105 (ds->num_ports = 5). The \"mcast\"\nindex will be equal to 45, which is also equal to\ntable->ops->max_entry_count (SJA1105_MAX_L2_POLICING_COUNT). So it passes\nthrough the check. But at the same time, SJA1105 doesn't have multicast\npolicers. So the code programs the SHARINDX field of an out-of-bounds\nelement in the L2 Policing table of the static config.\n\nThe comparison between index 45 and 45 entries should have determined the\ncode to not access this policer index on SJA1105, since its memory wasn't\neven allocated.\n\nWith enough bad luck, the out-of-bounds write could even overwrite other\nvalid kernel data, but in this case, the issue was detected using KASAN.\n\nKernel log:\n\nsja1105 spi5.0: Probed switch chip: SJA1105Q\n==================================================================\nBUG: KASAN: slab-out-of-bounds in sja1105_setup+0x1cbc/0x2340\nWrite of size 8 at addr ffffff880bd57708 by task kworker/u8:0/8\n...\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n...\nsja1105_setup+0x1cbc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n...\nAllocated by task 8:\n...\nsja1105_setup+0x1bcc/0x2340\ndsa_register_switch+0x1284/0x18d0\nsja1105_probe+0x748/0x840\n..."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/147f3e3d84054117ae6b9bf317ec4fda9f991192",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e88c6f4aaa70c542e59e5a9d2244bcc99cd245d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8bac7f9fdb0017b32157957ffffd490f95faa07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48981.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48981",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.130",
"lastModified": "2024-10-21T20:15:10.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove errant put in error path\n\ndrm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM\nobject getting prematurely freed leading to a later use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/24013314be6ee4ee456114a671e9fa3461323de8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/585a07b820059462e0c93b76c7de2cd946b26b40",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/586847b98e20ab02212ca5c1fc46680384e68a28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a4da05acd062ae7774b6b19cef2b7d922902d36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83e3da8bb92fcfa7a1d232cf55f9e6c49bb84942",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-489xx/CVE-2022-48982.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-48982",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.210",
"lastModified": "2024-10-21T20:15:10.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix crash when replugging CSR fake controllers\n\nIt seems fake CSR 5.0 clones can cause the suspend notifier to be\nregistered twice causing the following kernel panic:\n\n[ 71.986122] Call Trace:\n[ 71.986124] <TASK>\n[ 71.986125] blocking_notifier_chain_register+0x33/0x60\n[ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da]\n[ 71.986154] btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477]\n[ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300\n[ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90\n[ 71.986167] usb_probe_interface+0xe3/0x2b0\n[ 71.986171] really_probe+0xdb/0x380\n[ 71.986174] ? pm_runtime_barrier+0x54/0x90\n[ 71.986177] __driver_probe_device+0x78/0x170\n[ 71.986180] driver_probe_device+0x1f/0x90\n[ 71.986183] __device_attach_driver+0x89/0x110\n[ 71.986186] ? driver_allows_async_probing+0x70/0x70\n[ 71.986189] bus_for_each_drv+0x8c/0xe0\n[ 71.986192] __device_attach+0xb2/0x1e0\n[ 71.986195] bus_probe_device+0x92/0xb0\n[ 71.986198] device_add+0x422/0x9a0\n[ 71.986201] ? sysfs_merge_group+0xd4/0x110\n[ 71.986205] usb_set_configuration+0x57a/0x820\n[ 71.986208] usb_generic_driver_probe+0x4f/0x70\n[ 71.986211] usb_probe_device+0x3a/0x110\n[ 71.986213] really_probe+0xdb/0x380\n[ 71.986216] ? pm_runtime_barrier+0x54/0x90\n[ 71.986219] __driver_probe_device+0x78/0x170\n[ 71.986221] driver_probe_device+0x1f/0x90\n[ 71.986224] __device_attach_driver+0x89/0x110\n[ 71.986227] ? driver_allows_async_probing+0x70/0x70\n[ 71.986230] bus_for_each_drv+0x8c/0xe0\n[ 71.986232] __device_attach+0xb2/0x1e0\n[ 71.986235] bus_probe_device+0x92/0xb0\n[ 71.986237] device_add+0x422/0x9a0\n[ 71.986239] ? _dev_info+0x7d/0x98\n[ 71.986242] ? blake2s_update+0x4c/0xc0\n[ 71.986246] usb_new_device.cold+0x148/0x36d\n[ 71.986250] hub_event+0xa8a/0x1910\n[ 71.986255] process_one_work+0x1c4/0x380\n[ 71.986259] worker_thread+0x51/0x390\n[ 71.986262] ? rescuer_thread+0x3b0/0x3b0\n[ 71.986264] kthread+0xdb/0x110\n[ 71.986266] ? kthread_complete_and_exit+0x20/0x20\n[ 71.986268] ret_from_fork+0x1f/0x30\n[ 71.986273] </TASK>\n[ 71.986274] ---[ end trace 0000000000000000 ]---\n[ 71.986284] btusb: probe of 2-1.6:1.0 failed with error -17"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/549b46f8130effccf168293270bb3b1d5da529cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a49894a5ac3656f1a4f0f6b110460060e8026bf8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5ca338751ad4783ec8d37b5d99c3e37b7813e59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc8fa6570deadb70c3fb74d7cd8ce38849feaed0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48983.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48983",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.283",
"lastModified": "2024-10-21T20:15:10.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: Fix a null-ptr-deref in io_tctx_exit_cb()\n\nSyzkaller reports a NULL deref bug as follows:\n\n BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3\n Read of size 4 at addr 0000000000000138 by task file1/1955\n\n CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0xcd/0x134\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_report+0xbb/0x1f0\n ? io_tctx_exit_cb+0x53/0xd3\n kasan_check_range+0x140/0x190\n io_tctx_exit_cb+0x53/0xd3\n task_work_run+0x164/0x250\n ? task_work_cancel+0x30/0x30\n get_signal+0x1c3/0x2440\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_downgrade+0x6e0/0x6e0\n ? exit_signals+0x8b0/0x8b0\n ? do_raw_read_unlock+0x3b/0x70\n ? do_raw_spin_unlock+0x50/0x230\n arch_do_signal_or_restart+0x82/0x2470\n ? kmem_cache_free+0x260/0x4b0\n ? putname+0xfe/0x140\n ? get_sigframe_size+0x10/0x10\n ? do_execveat_common.isra.0+0x226/0x710\n ? lockdep_hardirqs_on+0x79/0x100\n ? putname+0xfe/0x140\n ? do_execveat_common.isra.0+0x238/0x710\n exit_to_user_mode_prepare+0x15f/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0023:0x0\n Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n Kernel panic - not syncing: panic_on_warn set ...\n\nThis happens because the adding of task_work from io_ring_exit_work()\nisn't synchronized with canceling all work items from eg exec. The\nexecution of the two are ordered in that they are both run by the task\nitself, but if io_tctx_exit_cb() is queued while we're canceling all\nwork items off exec AND gets executed when the task exits to userspace\nrather than in the main loop in io_uring_cancel_generic(), then we can\nfind current->io_uring == NULL and hit the above crash.\n\nIt's safe to add this NULL check here, because the execution of the two\npaths are done by the task itself.\n\n[axboe: add code comment and also put an explanation in the commit msg]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/998b30c3948e4d0b1097e639918c5cff332acac5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d91edca1943453aaaba4f380f6f364346222e5cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f895511de9d27fff71dad2c234ad53b4afd2b06c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48984.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48984",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.360",
"lastModified": "2024-10-21T20:15:10.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: slcan: fix freed work crash\n\nThe LTP test pty03 is causing a crash in slcan:\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n Workqueue: 0x0 (events)\n RIP: 0010:process_one_work (/home/rich/kernel/linux/kernel/workqueue.c:706 /home/rich/kernel/linux/kernel/workqueue.c:2185)\n Code: 49 89 ff 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 10 48 8b 06 48 8b 6f 48 49 89 c4 45 30 e4 a8 04 b8 00 00 00 00 4c 0f 44 e0 <49> 8b 44 24 08 44 8b a8 00 01 00 00 41 83 e5 20 f6 45 10 04 75 0e\n RSP: 0018:ffffaf7b40f47e98 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffff9d644e1b8b48 RCX: ffff9d649e439968\n RDX: 00000000ffff8455 RSI: ffff9d644e1b8b48 RDI: ffff9d64764aa6c0\n RBP: ffff9d649e4335c0 R08: 0000000000000c00 R09: ffff9d64764aa734\n R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000\n R13: ffff9d649e4335e8 R14: ffff9d64490da780 R15: ffff9d64764aa6c0\n FS: 0000000000000000(0000) GS:ffff9d649e400000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 0000000036424000 CR4: 00000000000006f0\n Call Trace:\n <TASK>\n worker_thread (/home/rich/kernel/linux/kernel/workqueue.c:2436)\n kthread (/home/rich/kernel/linux/kernel/kthread.c:376)\n ret_from_fork (/home/rich/kernel/linux/arch/x86/entry/entry_64.S:312)\n\nApparently, the slcan's tx_work is freed while being scheduled. While\nslcan_netdev_close() (netdev side) calls flush_work(&sl->tx_work),\nslcan_close() (tty side) does not. So when the netdev is never set UP,\nbut the tty is stuffed with bytes and forced to wakeup write, the work\nis scheduled, but never flushed.\n\nSo add an additional flush_work() to slcan_close() to be sure the work\nis flushed under all circumstances.\n\nThe Fixes commit below moved flush_work() from slcan_close() to\nslcan_netdev_close(). What was the rationale behind it? Maybe we can\ndrop the one in slcan_netdev_close()?\n\nI see the same pattern in can327. So it perhaps needs the very same fix."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e2709d58a14a10eb00d919acd7dec071c33f8c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb855e9f3b6b42c72af3f1eb0b288998fe0d5ebb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-489xx/CVE-2022-48985.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-48985",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.463",
"lastModified": "2024-10-21T20:15:10.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix race on per-CQ variable napi work_done\n\nAfter calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be\ncleared, and another CPU can start napi thread and access per-CQ variable,\ncq->work_done. If the other thread (for example, from busy_poll) sets\nit to a value >= budget, this thread will continue to run when it should\nstop, and cause memory corruption and panic.\n\nTo fix this issue, save the per-CQ work_done variable in a local variable\nbefore napi_complete_done(), so it won't be corrupted by a possible\nconcurrent thread after napi_complete_done().\n\nAlso, add a flag bit to advertise to the NIC firmware: the NAPI work_done\nvariable race is fixed, so the driver is able to reliably support features\nlike busy_poll."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/18010ff776fa42340efc428b3ea6d19b3e7c7b21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6740d8572ccd1bca50d8a1ca2bedc333f50ed5f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe50a9bbeb1f042e756c5cfa7708112c944368de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48986.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48986",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.527",
"lastModified": "2024-10-21T20:15:10.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix gup_pud_range() for dax\n\nFor dax pud, pud_huge() returns true on x86. So the function works as long\nas hugetlb is configured. However, dax doesn't depend on hugetlb.\nCommit 414fd080d125 (\"mm/gup: fix gup_pmd_range() for dax\") fixed\ndevmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as\nwell.\n\nThis fixes the below kernel panic:\n\ngeneral protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP\n\t< snip >\nCall Trace:\n<TASK>\nget_user_pages_fast+0x1f/0x40\niov_iter_get_pages+0xc6/0x3b0\n? mempool_alloc+0x5d/0x170\nbio_iov_iter_get_pages+0x82/0x4e0\n? bvec_alloc+0x91/0xc0\n? bio_alloc_bioset+0x19a/0x2a0\nblkdev_direct_IO+0x282/0x480\n? __io_complete_rw_common+0xc0/0xc0\n? filemap_range_has_page+0x82/0xc0\ngeneric_file_direct_write+0x9d/0x1a0\n? inode_update_time+0x24/0x30\n__generic_file_write_iter+0xbd/0x1e0\nblkdev_write_iter+0xb4/0x150\n? io_import_iovec+0x8d/0x340\nio_write+0xf9/0x300\nio_issue_sqe+0x3c3/0x1d30\n? sysvec_reschedule_ipi+0x6c/0x80\n__io_queue_sqe+0x33/0x240\n? fget+0x76/0xa0\nio_submit_sqes+0xe6a/0x18d0\n? __fget_light+0xd1/0x100\n__x64_sys_io_uring_enter+0x199/0x880\n? __context_tracking_enter+0x1f/0x70\n? irqentry_exit_to_user_mode+0x24/0x30\n? irqentry_exit+0x1d/0x30\n? __context_tracking_exit+0xe/0x70\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fc97c11a7be\n\t< snip >\n</TASK>\n---[ end trace 48b2e0e67debcaeb ]---\nRIP: 0010:internal_get_user_pages_fast+0x340/0x990\n\t< snip >\nKernel panic - not syncing: Fatal exception\nKernel Offset: disabled"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48987.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48987",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.617",
"lastModified": "2024-10-21T20:15:10.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-dv-timings.c: fix too strict blanking sanity checks\n\nSanity checks were added to verify the v4l2_bt_timings blanking fields\nin order to avoid integer overflows when userspace passes weird values.\n\nBut that assumed that userspace would correctly fill in the front porch,\nbackporch and sync values, but sometimes all you know is the total\nblanking, which is then assigned to just one of these fields.\n\nAnd that can fail with these checks.\n\nSo instead set a maximum for the total horizontal and vertical\nblanking and check that each field remains below that.\n\nThat is still sufficient to avoid integer overflows, but it also\nallows for more flexibility in how userspace fills in these fields."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d73b49c4037199472b29574ae21c21aef493971",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2572ab14b73aa45b6ae7e4c089ccf119fed5cf89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32f01f0306a98629508f84d7ef0d1d037bc274a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4afc77068e36cee45b39d4fdc7513de26980f72c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5eef2141776da02772c44ec406d6871a790761ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fb8bc29bfa80707994a63cc97e2f9920e0b0608",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2b56627c0d13009e02f6f2c0206c0451ed19a0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d3d14cdf1c7ae2caa3e999bae95ba99e955fb7c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2022/CVE-2022-489xx/CVE-2022-48988.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2022-48988",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.710",
"lastModified": "2024-10-21T20:15:10.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: fix possible use-after-free in memcg_write_event_control()\n\nmemcg_write_event_control() accesses the dentry->d_name of the specified\ncontrol fd to route the write call. As a cgroup interface file can't be\nrenamed, it's safe to access d_name as long as the specified file is a\nregular cgroup file. Also, as these cgroup interface files can't be\nremoved before the directory, it's safe to access the parent too.\n\nPrior to 347c4a874710 (\"memcg: remove cgroup_event->cft\"), there was a\ncall to __file_cft() which verified that the specified file is a regular\ncgroupfs file before further accesses. The cftype pointer returned from\n__file_cft() was no longer necessary and the commit inadvertently dropped\nthe file type check with it allowing any file to slip through. With the\ninvarients broken, the d_name and parent accesses can now race against\nrenames and removals of arbitrary files and cause use-after-free's.\n\nFix the bug by resurrecting the file type check in __file_cft(). Now that\ncgroupfs is implemented through kernfs, checking the file operations needs\nto go through a layer of indirection. Instead, let's check the superblock\nand dentry type."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48989.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48989",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.820",
"lastModified": "2024-10-21T20:15:10.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix oops due to race with cookie_lru and use_cookie\n\nIf a cookie expires from the LRU and the LRU_DISCARD flag is set, but\nthe state machine has not run yet, it's possible another thread can call\nfscache_use_cookie and begin to use it.\n\nWhen the cookie_worker finally runs, it will see the LRU_DISCARD flag\nset, transition the cookie->state to LRU_DISCARDING, which will then\nwithdraw the cookie. Once the cookie is withdrawn the object is removed\nthe below oops will occur because the object associated with the cookie\nis now NULL.\n\nFix the oops by clearing the LRU_DISCARD bit if another thread uses the\ncookie before the cookie_worker runs.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n ...\n CPU: 31 PID: 44773 Comm: kworker/u130:1 Tainted: G E 6.0.0-5.dneg.x86_64 #1\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022\n Workqueue: events_unbound netfs_rreq_write_to_cache_work [netfs]\n RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles]\n ...\n Call Trace:\n netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs]\n process_one_work+0x217/0x3e0\n worker_thread+0x4a/0x3b0\n kthread+0xd6/0x100"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/37f0b459c9b67e14fe4dcc3a15d286c4436ed01d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5b52de3214a29911f949459a79f6640969b5487",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48990.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48990",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:10.910",
"lastModified": "2024-10-21T20:15:10.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free during gpu recovery\n\n[Why]\n [ 754.862560] refcount_t: underflow; use-after-free.\n [ 754.862898] Call Trace:\n [ 754.862903] <TASK>\n [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu]\n [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched]\n\n[How]\n The fw_fence may be not init, check whether dma_fence_init\n is performed before job free"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48991.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48991",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.000",
"lastModified": "2024-10-21T20:15:11.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/khugepaged: invoke MMU notifiers in shmem/file collapse paths\n\nAny codepath that zaps page table entries must invoke MMU notifiers to\nensure that secondary MMUs (like KVM) don't keep accessing pages which\naren't mapped anymore. Secondary MMUs don't hold their own references to\npages that are mirrored over, so failing to notify them can lead to page\nuse-after-free.\n\nI'm marking this as addressing an issue introduced in commit f3f0e1d2150b\n(\"khugepaged: add support of collapse for tmpfs/shmem pages\"), but most of\nthe security impact of this only came in commit 27e1f8273113 (\"khugepaged:\nenable collapse pmd for pte-mapped THP\"), which actually omitted flushes\nfor the removal of present PTEs, not just for the removal of empty page\ntables."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48992.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48992",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.067",
"lastModified": "2024-10-21T20:15:11.067",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-pcm: Add NULL check in BE reparenting\n\nAdd NULL check in dpcm_be_reparent API, to handle\nkernel NULL pointer dereference error.\nThe issue occurred in fuzzing test."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0760acc2e6598ad4f7bd3662db2d907ef0838139",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/34a9796bf0684bfd54e96a142560d560c21c983b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f74b9aa8d58c18927bb9b65dd5ba70a5fd61615",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d4dd21a79dbb862d2ebcf9ed90e646416009ff0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db8f91d424fe0ea6db337aca8bc05908bbce1498",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7166d6821c15f3516bcac8ae3f155924da1908c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2ba66d8738584d124aff4e760ed1337f5f6dfb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6f45e538328df9ce66aa61bafee1a5717c4b700",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2022/CVE-2022-489xx/CVE-2022-48993.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2022-48993",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.163",
"lastModified": "2024-10-21T20:15:11.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Use kzalloc() in fbcon_prepare_logo()\n\nA kernel built with syzbot's config file reported that\n\n scr_memcpyw(q, save, array3_size(logo_lines, new_cols, 2))\n\ncauses uninitialized \"save\" to be copied.\n\n ----------\n [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0\n [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1\n Console: switching to colour frame buffer device 128x48\n =====================================================\n BUG: KMSAN: uninit-value in do_update_region+0x4b8/0xba0\n do_update_region+0x4b8/0xba0\n update_region+0x40d/0x840\n fbcon_switch+0x3364/0x35e0\n redraw_screen+0xae3/0x18a0\n do_bind_con_driver+0x1cb3/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n Uninit was stored to memory at:\n fbcon_prepare_logo+0x143b/0x1940\n fbcon_init+0x2c1b/0x31c0\n visual_init+0x3e7/0x820\n do_bind_con_driver+0x14a4/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n Uninit was created at:\n __kmem_cache_alloc_node+0xb69/0x1020\n __kmalloc+0x379/0x680\n fbcon_prepare_logo+0x704/0x1940\n fbcon_init+0x2c1b/0x31c0\n visual_init+0x3e7/0x820\n do_bind_con_driver+0x14a4/0x1df0\n do_take_over_console+0x11cb/0x13f0\n fbcon_fb_registered+0xacc/0xfd0\n register_framebuffer+0x1179/0x1320\n __drm_fb_helper_initial_config_and_unlock+0x23ad/0x2b40\n drm_fbdev_client_hotplug+0xbea/0xda0\n drm_fbdev_generic_setup+0x65e/0x9d0\n vkms_init+0x9f3/0xc76\n (...snipped...)\n\n CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-00356-g8f2975c2bb4c #924\n Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\n ----------"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/20e78b7d1c1019789d9754ad9246192916f1a3b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9bbebc6aba72ece39a200c8141f44e68ba883877",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d5126b574c9177ed9ca925e36f85a1e6ce80bd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6a00d7e8ffd78d1cdb7a43f1278f081038c638f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9b53caf0191cee24afd05ca6c83ed873199b52d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e70a5724400a841c9857ee3d08dae4d6c53ee40d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-489xx/CVE-2022-48994.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-48994",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.257",
"lastModified": "2024-10-21T20:15:11.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed.\n\nseq_copy_in_user() and seq_copy_in_kernel() did not have prototypes\nmatching snd_seq_dump_func_t. Adjust this and remove the casts. There\nare not resulting binary output differences.\n\nThis was found as a result of Clang's new -Wcast-function-type-strict\nflag, which is more sensitive than the simpler -Wcast-function-type,\nwhich only checks for type width mismatches."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05530ef7cf7c7d700f6753f058999b1b5099a026",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/13ee8fb5410b740c8dd2867d3557c7662f7dda2d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/15c42ab8d43acb73e2eba361ad05822c0af0ecfa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f46e95bf344abc4e74f8158901d32a869e0adb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63badfed200219ca656968725f1a43df293ac936",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b38486e82ecb9f3046e0184205f6b61408fc40c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e385360705a0b346bdb57ce938249175d0613b8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fccd454129f6a0739651f7f58307cdb631fd6e89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-489xx/CVE-2022-48995.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-48995",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.343",
"lastModified": "2024-10-21T20:15:11.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raydium_ts_i2c - fix memory leak in raydium_i2c_send()\n\nThere is a kmemleak when test the raydium_i2c_ts with bpf mock device:\n\n unreferenced object 0xffff88812d3675a0 (size 8):\n comm \"python3\", pid 349, jiffies 4294741067 (age 95.695s)\n hex dump (first 8 bytes):\n 11 0e 10 c0 01 00 04 00 ........\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n unreferenced object 0xffff88812d3675c8 (size 8):\n comm \"python3\", pid 349, jiffies 4294741070 (age 95.692s)\n hex dump (first 8 bytes):\n 22 00 36 2d 81 88 ff ff \".6-....\n backtrace:\n [<0000000068427125>] __kmalloc+0x46/0x1b0\n [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts]\n [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts]\n [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts]\n [<00000000a310de16>] i2c_device_probe+0x651/0x680\n [<00000000f5a96bf3>] really_probe+0x17c/0x3f0\n [<00000000096ba499>] __driver_probe_device+0xe3/0x170\n [<00000000c5acb4d9>] driver_probe_device+0x49/0x120\n [<00000000264fe082>] __device_attach_driver+0xf7/0x150\n [<00000000f919423c>] bus_for_each_drv+0x114/0x180\n [<00000000e067feca>] __device_attach+0x1e5/0x2d0\n [<0000000054301fc2>] bus_probe_device+0x126/0x140\n [<00000000aad93b22>] device_add+0x810/0x1130\n [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0\n [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110\n [<00000000ffec4177>] of_i2c_notify+0x100/0x160\n\nAfter BANK_SWITCH command from i2c BUS, no matter success or error\nhappened, the tx_buf should be freed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/097c1c7a28e3da8f2811ba532be6e81faab15aab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53b9b1201e34ccc895971218559123625c56fbcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c9a59939deb4bfafdc451100c03d1e848b4169b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48996.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48996",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.423",
"lastModified": "2024-10-21T20:15:11.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()\n\nCommit da87878010e5 (\"mm/damon/sysfs: support online inputs update\") made\n'damon_sysfs_set_schemes()' to be called for running DAMON context, which\ncould have schemes. In the case, DAMON sysfs interface is supposed to\nupdate, remove, or add schemes to reflect the sysfs files. However, the\ncode is assuming the DAMON context wouldn't have schemes at all, and\ntherefore creates and adds new schemes. As a result, the code doesn't\nwork as intended for online schemes tuning and could have more than\nexpected memory footprint. The schemes are all in the DAMON context, so\nit doesn't leak the memory, though.\n\nRemove the wrong asssumption (the DAMON context wouldn't have schemes) in\n'damon_sysfs_set_schemes()' to fix the bug."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/95bc35f9bee5220dad4e8567654ab3288a181639",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f98d1f2a36ad7ab48fb4cf73ca14e7b19482fd4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48997.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48997",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.503",
"lastModified": "2024-10-21T20:15:11.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: tpm: Protect tpm_pm_suspend with locks\n\nCurrently tpm transactions are executed unconditionally in\ntpm_pm_suspend() function, which may lead to races with other tpm\naccessors in the system.\n\nSpecifically, the hw_random tpm driver makes use of tpm_get_random(),\nand this function is called in a loop from a kthread, which means it's\nnot frozen alongside userspace, and so can race with the work done\nduring system suspend:\n\n tpm tpm0: tpm_transmit: tpm_recv: error -52\n tpm tpm0: invalid TPM_STS.x 0xff, dumping stack for forensics\n CPU: 0 PID: 1 Comm: init Not tainted 6.1.0-rc5+ #135\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n Call Trace:\n tpm_tis_status.cold+0x19/0x20\n tpm_transmit+0x13b/0x390\n tpm_transmit_cmd+0x20/0x80\n tpm1_pm_suspend+0xa6/0x110\n tpm_pm_suspend+0x53/0x80\n __pnp_bus_suspend+0x35/0xe0\n __device_suspend+0x10f/0x350\n\nFix this by calling tpm_try_get_ops(), which itself is a wrapper around\ntpm_chip_start(), but takes the appropriate mutex.\n\n[Jason: reworked commit message, added metadata]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/23393c6461422df5bf8084a086ada9a7e17dc2ba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/25b78bf98b07ff5aceb9b1e24f72ec0236c5c053",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4e0d6c687c925e27fd4bc78a2721d10acf5614d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/571b6bbbf54d835ea6120f65575cb55cd767e603",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d699373ac5f3545243d3c73a1ccab77fdef8cec6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-489xx/CVE-2022-48998.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-48998",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.570",
"lastModified": "2024-10-21T20:15:11.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf/32: Fix Oops on tail call tests\n\ntest_bpf tail call tests end up as:\n\n test_bpf: #0 Tail call leaf jited:1 85 PASS\n test_bpf: #1 Tail call 2 jited:1 111 PASS\n test_bpf: #2 Tail call 3 jited:1 145 PASS\n test_bpf: #3 Tail call 4 jited:1 170 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 190 PASS\n test_bpf: #5 Tail call load/store jited:1\n BUG: Unable to handle kernel data access on write at 0xf1b4e000\n Faulting instruction address: 0xbe86b710\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K MMU=Hash PowerMac\n Modules linked in: test_bpf(+)\n CPU: 0 PID: 97 Comm: insmod Not tainted 6.1.0-rc4+ #195\n Hardware name: PowerMac3,1 750CL 0x87210 PowerMac\n NIP: be86b710 LR: be857e88 CTR: be86b704\n REGS: f1b4df20 TRAP: 0300 Not tainted (6.1.0-rc4+)\n MSR: 00009032 <EE,ME,IR,DR,RI> CR: 28008242 XER: 00000000\n DAR: f1b4e000 DSISR: 42000000\n GPR00: 00000001 f1b4dfe0 c11d2280 00000000 00000000 00000000 00000002 00000000\n GPR08: f1b4e000 be86b704 f1b4e000 00000000 00000000 100d816a f2440000 fe73baa8\n GPR16: f2458000 00000000 c1941ae4 f1fe2248 00000045 c0de0000 f2458030 00000000\n GPR24: 000003e8 0000000f f2458000 f1b4dc90 3e584b46 00000000 f24466a0 c1941a00\n NIP [be86b710] 0xbe86b710\n LR [be857e88] __run_one+0xec/0x264 [test_bpf]\n Call Trace:\n [f1b4dfe0] [00000002] 0x2 (unreliable)\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThis is a tentative to write above the stack. The problem is encoutered\nwith tests added by commit 38608ee7b690 (\"bpf, tests: Add load store\ntest case for tail call\")\n\nThis happens because tail call is done to a BPF prog with a different\nstack_depth. At the time being, the stack is kept as is when the caller\ntail calls its callee. But at exit, the callee restores the stack based\non its own properties. Therefore here, at each run, r1 is erroneously\nincreased by 32 - 16 = 16 bytes.\n\nThis was done that way in order to pass the tail call count from caller\nto callee through the stack. As powerpc32 doesn't have a red zone in\nthe stack, it was necessary the maintain the stack as is for the tail\ncall. But it was not anticipated that the BPF frame size could be\ndifferent.\n\nLet's take a new approach. Use register r4 to carry the tail call count\nduring the tail call, and save it into the stack at function entry if\nrequired. This means the input parameter must be in r3, which is more\ncorrect as it is a 32 bits parameter, then tail call better match with\nnormal BPF function entry, the down side being that we move that input\nparameter back and forth between r3 and r4. That can be optimised later.\n\nDoing that also has the advantage of maximising the common parts between\ntail calls and a normal function exit.\n\nWith the fix, tail call tests are now successfull:\n\n test_bpf: #0 Tail call leaf jited:1 53 PASS\n test_bpf: #1 Tail call 2 jited:1 115 PASS\n test_bpf: #2 Tail call 3 jited:1 154 PASS\n test_bpf: #3 Tail call 4 jited:1 165 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 101 PASS\n test_bpf: #5 Tail call load/store jited:1 141 PASS\n test_bpf: #6 Tail call error path, max count reached jited:1 994 PASS\n test_bpf: #7 Tail call count preserved across function calls jited:1 140975 PASS\n test_bpf: #8 Tail call error path, NULL target jited:1 110 PASS\n test_bpf: #9 Tail call error path, index out of range jited:1 69 PASS\n test_bpf: test_tail_calls: Summary: 10 PASSED, 0 FAILED, [10/10 JIT'ed]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/747a6e547240baaaf41874d27333b87b87cfd24c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89d21e259a94f7d5582ec675aa445f5a79f347e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-489xx/CVE-2022-48999.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-48999",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.630",
"lastModified": "2024-10-21T20:15:11.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49000.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49000",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.710",
"lastModified": "2024-10-21T20:15:11.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in has_external_pci()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() before 'return true' to avoid reference count leak."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ed7655a17f6a3eaecd1293830488259ccd5723",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17f67414718e6aba123335a33b7d15aa594fff34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afca9e19cc720bfafc75dc5ce429c185ca93f31d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6eea8b2e858a20ad58ac62dc2de90fea2413f94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-490xx/CVE-2022-49001.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49001",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.773",
"lastModified": "2024-10-21T20:15:11.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fix race when vmap stack overflow\n\nCurrently, when detecting vmap stack overflow, riscv firstly switches\nto the so called shadow stack, then use this shadow stack to call the\nget_overflow_stack() to get the overflow stack. However, there's\na race here if two or more harts use the same shadow stack at the same\ntime.\n\nTo solve this race, we introduce spin_shadow_stack atomic var, which\nwill be swap between its own address and 0 in atomic way, when the\nvar is set, it means the shadow_stack is being used; when the var\nis cleared, it means the shadow_stack isn't being used.\n\n[Palmer: Add AQ to the swap, and also some comments.]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e1864332fbc1b993659eab7974da9fe8bf8c128",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/879fabc5a95401d9bce357e4b1d24ae4a360a81f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac00301adb19df54f2eae1efc4bad7447c0156ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49002.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49002",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.853",
"lastModified": "2024-10-21T20:15:11.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the error path to avoid reference count leak."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a8f7b90681472948de172dbbf5a54cd342870aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4bedbbd782ebbe7287231fea862c158d4f08a9e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71c4a621985fc051ab86d3a86c749069a993fcb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/876d7bfb89273997056220029ff12b1c2cc4691d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5c65cd56aed027f8a97fda8b691caaeb66d115e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bdb613ef179ad4bb9d56a2533e9b30e434f1dfb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cbdd83bd2fd67142b03ce9dbdd1eab322ff7321f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d47bc9d7bcdbb9adc9703513d964b514fee5b0bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-490xx/CVE-2022-49003.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49003",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.920",
"lastModified": "2024-10-21T20:15:11.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix SRCU protection of nvme_ns_head list\n\nWalking the nvme_ns_head siblings list is protected by the head's srcu\nin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().\nRemoving namespaces from the list also fails to synchronize the srcu.\nConcurrent scan work can therefore cause use-after-frees.\n\nHold the head's srcu lock in nvme_mpath_revalidate_paths() and\nsynchronize with the srcu, not the global RCU, in nvme_ns_remove().\n\nObserved the following panic when making NVMe/RDMA connections\nwith native multipath on the Rocky Linux 8.6 kernel\n(it seems the upstream kernel has the same race condition).\nDisassembly shows the faulting instruction is cmp 0x50(%rdx),%rcx;\ncomputing capacity != get_capacity(ns->disk).\nAddress 0x50 is dereferenced because ns->disk is NULL.\nThe NULL disk appears to be the result of concurrent scan work\nfreeing the namespace (note the log line in the middle of the panic).\n\n[37314.206036] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050\n[37314.206036] nvme0n3: detected capacity change from 0 to 11811160064\n[37314.299753] PGD 0 P4D 0\n[37314.299756] Oops: 0000 [#1] SMP PTI\n[37314.299759] CPU: 29 PID: 322046 Comm: kworker/u98:3 Kdump: loaded Tainted: G W X --------- - - 4.18.0-372.32.1.el8test86.x86_64 #1\n[37314.299762] Hardware name: Dell Inc. PowerEdge R720/0JP31P, BIOS 2.7.0 05/23/2018\n[37314.299763] Workqueue: nvme-wq nvme_scan_work [nvme_core]\n[37314.299783] RIP: 0010:nvme_mpath_revalidate_paths+0x26/0xb0 [nvme_core]\n[37314.299790] Code: 1f 44 00 00 66 66 66 66 90 55 53 48 8b 5f 50 48 8b 83 c8 c9 00 00 48 8b 13 48 8b 48 50 48 39 d3 74 20 48 8d 42 d0 48 8b 50 20 <48> 3b 4a 50 74 05 f0 80 60 70 ef 48 8b 50 30 48 8d 42 d0 48 39 d3\n[37315.058803] RSP: 0018:ffffabe28f913d10 EFLAGS: 00010202\n[37315.121316] RAX: ffff927a077da800 RBX: ffff92991dd70000 RCX: 0000000001600000\n[37315.206704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff92991b719800\n[37315.292106] RBP: ffff929a6b70c000 R08: 000000010234cd4a R09: c0000000ffff7fff\n[37315.377501] R10: 0000000000000001 R11: ffffabe28f913a30 R12: 0000000000000000\n[37315.462889] R13: ffff92992716600c R14: ffff929964e6e030 R15: ffff92991dd70000\n[37315.548286] FS: 0000000000000000(0000) GS:ffff92b87fb80000(0000) knlGS:0000000000000000\n[37315.645111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[37315.713871] CR2: 0000000000000050 CR3: 0000002208810006 CR4: 00000000000606e0\n[37315.799267] Call Trace:\n[37315.828515] nvme_update_ns_info+0x1ac/0x250 [nvme_core]\n[37315.892075] nvme_validate_or_alloc_ns+0x2ff/0xa00 [nvme_core]\n[37315.961871] ? __blk_mq_free_request+0x6b/0x90\n[37316.015021] nvme_scan_work+0x151/0x240 [nvme_core]\n[37316.073371] process_one_work+0x1a7/0x360\n[37316.121318] ? create_worker+0x1a0/0x1a0\n[37316.168227] worker_thread+0x30/0x390\n[37316.212024] ? create_worker+0x1a0/0x1a0\n[37316.258939] kthread+0x10a/0x120\n[37316.297557] ? set_kthread_struct+0x50/0x50\n[37316.347590] ret_from_fork+0x35/0x40\n[37316.390360] Modules linked in: nvme_rdma nvme_tcp(X) nvme_fabrics nvme_core netconsole iscsi_tcp libiscsi_tcp dm_queue_length dm_service_time nf_conntrack_netlink br_netfilter bridge stp llc overlay nft_chain_nat ipt_MASQUERADE nf_nat xt_addrtype xt_CT nft_counter xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment xt_multiport nft_compat nf_tables libcrc32c nfnetlink dm_multipath tg3 rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm intel_rapl_msr iTCO_wdt iTCO_vendor_support dcdbas intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ipmi_ssif kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel ib_uverbs rapl intel_cstate intel_uncore ib_core ipmi_si joydev mei_me pcspkr ipmi_devintf mei lpc_ich wmi ipmi_msghandler acpi_power_meter ex\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b566d09ab1b975566a53f9c5466ee260d087582",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/787d81d4eb150e443e5d1276c6e8f03cfecc2302",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/899d2a05dc14733cfba6224083c6b0dd5a738590",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-490xx/CVE-2022-49004.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49004",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:11.990",
"lastModified": "2024-10-21T20:15:11.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sync efi page table's kernel mappings before switching\n\nThe EFI page table is initially created as a copy of the kernel page table.\nWith VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area:\nif the stack is allocated in a new PGD (one that was not present at the\nmoment of the efi page table creation or not synced in a previous vmalloc\nfault), the kernel will take a trap when switching to the efi page table\nwhen the vmalloc kernel stack is accessed, resulting in a kernel panic.\n\nFix that by updating the efi kernel mappings before switching to the efi\npage table."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f105a742725a1b78766a55169f1d827732e62b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/96f479383d92944406d4b3f2bc03c2f640def9f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa7a7d185ef380546b4b1fed6f84f31dbae8cec7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49005.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49005",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.040",
"lastModified": "2024-10-21T20:15:12.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Fix bounds check for _sx controls\n\nFor _sx controls the semantics of the max field is not the usual one, max\nis the number of steps rather than the maximum value. This means that our\ncheck in snd_soc_put_volsw_sx() needs to just check against the maximum\nvalue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/325d94d16e3131b54bdf07356e4cd855e0d853fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/46bab25cc0230df60d1c02b651cc5640a14b08df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4a95a49f26308782b4056401989ecd7768fda8fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/698813ba8c580efb356ace8dbf55f61dac6063a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98b15c706644bebc19d2e77ccc360cc51444f6d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b50c9641897274c3faef5f95ac852f54b94be2e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e46adadf19248d59af3aa6bc52e09115bf479bf7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-490xx/CVE-2022-49006.json Normal file
View File

File diff suppressed because one or more lines are too long

49
CVE-2022/CVE-2022-490xx/CVE-2022-49007.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49007",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.197",
"lastModified": "2024-10-21T20:15:12.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()\n\nSyzbot reported a null-ptr-deref bug:\n\n NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP\n frequency < 30 seconds\n general protection fault, probably for non-canonical address\n 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 1 PID: 3603 Comm: segctord Not tainted\n 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google\n 10/11/2022\n RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0\n fs/nilfs2/alloc.c:608\n Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00\n 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02\n 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7\n RSP: 0018:ffffc90003dff830 EFLAGS: 00010212\n RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d\n RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010\n RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f\n R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158\n R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004\n FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0\n Call Trace:\n <TASK>\n nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline]\n nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193\n nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236\n nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940\n nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline]\n nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline]\n nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088\n nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337\n nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568\n nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018\n nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067\n nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline]\n nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline]\n nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045\n nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]\n nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570\n kthread+0x2e4/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n </TASK>\n ...\n\nIf DAT metadata file is corrupted on disk, there is a case where\nreq->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during\na b-tree operation that cascadingly updates ancestor nodes of the b-tree,\nbecause nilfs_dat_commit_alloc() for a lower level block can initialize\nthe blocknr on the same DAT entry between nilfs_dat_prepare_end() and\nnilfs_dat_commit_end().\n\nIf this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free()\nwithout valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and\ncauses the NULL pointer dereference above in\nnilfs_palloc_commit_free_entry() function, which leads to a crash.\n\nFix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh\nbefore nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free().\n\nThis also calls nilfs_error() in that case to notify that there is a fatal\nflaw in the filesystem metadata and prevent further operations."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/165c7a3b27a3857ebf57f626b9f38b48b6792e68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/33021419fd81efd3d729a7f19341ba4b98fe66ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/381b84f60e549ea98cec4666c6c728b1b3318756",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a130b72e6bd1fb07fc3cde839dc6fb53da76f07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc3fd3293887b4cf84a9109700faeb82de533c89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e858917ab785afe83c14f5ac141301216ccda847",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-490xx/CVE-2022-49008.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-49008",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.290",
"lastModified": "2024-10-21T20:15:12.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down\n\nIn can327_feed_frame_to_netdev(), it did not free the skb when netdev\nis down, and all callers of can327_feed_frame_to_netdev() did not free\nallocated skb too. That would trigger skb leak.\n\nFix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev\nis down. Not tested, just compiled."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8fa452cfafed521aaf5a18c71003fe24b1ee6141",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-490xx/CVE-2022-49009.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-49009",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.373",
"lastModified": "2024-10-21T20:15:12.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) Add checks for devm_kcalloc\n\nAs the devm_kcalloc may return NULL, the return value needs to be checked\nto avoid NULL poineter dereference."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9bdc112be727cf1ba65be79541147f960c3349d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a41ec58ac352fd176d5808af847663dc890f6053",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49010.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49010",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.433",
"lastModified": "2024-10-21T20:15:12.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Check for null before removing sysfs attrs\n\nIf coretemp_add_core() gets an error then pdata->core_data[indx]\nis already NULL and has been kfreed. Don't pass that to\nsysfs_remove_group() as that will crash in sysfs_remove_group().\n\n[Shortened for readability]\n[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'\n<cpu offline>\n[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188\n[91855.165103] #PF: supervisor read access in kernel mode\n[91855.194506] #PF: error_code(0x0000) - not-present page\n[91855.224445] PGD 0 P4D 0\n[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI\n...\n[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80\n...\n[91855.796571] Call Trace:\n[91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp]\n[91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp]\n[91855.871107] cpuhp_invoke_callback+0x105/0x4b0\n[91855.893432] cpuhp_thread_fun+0x8e/0x150\n...\n\nFix this by checking for NULL first."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49011.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49011",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.500",
"lastModified": "2024-10-21T20:15:12.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it after using to avoid refcount leak."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7dec14537c5906b8bf40fd6fd6d9c3850f8df11d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e273e3d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-490xx/CVE-2022-49012.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-49012",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.573",
"lastModified": "2024-10-21T20:15:12.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix server->active leak in afs_put_server\n\nThe atomic_read was accidentally replaced with atomic_inc_return,\nwhich prevents the server from getting cleaned up and causes rmmod\nto hang with a warning:\n\n Can't purge s=00000001"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/c5078548c29c735f71b05053659c0cb294e738ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef4d3ea40565a781c25847e9cb96c1bd9f462bc6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-490xx/CVE-2022-49013.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-49013",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.637",
"lastModified": "2024-10-21T20:15:12.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix memory leak in sctp_stream_outq_migrate()\n\nWhen sctp_stream_outq_migrate() is called to release stream out resources,\nthe memory pointed to by prio_head in stream out is not released.\n\nThe memory leak information is as follows:\n unreferenced object 0xffff88801fe79f80 (size 64):\n comm \"sctp_repo\", pid 7957, jiffies 4294951704 (age 36.480s)\n hex dump (first 32 bytes):\n 80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................\n 90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................\n backtrace:\n [<ffffffff81b215c6>] kmalloc_trace+0x26/0x60\n [<ffffffff88ae517c>] sctp_sched_prio_set+0x4cc/0x770\n [<ffffffff88ad64f2>] sctp_stream_init_ext+0xd2/0x1b0\n [<ffffffff88aa2604>] sctp_sendmsg_to_asoc+0x1614/0x1a30\n [<ffffffff88ab7ff1>] sctp_sendmsg+0xda1/0x1ef0\n [<ffffffff87f765ed>] inet_sendmsg+0x9d/0xe0\n [<ffffffff8754b5b3>] sock_sendmsg+0xd3/0x120\n [<ffffffff8755446a>] __sys_sendto+0x23a/0x340\n [<ffffffff87554651>] __x64_sys_sendto+0xe1/0x1b0\n [<ffffffff89978b49>] do_syscall_64+0x39/0xb0\n [<ffffffff89a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0dfb9a566327182387c90100ea54d8426cee8c67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/176ee6c673ccd118e9392fd2dbb165423bdb99ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a7555681e50bdebed2c40ff7404ee73c2e932993",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa20f88271259d42ebe66f0a8c4c20199e888c99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

41
CVE-2022/CVE-2022-490xx/CVE-2022-49014.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2022-49014",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.707",
"lastModified": "2024-10-21T20:15:12.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix use-after-free in tun_detach()\n\nsyzbot reported use-after-free in tun_detach() [1]. This causes call\ntrace like below:\n\n==================================================================\nBUG: KASAN: use-after-free in notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\nRead of size 8 at addr ffff88807324e2a8 by task syz-executor.0/3673\n\nCPU: 0 PID: 3673 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller-00044-gcc675d22e422 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x15e/0x461 mm/kasan/report.c:395\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:495\n notifier_call_chain+0x1ee/0x200 kernel/notifier.c:75\n call_netdevice_notifiers_info+0x86/0x130 net/core/dev.c:1942\n call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]\n call_netdevice_notifiers net/core/dev.c:1997 [inline]\n netdev_wait_allrefs_any net/core/dev.c:10237 [inline]\n netdev_run_todo+0xbc6/0x1100 net/core/dev.c:10351\n tun_detach drivers/net/tun.c:704 [inline]\n tun_chr_close+0xe4/0x190 drivers/net/tun.c:3467\n __fput+0x27c/0xa90 fs/file_table.c:320\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xb3d/0x2a30 kernel/exit.c:820\n do_group_exit+0xd4/0x2a0 kernel/exit.c:950\n get_signal+0x21b1/0x2440 kernel/signal.c:2858\n arch_do_signal_or_restart+0x86/0x2300 arch/x86/kernel/signal.c:869\n exit_to_user_mode_loop kernel/entry/common.c:168 [inline]\n exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296\n do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that sock_put() from __tun_detach() drops\nlast reference count for struct net, and then notifier_call_chain()\nfrom netdev_state_change() accesses that struct net.\n\nThis patch fixes the issue by calling sock_put() from tun_detach()\nafter all necessary accesses for the struct net has done."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04b995e963229501401810dab89dc73e7f12d054",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/16c244bc65d1175775325ec0489a5a5c830e02c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1f23f1890d91812c35d32eab1b49621b6d32dc7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4cde8da2d814a3b7b176db81922d4ddaad7c0f0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5daadc86f27ea4d691e2131c04310d0418c6cd12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f442e1d403e0496bacb74a58e2be7f500695e6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49015.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49015",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.787",
"lastModified": "2024-10-21T20:15:12.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: Fix potential use-after-free\n\nThe skb is delivered to netif_rx() which may free it, after calling this,\ndereferencing skb may trigger use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e177d32442b7ed08a9fa61b61724abc548cb248",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d33ec26f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-490xx/CVE-2022-49016.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49016",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.840",
"lastModified": "2024-10-21T20:15:12.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdiobus: fix unbalanced node reference count\n\nI got the following report while doing device(mscc-miim) load test\nwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 2,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0\n\nIf the 'fwnode' is not an acpi node, the refcount is get in\nfwnode_mdiobus_phy_device_register(), but it has never been\nput when the device is freed in the normal path. So call\nfwnode_handle_put() in phy_device_release() to avoid leak.\n\nIf it's an acpi node, it has never been get, but it's put\nin the error path, so call fwnode_handle_get() before\nphy_device_register() to keep get/put operation balanced."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2708b357440427d6a9fee667eb7b8307f4625adc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/543d917f691ab06885ee779c862065899eaa4251",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cdde1560118f82498fc9e9a7c1ef7f0ef7755891",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49017.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49017",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.910",
"lastModified": "2024-10-21T20:15:12.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: re-fetch skb cb after tipc_msg_validate\n\nAs the call trace shows, the original skb was freed in tipc_msg_validate(),\nand dereferencing the old skb cb would cause an use-after-free crash.\n\n BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n Call Trace:\n <IRQ>\n tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n ...\n Allocated by task 47078:\n kmem_cache_alloc_node+0x158/0x4d0\n __alloc_skb+0x1c1/0x270\n tipc_buf_acquire+0x1e/0xe0 [tipc]\n tipc_msg_create+0x33/0x1c0 [tipc]\n tipc_link_build_proto_msg+0x38a/0x2100 [tipc]\n tipc_link_timeout+0x8b8/0xef0 [tipc]\n tipc_node_timeout+0x2a1/0x960 [tipc]\n call_timer_fn+0x2d/0x1c0\n ...\n Freed by task 47078:\n tipc_msg_validate+0x7b/0x440 [tipc]\n tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]\n tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n tipc_rcv+0x744/0x1150 [tipc]\n\nThis patch fixes it by re-fetching the skb cb from the new allocated skb\nafter calling tipc_msg_validate()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1daec0815655e110c6f206c5e777a4af8168ff58",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3067bc61fcfe3081bf4807ce65560f499e895e77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a1ba595e35aa3afbe417ff0af353afb9f65559c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e128190adb2edfd5042105b5d1ed4553f295f5ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2022/CVE-2022-490xx/CVE-2022-49018.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-49018",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:12.973",
"lastModified": "2024-10-21T20:15:12.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix sleep in atomic at close time\n\nMatt reported a splat at msk close time:\n\n BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\n preempt_count: 201, expected: 0\n RCU nest depth: 0, expected: 0\n 4 locks held by packetdrill/155:\n #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\n #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\n #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\n Preemption disabled at:\n 0x0\n CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n __might_resched.cold (kernel/sched/core.c:9891)\n __mptcp_destroy_sock (include/linux/kernel.h:110)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_subflow_queue_clean (include/net/sock.h:1777)\n __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n mptcp_destroy_common (net/mptcp/protocol.c:3170)\n mptcp_destroy (include/net/sock.h:1495)\n __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\n __mptcp_close (net/mptcp/protocol.c:2959)\n mptcp_close (net/mptcp/protocol.c:2974)\n inet_release (net/ipv4/af_inet.c:432)\n __sock_release (net/socket.c:651)\n sock_close (net/socket.c:1367)\n __fput (fs/file_table.c:320)\n task_work_run (kernel/task_work.c:181 (discriminator 1))\n exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\n syscall_exit_to_user_mode (kernel/entry/common.c:130)\n do_syscall_64 (arch/x86/entry/common.c:87)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nWe can't call mptcp_close under the 'fast' socket lock variant, replace\nit with a sock_lock_nested() as the relevant code is already under the\nlistening msk socket lock protection."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-490xx/CVE-2022-49019.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-49019",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.040",
"lastModified": "2024-10-21T20:15:13.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: nixge: fix NULL dereference\n\nIn function nixge_hw_dma_bd_release() dereference of NULL pointer\npriv->rx_bd_v is possible for the case of its allocation failure in\nnixge_hw_dma_bd_init().\n\nMove for() loop with priv->rx_bd_v dereference under the check for\nits validity.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/45752af0247589e6d3dede577415bfe117b4392c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/80e82f7b440b65cf131dce10f487dc73a7046e6b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/910c0264b64ef2dad8887714a7c56c93e39a0ed3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9256db4e45e8b497b0e993cc3ed4ad08eb2389b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c584d6d9cfb935dce8fc81a4c26debac0a3049b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49020.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49020",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.100",
"lastModified": "2024-10-21T20:15:13.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49021.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49021",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.163",
"lastModified": "2024-10-21T20:15:13.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix null-ptr-deref while probe() failed\n\nI got a null-ptr-deref report as following when doing fault injection test:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000058\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:klist_put+0x2d/0xd0\nCall Trace:\n <TASK>\n klist_remove+0xf1/0x1c0\n device_release_driver_internal+0x23e/0x2d0\n bus_remove_device+0x1bd/0x240\n device_del+0x357/0x770\n phy_device_remove+0x11/0x30\n mdiobus_unregister+0xa5/0x140\n release_nodes+0x6a/0xa0\n devres_release_all+0xf8/0x150\n device_unbind_cleanup+0x19/0xd0\n\n//probe path:\nphy_device_register()\n device_add()\n\nphy_connect\n phy_attach_direct() //set device driver\n probe() //it's failed, driver is not bound\n device_bind_driver() // probe failed, it's not called\n\n//remove path:\nphy_device_remove()\n device_del()\n device_release_driver_internal()\n __device_release_driver() //dev->drv is not NULL\n klist_remove() <- knode_driver is not added yet, cause null-ptr-deref\n\nIn phy_attach_direct(), after setting the 'dev->driver', probe() fails,\ndevice_bind_driver() is not called, so the knode_driver->n_klist is not\nset, then it causes null-ptr-deref in __device_release_driver() while\ndeleting device. Fix this by setting dev->driver to NULL in the error\npath in phy_attach_direct()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc83226f130c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49022.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49022",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.233",
"lastModified": "2024-10-21T20:15:13.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\n\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\n\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type 'u16 [12]'\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n <TASK>\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x43\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\n ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\n ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\n mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\n mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\n mt76u_tx_status_data+0x67/0xd0 [mt76_usb]\n process_one_work+0x225/0x400\n worker_thread+0x50/0x3e0\n ? process_one_work+0x400/0x400\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-490xx/CVE-2022-49023.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-49023",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.290",
"lastModified": "2024-10-21T20:15:13.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix buffer overflow in elem comparison\n\nFor vendor elements, the code here assumes that 5 octets\nare present without checking. Since the element itself is\nalready checked to fit, we only need to check the length."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2022/CVE-2022-490xx/CVE-2022-49024.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2022-49024",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.367",
"lastModified": "2024-10-21T20:15:13.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods\n\nIn m_can_pci_remove() and error handling path of m_can_pci_probe(),\nm_can_class_free_dev() should be called to free resource allocated by\nm_can_class_allocate_dev(), otherwise there will be memleak."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

37
CVE-2022/CVE-2022-490xx/CVE-2022-49025.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2022-49025",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.427",
"lastModified": "2024-10-21T20:15:13.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free when reverting termination table\n\nWhen having multiple dests with termination tables and second one\nor afterwards fails the driver reverts usage of term tables but\ndoesn't reset the assignment in attr->dests[num_vport_dests].termtbl\nwhich case a use-after-free when releasing the rule.\nFix by resetting the assignment of termtbl to null."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49026.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49026",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.490",
"lastModified": "2024-10-21T20:15:13.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne100: Fix possible use after free in e100_xmit_prepare\n\nIn e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so\ne100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will\nresend the skb. But the skb is already freed, which will cause UAF bug\nwhen the upper layer resends the skb.\n\nRemove the harmful free."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/45605c75c52c7ae7bfe902214343aabcfe5ba0ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9fc27d22cdb9b1fcd754599d216a8992fed280cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b46f6144ab89d3d757ead940759c505091626a7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b775f37d943966f6f77dca402f5a9dedce502c25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49027.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49027",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.563",
"lastModified": "2024-10-21T20:15:13.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix error handling in iavf_init_module()\n\nThe iavf_init_module() won't destroy workqueue when pci_register_driver()\nfailed. Call destroy_workqueue() when pci_register_driver() failed to\nprevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49028.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49028",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.627",
"lastModified": "2024-10-21T20:15:13.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: Fix resource leak in ixgbevf_init_module()\n\nixgbevf_init_module() won't destroy the workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed. Add\ndestroy_workqueue() in fail path to prevent the resource leak.\n\nSimilar to the handling of u132_hcd_init in commit f276e002793c\n(\"usb: u132-hcd: fix resource leak\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49029.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49029",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.690",
"lastModified": "2024-10-21T20:15:13.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails\n\nSmatch report warning as follows:\n\ndrivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:\n '&data->list' not removed from list\n\nIf ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will\nbe freed, but data->list will not be removed from driver_data.bmc_data,\nthen list traversal may cause UAF.\n\nFix by removeing it from driver_data.bmc_data before free()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2022/CVE-2022-490xx/CVE-2022-49030.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2022-49030",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.747",
"lastModified": "2024-10-21T20:15:13.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibbpf: Handle size overflow for ringbuf mmap\n\nThe maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries\nwill overflow u32 when mapping producer page and data pages. Only\ncasting max_entries to size_t is not enough, because for 32-bits\napplication on 64-bits kernel the size of read-only mmap region\nalso could overflow size_t.\n\nSo fixing it by casting the size of read-only mmap region into a __u64\nand checking whether or not there will be overflow during mmap."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0140e079a42064680394fff1199a7b5483688dec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/535a25ab4f9a45f74ba38ab71de95e97474922ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a549ab6724520aa3c07f47e0eba820293551490",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/927cbb478adf917e0a142b94baa37f06279cc466",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49031.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49031",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.807",
"lastModified": "2024-10-21T20:15:13.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4403: Fix oob read in afe4403_read_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0\nRead of size 4 at addr ffffffffc02ac638 by task cat/279\n\nCall Trace:\n afe4403_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4403_channel_leds+0x18/0xffffffffffffe9e0\n\nThis issue can be reproduced by singe command:\n\n $ cat /sys/bus/spi/devices/spi0.0/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4403_channel_leds is less than channels, so access\nwith chan->address cause OOB read in afe4403_read_raw. Fix it by moving\naccess before use it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49032.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49032",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.877",
"lastModified": "2024-10-21T20:15:13.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan->address cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

49
CVE-2022/CVE-2022-490xx/CVE-2022-49033.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2022-49033",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T20:15:13.943",
"lastModified": "2024-10-21T20:15:13.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()\n\nSyzkaller reported BUG as follows:\n\n BUG: sleeping function called from invalid context at\n include/linux/sched/mm.h:274\n Call Trace:\n <TASK>\n dump_stack_lvl+0xcd/0x134\n __might_resched.cold+0x222/0x26b\n kmem_cache_alloc+0x2e7/0x3c0\n update_qgroup_limit_item+0xe1/0x390\n btrfs_qgroup_inherit+0x147b/0x1ee0\n create_subvol+0x4eb/0x1710\n btrfs_mksubvol+0xfe5/0x13f0\n __btrfs_ioctl_snap_create+0x2b0/0x430\n btrfs_ioctl_snap_create_v2+0x25a/0x520\n btrfs_ioctl+0x2a1c/0x5ce0\n __x64_sys_ioctl+0x193/0x200\n do_syscall_64+0x35/0x80\n\nFix this by calling qgroup_dirty() on @dstqgroup, and update limit item in\nbtrfs_run_qgroups() later outside of the spinlock context."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/01d7c41eac9129fba80d8aed0060caab4a7dbe09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/044da1a371a0da579e805e89c96865f62d8f6f69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3c98e91be6aea4c7acf09da6eb0c107ea9186bb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/588ae4fdd8b11788a797776b10d6c44ae12bc133",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89840b12c8fad7200eb6478525c13261512c01be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8eb912af525042a7365295eb62f6d5270c2a6462",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4b930a1602b05e77fee31f9616599b25e910a86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f7e942b5bb35d8e3af54053d19a6bf04143a3955",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

403
CVE-2023/CVE-2023-265xx/CVE-2023-26562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26562",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T16:15:08.187",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T20:35:24.773",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,410 @@
"value": "En Zimbra Collaboration (ZCS) 8.8.15 y 9.0, una cuenta cerrada (con 2FA y contrase\u00f1as generadas) puede enviar mensajes de correo electr\u00f3nico cuando est\u00e1 configurada para Imap/smtp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p36:*:*:*:*:*:*",
"matchCriteriaId": "F546214A-1468-4C7C-8119-1E1727237573"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p28:*:*:*:*:*:*",
"matchCriteriaId": "511B2BB8-6070-44AA-8800-963DBCBAF0EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p29:*:*:*:*:*:*",
"matchCriteriaId": "49BBB2B4-571D-46B1-8569-12A65D0DF3D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-359xx/CVE-2023-35991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35991",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-18T10:15:10.267",
"lastModified": "2023-08-29T18:58:15.803",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-21T21:35:01.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

67
CVE-2023/CVE-2023-423xx/CVE-2023-42374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42374",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:07.913",
"lastModified": "2024-08-01T18:35:04.073",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T20:17:34.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,18 +81,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mystenlabs:sui:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "6A115E42-FA8B-46D3-BDE0-13F231293BF9"
}
]
}
]
}
],
"references": [
{
"url": "https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

194
CVE-2023/CVE-2023-44xx/CVE-2023-4408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4408",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-02-13T14:15:45.253",
"lastModified": "2024-04-26T09:15:08.727",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:02:42.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,34 +39,210 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9840E9C-9BF2-45BA-BEAC-1091C6508358"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FA6FF1-FB7D-490A-AD03-646C267D46BA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndIncluding": "9.16.45",
"matchCriteriaId": "0C8F8FB4-AED3-4FA9-B7C4-E9C22FB96C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.18.0",
"versionEndIncluding": "9.18.21",
"matchCriteriaId": "A1F6FD2C-94DA-4D48-BC8F-D1B118BC9629"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"versionStartIncluding": "9.19.0",
"versionEndIncluding": "9.19.19",
"matchCriteriaId": "6D929353-790C-47DA-BB73-D94D403FA14D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "1B20F152-D0C3-4F07-83B3-5EA6B116F005"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "53593603-E2AF-4925-A6E6-109F097A0FF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "F70347F2-6750-4497-B8F4-2036F4F4443A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "A4B53B73-DB81-4AC1-A4E6-89BB305D6514"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.0:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "22F7108A-73F1-4950-B2C8-AB56C1D4DAC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "16A7E0D1-35A1-4899-9FF2-14279C137C14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*",
"matchCriteriaId": "0233AEF2-9911-48AE-AE97-F217E3337AAF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://kb.isc.org/docs/cve-2023-4408",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0001/",
"source": "security-officer@isc.org"
"source": "security-officer@isc.org",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-524xx/CVE-2023-52431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52431",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T05:15:08.797",
"lastModified": "2024-08-01T18:35:05.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T20:19:07.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plack\\:\\:middleware\\:\\:xsrfblock_project:plack\\:\\:middleware\\:\\:xsrfblock:*:*:*:*:*:perl:*:*",
"versionEndExcluding": "0.0.19",
"matchCriteriaId": "22DACA4A-5302-45A1-883A-F299ED49844D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/briandfoy/cpan-security-advisory/blob/9374f98bef51e1ae887f293234050551c079776f/cpansa/CPANSA-Plack-Middleware-XSRFBlock.yml#L2-L15",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://metacpan.org/release/DAKKAR/Plack-Middleware-XSRFBlock-0.0.19/source/Changes",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

60
CVE-2024/CVE-2024-100xx/CVE-2024-10057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10057",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-18T10:15:03.173",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T20:53:22.813",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -51,18 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fahadmahmood:rss_feed_widget:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "485EBB34-32B8-42F4-B8E1-EB09DAA8243C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3170773/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/rss-feed-widget/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2024/CVE-2024-100xx/CVE-2024-10099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10099",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.337",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:03:53.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -51,10 +73,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:comfy:comfyui:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541F70FD-A46B-442D-A291-B16AD7A06BB9"
}
]
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/14fb8c9a-692a-4d8c-b4b2-24c6f91a383c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-101xx/CVE-2024-10161.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10161",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T01:15:01.940",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:35:33.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2514BC-189E-464F-B389-F7E87A5A5FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.280947",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.280947",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.425440",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-101xx/CVE-2024-10162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10162",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T01:15:02.213",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:36:10.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:boat_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2514BC-189E-464F-B389-F7E87A5A5FE5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_edit_subadmin_sqli.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.280948",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.280948",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.425449",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-101xx/CVE-2024-10165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10165",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T03:15:02.557",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:35:06.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D77D5-CEF2-4260-8D44-5D3C173C98A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/14",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.280951",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.280951",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.425636",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2024/CVE-2024-101xx/CVE-2024-10166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10166",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-20T03:15:02.840",
"lastModified": "2024-10-21T17:09:45.417",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-21T21:34:52.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codezips:sales_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D77D5-CEF2-4260-8D44-5D3C173C98A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ppp-src/CVE/issues/15",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.280952",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.280952",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.425643",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More