diff --git a/CVE-2006/CVE-2006-51xx/CVE-2006-5175.json b/CVE-2006/CVE-2006-51xx/CVE-2006-5175.json index 6f8c653a2b5..7ee59a5050c 100644 --- a/CVE-2006/CVE-2006-51xx/CVE-2006-5175.json +++ b/CVE-2006/CVE-2006-51xx/CVE-2006-5175.json @@ -2,8 +2,8 @@ "id": "CVE-2006-5175", "sourceIdentifier": "cve@mitre.org", "published": "2006-10-10T04:06:00.000", - "lastModified": "2025-05-01T19:57:49.380", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-05-02T12:11:52.183", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -63,8 +63,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:buffalotech:terastation_hd-htgl_firmware:2.05_beta1:*:*:*:*:*:*:*", - "matchCriteriaId": "15462754-3599-4F4B-B139-26472CC4BDA2" + "criteria": "cpe:2.3:o:buffalo-technology:terastation_hd-htgl_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.08", + "matchCriteriaId": "4345AAD8-45CC-4459-A2D0-B6E4B695A5A3" } ] } @@ -74,41 +75,59 @@ "references": [ { "url": "http://jvn.jp/jp/JVN%2393484133/index.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22248", "source": "cve@mitre.org", "tags": [ - "Vendor Advisory" + "Third Party Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/3891", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29338", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://jvn.jp/jp/JVN%2393484133/index.html", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://secunia.com/advisories/22248", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ - "Vendor Advisory" + "Third Party Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/3891", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29338", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36790.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36790.json index 022b685f5cd..edc702fd5e8 100644 --- a/CVE-2020/CVE-2020-367xx/CVE-2020-36790.json +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36790.json @@ -2,8 +2,8 @@ "id": "CVE-2020-36790", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:54.020", - "lastModified": "2025-05-01T15:15:54.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27562.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27562.json index d51b148a903..1878f7e1e34 100644 --- a/CVE-2022/CVE-2022-275xx/CVE-2022-27562.json +++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27562.json @@ -2,13 +2,17 @@ "id": "CVE-2022-27562", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T21:15:52.303", - "lastModified": "2025-04-30T21:15:52.303", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications." + }, + { + "lang": "es", + "value": "La pol\u00edtica de filtro de tipo de archivo predeterminado no seguro en HCL Domino Volt permite la carga de archivos .html y la ejecuci\u00f3n de JavaScript no seguro en aplicaciones implementadas." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39393.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39393.json index a099f8621ef..0fad6e15922 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39393.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39393.json @@ -2,13 +2,13 @@ "id": "CVE-2022-39393", "sourceIdentifier": "security-advisories@github.com", "published": "2022-11-10T20:15:11.520", - "lastModified": "2024-11-21T07:18:11.957", + "lastModified": "2025-05-02T13:15:45.630", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`." + "value": "Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`." }, { "lang": "es", diff --git a/CVE-2022/CVE-2022-424xx/CVE-2022-42449.json b/CVE-2022/CVE-2022-424xx/CVE-2022-42449.json index ad395eefc88..5583ec9265e 100644 --- a/CVE-2022/CVE-2022-424xx/CVE-2022-42449.json +++ b/CVE-2022/CVE-2022-424xx/CVE-2022-42449.json @@ -2,13 +2,17 @@ "id": "CVE-2022-42449", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T21:15:53.053", - "lastModified": "2025-04-30T21:15:53.053", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications" + }, + { + "lang": "es", + "value": "La pol\u00edtica de filtro de tipo de archivo predeterminado no seguro en HCL Domino Volt permite la carga de archivos .html y la ejecuci\u00f3n de JavaScript no seguro en aplicaciones implementadas" } ], "metrics": { diff --git a/CVE-2022/CVE-2022-424xx/CVE-2022-42450.json b/CVE-2022/CVE-2022-424xx/CVE-2022-42450.json index a7fb7eeabd1..d5d40d43281 100644 --- a/CVE-2022/CVE-2022-424xx/CVE-2022-42450.json +++ b/CVE-2022/CVE-2022-424xx/CVE-2022-42450.json @@ -2,13 +2,17 @@ "id": "CVE-2022-42450", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:15.083", - "lastModified": "2025-04-30T22:15:15.083", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications." + }, + { + "lang": "es", + "value": "La depuraci\u00f3n inadecuada de archivos SVG en HCL Domino Volt permite client-side script injection en aplicaciones implementadas." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49762.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49762.json index 9300dd051dc..f13b8b27be9 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49762.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49762.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49762", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:58.933", - "lastModified": "2025-05-01T15:15:58.933", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49763.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49763.json index 10190c8ef2a..cf146126955 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49763.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49763.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49763", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.047", - "lastModified": "2025-05-01T15:15:59.047", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49764.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49764.json index 454e57a72b3..4f16e48aec5 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49764.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49764.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49764", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.170", - "lastModified": "2025-05-01T15:15:59.170", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49765.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49765.json index 9b979d1a150..c29e5b03020 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49765.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49765.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49765", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.277", - "lastModified": "2025-05-01T15:15:59.277", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49766.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49766.json index f71b1cf9b1f..f31761d6509 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49766.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49766.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49766", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.380", - "lastModified": "2025-05-01T15:15:59.380", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49767.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49767.json index b86946b17ba..4f621bd17ab 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49767.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49767.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49767", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.483", - "lastModified": "2025-05-01T15:15:59.483", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49768.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49768.json index f06a455dc9e..4f1edefbd8b 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49768.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49768.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49768", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.597", - "lastModified": "2025-05-01T15:15:59.597", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49769.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49769.json index ac27976928a..aeae941b68c 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49769.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49769.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49769", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.710", - "lastModified": "2025-05-01T15:15:59.710", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49770.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49770.json index 24b60204bdf..860d0eef0de 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49770.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49770.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49770", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:15:59.920", - "lastModified": "2025-05-01T15:15:59.920", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49771.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49771.json index 1102f0d08a5..c35b85aa21d 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49771.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49771.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49771", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.237", - "lastModified": "2025-05-01T15:16:00.237", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49772.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49772.json index 5fcff40ea46..79512528507 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49772.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49772.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49772", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.347", - "lastModified": "2025-05-01T15:16:00.347", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49773.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49773.json index 1790a39c278..257d7a4e9c5 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49773.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49773.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49773", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.453", - "lastModified": "2025-05-01T15:16:00.453", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49774.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49774.json index 5ef678f23ab..71e8a076be2 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49774.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49774.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49774", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.557", - "lastModified": "2025-05-01T15:16:00.557", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49775.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49775.json index 532f706c197..f592be35058 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49775.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49775.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49775", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.650", - "lastModified": "2025-05-01T15:16:00.650", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49776.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49776.json index 0a89d41e555..11b5d2ec94f 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49776.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49776.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49776", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.763", - "lastModified": "2025-05-01T15:16:00.763", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49777.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49777.json index 8a918ab18ba..418a57ede0c 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49777.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49777.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49777", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.870", - "lastModified": "2025-05-01T15:16:00.870", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49778.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49778.json index beacf79d77c..c948d5b89e4 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49778.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49778.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49778", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:00.980", - "lastModified": "2025-05-01T15:16:00.980", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49779.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49779.json index b35fa1cee14..2b9f4fa3bb5 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49779.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49779.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49779", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.080", - "lastModified": "2025-05-01T15:16:01.080", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49780.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49780.json index 22180f5a051..2b6b3d4d69a 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49780.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49780.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49780", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.200", - "lastModified": "2025-05-01T15:16:01.200", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49781.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49781.json index 9c2bd51c34a..0d0bc4d6fd1 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49781.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49781.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49781", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.307", - "lastModified": "2025-05-01T15:16:01.307", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49782.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49782.json index ed00c4273fd..ca1a70b2cb4 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49782.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49782.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49782", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.410", - "lastModified": "2025-05-01T15:16:01.410", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49783.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49783.json index f70ba2c1502..7cdfc17722b 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49783.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49783.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49783", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.510", - "lastModified": "2025-05-01T15:16:01.510", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49784.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49784.json index d14c131ce6d..30ef805edf7 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49784.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49784.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49784", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.610", - "lastModified": "2025-05-01T15:16:01.610", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49785.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49785.json index 5f8894bac57..7d8e8ab03c8 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49785.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49785.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49785", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.713", - "lastModified": "2025-05-01T15:16:01.713", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49786.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49786.json index b94554fb6dc..a46a6897588 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49786.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49786.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49786", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.813", - "lastModified": "2025-05-01T15:16:01.813", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49787.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49787.json index 646f9725064..d5b0dbf6d4d 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49787.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49787.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49787", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:01.920", - "lastModified": "2025-05-01T15:16:01.920", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49788.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49788.json index 6123f950770..ed6f1458a81 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49788.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49788.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49788", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.027", - "lastModified": "2025-05-01T15:16:02.027", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49789.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49789.json index 9e838224653..0d69e8cae8b 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49789.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49789.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49789", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.143", - "lastModified": "2025-05-01T15:16:02.143", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49790.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49790.json index f0705889a86..cbcbea84aac 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49790.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49790.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49790", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.260", - "lastModified": "2025-05-01T15:16:02.260", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49791.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49791.json index 37c0eccfd2f..483c42efbe5 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49791.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49791.json @@ -2,8 +2,8 @@ "id": "CVE-2022-49791", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.367", - "lastModified": "2025-05-01T15:16:02.367", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49792.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49792.json index 2acc235eb93..4f1962a533e 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49792.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49792.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49792", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.460", - "lastModified": "2025-05-01T15:16:02.460", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: mp2629: fix potential array out of bound access\n\nAdd sentinel at end of maps to avoid potential array out of\nbound access in iio core." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: mp2629: se corrige un posible acceso fuera de los l\u00edmites de la matriz. Se agrega centinela al final de los mapas para evitar un posible acceso fuera de los l\u00edmites de la matriz en el n\u00facleo iio." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49793.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49793.json index 3db9ecb5227..a221ef5039a 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49793.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49793.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49793", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.563", - "lastModified": "2025-05-01T15:16:02.563", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()\n\ndev_set_name() allocates memory for name, it need be freed\nwhen device_add() fails, call put_device() to give up the\nreference that hold in device_initialize(), so that it can\nbe freed in kobject_cleanup() when the refcount hit to 0.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff8e8340a7b4c0 (size 32):\n comm \"modprobe\", pid 243, jiffies 4294678145 (age 48.845s)\n hex dump (first 32 bytes):\n 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge\n 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............\n backtrace:\n [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360\n [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0\n [<000000003636c520>] kstrdup+0x2d/0x60\n [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90\n [<0000000092efe493>] dev_set_name+0x4e/0x70" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: trigger: sysfs: se corrige una posible fuga de memoria en iio_sysfs_trig_init(). dev_set_name() asigna memoria para name. Esta debe liberarse cuando device_add() falla. Se llama a put_device() para liberar la referencia contenida en device_initialize(), de modo que pueda liberarse en kobject_cleanup() cuando refcount llegue a 0. La prueba de inyecci\u00f3n de fallos puede desencadenar esto: objeto sin referencia 0xffff8e8340a7b4c0 (tama\u00f1o 32): comm \"modprobe\", pid 243, jiffies 4294678145 (edad 48.845s) volcado hexadecimal (primeros 32 bytes): 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............ backtrace: [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360 [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0 [<000000003636c520>] kstrdup+0x2d/0x60 [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90 [<0000000092efe493>] dev_set_name+0x4e/0x70 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49794.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49794.json index 7e9ce7d759b..429c527fdde 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49794.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49794.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49794", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.673", - "lastModified": "2025-05-01T15:16:02.673", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: at91_adc: corrige posible p\u00e9rdida de memoria en at91_adc_allocate_trigger() Si iio_trigger_register() devuelve un error, debe llamar a iio_trigger_free() para renunciar a la referencia contenida en iio_trigger_alloc(), de modo que pueda llamar a iio_trig_release() para liberar memoria cuando el recuento de referencias llegue a 0." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49795.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49795.json index 9a6c948fa0c..bbb189efc1c 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49795.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49795.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49795", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.783", - "lastModified": "2025-05-01T15:16:02.783", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrethook: fix a potential memleak in rethook_alloc()\n\nIn rethook_alloc(), the variable rh is not freed or passed out\nif handler is NULL, which could lead to a memleak, fix it.\n\n[Masami: Add \"rethook:\" tag to the title.]\n\nAcke-by: Masami Hiramatsu (Google) " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rethook: se corrige una posible fuga de memoria en rethook_alloc(). En rethook_alloc(), la variable rh no se libera ni se pasa si el manejador es NULL, lo que podr\u00eda provocar una fuga de memoria. Corr\u00edjalo. [Masami: A\u00f1adir la etiqueta \"rethook:\" al t\u00edtulo]. Por: Masami Hiramatsu (Google) " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49796.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49796.json index f4506511d48..66b58619891 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49796.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49796.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49796", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.887", - "lastModified": "2025-05-01T15:16:02.887", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\n\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\nwill goto delete, which will call kprobe_event_delete() and release the\ncorresponding resource. However, the trace_array in gen_kretprobe_test\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\nafter called kprobe_event_delete() to prevent null-ptr-deref.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000070\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 0 PID: 246 Comm: modprobe Tainted: G W\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\nFS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __ftrace_set_clr_event+0x3e/0x60\n trace_array_set_clr_event+0x35/0x50\n ? 0xffffffffa0000000\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f89eeb061b7" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: kprobe: Se corrige la posible desreferencia de PTR nula en trace_array en kprobe_event_gen_test_exit(). Cuando test_gen_kprobe_cmd() falla despu\u00e9s de kprobe_event_gen_cmd_end(), se ejecuta el comando \"eliminar\", lo que llama a kprobe_event_delete() y libera el recurso correspondiente. Sin embargo, trace_array en gen_kretprobe_test apuntar\u00e1 al recurso no v\u00e1lido. Establezca gen_kretprobe_test en NULL despu\u00e9s de llamar a kprobe_event_delete() para evitar la desreferencia de PTR nula. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000070 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 246 Comm: modprobe Tainted: GW 6.1.0-rc1-00174-g9522dc5c87da-dirty #248 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0 Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c 01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65 70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000 RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064 R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000 FS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __ftrace_set_clr_event+0x3e/0x60 trace_array_set_clr_event+0x35/0x50 ? 0xffffffffa0000000 kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test] __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f89eeb061b7 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49797.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49797.json index 535ee2bddaf..01451d61e2a 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49797.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49797.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49797", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:02.990", - "lastModified": "2025-05-01T15:16:02.990", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()\n\nWhen trace_get_event_file() failed, gen_kretprobe_test will be assigned\nas the error code. If module kprobe_event_gen_test is removed now, the\nnull pointer dereference will happen in kprobe_event_gen_test_exit().\nCheck if gen_kprobe_test or gen_kretprobe_test is error code or NULL\nbefore dereference them.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 3 PID: 2210 Comm: modprobe Not tainted\n6.1.0-rc1-00171-g2159299a3b74-dirty #217\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]\nCode: Unable to access opcode bytes at 0xffffffff9ffffff2.\nRSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246\nRAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000\nRDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c\nRBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800\nR13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: kprobe: Se corrige la posible desreferencia de puntero nulo en trace_event_file en kprobe_event_gen_test_exit(). Cuando trace_get_event_file() falla, se asigna gen_kretprobe_test como c\u00f3digo de error. Si se elimina el m\u00f3dulo kprobe_event_gen_test, se producir\u00e1 la desreferencia de puntero nulo en kprobe_event_gen_test_exit(). Compruebe si gen_kprobe_test o gen_kretprobe_test son c\u00f3digos de error o nulos antes de desreferenciarlos. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000012 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 2210 Comm: modprobe No contaminado 6.1.0-rc1-00171-g2159299a3b74-dirty #217 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test] C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0xffffffff9ffffff2. RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246 RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 000000000000000 RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c RBP: ffffffffa0000000 R08: 000000000000004 R09: 00000000001e95c0 R10: 000000000000000 R11: 000000000000001 R12: 0000000000000800 R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 000000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49798.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49798.json index 7e46283fd71..4cf5d35784f 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49798.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49798.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49798", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.097", - "lastModified": "2025-05-01T15:16:03.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race where eprobes can be called before the event\n\nThe flag that tells the event to call its triggers after reading the event\nis set for eprobes after the eprobe is enabled. This leads to a race where\nthe eprobe may be triggered at the beginning of the event where the record\ninformation is NULL. The eprobe then dereferences the NULL record causing\na NULL kernel pointer bug.\n\nTest for a NULL record to keep this from happening." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la ejecuci\u00f3n donde se pueden llamar los eprobes antes del evento. El indicador que indica al evento que llame a sus desencadenadores despu\u00e9s de leer el evento se establece para los eprobes despu\u00e9s de habilitarlos. Esto provoca una ejecuci\u00f3n donde el eprobe puede activarse al inicio del evento cuando la informaci\u00f3n del registro es nula. El eprobe entonces desreferencia el registro nulo, causando un error de puntero de kernel nulo. Pruebe si hay un registro nulo para evitar que esto suceda." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-497xx/CVE-2022-49799.json b/CVE-2022/CVE-2022-497xx/CVE-2022-49799.json index d35bb80d372..872b995473e 100644 --- a/CVE-2022/CVE-2022-497xx/CVE-2022-49799.json +++ b/CVE-2022/CVE-2022-497xx/CVE-2022-49799.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49799", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.200", - "lastModified": "2025-05-01T15:16:03.200", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n set_synth_event_print_fmt failed\n trace_remove_event_call\n event_remove\n if call->event.funcs then\n __unregister_trace_event (first call)\n unregister_trace_event\n __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige el acceso a memoria no autorizado en register_synth_event(). En register_synth_event(), si set_synth_event_print_fmt() falla, se invocar\u00e1n trace_remove_event_call() y unregister_trace_event(), lo que significa que trace_event_call llamar\u00e1 a __unregister_trace_event() dos veces. Como resultado, la segunda anulaci\u00f3n del registro provocar\u00e1 el acceso a memoria no autorizado. register_synth_event set_synth_event_print_fmt fall\u00f3 trace_remove_event_call event_remove si call->event.funcs entonces __unregister_trace_event (primera llamada) unregister_trace_event __unregister_trace_event (segunda llamada) Corrija el error evitando llamar al segundo __unregister_trace_event() verificando si se llama al primero. Fallo de protecci\u00f3n general, probablemente por direcci\u00f3n no can\u00f3nica 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: tal vez acceso a memoria salvaje en el rango [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe No contaminado 6.1.0-rc1-00186-g76f33a7eedb4 #299 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregister_trace_event+0x6e/0x280 C\u00f3digo: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: muerto000000000100 R08: 0000000000000000 R09: ffffbfff0913481 R10: ffffffff8489a407 R11: ffffbfff0913480 R12: muerto000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: __create_synth_event+0x1e37/0x1eb0 create_or_delete_synth_event+0x110/0x250 synth_event_run_command+0x2f/0x110 test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test] synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test] do_one_initcall+0xdb/0x480 do_init_module+0x1cf/0x680 load_module+0x6a50/0x70a0 __do_sys_finit_module+0x12f/0x1c0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49800.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49800.json index 980e683b801..a1a12cc8117 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49800.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49800.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49800", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.303", - "lastModified": "2025-05-01T15:16:03.303", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n hex dump (first 32 bytes):\n 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<0000000039eb1cf5>] 0xffffffffa00083cd\n [<000000000e8c3bc8>] 0xffffffffa00086ba\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n hex dump (first 32 bytes):\n 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<00000000d4db9a3d>] 0xffffffffa0008071\n [<00000000c31354a5>] 0xffffffffa00086ce\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la fuga de memoria en test_gen_synth_cmd() y test_empty_synth_event(). Test_gen_synth_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 aunque no haya fallo. Se ha a\u00f1adido kfree(buf) para evitar la fuga de memoria. La misma raz\u00f3n y soluci\u00f3n se aplican en test_empty_synth_event(). objeto sin referencia 0xffff8881127de000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49801.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49801.json index 4281a347aae..fcee5d8bd4f 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49801.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49801.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49801", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.407", - "lastModified": "2025-05-01T15:16:03.407", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in tracing_read_pipe()\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff888105a18900 (size 128):\n comm \"test_progs\", pid 18933, jiffies 4336275356 (age 22801.766s)\n hex dump (first 32 bytes):\n 25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X.\n 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000560143a1>] __kmalloc_node_track_caller+0x4a/0x140\n [<000000006af00822>] krealloc+0x8d/0xf0\n [<00000000c309be6a>] trace_iter_expand_format+0x99/0x150\n [<000000005a53bdb6>] trace_check_vprintf+0x1e0/0x11d0\n [<0000000065629d9d>] trace_event_printf+0xb6/0xf0\n [<000000009a690dc7>] trace_raw_output_bpf_trace_printk+0x89/0xc0\n [<00000000d22db172>] print_trace_line+0x73c/0x1480\n [<00000000cdba76ba>] tracing_read_pipe+0x45c/0x9f0\n [<0000000015b58459>] vfs_read+0x17b/0x7c0\n [<000000004aeee8ed>] ksys_read+0xed/0x1c0\n [<0000000063d3d898>] do_syscall_64+0x3b/0x90\n [<00000000a06dda7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\niter->fmt alloced in\n tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not\nfreed, to fix, add free in tracing_release_pipe()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: Fix memory leakage in tracing_read_pipe() kmemleak informa de este problema: unreferenced object 0xffff888105a18900 (size 128): comm \"test_progs\", pid 18933, jiffies 4336275356 (age 22801.766s) hex dump (first 32 bytes): 25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...BX 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000560143a1>] __kmalloc_nodo_rastreador_llamador+0x4a/0x140 [<000000006af00822>] krealloc+0x8d/0xf0 [<00000000c309be6a>] trace_iter_expand_format+0x99/0x150 [<000000005a53bdb6>] trace_check_vprintf+0x1e0/0x11d0 [<0000000065629d9d>] trace_event_printf+0xb6/0xf0 [<000000009a690dc7>] trace_raw_output_bpf_trace_printk+0x89/0xc0 [<00000000d22db172>] imprimir_l\u00ednea_de_seguimiento+0x73c/0x1480 [<00000000cdba76ba>] conducto_de_lectura_de_seguimiento+0x45c/0x9f0 [<0000000015b58459>] lectura_vfs+0x17b/0x7c0 [<000000004aeee8ed>] lectura_ksys+0xed/0x1c0 [<0000000063d3d898>] hacer_llamada_al_sistema_64+0x3b/0x90 [<00000000a06dda7f>] entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x63/0xcd iter->fmt asignado en conducto_de_lectura_de_seguimiento() -> .. ->trace_iter_expand_format(), pero no se libera, para solucionarlo, agregue free en tracing_release_pipe()" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49802.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49802.json index f0c996fec5b..d6830267bb2 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49802.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49802.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49802", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.510", - "lastModified": "2025-05-01T15:16:03.510", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix null pointer dereference in ftrace_add_mod()\n\nThe @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}\nof @ftrace_mode->list are NULL, it's not a valid state to call list_del().\nIf kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free\ntag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del()\nwill write prev->next and next->prev, where null pointer dereference\nhappens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCall Trace:\n \n ftrace_mod_callback+0x20d/0x220\n ? do_filp_open+0xd9/0x140\n ftrace_process_regex.isra.51+0xbf/0x130\n ftrace_regex_write.isra.52.part.53+0x6e/0x90\n vfs_write+0xee/0x3a0\n ? __audit_filter_op+0xb1/0x100\n ? auditd_test_task+0x38/0x50\n ksys_write+0xa5/0xe0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nKernel panic - not syncing: Fatal exception\n\nSo call INIT_LIST_HEAD() to initialize the list member to fix this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Corregir la desreferencia de puntero nulo en ftrace_add_mod() @ftrace_mod se asigna mediante kzalloc(), por lo que ambos miembros {prev,next} de @ftrace_mode->list son NULL, no es un estado v\u00e1lido para llamar a list_del(). Si kstrdup() para @ftrace_mod->{func|module} falla, va a la etiqueta @out_free y llama a free_ftrace_mod() para destruir @ftrace_mod, entonces list_del() escribir\u00e1 prev->next y next->prev, donde ocurre la desreferencia de puntero nulo. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000008 Oops: 0002 [#1] PREEMPT SMP NOPTI Call Trace: ftrace_mod_callback+0x20d/0x220 ? P\u00e1nico del kernel: no se sincroniza: Excepci\u00f3n fatal Por lo tanto, llame a INIT_LIST_HEAD() para inicializar el miembro de la lista para corregir este problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49803.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49803.json index b12d4b7f7f4..5dd2a5136be 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49803.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49803.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49803", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.617", - "lastModified": "2025-05-01T15:16:03.617", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: Fix memory leak of nsim_dev->fa_cookie\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff8881bac872d0 (size 8):\n comm \"sh\", pid 58603, jiffies 4481524462 (age 68.065s)\n hex dump (first 8 bytes):\n 04 00 00 00 de ad be ef ........\n backtrace:\n [<00000000c80b8577>] __kmalloc+0x49/0x150\n [<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]\n [<0000000093d78e77>] full_proxy_write+0xf3/0x180\n [<000000005a662c16>] vfs_write+0x1c5/0xaf0\n [<000000007aabf84a>] ksys_write+0xed/0x1c0\n [<000000005f1d2e47>] do_syscall_64+0x3b/0x90\n [<000000006001c6ec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\n\nnsim_dev_trap_fa_cookie_write()\n kmalloc() fa_cookie\n nsim_dev->fa_cookie = fa_cookie\n..\nnsim_drv_remove()\n\nThe fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To\nfix, add kfree(nsim_dev->fa_cookie) to nsim_drv_remove()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netdevsim: Se corrige la p\u00e9rdida de memoria de nsim_dev->fa_cookie. kmemleak informa de este problema: objeto sin referencia 0xffff8881bac872d0 (tama\u00f1o 8): comm \"sh\", pid 58603, jiffies 4481524462 (edad 68,065 s) volcado hexadecimal (primeros 8 bytes): 04 00 00 00 de ad be ef ........ backtrace: [<00000000c80b8577>] __kmalloc+0x49/0x150 [<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim] [<0000000093d78e77>] escritura de proxy completo+0xf3/0x180 [<000000005a662c16>] escritura de vfs+0x1c5/0xaf0 [<000000007aabf84a>] escritura de ksys+0xed/0x1c0 [<000000005f1d2e47>] llamada al sistema_64+0x3b/0x90 [<000000006001c6ec>] entrada_SYSCALL_64_after_hwframe+0x63/0xcd El problema ocurre en los siguientes escenarios: nsim_dev_trap_fa_cookie_write() kmalloc() fa_cookie nsim_dev->fa_cookie = fa_cookie .. nsim_drv_remove(): La fa_cookie bloqueada en nsim_dev_trap_fa_cookie_write() no se libera. Para solucionarlo, a\u00f1ada kfree(nsim_dev->fa_cookie) a nsim_drv_remove()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49804.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49804.json index 7a18b708d74..ea110327ad1 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49804.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49804.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49804", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.717", - "lastModified": "2025-05-01T15:16:03.717", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: avoid using global register for current_stack_pointer\n\nCommit 30de14b1884b (\"s390: current_stack_pointer shouldn't be a\nfunction\") made current_stack_pointer a global register variable like\non many other architectures. Unfortunately on s390 it uncovers old\ngcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87\n(\"S/390: Fix PR89775. Stackpointer save/restore instructions removed\")]\nand backported to gcc-8.4 and later. Due to this bug gcc versions prior\nto 8.4 generate broken code which leads to stack corruptions.\n\nCurrent minimal gcc version required to build the kernel is declared\nas 5.1. It is not possible to fix all old gcc versions, so work\naround this problem by avoiding using global register variable for\ncurrent_stack_pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390: evitar el uso de un registro global para current_stack_pointer. El commit 30de14b1884b (\"s390: current_stack_pointer no deber\u00eda ser una funci\u00f3n\") convirti\u00f3 current_stack_pointer en una variable de registro global, como en muchas otras arquitecturas. Desafortunadamente, en s390, se descubre un antiguo error de gcc corregido solo desde gcc-9.1 [commit 3ad7fed1cc87 de gcc (\"S/390: Correcci\u00f3n de PR89775. Se eliminaron las instrucciones de guardado/restauraci\u00f3n de Stackpointer\")] y se ha retroportado a gcc-8.4 y posteriores. Debido a este error, las versiones de gcc anteriores a la 8.4 generan c\u00f3digo defectuoso que provoca corrupciones en la pila. La versi\u00f3n m\u00ednima actual de gcc requerida para compilar el kernel es la 5.1. No es posible corregir todas las versiones antiguas de gcc, por lo que se puede solucionar este problema evitando el uso de la variable de registro global para current_stack_pointer." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49805.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49805.json index 489a7c89ad1..a4671f9bd65 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49805.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49805.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49805", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.817", - "lastModified": "2025-05-01T15:16:03.817", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()\n\nlan966x_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nlan966x_stats_init()\n create_singlethread_workqueue() # failed, lan966x->stats_queue is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq->flags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: lan966x: Se corrige un posible error de referencia nulo (PTR) en lan966x_stats_init(). Lan966x_stats_init() llama a create_singlethread_workqueue() y no verifica el valor ret, lo que puede devolver NULL. Podr\u00eda ocurrir un error de referencia nulo (PTR): lan966x_stats_init() create_singlethread_workqueue() # Fall\u00f3, lan966x->stats_queue es NULL. queue_delayed_work() queue_delayed_work_on(). __queue_delayed_work() # Advertencia, pero contin\u00fae. __queue_work() # Acceso a wq->flags, PTR-deref nulo. Verifique el valor ret y devuelva -ENOMEM si es NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49806.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49806.json index 9c528ccc752..543af57fd27 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49806.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49806.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49806", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:03.920", - "lastModified": "2025-05-01T15:16:03.920", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()\n\nsparx_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nsparx_stats_init()\n create_singlethread_workqueue() # failed, sparx5->stats_queue is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq->flags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL. So as\nsparx5_start()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: microchip: sparx5: Se corrige un posible null-ptr-deref en sparx_stats_init() y sparx5_start(). sparx_stats_init() llama a create_singlethread_workqueue() y no comprueba el valor ret, lo que puede devolver NULL. Y puede ocurrir un null-ptr-deref: sparx_stats_init() create_singlethread_workqueue() # fall\u00f3, sparx5->stats_queue es NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # advertencia aqu\u00ed, pero contin\u00fae __queue_work() # acceso a wq->flags, null-ptr-deref Compruebe el valor ret y devuelva -ENOMEM si es NULL. As\u00ed como sparx5_start()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49807.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49807.json index 3ec086a40af..0a6aa52c8a7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49807.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49807.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49807", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.030", - "lastModified": "2025-05-01T15:16:04.030", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a memory leak in nvmet_auth_set_key\n\nWhen changing dhchap secrets we need to release the old\nsecrets as well.\n\nkmemleak complaint:\n--\nunreferenced object 0xffff8c7f44ed8180 (size 64):\n comm \"check\", pid 7304, jiffies 4295686133 (age 72034.246s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq\n 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8\n backtrace:\n [<00000000b6fc5071>] kstrdup+0x2e/0x60\n [<00000000f0f4633f>] 0xffffffffc0e07ee6\n [<0000000053006c05>] 0xffffffffc0dff783\n [<00000000419ae922>] configfs_write_iter+0xb1/0x120\n [<000000008183c424>] vfs_write+0x2be/0x3c0\n [<000000009005a2a5>] ksys_write+0x5f/0xe0\n [<00000000cd495c89>] do_syscall_64+0x38/0x90\n [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: corrige una p\u00e9rdida de memoria en nvmet_auth_set_key Al cambiar los secretos de dhchap, tambi\u00e9n debemos liberar los secretos antiguos. Queja de kmemleak: -- objeto sin referencia 0xffff8c7f44ed8180 (tama\u00f1o 64): comm \"check\", pid 7304, jiffies 4295686133 (edad 72034.246s) volcado hexadecimal (primeros 32 bytes): 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8 backtrace: [<00000000b6fc5071>] kstrdup+0x2e/0x60 [<00000000f0f4633f>] 0xffffffffc0e07ee6 [<0000000053006c05>] 0xffffffffc0dff783 [<00000000419ae922>] configfs_write_iter+0xb1/0x120 [<000000008183c424>] vfs_write+0x2be/0x3c0 [<000000009005a2a5>] ksys_write+0x5f/0xe0 [<00000000cd495c89>] do_syscall_64+0x38/0x90 [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49808.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49808.json index 0e47ffa0a81..43ce3023b2c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49808.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49808.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49808", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.130", - "lastModified": "2025-05-01T15:16:04.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: don't leak tagger-owned storage on switch driver unbind\n\nIn the initial commit dc452a471dba (\"net: dsa: introduce tagger-owned\nstorage for private and shared data\"), we had a call to\ntag_ops->disconnect(dst) issued from dsa_tree_free(), which is called at\ntree teardown time.\n\nThere were problems with connecting to a switch tree as a whole, so this\ngot reworked to connecting to individual switches within the tree. In\nthis process, tag_ops->disconnect(ds) was made to be called only from\nswitch.c (cross-chip notifiers emitted as a result of dynamic tag proto\nchanges), but the normal driver teardown code path wasn't replaced with\nanything.\n\nSolve this problem by adding a function that does the opposite of\ndsa_switch_setup_tag_protocol(), which is called from the equivalent\nspot in dsa_switch_teardown(). The positioning here also ensures that we\nwon't have any use-after-free in tagging protocol (*rcv) ops, since the\nteardown sequence is as follows:\n\ndsa_tree_teardown\n-> dsa_tree_teardown_master\n -> dsa_master_teardown\n -> unsets master->dsa_ptr, making no further packets match the\n ETH_P_XDSA packet type handler\n-> dsa_tree_teardown_ports\n -> dsa_port_teardown\n -> dsa_slave_destroy\n -> unregisters DSA net devices, there is even a synchronize_net()\n in unregister_netdevice_many()\n-> dsa_tree_teardown_switches\n -> dsa_switch_teardown\n -> dsa_switch_teardown_tag_protocol\n -> finally frees the tagger-owned storage" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: no filtrar almacenamiento propiedad del etiquetador al desvincular el controlador del conmutador. En la confirmaci\u00f3n inicial dc452a471dba (\"net: dsa: introducir almacenamiento propiedad del etiquetador para datos privados y compartidos\"), ten\u00edamos una llamada a tag_ops->disconnect(dst) emitida desde dsa_tree_free(), que se llama en el momento del desmontaje del \u00e1rbol. Hab\u00eda problemas con la conexi\u00f3n a un \u00e1rbol de conmutadores como un todo, por lo que esto se modific\u00f3 para conectarse a conmutadores individuales dentro del \u00e1rbol. En este proceso, tag_ops->disconnect(ds) se hizo para que se llamara solo desde switch.c (notificadores entre chips emitidos como resultado de cambios din\u00e1micos de protocolo de etiqueta), pero la ruta de c\u00f3digo normal para el desmontaje del controlador no se reemplaz\u00f3 con nada. Resuelva este problema a\u00f1adiendo una funci\u00f3n que haga lo contrario de dsa_switch_setup_tag_protocol(), que se llama desde el punto equivalente en dsa_switch_teardown(). El posicionamiento aqu\u00ed tambi\u00e9n asegura que no tendremos ning\u00fan use-after-free en las operaciones del protocolo de etiquetado (*rcv), ya que la secuencia de desmontaje es la siguiente: dsa_tree_teardown -> dsa_tree_teardown_master -> dsa_master_teardown -> anula el ajuste master->dsa_ptr, lo que hace que no haya m\u00e1s paquetes que coincidan con el controlador de tipo de paquete ETH_P_XDSA -> dsa_tree_teardown_ports -> dsa_port_teardown -> dsa_slave_destroy -> anula el registro de los dispositivos de red DSA, incluso hay un synchronize_net() en unregister_netdevice_many() -> dsa_tree_teardown_switches -> dsa_switch_teardown -> dsa_switch_teardown_tag_protocol -> finalmente libera el almacenamiento propiedad del etiquetador" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49809.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49809.json index 574ab254614..0120e832f0e 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49809.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49809.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49809", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.237", - "lastModified": "2025-05-01T15:16:04.237", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix skb leak in x25_lapb_receive_frame()\n\nx25_lapb_receive_frame() using skb_copy() to get a private copy of\nskb, the new skb should be freed in the undersized/fragmented skb\nerror handling path. Otherwise there is a memory leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/x25: Se corrige la fuga de skb en x25_lapb_receive_frame(). x25_lapb_receive_frame() usa skb_copy() para obtener una copia privada de skb. El nuevo skb debe liberarse en la ruta de gesti\u00f3n de errores de skb de tama\u00f1o insuficiente/fragmentado. De lo contrario, se produce una fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49810.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49810.json index fdf706275ae..883e3a78adc 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49810.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49810.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49810", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.347", - "lastModified": "2025-05-01T15:16:04.347", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix missing xas_retry() calls in xarray iteration\n\nnetfslib has a number of places in which it performs iteration of an xarray\nwhilst being under the RCU read lock. It *should* call xas_retry() as the\nfirst thing inside of the loop and do \"continue\" if it returns true in case\nthe xarray walker passed out a special value indicating that the walk needs\nto be redone from the root[*].\n\nFix this by adding the missing retry checks.\n\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\n suchlike, but I'm told that's not an simple change to effect.\n\nThis can cause an oops like that below. Note the faulting address - this\nis an internal value (|0x2) returned from xarray.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000402\n...\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\n...\nCall Trace:\n netfs_rreq_assess+0xa6/0x240 [netfs]\n netfs_readpage+0x173/0x3b0 [netfs]\n ? init_wait_var_entry+0x50/0x50\n filemap_read_page+0x33/0xf0\n filemap_get_pages+0x2f2/0x3f0\n filemap_read+0xaa/0x320\n ? do_filp_open+0xb2/0x150\n ? rmqueue+0x3be/0xe10\n ceph_read_iter+0x1fe/0x680 [ceph]\n ? new_sync_read+0x115/0x1a0\n new_sync_read+0x115/0x1a0\n vfs_read+0xf3/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nChanges:\n========\nver #2)\n - Changed an unsigned int to a size_t to reduce the likelihood of an\n overflow as per Willy's suggestion.\n - Added an additional patch to fix the maths." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: Se corrigen las llamadas xas_retry() faltantes en la iteraci\u00f3n de un xarray. netfslib realiza la iteraci\u00f3n de un xarray en varios lugares bajo el bloqueo de lectura de la RCU. *Deber\u00eda* llamar a xas_retry() como primer paso dentro del bucle y ejecutar \"continue\" si devuelve verdadero en caso de que el rastreador de xarrays haya pasado un valor especial que indique que el recorrido debe rehacerse desde la ra\u00edz. [*] Se puede solucionar a\u00f1adiendo las comprobaciones de reintento faltantes. [*] Me pregunto si esto deber\u00eda hacerse dentro de xas_find(), xas_next_node() y similares, pero me han dicho que no es un cambio sencillo de implementar. Esto puede causar un error como el que se muestra a continuaci\u00f3n. Observe la direcci\u00f3n del error: se trata de un valor interno (|0x2) devuelto por xarray. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000402 ... RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] ... Seguimiento de llamadas: netfs_rreq_assess+0xa6/0x240 [netfs] netfs_readpage+0x173/0x3b0 [netfs] ? init_wait_var_entry+0x50/0x50 filemap_read_page+0x33/0xf0 filemap_get_pages+0x2f2/0x3f0 filemap_read+0xaa/0x320 ? do_filp_open+0xb2/0x150 ? rmqueue+0x3be/0xe10 ceph_read_iter+0x1fe/0x680 [ceph] ? new_sync_read+0x115/0x1a0 new_sync_read+0x115/0x1a0 vfs_read+0xf3/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Changes: ======== ver #2) - Se cambi\u00f3 un int sin signo a un size_t para reducir la probabilidad de un desbordamiento seg\u00fan la sugerencia de Willy. - Se agreg\u00f3 un parche adicional para corregir las matem\u00e1ticas." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49811.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49811.json index a0b8ffa8995..5a39b7c553e 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49811.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49811.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49811", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.450", - "lastModified": "2025-05-01T15:16:04.450", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: use after free in drbd_create_device()\n\nThe drbd_destroy_connection() frees the \"connection\" so use the _safe()\niterator to prevent a use after free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drbd: use-after-free en drbd_create_device(). drbd_destroy_connection() libera la \"conexi\u00f3n\", as\u00ed que use el iterador _safe() para evitar un use-after-free." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49812.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49812.json index 9618ff4a39f..719bc145f6a 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49812.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49812.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49812", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.560", - "lastModified": "2025-05-01T15:16:04.560", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: switchdev: Fix memory leaks when changing VLAN protocol\n\nThe bridge driver can offload VLANs to the underlying hardware either\nvia switchdev or the 8021q driver. When the former is used, the VLAN is\nmarked in the bridge driver with the 'BR_VLFLAG_ADDED_BY_SWITCHDEV'\nprivate flag.\n\nTo avoid the memory leaks mentioned in the cited commit, the bridge\ndriver will try to delete a VLAN via the 8021q driver if the VLAN is not\nmarked with the previously mentioned flag.\n\nWhen the VLAN protocol of the bridge changes, switchdev drivers are\nnotified via the 'SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL' attribute, but\nthe 8021q driver is also called to add the existing VLANs with the new\nprotocol and delete them with the old protocol.\n\nIn case the VLANs were offloaded via switchdev, the above behavior is\nboth redundant and buggy. Redundant because the VLANs are already\nprogrammed in hardware and drivers that support VLAN protocol change\n(currently only mlx5) change the protocol upon the switchdev attribute\nnotification. Buggy because the 8021q driver is called despite these\nVLANs being marked with 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. This leads to\nmemory leaks [1] when the VLANs are deleted.\n\nFix by not calling the 8021q driver for VLANs that were already\nprogrammed via switchdev.\n\n[1]\nunreferenced object 0xffff8881f6771200 (size 256):\n comm \"ip\", pid 446855, jiffies 4298238841 (age 55.240s)\n hex dump (first 32 bytes):\n 00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000012819ac>] vlan_vid_add+0x437/0x750\n [<00000000f2281fad>] __br_vlan_set_proto+0x289/0x920\n [<000000000632b56f>] br_changelink+0x3d6/0x13f0\n [<0000000089d25f04>] __rtnl_newlink+0x8ae/0x14c0\n [<00000000f6276baf>] rtnl_newlink+0x5f/0x90\n [<00000000746dc902>] rtnetlink_rcv_msg+0x336/0xa00\n [<000000001c2241c0>] netlink_rcv_skb+0x11d/0x340\n [<0000000010588814>] netlink_unicast+0x438/0x710\n [<00000000e1a4cd5c>] netlink_sendmsg+0x788/0xc40\n [<00000000e8992d4e>] sock_sendmsg+0xb0/0xe0\n [<00000000621b8f91>] ____sys_sendmsg+0x4ff/0x6d0\n [<000000000ea26996>] ___sys_sendmsg+0x12e/0x1b0\n [<00000000684f7e25>] __sys_sendmsg+0xab/0x130\n [<000000004538b104>] do_syscall_64+0x3d/0x90\n [<0000000091ed9678>] entry_SYSCALL_64_after_hwframe+0x46/0xb0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bridge: switchdev: Fix memory leakage when Changing VLAN protocol El controlador del puente puede descargar VLAN al hardware subyacente mediante switchdev o el controlador 8021q. Cuando se utiliza el primero, la VLAN se marca en el controlador del puente con el indicador privado 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. Para evitar las fugas de memoria mencionadas en la confirmaci\u00f3n citada, el controlador del puente intentar\u00e1 eliminar una VLAN mediante el controlador 8021q si la VLAN no est\u00e1 marcada con el indicador mencionado anteriormente. Cuando cambia el protocolo VLAN del puente, se notifica a los controladores switchdev mediante el atributo 'SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL', pero tambi\u00e9n se llama al controlador 8021q para agregar las VLAN existentes con el nuevo protocolo y eliminarlas con el protocolo anterior. En caso de que las VLAN se descargaran mediante switchdev, el comportamiento anterior es redundante y presenta errores. Redundante porque las VLAN ya est\u00e1n programadas en el hardware y los controladores compatibles con el cambio de protocolo de VLAN (actualmente solo mlx5) cambian el protocolo al recibir la notificaci\u00f3n del atributo switchdev. Presenta errores porque se llama al controlador 8021q a pesar de que estas VLAN est\u00e1n marcadas con 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. Esto provoca fugas de memoria [1] al eliminar las VLAN. Se soluciona no llamando al controlador 8021q para las VLAN ya programadas mediante switchdev. [1] objeto sin referencia 0xffff8881f6771200 (tama\u00f1o 256): comm \"ip\", pid 446855, jiffies 4298238841 (edad 55.240s) volcado hexadecimal (primeros 32 bytes): 00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000012819ac>] vlan_vid_add+0x437/0x750 [<00000000f2281fad>] __br_vlan_set_proto+0x289/0x920 [<000000000632b56f>] br_changelink+0x3d6/0x13f0 [<0000000089d25f04>] __rtnl_newlink+0x8ae/0x14c0 [<00000000f6276baf>] rtnl_newlink+0x5f/0x90 [<00000000746dc902>] rtnetlink_rcv_msg+0x336/0xa00 [<000000001c2241c0>] netlink_rcv_skb+0x11d/0x340 [<0000000010588814>] netlink_unicast+0x438/0x710 [<00000000e1a4cd5c>] netlink_sendmsg+0x788/0xc40 [<00000000e8992d4e>] sock_sendmsg+0xb0/0xe0 [<00000000621b8f91>] ____sys_sendmsg+0x4ff/0x6d0 [<000000000ea26996>] ___sys_sendmsg+0x12e/0x1b0 [<00000000684f7e25>] __sys_sendmsg+0xab/0x130 [<000000004538b104>] do_syscall_64+0x3d/0x90 [<0000000091ed9678>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49813.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49813.json index 7280eb57f56..4d88ec62168 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49813.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49813.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49813", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.673", - "lastModified": "2025-05-01T15:16:04.673", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix error handling in ena_init()\n\nThe ena_init() won't destroy workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed.\nCall destroy_workqueue() when pci_register_driver() failed to prevent the\nresource leak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ena: Se corrige el manejo de errores en ena_init(). Ena_init() no destruye la cola de trabajo creada por create_singlethread_workqueue() cuando pci_register_driver() falla. Se llama a destroy_workqueue() cuando pci_register_driver() falla para evitar la fuga de recursos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49814.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49814.json index a8dce461024..2936c19e2a4 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49814.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49814.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49814", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.787", - "lastModified": "2025-05-01T15:16:04.787", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: close race conditions on sk_receive_queue\n\nsk->sk_receive_queue is protected by skb queue lock, but for KCM\nsockets its RX path takes mux->rx_lock to protect more than just\nskb queue. However, kcm_recvmsg() still only grabs the skb queue\nlock, so race conditions still exist.\n\nWe can teach kcm_recvmsg() to grab mux->rx_lock too but this would\nintroduce a potential performance regression as struct kcm_mux can\nbe shared by multiple KCM sockets.\n\nSo we have to enforce skb queue lock in requeue_rx_msgs() and handle\nskb peek case carefully in kcm_wait_data(). Fortunately,\nskb_recv_datagram() already handles it nicely and is widely used by\nother sockets, we can just switch to skb_recv_datagram() after\ngetting rid of the unnecessary sock lock in kcm_recvmsg() and\nkcm_splice_read(). Side note: SOCK_DONE is not used by KCM sockets,\nso it is safe to get rid of this check too.\n\nI ran the original syzbot reproducer for 30 min without seeing any\nissue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kcm: condiciones de ejecuci\u00f3n cerradas en sk_receive_queue. sk->sk_receive_queue est\u00e1 protegido por el bloqueo de cola skb, pero para los sockets KCM su ruta RX toma mux->rx_lock para proteger m\u00e1s que solo la cola skb. Sin embargo, kcm_recvmsg() todav\u00eda solo captura el bloqueo de cola skb, por lo que las condiciones de ejecuci\u00f3n a\u00fan existen. Podemos ense\u00f1ar a kcm_recvmsg() a capturar tambi\u00e9n mux->rx_lock, pero esto introducir\u00eda una posible regresi\u00f3n del rendimiento, ya que la estructura kcm_mux puede ser compartida por varios sockets KCM. Por lo tanto, debemos aplicar el bloqueo de cola skb en requeue_rx_msgs() y manejar el caso de skb peek con cuidado en kcm_wait_data(). Afortunadamente, skb_recv_datagram() ya lo gestiona correctamente y es ampliamente utilizado por otros sockets. Podemos cambiar a skb_recv_datagram() tras eliminar el bloqueo de sock innecesario en kcm_recvmsg() y kcm_splice_read(). Nota: Los sockets KCM no utilizan SOCK_DONE, por lo que tambi\u00e9n es seguro omitir esta comprobaci\u00f3n. Ejecut\u00e9 el reproductor syzbot original durante 30 minutos sin observar ning\u00fan problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49815.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49815.json index 3940adcb8b8..1d03e599b37 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49815.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49815.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49815", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:04.893", - "lastModified": "2025-05-01T15:16:04.893", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix missing xas_retry() in fscache mode\n\nThe xarray iteration only holds the RCU read lock and thus may encounter\nXA_RETRY_ENTRY if there's process modifying the xarray concurrently.\nThis will cause oops when referring to the invalid entry.\n\nFix this by adding the missing xas_retry(), which will make the\niteration wind back to the root node if XA_RETRY_ENTRY is encountered." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: se corrige la falta de xas_retry() en el modo fscache. La iteraci\u00f3n del array x solo mantiene el bloqueo de lectura de la RCU y, por lo tanto, puede encontrar XA_RETRY_ENTRY si hay un proceso que modifica el array x simult\u00e1neamente. Esto causar\u00e1 errores al hacer referencia a la entrada no v\u00e1lida. Se soluciona a\u00f1adiendo la falta de xas_retry(), lo que har\u00e1 que la iteraci\u00f3n regrese al nodo ra\u00edz si se encuentra XA_RETRY_ENTRY." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49817.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49817.json index f4ee5fdb99a..ebe74f46946 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49817.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49817.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49817", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.103", - "lastModified": "2025-05-01T15:16:05.103", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mhi: Fix memory leak in mhi_net_dellink()\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch calls free_netdev() to fix it since netdev_priv\nis used after unregister." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mhi: Se corrige la p\u00e9rdida de memoria en mhi_net_dellink(). El controlador MHI registra el dispositivo de red sin configurar el indicador needs_free_netdev y NO llama a free_netdev() al cancelar el registro del dispositivo de red, lo que provoca una p\u00e9rdida de memoria. Este parche llama a free_netdev() para corregirla, ya que netdev_priv se utiliza despu\u00e9s de cancelar el registro." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49818.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49818.json index 26cc2671ae7..a855e6a6cc7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49818.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49818.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49818", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.207", - "lastModified": "2025-05-01T15:16:05.207", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix misuse of put_device() in mISDN_register_device()\n\nWe should not release reference by put_device() before calling device_initialize()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corregir el uso incorrecto de put_device() en mISDN_register_device() No debemos liberar la referencia de put_device() antes de llamar a device_initialize()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49819.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49819.json index 514f5401010..176fa0db1f6 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49819.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49819.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49819", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.317", - "lastModified": "2025-05-01T15:16:05.317", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: fix potential memory leak in octep_device_setup()\n\nWhen occur unsupported_dev and mbox init errors, it did not free oct->conf\nand iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.\nAdd kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under\nunsupported_dev and mbox init errors to fix the problem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeon_ep: se corrige una posible fuga de memoria en octep_device_setup(). Cuando se producen errores unsupported_dev e init de mbox, no se liberan oct->conf ni iounmap() de oct->mmio[i].hw_addr. Esto causar\u00eda un problema de fuga de memoria. Se a\u00f1aden kfree() para oct->conf e iounmap() para oct->mmio[i].hw_addr en los errores unsupported_dev e init de mbox para solucionar el problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49820.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49820.json index 012b910f7a7..09d0e223825 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49820.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49820.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49820", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.413", - "lastModified": "2025-05-01T15:16:05.413", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: don't count unused / invalid keys for flow release\n\nWe're currently hitting the WARN_ON in mctp_i2c_flow_release:\n\n if (midev->release_count > midev->i2c_lock_count) {\n WARN_ONCE(1, \"release count overflow\");\n\nThis may be hit if we expire a flow before sending the first packet it\ncontains - as we will not be pairing the increment of release_count\n(performed on flow release) with the i2c lock operation (only\nperformed on actual TX).\n\nTo fix this, only release a flow if we've encountered it previously (ie,\ndev_flow_state does not indicate NEW), as we will mark the flow as\nACTIVE at the same time as accounting for the i2c lock operation. We\nalso need to add an INVALID flow state, to indicate when we've done the\nrelease." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mctp i2c: no cuente las claves no utilizadas o no v\u00e1lidas para la liberaci\u00f3n del flujo Actualmente estamos alcanzando el WARN_ON en mctp_i2c_flow_release: if (midev->release_count > midev->i2c_lock_count) { WARN_ONCE(1, \"release count overflow\"); Esto puede ser alcanzado si expiramos un flujo antes de enviar el primer paquete que contiene, ya que no estaremos emparejando el incremento de release_count (realizado en la liberaci\u00f3n del flujo) con la operaci\u00f3n de bloqueo i2c (solo se realiza en TX real). Para corregir esto, solo libere un flujo si lo hemos encontrado previamente (es decir, dev_flow_state no indica NUEVO), ya que marcaremos el flujo como ACTIVO al mismo tiempo que contabilizamos la operaci\u00f3n de bloqueo i2c. Tambi\u00e9n necesitamos agregar un estado de flujo INV\u00c1LIDO, para indicar cu\u00e1ndo hemos realizado la liberaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49821.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49821.json index defec21e682..7068058f9a1 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49821.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49821.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49821", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.513", - "lastModified": "2025-05-01T15:16:05.513", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_dsp_element_register()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device's\nbus_id string array\"), the name of device is allocated dynamically,\nuse put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nThe 'entry' is going to be freed in mISDN_dsp_dev_release(), so the\nkfree() is removed. list_del() is called in mISDN_dsp_dev_release(),\nso it need be initialized." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corrige posible p\u00e9rdida de memoria en mISDN_dsp_element_register() Despu\u00e9s de la confirmaci\u00f3n 1fa5ae857bb1 (\"n\u00facleo del controlador: deshacerse de la matriz de cadenas bus_id del dispositivo struct\"), el nombre del dispositivo se asigna din\u00e1micamente, use put_device() para renunciar a la referencia, de modo que el nombre se pueda liberar en kobject_cleanup() cuando refcount sea 0. La 'entrada' se liberar\u00e1 en mISDN_dsp_dev_release(), por lo que se elimina kfree(). list_del() se llama en mISDN_dsp_dev_release(), por lo que necesita inicializarse." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49822.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49822.json index 618d93cf048..53a2e230fa4 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49822.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49822.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49822", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.623", - "lastModified": "2025-05-01T15:16:05.623", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix connections leak when tlink setup failed\n\nIf the tlink setup failed, lost to put the connections, then\nthe module refcnt leak since the cifsd kthread not exit.\n\nAlso leak the fscache info, and for next mount with fsc, it will\nprint the follow errors:\n CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)\n\nLet's check the result of tlink setup, and do some cleanup." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: Se corrige la fuga de conexiones al fallar la configuraci\u00f3n de Tlink. Si la configuraci\u00f3n de Tlink falla, se pierden las conexiones y se produce una fuga de referencia del m\u00f3dulo, ya que el kthread de cifsd no finaliza. Tambi\u00e9n se filtra la informaci\u00f3n de fscache, y en el siguiente montaje con fsc, se mostrar\u00e1n los siguientes errores: CIFS: La clave del volumen de cach\u00e9 ya est\u00e1 en uso (cifs,127.0.0.1:445,TEST). Revisemos el resultado de la configuraci\u00f3n de Tlink y realicemos una limpieza." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49823.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49823.json index a9d58d1987a..933156d32c3 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49823.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49823.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49823", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.723", - "lastModified": "2025-05-01T15:16:05.723", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tdev_add()\n\nIn ata_tdev_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x3a0\nlr : device_del+0x44/0x3a0\nCall trace:\n device_del+0x48/0x3a0\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tdev_delete+0x24/0x50 [libata]\n ata_tlink_delete+0x40/0xa0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tdev_add(). In the error path, device_del() is called to delete\nthe device which was added earlier in this function, and ata_tdev_free()\nis called to free ata_dev." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: libata-transport: correcci\u00f3n del manejo de errores en ata_tdev_add(). En ata_tdev_add(), no se comprueba el valor de retorno de transport_add_device(). Como resultado, se genera una referencia nula al eliminar el m\u00f3dulo, ya que se llama a transport_remove_device() para eliminar el dispositivo no a\u00f1adido. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: cargado Tainted: GW 6.1.0-rc3+ #36 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x3a0 lr : device_del+0x44/0x3a0 Rastreo de llamadas: device_del+0x48/0x3a0 attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tdev_delete+0x24/0x50 [libata] ata_tlink_delete+0x40/0xa0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Para solucionar este problema, verifique y gestione el valor de retorno de transport_add_device() en ata_tdev_add(). En la ruta de error, se llama a device_del() para eliminar el dispositivo a\u00f1adido previamente en esta funci\u00f3n, y ata_tdev_free() para liberar ata_dev." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49824.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49824.json index 0f98ee4a87b..1e79d226385 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49824.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49824.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49824", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.830", - "lastModified": "2025-05-01T15:16:05.830", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tlink_add()\n\nIn ata_tlink_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tlink_delete+0x88/0xb0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tlink_add()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: libata-transport: correcci\u00f3n del manejo de errores en ata_tlink_add(). En ata_tlink_add(), no se comprueba el valor de retorno de transport_add_device(). Como resultado, se genera una referencia nula al eliminar el m\u00f3dulo, ya que se llama a transport_remove_device() para eliminar el dispositivo no a\u00f1adido. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: cargado Tainted: GW 6.1.0-rc3+ #12 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Rastreo de llamadas: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tlink_delete+0x88/0xb0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Solucione esto verificando y manejando el valor de retorno de transport_add_device() en ata_tlink_add()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49825.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49825.json index 0a8284ec68f..d88608d2879 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49825.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49825.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49825", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:05.937", - "lastModified": "2025-05-01T15:16:05.937", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tport_add()\n\nIn ata_tport_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tport_delete+0x34/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tport_add()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: libata-transport: correcci\u00f3n del manejo de errores en ata_tport_add(). En ata_tport_add(), no se comprueba el valor de retorno de transport_add_device(). Como resultado, se genera una referencia nula al eliminar el m\u00f3dulo, ya que se llama a transport_remove_device() para eliminar el dispositivo no a\u00f1adido. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: cargado Tainted: GW 6.1.0-rc3+ #8 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Rastreo de llamadas: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tport_delete+0x34/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Solucione esto verificando y manejando el valor de retorno de transport_add_device() en ata_tport_add()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49826.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49826.json index badea440917..0428886d1bb 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49826.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49826.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49826", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.043", - "lastModified": "2025-05-01T15:16:06.043", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of 'ap->host'.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: libata-transport: correcci\u00f3n de un error doble de ata_host_put() en ata_tport_add(). En la ruta de error de ata_tport_add(), al llamar a put_device(), se llama a ata_tport_release(), lo que resta el recuento de referencias de 'ap->host'. A continuaci\u00f3n, se vuelve a llamar a ata_host_put(), el recuento de referencias se reduce a 0 y se llama a ata_host_release(), liberando todos los puertos y estableci\u00e9ndolos en nulo. Al desvincular el dispositivo tras un fallo, se llama a ata_host_stop() para liberar los recursos, lo que genera un error null-ptr-deref(), ya que todos los puertos est\u00e1n liberados y en nulo. No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: cargado Contaminado: GE 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Rastreo de llamadas: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Solucione esto eliminando ata_host_put() redundante en la ruta de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49827.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49827.json index 6aca61418b7..f1242cb8737 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49827.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49827.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49827", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.150", - "lastModified": "2025-05-01T15:16:06.150", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()\n\ndrm_vblank_init() call drmm_add_action_or_reset() with\ndrm_vblank_init_release() as action. If __drmm_add_action() failed, will\ndirectly call drm_vblank_init_release() with the vblank whose worker is\nNULL. As the resule, a null-ptr-deref will happen in\nkthread_destroy_worker(). Add the NULL check before calling\ndrm_vblank_destroy_worker().\n\nBUG: null-ptr-deref\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty\nRIP: 0010:kthread_destroy_worker+0x25/0xb0\n Call Trace:\n \n drm_vblank_init_release+0x124/0x220 [drm]\n ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]\n __drmm_add_action_or_reset+0x41/0x50 [drm]\n drm_vblank_init+0x282/0x310 [drm]\n vkms_init+0x35f/0x1000 [vkms]\n ? 0xffffffffc4508000\n ? lock_is_held_type+0xd7/0x130\n ? __kmem_cache_alloc_node+0x1c2/0x2b0\n ? lock_is_held_type+0xd7/0x130\n ? 0xffffffffc4508000\n do_one_initcall+0xd0/0x4f0\n ...\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: Se corrige la posible desreferencia PTR nula en la llamada drm_vblank_destroy_worker(). drm_vblank_init() llama a drmm_add_action_or_reset() con la acci\u00f3n drm_vblank_init_release(). Si __drmm_add_action() falla, se llamar\u00e1 directamente a drm_vblank_init_release() con el vblank cuyo trabajador sea NULL. Como resultado, se producir\u00e1 una desreferencia PTR nula en kthread_destroy_worker(). Se a\u00f1ade la comprobaci\u00f3n de valores NULL antes de llamar a drm_vblank_destroy_worker(). ERROR: null-ptr-deref KASAN: null-ptr-deref en el rango [0x0000000000000068-0x000000000000006f] CPU: 5 PID: 961 Comm: modprobe No contaminado 6.0.0-11331-gd465bff130bf-dirty RIP: 0010:kthread_destroy_worker+0x25/0xb0 Seguimiento de llamadas: drm_vblank_init_release+0x124/0x220 [drm] ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm] __drmm_add_action_or_reset+0x41/0x50 [drm] drm_vblank_init+0x282/0x310 [drm] vkms_init+0x35f/0x1000 [vkms] ? 0xffffffffc4508000 ? lock_is_held_type+0xd7/0x130 ? __kmem_cache_alloc_node+0x1c2/0x2b0 ? lock_is_held_type+0xd7/0x130 ? 0xffffffffc4508000 do_one_initcall+0xd0/0x4f0 ... do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49828.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49828.json index f11ba582cfd..e7b87865089 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49828.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49828.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49828", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.260", - "lastModified": "2025-05-01T15:16:06.260", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlbfs: don't delete error page from pagecache\n\nThis change is very similar to the change that was made for shmem [1], and\nit solves the same problem but for HugeTLBFS instead.\n\nCurrently, when poison is found in a HugeTLB page, the page is removed\nfrom the page cache. That means that attempting to map or read that\nhugepage in the future will result in a new hugepage being allocated\ninstead of notifying the user that the page was poisoned. As [1] states,\nthis is effectively memory corruption.\n\nThe fix is to leave the page in the page cache. If the user attempts to\nuse a poisoned HugeTLB page with a syscall, the syscall will fail with\nEIO, the same error code that shmem uses. For attempts to map the page,\nthe thread will get a BUS_MCEERR_AR SIGBUS.\n\n[1]: commit a76054266661 (\"mm: shmem: don't truncate page if memory failure happens\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hugetlbfs: no elimine la p\u00e1gina de error de la cach\u00e9 de p\u00e1ginas Este cambio es muy similar al cambio que se realiz\u00f3 para shmem [1] y resuelve el mismo problema, pero para HugeTLBFS. Actualmente, cuando se encuentra veneno en una p\u00e1gina HugeTLB, la p\u00e1gina se elimina de la cach\u00e9 de p\u00e1ginas. Eso significa que intentar mapear o leer esa p\u00e1gina enorme en el futuro dar\u00e1 como resultado que se asigne una nueva p\u00e1gina enorme en lugar de notificar al usuario que la p\u00e1gina fue envenenada. Como indica [1], esto es efectivamente corrupci\u00f3n de memoria. La soluci\u00f3n es dejar la p\u00e1gina en la cach\u00e9 de p\u00e1ginas. Si el usuario intenta usar una p\u00e1gina HugeTLB envenenada con una llamada al sistema, la llamada al sistema fallar\u00e1 con EIO, el mismo c\u00f3digo de error que usa shmem. Para los intentos de mapear la p\u00e1gina, el hilo obtendr\u00e1 un SIGBUS BUS_MCEERR_AR. [1]: commit a76054266661 (\"mm: shmem: no truncar la p\u00e1gina si se produce un fallo de memoria\")" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49829.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49829.json index 016d39edfa0..44d32621ab0 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49829.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49829.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49829", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.373", - "lastModified": "2025-05-01T15:16:06.373", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: fix fence ref counting\n\nWe leaked dependency fences when processes were beeing killed.\n\nAdditional to that grab a reference to the last scheduled fence." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/scheduler: correcci\u00f3n del conteo de referencias de vallas. Se filtraron vallas de dependencias al finalizar procesos. Adem\u00e1s, se obtuvo una referencia a la \u00faltima valla programada." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49830.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49830.json index 58aab2f5aee..a42f1050342 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49830.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49830.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49830", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.470", - "lastModified": "2025-05-01T15:16:06.470", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won't be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won't be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............\n backtrace:\n [<000000007251f72d>] __kmalloc+0x4b/0x1c0\n [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0\n [<000000004452a479>] platform_device_register_full+0x24/0x1c0\n [<0000000089f4ea61>] 0xffffffffa0736051\n [<00000000235b2441>] do_one_initcall+0x7a/0x380\n [<0000000001a4a177>] do_init_module+0x5c/0x230\n [<000000002bf8a8e2>] load_module+0x227d/0x2420\n [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140\n [<00000000c99fc324>] do_syscall_64+0x3f/0x90\n [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/drv: Se solucion\u00f3 una posible fuga de memoria en drm_dev_init(). drm_dev_init() a\u00f1adir\u00e1 drm_dev_init_release() como devoluci\u00f3n de llamada. Si drmm_add_action() falla, la funci\u00f3n de liberaci\u00f3n no se a\u00f1adir\u00e1. Como resultado, el valor de referencia a\u00f1adido por device_get() en drm_dev_init() no se incluir\u00e1 en drm_dev_init_release(), lo que provoca la fuga de memoria. Utilice drmm_add_action_or_reset() en lugar de drmm_add_action() para evitar la fuga de memoria. objeto sin referencia 0xffff88810bc0c800 (tama\u00f1o 2048): comm \"modprobe\", pid 8322, jiffies 4305809845 (antig\u00fcedad 15.292s) volcado hexadecimal (primeros 32 bytes): e8 cc c0 0b 81 88 ff ff ff ff ff ff ff 00 00 00 00 ................ 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<............. backtrace: [<000000007251f72d>] __kmalloc+0x4b/0x1c0 [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0 [<000000004452a479>] platform_device_register_full+0x24/0x1c0 [<0000000089f4ea61>] 0xffffffffa0736051 [<00000000235b2441>] do_one_initcall+0x7a/0x380 [<0000000001a4a177>] do_init_module+0x5c/0x230 [<000000002bf8a8e2>] load_module+0x227d/0x2420 [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140 [<00000000c99fc324>] do_syscall_64+0x3f/0x90 [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49831.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49831.json index eb07a244cb3..8cde51e6ab7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49831.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49831.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49831", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.573", - "lastModified": "2025-05-01T15:16:06.573", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: initialize device's zone info for seeding\n\nWhen performing seeding on a zoned filesystem it is necessary to\ninitialize each zoned device's btrfs_zoned_device_info structure,\notherwise mounting the filesystem will cause a NULL pointer dereference.\n\nThis was uncovered by fstests' testcase btrfs/163." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: zoned: inicializar la informaci\u00f3n de zona del dispositivo para la propagaci\u00f3n. Al propagar en un sistema de archivos con zonas, es necesario inicializar la estructura btrfs_zoned_device_info de cada dispositivo; de lo contrario, al montar el sistema de archivos se producir\u00e1 una desreferencia de puntero nulo. Esto fue descubierto por el caso de prueba btrfs/163 de fstests." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49832.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49832.json index cf3dde59604..6ddb513956c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49832.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49832.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49832", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.673", - "lastModified": "2025-05-01T15:16:06.673", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map\n\nHere is the BUG report by KASAN about null pointer dereference:\n\nBUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50\nRead of size 1 at addr 0000000000000000 by task python3/2640\nCall Trace:\n strcmp\n __of_find_property\n of_find_property\n pinctrl_dt_to_map\n\nkasprintf() would return NULL pointer when kmalloc() fail to allocate.\nSo directly return ENOMEM, if kasprintf() return NULL pointer." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: devicetree: correcci\u00f3n de la desreferencia de puntero nulo en pinctrl_dt_to_map Aqu\u00ed est\u00e1 el informe de ERROR de KASAN sobre la desreferencia de puntero nulo: ERROR: KASAN: null-ptr-deref en strcmp+0x2e/0x50 Lectura de tama\u00f1o 1 en la direcci\u00f3n 0000000000000000 por la tarea python3/2640 Rastreo de llamadas: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() devolver\u00eda un puntero NULL cuando kmalloc() no pudiera asignar. Por lo tanto, devuelve directamente ENOMEM, si kasprintf() devuelve un puntero NULL." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49833.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49833.json index 1677d2bde47..ed5efb417d3 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49833.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49833.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49833", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.780", - "lastModified": "2025-05-01T15:16:06.780", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: clone zoned device info when cloning a device\n\nWhen cloning a btrfs_device, we're not cloning the associated\nbtrfs_zoned_device_info structure of the device in case of a zoned\nfilesystem.\n\nLater on this leads to a NULL pointer dereference when accessing the\ndevice's zone_info for instance when setting a zone as active.\n\nThis was uncovered by fstests' testcase btrfs/161." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: zoned: clonar informaci\u00f3n de dispositivo zonificado al clonar un dispositivo. Al clonar un btrfs_device, no se clona la estructura btrfs_zoned_device_info asociada al dispositivo en el caso de un sistema de archivos zonificado. Posteriormente, esto provoca una desreferencia de puntero nulo al acceder a zone_info del dispositivo, por ejemplo, al activar una zona. Esto fue descubierto por el caso de prueba btrfs/161 de fstests." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49834.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49834.json index 3ee0a5c7569..3cdef32990c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49834.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49834.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49834", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.873", - "lastModified": "2025-05-01T15:16:06.873", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free bug of ns_writer on remount\n\nIf a nilfs2 filesystem is downgraded to read-only due to metadata\ncorruption on disk and is remounted read/write, or if emergency read-only\nremount is performed, detaching a log writer and synchronizing the\nfilesystem can be done at the same time.\n\nIn these cases, use-after-free of the log writer (hereinafter\nnilfs->ns_writer) can happen as shown in the scenario below:\n\n Task1 Task2\n -------------------------------- ------------------------------\n nilfs_construct_segment\n nilfs_segctor_sync\n init_wait\n init_waitqueue_entry\n add_wait_queue\n schedule\n nilfs_remount (R/W remount case)\n\t\t\t\t nilfs_attach_log_writer\n nilfs_detach_log_writer\n nilfs_segctor_destroy\n kfree\n finish_wait\n _raw_spin_lock_irqsave\n __raw_spin_lock_irqsave\n do_raw_spin_lock\n debug_spin_lock_before <-- use-after-free\n\nWhile Task1 is sleeping, nilfs->ns_writer is freed by Task2. After Task1\nwaked up, Task1 accesses nilfs->ns_writer which is already freed. This\nscenario diagram is based on the Shigeru Yoshida's post [1].\n\nThis patch fixes the issue by not detaching nilfs->ns_writer on remount so\nthat this UAF race doesn't happen. Along with this change, this patch\nalso inserts a few necessary read-only checks with superblock instance\nwhere only the ns_writer pointer was used to check if the filesystem is\nread-only." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corrige el error de use-after-free de ns_writer al volver a montar Si un sistema de archivos nilfs2 se degrada a solo lectura debido a la corrupci\u00f3n de metadatos en el disco y se vuelve a montar en modo de lectura/escritura, o si se realiza un remontaje de solo lectura de emergencia, se puede desconectar un escritor de registros y sincronizar el sistema de archivos al mismo tiempo. En estos casos, el use-after-free del escritor de registros (en adelante nilfs->ns_writer) puede ocurrir como se muestra en el siguiente escenario: Tarea1 Tarea2 -------------------------------- ---------------------------------- nilfs_construct_segment nilfs_segctor_sync init_wait init_waitqueue_entry add_wait_queue schedule nilfs_remount (caso de remontaje de R/W) nilfs_attach_log_writer nilfs_detach_log_writer nilfs_segctor_destroy kfree finish_wait _raw_spin_lock_irqsave __raw_spin_lock_irqsave do_raw_spin_lock debug_spin_lock_before <-- use-after-free Mientras la Tarea1 est\u00e1 en reposo, nilfs->ns_writer es liberado por la Tarea2. Despu\u00e9s de que la Tarea1 se despierta, la Tarea1 accede a nilfs->ns_writer que ya est\u00e1 liberado. Este diagrama de escenario se basa en la publicaci\u00f3n de Shigeru Yoshida [1]. Este parche corrige el problema al no desvincular nilfs->ns_writer al volver a montar, lo que evita que se produzca esta ejecuci\u00f3n UAF. Adem\u00e1s de este cambio, este parche tambi\u00e9n inserta algunas comprobaciones de solo lectura necesarias con la instancia de superbloque, donde solo se usaba el puntero ns_writer para comprobar si el sistema de archivos era de solo lectura." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49835.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49835.json index 3de9290d090..b8c463caeaa 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49835.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49835.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49835", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:06.980", - "lastModified": "2025-05-01T15:16:06.980", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in 'add_widget_node'\n\nAs 'kobject_add' may allocated memory for 'kobject->name' when return error.\nAnd in this function, if call 'kobject_add' failed didn't free kobject.\nSo call 'kobject_put' to recycling resources." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: se corrige una posible fuga de memoria en 'add_widget_node'. 'kobject_add' podr\u00eda asignar memoria a 'kobject->name' cuando devuelve un error. En esta funci\u00f3n, si la llamada a 'kobject_add' falla, no se libera kobject. Por lo tanto, se llama a 'kobject_put' para reciclar recursos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49836.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49836.json index f1546199f25..d44d9333ddc 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49836.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49836.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49836", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.087", - "lastModified": "2025-05-01T15:16:07.087", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsiox: fix possible memory leak in siox_device_add()\n\nIf device_register() returns error in siox_device_add(),\nthe name allocated by dev_set_name() need be freed. As\ncomment of device_register() says, it should use put_device()\nto give up the reference in the error path. So fix this\nby calling put_device(), then the name can be freed in\nkobject_cleanup(), and sdevice is freed in siox_device_release(),\nset it to null in error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: siox: Se corrige una posible fuga de memoria en siox_device_add(). Si device_register() devuelve un error en siox_device_add(), se debe liberar el nombre asignado por dev_set_name(). Como se indica en el comentario de device_register(), se debe usar put_device() para liberar la referencia en la ruta de error. Para solucionar esto, se debe llamar a put_device(); de esta manera, se puede liberar el nombre en kobject_cleanup() y sdevice se libera en siox_device_release(); config\u00farelo como nulo en la ruta de error." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49837.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49837.json index 94e4333543f..a3508d77edc 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49837.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49837.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49837", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.187", - "lastModified": "2025-05-01T15:16:07.187", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memory leaks in __check_func_call\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff88817139d000 (size 2048):\n comm \"test_progs\", pid 33246, jiffies 4307381979 (age 45851.820s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<0000000045f075f0>] kmalloc_trace+0x27/0xa0\n [<0000000098b7c90a>] __check_func_call+0x316/0x1230\n [<00000000b4c3c403>] check_helper_call+0x172e/0x4700\n [<00000000aa3875b7>] do_check+0x21d8/0x45e0\n [<000000001147357b>] do_check_common+0x767/0xaf0\n [<00000000b5a595b4>] bpf_check+0x43e3/0x5bc0\n [<0000000011e391b1>] bpf_prog_load+0xf26/0x1940\n [<0000000007f765c0>] __sys_bpf+0xd2c/0x3650\n [<00000000839815d6>] __x64_sys_bpf+0x75/0xc0\n [<00000000946ee250>] do_syscall_64+0x3b/0x90\n [<0000000000506b7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root case here is: In function prepare_func_exit(), the callee is\nnot released in the abnormal scenario after \"state->curframe--;\". To\nfix, move \"state->curframe--;\" to the very bottom of the function,\nright when we free callee and reset frame[] pointer to NULL, as Andrii\nsuggested.\n\nIn addition, function __check_func_call() has a similar problem. In\nthe abnormal scenario before \"state->curframe++;\", the callee also\nshould be released by free_func_state()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se corrigen fugas de memoria en __check_func_call kmemleak informa de este problema: objeto sin referencia 0xffff88817139d000 (tama\u00f1o 2048): comm \"test_progs\", pid 33246, jiffies 4307381979 (edad 45851.820s) volcado hexadecimal (primeros 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000045f075f0>] kmalloc_trace+0x27/0xa0 [<0000000098b7c90a>] __check_func_call+0x316/0x1230 [<00000000b4c3c403>] check_helper_call+0x172e/0x4700 [<00000000aa3875b7>] do_check+0x21d8/0x45e0 [<000000001147357b>] do_check_common+0x767/0xaf0 [<00000000b5a595b4>] bpf_check+0x43e3/0x5bc0 [<0000000011e391b1>] bpf_prog_load+0xf26/0x1940 [<0000000007f765c0>] __sys_bpf+0xd2c/0x3650 [<00000000839815d6>] __x64_sys_bpf+0x75/0xc0 [<00000000946ee250>] do_syscall_64+0x3b/0x90 [<0000000000506b7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd El caso ra\u00edz aqu\u00ed es: En la funci\u00f3n prepare_func_exit(), el llamado no se libera en el escenario anormal despu\u00e9s de \"state->curframe--;\". Para solucionarlo, mueva \"state->curframe--;\" al final de la funci\u00f3n, justo cuando liberamos al destinatario y restablecemos el puntero frame[] a NULL, como sugiri\u00f3 Andrii. Adem\u00e1s, la funci\u00f3n __check_func_call() presenta un problema similar. En el escenario anormal anterior a \"state->curframe++;\", el destinatario tambi\u00e9n deber\u00eda ser liberado por free_func_state()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49838.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49838.json index 27612b3a7ba..8dc3f068a4c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49838.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49838.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49838", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.290", - "lastModified": "2025-05-01T15:16:07.290", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: clear out_curr if all frag chunks of current msg are pruned\n\nA crash was reported by Zhen Chen:\n\n list_del corruption, ffffa035ddf01c18->next is NULL\n WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0\n RIP: 0010:__list_del_entry_valid+0x59/0xe0\n Call Trace:\n sctp_sched_dequeue_common+0x17/0x70 [sctp]\n sctp_sched_fcfs_dequeue+0x37/0x50 [sctp]\n sctp_outq_flush_data+0x85/0x360 [sctp]\n sctp_outq_uncork+0x77/0xa0 [sctp]\n sctp_cmd_interpreter.constprop.0+0x164/0x1450 [sctp]\n sctp_side_effects+0x37/0xe0 [sctp]\n sctp_do_sm+0xd0/0x230 [sctp]\n sctp_primitive_SEND+0x2f/0x40 [sctp]\n sctp_sendmsg_to_asoc+0x3fa/0x5c0 [sctp]\n sctp_sendmsg+0x3d5/0x440 [sctp]\n sock_sendmsg+0x5b/0x70\n\nand in sctp_sched_fcfs_dequeue() it dequeued a chunk from stream\nout_curr outq while this outq was empty.\n\nNormally stream->out_curr must be set to NULL once all frag chunks of\ncurrent msg are dequeued, as we can see in sctp_sched_dequeue_done().\nHowever, in sctp_prsctp_prune_unsent() as it is not a proper dequeue,\nsctp_sched_dequeue_done() is not called to do this.\n\nThis patch is to fix it by simply setting out_curr to NULL when the\nlast frag chunk of current msg is dequeued from out_curr stream in\nsctp_prsctp_prune_unsent()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: borrar out_curr si se eliminan todos los fragmentos del mensaje actual. Zhen Chen inform\u00f3 de un fallo: corrupci\u00f3n de list_del, ffffa035ddf01c18->next es NULL ADVERTENCIA: CPU: 1 PID: 250682 en lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0 RIP: 0010:__list_del_entry_valid+0x59/0xe0 Rastreo de llamadas: sctp_sched_dequeue_common+0x17/0x70 [sctp] sctp_sched_fcfs_dequeue+0x37/0x50 [sctp] sctp_outq_flush_data+0x85/0x360 [sctp] sctp_outq_uncork+0x77/0xa0 [sctp] sctp_cmd_interpreter.constprop.0+0x164/0x1450 [sctp] sctp_side_effects+0x37/0xe0 [sctp] sctp_do_sm+0xd0/0x230 [sctp] sctp_primitive_SEND+0x2f/0x40 [sctp] sctp_sendmsg_to_asoc+0x3fa/0x5c0 [sctp] sctp_sendmsg+0x3d5/0x440 [sctp] sock_sendmsg+0x5b/0x70 y en sctp_sched_fcfs_dequeue() quit\u00f3 de la cola un fragmento del flujo out_curr outq mientras este outq estaba vac\u00edo. Normalmente, stream->out_curr debe establecerse en NULL una vez que se hayan desencolado todos los fragmentos del mensaje actual, como se puede ver en sctp_sched_dequeue_done(). Sin embargo, en sctp_prsctp_prune_unsent(), dado que no es una desencola adecuada, no se llama a sctp_sched_dequeue_done() para realizar esto. Este parche soluciona este problema simplemente estableciendo out_curr en NULL cuando se desencola el \u00faltimo fragmento del mensaje actual del flujo out_curr en sctp_prsctp_prune_unsent()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49839.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49839.json index f9ff6060a6c..97348a96c37 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49839.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49839.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49839", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.390", - "lastModified": "2025-05-01T15:16:07.390", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_transport_sas: Fix error handling in sas_phy_add()\n\nIf transport_add_device() fails in sas_phy_add(), the kernel will crash\ntrying to delete the device in transport_remove_device() called from\nsas_remove_host().\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_phy_delete+0x30/0x60 [scsi_transport_sas]\n do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x40/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n hisi_sas_remove+0x40/0x68 [hisi_sas_main]\n hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]\n platform_remove+0x2c/0x60\n\nFix this by checking and handling return value of transport_add_device()\nin sas_phy_add()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_transport_sas: Corregir error de manejo en sas_phy_add() Si transport_add_device() falla en sas_phy_add(), el kernel se bloquear\u00e1 al intentar eliminar el dispositivo en transport_remove_device() llamado desde sas_remove_host(). No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: cargado Tainted: GW 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Rastreo de llamadas: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_phy_delete+0x30/0x60 [scsi_transport_sas] do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x40/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] hisi_sas_remove+0x40/0x68 [hisi_sas_main] hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw] platform_remove+0x2c/0x60 Fix this by checking and handling return value of transport_add_device() in sas_phy_add(). " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49840.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49840.json index 0883ead0c78..82b88326a05 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49840.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49840.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49840", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.493", - "lastModified": "2025-05-01T15:16:07.493", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()\n\nWe got a syzkaller problem because of aarch64 alignment fault\nif KFENCE enabled. When the size from user bpf program is an odd\nnumber, like 399, 407, etc, it will cause the struct skb_shared_info's\nunaligned access. As seen below:\n\n BUG: KFENCE: use-after-free read in __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032\n\n Use-after-free read at 0xffff6254fffac077 (in kfence-#213):\n __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:26 [inline]\n arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]\n arch_atomic_inc include/linux/atomic-arch-fallback.h:270 [inline]\n atomic_inc include/asm-generic/atomic-instrumented.h:241 [inline]\n __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032\n skb_clone+0xf4/0x214 net/core/skbuff.c:1481\n ____bpf_clone_redirect net/core/filter.c:2433 [inline]\n bpf_clone_redirect+0x78/0x1c0 net/core/filter.c:2420\n bpf_prog_d3839dd9068ceb51+0x80/0x330\n bpf_dispatcher_nop_func include/linux/bpf.h:728 [inline]\n bpf_test_run+0x3c0/0x6c0 net/bpf/test_run.c:53\n bpf_prog_test_run_skb+0x638/0xa7c net/bpf/test_run.c:594\n bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline]\n __do_sys_bpf kernel/bpf/syscall.c:4441 [inline]\n __se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381\n\n kfence-#213: 0xffff6254fffac000-0xffff6254fffac196, size=407, cache=kmalloc-512\n\n allocated by task 15074 on cpu 0 at 1342.585390s:\n kmalloc include/linux/slab.h:568 [inline]\n kzalloc include/linux/slab.h:675 [inline]\n bpf_test_init.isra.0+0xac/0x290 net/bpf/test_run.c:191\n bpf_prog_test_run_skb+0x11c/0xa7c net/bpf/test_run.c:512\n bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline]\n __do_sys_bpf kernel/bpf/syscall.c:4441 [inline]\n __se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381\n __arm64_sys_bpf+0x50/0x60 kernel/bpf/syscall.c:4381\n\nTo fix the problem, we adjust @size so that (@size + @hearoom) is a\nmultiple of SMP_CACHE_BYTES. So we make sure the struct skb_shared_info\nis aligned to a cache line." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, test_run: Se solucion\u00f3 un problema de alineaci\u00f3n en bpf_prog_test_run_skb(). Se detect\u00f3 un problema en syzkaller debido a un fallo de alineaci\u00f3n de aarch64 si KFENCE estaba habilitado. Cuando el tama\u00f1o del programa bpf del usuario es un n\u00famero impar, como 399, 407, etc., se produce un acceso no alineado a la estructura skb_shared_info. Como se ve a continuaci\u00f3n: ERROR: KFENCE: lectura de use-after-free en __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 Lectura de use-after-free en 0xffff6254fffac077 (en kfence-#213): __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:26 [en l\u00ednea] arch_atomic_add arch/arm64/include/asm/atomic.h:28 [en l\u00ednea] arch_atomic_inc include/linux/atomic-arch-fallback.h:270 [en l\u00ednea] atomic_inc include/asm-generic/atomic-instrumented.h:241 [en l\u00ednea] __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 skb_clone+0xf4/0x214 net/core/skbuff.c:1481 ____bpf_clone_redirect net/core/filter.c:2433 [en l\u00ednea] bpf_clone_redirect+0x78/0x1c0 net/core/filter.c:2420 bpf_prog_d3839dd9068ceb51+0x80/0x330 bpf_dispatcher_nop_func include/linux/bpf.h:728 [en l\u00ednea] bpf_test_run+0x3c0/0x6c0 net/bpf/test_run.c:53 bpf_prog_test_run_skb+0x638/0xa7c net/bpf/test_run.c:594 bpf_prog_test_run kernel/bpf/syscall.c:3148 [en l\u00ednea] __do_sys_bpf kernel/bpf/syscall.c:4441 [en l\u00ednea] __se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381 kfence-#213: 0xffff6254fffac000-0xffff6254fffac196, tama\u00f1o=407, cach\u00e9=kmalloc-512 asignado por la tarea 15074 en la CPU 0 a las 1342.585390 s: kmalloc include/linux/slab.h:568 [en l\u00ednea] kzalloc include/linux/slab.h:675 [en l\u00ednea] bpf_test_init.isra.0+0xac/0x290 Para corregir el problema, ajustamos @size de modo que (@size + @hearoom) sea un m\u00faltiplo de SMP_CACHE_BYTES. As\u00ed nos aseguramos de que la estructura skb_shared_info est\u00e9 alineada con una l\u00ednea de cach\u00e9." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49841.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49841.json index c77d8770207..b31fe4b02a7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49841.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49841.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49841", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.600", - "lastModified": "2025-05-01T15:16:07.600", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Add missing .thaw_noirq hook\n\nThe following warning is seen with non-console UART instance when\nsystem hibernates.\n\n[ 37.371969] ------------[ cut here ]------------\n[ 37.376599] uart3_root_clk already disabled\n[ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0\n...\n[ 37.506986] Call trace:\n[ 37.509432] clk_core_disable+0xa4/0xb0\n[ 37.513270] clk_disable+0x34/0x50\n[ 37.516672] imx_uart_thaw+0x38/0x5c\n[ 37.520250] platform_pm_thaw+0x30/0x6c\n[ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4\n[ 37.528972] device_resume+0x7c/0x160\n[ 37.532633] dpm_resume+0xe8/0x230\n[ 37.536036] hibernation_snapshot+0x288/0x430\n[ 37.540397] hibernate+0x10c/0x2e0\n[ 37.543798] state_store+0xc4/0xd0\n[ 37.547203] kobj_attr_store+0x1c/0x30\n[ 37.550953] sysfs_kf_write+0x48/0x60\n[ 37.554619] kernfs_fop_write_iter+0x118/0x1ac\n[ 37.559063] new_sync_write+0xe8/0x184\n[ 37.562812] vfs_write+0x230/0x290\n[ 37.566214] ksys_write+0x68/0xf4\n[ 37.569529] __arm64_sys_write+0x20/0x2c\n[ 37.573452] invoke_syscall.constprop.0+0x50/0xf0\n[ 37.578156] do_el0_svc+0x11c/0x150\n[ 37.581648] el0_svc+0x30/0x140\n[ 37.584792] el0t_64_sync_handler+0xe8/0xf0\n[ 37.588976] el0t_64_sync+0x1a0/0x1a4\n[ 37.592639] ---[ end trace 56e22eec54676d75 ]---\n\nOn hibernating, pm core calls into related hooks in sequence like:\n\n .freeze\n .freeze_noirq\n .thaw_noirq\n .thaw\n\nWith .thaw_noirq hook being absent, the clock will be disabled in a\nunbalanced call which results the warning above.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_thaw\n clk_disable_unprepare()\n\nAdding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have\nthe call sequence corrected as below and thus fix the warning.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_resume_noirq()\n clk_enable()\n imx_uart_thaw\n clk_disable_unprepare()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: imx: Agregar el gancho .thaw_noirq faltante. La siguiente advertencia se ve con una instancia UART que no es de consola cuando el sistema hiberna. [ 37.371969] ------------[ cortar aqu\u00ed ]------------ [ 37.376599] uart3_root_clk ya est\u00e1 deshabilitado [ 37.380810] ADVERTENCIA: CPU: 0 PID: 296 en drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 ... [ 37.506986] Rastreo de llamadas: [ 37.509432] clk_core_disable+0xa4/0xb0 [ 37.513270] clk_disable+0x34/0x50 [ 37.516672] imx_uart_thaw+0x38/0x5c [ 37.520250] platform_pm_thaw+0x30/0x6c [ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4 [ 37.528972] device_resume+0x7c/0x160 [ 37.532633] dpm_resume+0xe8/0x230 [ 37.536036] hibernation_snapshot+0x288/0x430 [ 37.540397] hibernate+0x10c/0x2e0 [ 37.543798] state_store+0xc4/0xd0 [ 37.547203] kobj_attr_store+0x1c/0x30 [ 37.550953] sysfs_kf_write+0x48/0x60 [ 37.554619] kernfs_fop_write_iter+0x118/0x1ac [ 37.559063] new_sync_write+0xe8/0x184 [ 37.562812] vfs_write+0x230/0x290 [ 37.566214] ksys_write+0x68/0xf4 [ 37.569529] __arm64_sys_write+0x20/0x2c [ 37.573452] invoke_syscall.constprop.0+0x50/0xf0 [ 37.578156] do_el0_svc+0x11c/0x150 [ 37.581648] el0_svc+0x30/0x140 [ 37.584792] el0t_64_sync_handler+0xe8/0xf0 [ 37.588976] el0t_64_sync+0x1a0/0x1a4 [ 37.592639] ---[ end trace 56e22eec54676d75 ] Al hibernar, el n\u00facleo pm llama a los ganchos relacionados en secuencia como: .freeze .freeze_noirq .thaw_noirq .thaw Si el gancho .thaw_noirq est\u00e1 ausente, el reloj se deshabilitar\u00e1 en una llamada desequilibrada que genera la advertencia anterior. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_thaw clk_disable_unprepare() Agregar el gancho .thaw_noirq faltante como imx_uart_resume_noirq() corregir\u00e1 la secuencia de llamada como se muestra a continuaci\u00f3n y, por lo tanto, solucionar\u00e1 la advertencia. imx_uart_freeze() clk_prepare_enable() imx_uart_suspend_noirq() clk_disable() imx_uart_resume_noirq() clk_enable() imx_uart_thaw clk_disable_unprepare()" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49842.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49842.json index 95a3322565f..b80dfd5ce4c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49842.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49842.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49842", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.703", - "lastModified": "2025-05-01T15:16:07.703", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Fix use-after-free in snd_soc_exit()\n\nKASAN reports a use-after-free:\n\nBUG: KASAN: use-after-free in device_del+0xb5b/0xc60\nRead of size 8 at addr ffff888008655050 by task rmmod/387\nCPU: 2 PID: 387 Comm: rmmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\ndump_stack_lvl+0x79/0x9a\nprint_report+0x17f/0x47b\nkasan_report+0xbb/0xf0\ndevice_del+0xb5b/0xc60\nplatform_device_del.part.0+0x24/0x200\nplatform_device_unregister+0x2e/0x40\nsnd_soc_exit+0xa/0x22 [snd_soc_core]\n__do_sys_delete_module.constprop.0+0x34f/0x5b0\ndo_syscall_64+0x3a/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n...\n\n\nIt's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,\nbut its ret is ignored, which makes soc_dummy_dev unregistered twice.\n\nsnd_soc_init()\n snd_soc_util_init()\n platform_device_register_simple(soc_dummy_dev)\n platform_driver_register() # fail\n \tplatform_device_unregister(soc_dummy_dev)\n platform_driver_register() # success\n...\nsnd_soc_exit()\n snd_soc_util_exit()\n # soc_dummy_dev will be unregistered for second time\n\nTo fix it, handle error and stop snd_soc_init() when util_init() fail.\nAlso clean debugfs when util_init() or driver_register() fail." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: n\u00facleo: Se corrige el use-after-free en snd_soc_exit() KASAN informa un use-after-free: ERROR: KASAN: use-after-free en device_del+0xb5b/0xc60 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff888008655050 por la tarea rmmod/387 CPU: 2 PID: 387 Comm: rmmod Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996) Rastreo de llamadas: dump_stack_lvl+0x79/0x9a print_report+0x17f/0x47b kasan_report+0xbb/0xf0 device_del+0xb5b/0xc60 platform_device_del.part.0+0x24/0x200 platform_device_unregister+0x2e/0x40 snd_soc_exit+0xa/0x22 [snd_soc_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd ... It's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail, but its ret is ignored, which makes soc_dummy_dev unregistered twice. snd_soc_init() snd_soc_util_init() platform_device_register_simple(soc_dummy_dev) platform_driver_register() # fail platform_device_unregister(soc_dummy_dev) platform_driver_register() # success ... snd_soc_exit() snd_soc_util_exit() # soc_dummy_dev will be unregistered for second time To fix it, handle error and stop snd_soc_init() when util_init() fail. Also clean debugfs when util_init() or driver_register() fail. " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49843.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49843.json index df88bab75a6..6a4c4ecb1dd 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49843.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49843.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49843", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.807", - "lastModified": "2025-05-01T15:16:07.807", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Migrate in CPU page fault use current mm\n\nmigrate_vma_setup shows below warning because we don't hold another\nprocess mm mmap_lock. We should use current vmf->vma->vm_mm instead, the\ncaller already hold current mmap lock inside CPU page fault handler.\n\n WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma\n Call Trace:\n walk_page_range+0x76/0x150\n migrate_vma_setup+0x18a/0x640\n svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu]\n svm_migrate_to_ram+0x36f/0x470 [amdgpu]\n do_swap_page+0xcfe/0xec0\n __handle_mm_fault+0x96b/0x15e0\n handle_mm_fault+0x13f/0x3e0\n do_user_addr_fault+0x1e7/0x690" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Migrar en la CPU con fallos de p\u00e1gina al usar la funci\u00f3n mm actual. El m\u00e9todo \"migrate_vma_setup\" muestra la siguiente advertencia porque no se mantiene el bloqueo mmap_lock de otro proceso. Deber\u00edamos usar la funci\u00f3n \"vmf->vma->vm_mm\" actual, ya que el llamador ya mantiene el bloqueo mmap actual dentro del controlador de fallos de p\u00e1gina de la CPU. ADVERTENCIA: CPU: 10 PID: 3054 en include/linux/mmap_lock.h:155 Seguimiento de llamadas find_vma: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu] svm_migrate_to_ram+0x36f/0x470 [amdgpu] do_swap_page+0xcfe/0xec0 __handle_mm_fault+0x96b/0x15e0 handle_mm_fault+0x13f/0x3e0 do_user_addr_fault+0x1e7/0x690" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49844.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49844.json index 1dd315d2bbd..3824ba7a1e6 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49844.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49844.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49844", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:07.907", - "lastModified": "2025-05-01T15:16:07.907", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: fix skb drop check\n\nIn commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only\nmode\") the priv->ctrlmode element is read even on virtual CAN\ninterfaces that do not create the struct can_priv at startup. This\nout-of-bounds read may lead to CAN frame drops for virtual CAN\ninterfaces like vcan and vxcan.\n\nThis patch mainly reverts the original commit and adds a new helper\nfor CAN interface drivers that provide the required information in\nstruct can_priv.\n\n[mkl: patch pch_can, too]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: fix skb drop check. En el commit a6d190f8c767 (\"can: skb: drop tx skb if in listen only mode\"), el elemento priv->ctrlmode se lee incluso en interfaces CAN virtuales que no crean la estructura can_priv al inicio. Esta lectura fuera de los l\u00edmites puede provocar la p\u00e9rdida de tramas CAN en interfaces CAN virtuales como vcan y vxcan. Este parche revierte principalmente la confirmaci\u00f3n original y a\u00f1ade un nuevo asistente para los controladores de interfaz CAN que proporciona la informaci\u00f3n necesaria en la estructura can_priv. [mkl: parchear tambi\u00e9n pch_can]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49845.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49845.json index d675e1b172d..d3776c11894 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49845.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49845.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49845", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.010", - "lastModified": "2025-05-01T15:16:08.010", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_send_one(): fix missing CAN header initialization\n\nThe read access to struct canxl_frame::len inside of a j1939 created\nskbuff revealed a missing initialization of reserved and later filled\nelements in struct can_frame.\n\nThis patch initializes the 8 byte CAN header with zero." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: j1939: j1939_send_one(): se corrige la falta de inicializaci\u00f3n del encabezado CAN. El acceso de lectura a struct canxl_frame::len dentro de un skbuff creado con j1939 revel\u00f3 la falta de inicializaci\u00f3n de elementos reservados y posteriormente rellenados en struct can_frame. Este parche inicializa el encabezado CAN de 8 bytes con cero." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49846.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49846.json index cf292a61fd7..20c6a19c8d8 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49846.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49846.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49846", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.113", - "lastModified": "2025-05-01T15:16:08.113", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix a slab-out-of-bounds write bug in udf_find_entry()\n\nSyzbot reported a slab-out-of-bounds Write bug:\n\nloop0: detected capacity change from 0 to 2048\n==================================================================\nBUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0\nfs/udf/namei.c:253\nWrite of size 105 at addr ffff8880123ff896 by task syz-executor323/3610\n\nCPU: 0 PID: 3610 Comm: syz-executor323 Not tainted\n6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/11/2022\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189\n memcpy+0x3c/0x60 mm/kasan/shadow.c:66\n udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ffab0d164d9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9\nRDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180\nRBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000\nR10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \n\nAllocated by task 3610:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:576 [inline]\n udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe buggy address belongs to the object at ffff8880123ff800\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 150 bytes inside of\n 256-byte region [ffff8880123ff800, ffff8880123ff900)\n\nThe buggy address belongs to the physical page:\npage:ffffea000048ff80 refcount:1 mapcount:0 mapping:0000000000000000\nindex:0x0 pfn:0x123fe\nhead:ffffea000048ff80 order:1 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 ffffea00004b8500 dead000000000003 ffff888012041b40\nraw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(),\npid 1, tgid 1 (swapper/0), ts 1841222404, free_ts 0\n create_dummy_stack mm/page_owner.c:\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrige un error de escritura fuera de los l\u00edmites en udf_find_entry() Syzbot inform\u00f3 un error de escritura fuera de los l\u00edmites: loop0: se detect\u00f3 un cambio de capacidad de 0 a 2048 ======================================================================= ERROR: KASAN: slab-out-of-bounds en udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Escritura de tama\u00f1o 105 en la direcci\u00f3n ffff8880123ff896 por la tarea syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 No contaminado 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2022 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report+0xcd/0x100 mm/kasan/report.c:495 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189 memcpy+0x3c/0x60 mm/kasan/shadow.c:66 udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 udf_lookup+0xef/0x340 fs/udf/namei.c:309 lookup_open fs/namei.c:3391 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x10e6/0x2df0 fs/namei.c:3710 do_filp_open+0x264/0x4f0 fs/namei.c:3740 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_creat fs/open.c:1402 [inline] __se_sys_creat fs/open.c:1396 [inline] __x64_sys_creat+0x11f/0x160 fs/open.c:1396 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ffab0d164d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9 RDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180 RBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000 R10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Asignado por la tarea 3610: kasan_save_stack mm/kasan/common.c:45 [en l\u00ednea] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:371 [en l\u00ednea] __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380 kmalloc include/linux/slab.h:576 [en l\u00ednea] udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243 udf_lookup+0xef/0x340 fs/udf/namei.c:309 lookup_open fs/namei.c:3391 [en l\u00ednea] open_last_lookups fs/namei.c:3481 [en l\u00ednea] path_openat+0x10e6/0x2df0 fs/namei.c:3710 do_filp_open+0x264/0x4f0 fs/namei.c:3740 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [en l\u00ednea] __do_sys_creat fs/open.c:1402 [en l\u00ednea] __se_sys_creat fs/open.c:1396 [en l\u00ednea] __x64_sys_creat+0x11f/0x160 fs/open.c:1396 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd La direcci\u00f3n con errores pertenece al objeto en ffff8880123ff800 que pertenece a la cach\u00e9 kmalloc-256 de tama\u00f1o 256 La direcci\u00f3n con errores se encuentra 150 bytes dentro de la regi\u00f3n de 256 bytes [ffff8880123ff800, ffff8880123ff900) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:ffffea000048ff80 refcount:1 mapcount:0 mapping:000000000000000 index:0x0 pfn:0x123fe cabeza:ffffea000048ff80 orden:1 compuesto_mapcount:0 compuesto_pincount:0 banderas: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) sin formato: 00fff00000010200 ffffea00004b8500 muerto000000000003 ffff888012041b40 sin formato: 000000000000000 0000000080100010 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: se detect\u00f3 un acceso incorrecto page_owner rastrea la p\u00e1gina como asignada \u00faltima p\u00e1gina asignada mediante orden 0, migrationtype Inamovible, gfp_---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49847.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49847.json index 3864b6c758b..138b4799dc7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49847.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49847.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49847", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.223", - "lastModified": "2025-05-01T15:16:08.223", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload\n\nMove am65_cpsw_nuss_phylink_cleanup() call to after\nam65_cpsw_nuss_cleanup_ndev() so phylink is still valid\nto prevent the below Segmentation fault on module remove when\nfirst slave link is up.\n\n[ 31.652944] Unable to handle kernel paging request at virtual address 00040008000005f4\n[ 31.684627] Mem abort info:\n[ 31.687446] ESR = 0x0000000096000004\n[ 31.704614] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 31.720663] SET = 0, FnV = 0\n[ 31.723729] EA = 0, S1PTW = 0\n[ 31.740617] FSC = 0x04: level 0 translation fault\n[ 31.756624] Data abort info:\n[ 31.759508] ISV = 0, ISS = 0x00000004\n[ 31.776705] CM = 0, WnR = 0\n[ 31.779695] [00040008000005f4] address between user and kernel address ranges\n[ 31.808644] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 31.814928] Modules linked in: wlcore_sdio wl18xx wlcore mac80211 libarc4 cfg80211 rfkill crct10dif_ce phy_gmii_sel ti_am65_cpsw_nuss(-) sch_fq_codel ipv6\n[ 31.828776] CPU: 0 PID: 1026 Comm: modprobe Not tainted 6.1.0-rc2-00012-gfabfcf7dafdb-dirty #160\n[ 31.837547] Hardware name: Texas Instruments AM625 (DT)\n[ 31.842760] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 31.849709] pc : phy_stop+0x18/0xf8\n[ 31.853202] lr : phylink_stop+0x38/0xf8\n[ 31.857031] sp : ffff80000a0839f0\n[ 31.860335] x29: ffff80000a0839f0 x28: ffff000000de1c80 x27: 0000000000000000\n[ 31.867462] x26: 0000000000000000 x25: 0000000000000000 x24: ffff80000a083b98\n[ 31.874589] x23: 0000000000000800 x22: 0000000000000001 x21: ffff000001bfba90\n[ 31.881715] x20: ffff0000015ee000 x19: 0004000800000200 x18: 0000000000000000\n[ 31.888842] x17: ffff800076c45000 x16: ffff800008004000 x15: 000058e39660b106\n[ 31.895969] x14: 0000000000000144 x13: 0000000000000144 x12: 0000000000000000\n[ 31.903095] x11: 000000000000275f x10: 00000000000009e0 x9 : ffff80000a0837d0\n[ 31.910222] x8 : ffff000000de26c0 x7 : ffff00007fbd6540 x6 : ffff00007fbd64c0\n[ 31.917349] x5 : ffff00007fbd0b10 x4 : ffff00007fbd0b10 x3 : ffff00007fbd3920\n[ 31.924476] x2 : d0a07fcff8b8d500 x1 : 0000000000000000 x0 : 0004000800000200\n[ 31.931603] Call trace:\n[ 31.934042] phy_stop+0x18/0xf8\n[ 31.937177] phylink_stop+0x38/0xf8\n[ 31.940657] am65_cpsw_nuss_ndo_slave_stop+0x28/0x1e0 [ti_am65_cpsw_nuss]\n[ 31.947452] __dev_close_many+0xa4/0x140\n[ 31.951371] dev_close_many+0x84/0x128\n[ 31.955115] unregister_netdevice_many+0x130/0x6d0\n[ 31.959897] unregister_netdevice_queue+0x94/0xd8\n[ 31.964591] unregister_netdev+0x24/0x38\n[ 31.968504] am65_cpsw_nuss_cleanup_ndev.isra.0+0x48/0x70 [ti_am65_cpsw_nuss]\n[ 31.975637] am65_cpsw_nuss_remove+0x58/0xf8 [ti_am65_cpsw_nuss]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: ti: am65-cpsw: Se corrige el error de segmentaci\u00f3n en la descarga del m\u00f3dulo. Mueve la llamada am65_cpsw_nuss_phylink_cleanup() despu\u00e9s de am65_cpsw_nuss_cleanup_ndev() para que phylink siga siendo v\u00e1lido para evitar el siguiente error de segmentaci\u00f3n en la eliminaci\u00f3n del m\u00f3dulo cuando el primer enlace esclavo est\u00e1 activo. [ 31.652944] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual 00040008000005f4 [ 31.684627] Informaci\u00f3n de aborto de memoria: [ 31.687446] ESR = 0x0000000096000004 [ 31.704614] EC = 0x25: DABT (EL actual), IL = 32 bits [ 31.720663] SET = 0, FnV = 0 [ 31.723729] EA = 0, S1PTW = 0 [ 31.740617] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 31.756624] Informaci\u00f3n de aborto de datos: [ 31.759508] ISV = 0, ISS = 0x00000004 [ 31.776705] CM = 0, WnR = 0 [ 31.779695] [00040008000005f4] direcci\u00f3n entre los rangos de direcciones del usuario y del n\u00facleo [ 31.808644] Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP [ 31.814928] Modules linked in: wlcore_sdio wl18xx wlcore mac80211 libarc4 cfg80211 rfkill crct10dif_ce phy_gmii_sel ti_am65_cpsw_nuss(-) sch_fq_codel ipv6 [ 31.828776] CPU: 0 PID: 1026 Comm: modprobe Not tainted 6.1.0-rc2-00012-gfabfcf7dafdb-dirty #160 [ 31.837547] Hardware name: Texas Instruments AM625 (DT) [ 31.842760] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.849709] pc : phy_stop+0x18/0xf8 [ 31.853202] lr : phylink_stop+0x38/0xf8 [ 31.857031] sp : ffff80000a0839f0 [ 31.860335] x29: ffff80000a0839f0 x28: ffff000000de1c80 x27: 0000000000000000 [ 31.867462] x26: 0000000000000000 x25: 0000000000000000 x24: ffff80000a083b98 [ 31.874589] x23: 0000000000000800 x22: 0000000000000001 x21: ffff000001bfba90 [ 31.881715] x20: ffff0000015ee000 x19: 0004000800000200 x18: 0000000000000000 [ 31.888842] x17: ffff800076c45000 x16: ffff800008004000 x15: 000058e39660b106 [ 31.895969] x14: 0000000000000144 x13: 0000000000000144 x12: 0000000000000000 [ 31.903095] x11: 000000000000275f x10: 00000000000009e0 x9 : ffff80000a0837d0 [ 31.910222] x8 : ffff000000de26c0 x7 : ffff00007fbd6540 x6 : ffff00007fbd64c0 [ 31.917349] x5 : ffff00007fbd0b10 x4 : ffff00007fbd0b10 x3 : ffff00007fbd3920 [ 31.924476] x2 : d0a07fcff8b8d500 x1 : 0000000000000000 x0 : 0004000800000200 [ 31.931603] Call trace: [ 31.934042] phy_stop+0x18/0xf8 [ 31.937177] phylink_stop+0x38/0xf8 [ 31.940657] am65_cpsw_nuss_ndo_slave_stop+0x28/0x1e0 [ti_am65_cpsw_nuss] [ 31.947452] __dev_close_many+0xa4/0x140 [ 31.951371] dev_close_many+0x84/0x128 [ 31.955115] unregister_netdevice_many+0x130/0x6d0 [ 31.959897] unregister_netdevice_queue+0x94/0xd8 [ 31.964591] unregister_netdev+0x24/0x38 [ 31.968504] am65_cpsw_nuss_cleanup_ndev.isra.0+0x48/0x70 [ti_am65_cpsw_nuss] [ 31.975637] am65_cpsw_nuss_remove+0x58/0xf8 [ti_am65_cpsw_nuss] " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49848.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49848.json index 50f1264cda0..62d30b03c81 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49848.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49848.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49848", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.327", - "lastModified": "2025-05-01T15:16:08.327", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-combo: fix NULL-deref on runtime resume\n\nCommit fc64623637da (\"phy: qcom-qmp-combo,usb: add support for separate\nPCS_USB region\") started treating the PCS_USB registers as potentially\nseparate from the PCS registers but used the wrong base when no PCS_USB\noffset has been provided.\n\nFix the PCS_USB base used at runtime resume to prevent dereferencing a\nNULL pointer on platforms that do not provide a PCS_USB offset (e.g.\nSC7180)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: qcom-qmp-combo: correcci\u00f3n de la desreferencia de NULL al reanudar la ejecuci\u00f3n. El commit fc64623637da (\"phy: qcom-qmp-combo,usb: a\u00f1adir compatibilidad con la regi\u00f3n PCS_USB independiente\") comenz\u00f3 a tratar los registros PCS_USB como potencialmente independientes de los registros PCS, pero utilizaba la base incorrecta cuando no se proporcionaba un desplazamiento PCS_USB. Se corrigi\u00f3 la base PCS_USB utilizada al reanudar la ejecuci\u00f3n para evitar la desreferenciaci\u00f3n de un puntero NULL en plataformas que no proporcionan un desplazamiento PCS_USB (p. ej., SC7180)." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49849.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49849.json index e12dd82540f..573dad3a034 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49849.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49849.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49849", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.450", - "lastModified": "2025-05-01T15:16:08.450", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix match incorrectly in dev_args_match_device\n\nsyzkaller found a failed assertion:\n\n assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921\n\nThis can be triggered when we set devid to (u64)-1 by ioctl. In this\ncase, the match of devid will be skipped and the match of device may\nsucceed incorrectly.\n\nPatch 562d7b1512f7 introduced this function which is used to match device.\nThis function contains two matching scenarios, we can distinguish them by\nchecking the value of args->missing rather than check whether args->devid\nand args->uuid is default value." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: correcci\u00f3n de coincidencia incorrecta en dev_args_match_device syzkaller encontr\u00f3 una aserci\u00f3n fallida: assertion failed: (args->devid != (u64)-1) || args->missing, en fs/btrfs/volumes.c:6921 Esto puede activarse cuando configuramos devid en (u64)-1 mediante ioctl. En este caso, se omitir\u00e1 la coincidencia de devid y la coincidencia de dispositivo puede tener \u00e9xito incorrectamente. El parche 562d7b1512f7 introdujo esta funci\u00f3n que se utiliza para hacer coincidir dispositivos. Esta funci\u00f3n contiene dos escenarios de coincidencia; podemos distinguirlos comprobando el valor de args->missing en lugar de comprobar si args->devid y args->uuid son los valores predeterminados." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49850.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49850.json index 852313fd92f..3f7a789f266 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49850.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49850.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49850", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.567", - "lastModified": "2025-05-01T15:16:08.567", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix deadlock in nilfs_count_free_blocks()\n\nA semaphore deadlock can occur if nilfs_get_block() detects metadata\ncorruption while locating data blocks and a superblock writeback occurs at\nthe same time:\n\ntask 1 task 2\n------ ------\n* A file operation *\nnilfs_truncate()\n nilfs_get_block()\n down_read(rwsem A) <--\n nilfs_bmap_lookup_contig()\n ... generic_shutdown_super()\n nilfs_put_super()\n * Prepare to write superblock *\n down_write(rwsem B) <--\n nilfs_cleanup_super()\n * Detect b-tree corruption * nilfs_set_log_cursor()\n nilfs_bmap_convert_error() nilfs_count_free_blocks()\n __nilfs_error() down_read(rwsem A) <--\n nilfs_set_error()\n down_write(rwsem B) <--\n\n *** DEADLOCK ***\n\nHere, nilfs_get_block() readlocks rwsem A (= NILFS_MDT(dat_inode)->mi_sem)\nand then calls nilfs_bmap_lookup_contig(), but if it fails due to metadata\ncorruption, __nilfs_error() is called from nilfs_bmap_convert_error()\ninside the lock section.\n\nSince __nilfs_error() calls nilfs_set_error() unless the filesystem is\nread-only and nilfs_set_error() attempts to writelock rwsem B (=\nnilfs->ns_sem) to write back superblock exclusively, hierarchical lock\nacquisition occurs in the order rwsem A -> rwsem B.\n\nNow, if another task starts updating the superblock, it may writelock\nrwsem B during the lock sequence above, and can deadlock trying to\nreadlock rwsem A in nilfs_count_free_blocks().\n\nHowever, there is actually no need to take rwsem A in\nnilfs_count_free_blocks() because it, within the lock section, only reads\na single integer data on a shared struct with\nnilfs_sufile_get_ncleansegs(). This has been the case after commit\naa474a220180 (\"nilfs2: add local variable to cache the number of clean\nsegments\"), that is, even before this bug was introduced.\n\nSo, this resolves the deadlock problem by just not taking the semaphore in\nnilfs_count_free_blocks()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: corregir bloqueo en nilfs_count_free_blocks() Un bloqueo de sem\u00e1foro puede ocurrir si nilfs_get_block() detecta corrupci\u00f3n de metadatos mientras localiza bloques de datos y ocurre una escritura diferida de superbloque al mismo tiempo: tarea 1 tarea 2 ------ ------ * Una operaci\u00f3n de archivo * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Preparar para escribir superbloque * down_write(rwsem B) <-- nilfs_cleanup_super() * Detectar corrupci\u00f3n de \u00e1rbol b * nilfs_set_log_cursor() nilfs_bmap_convert_error() nilfs_count_free_blocks() __nilfs_error() down_read(rwsem A) <-- nilfs_set_error() down_write(rwsem B) <-- *** DEADLOCK *** Aqu\u00ed, nilfs_get_block() vuelve a bloquear rwsem A (= NILFS_MDT(dat_inode)->mi_sem) y luego llama a nilfs_bmap_lookup_contig(), pero si falla debido a la corrupci\u00f3n de metadatos, se llama a __nilfs_error() desde nilfs_bmap_convert_error() dentro de la secci\u00f3n de bloqueo. Dado que __nilfs_error() llama a nilfs_set_error() a menos que el sistema de archivos sea de solo lectura y nilfs_set_error() intente bloquear la escritura de rwsem B (= nilfs->ns_sem) para reescribir exclusivamente el superbloque, la adquisici\u00f3n del bloqueo jer\u00e1rquico se produce en el orden rwsem A -> rwsem B. Ahora bien, si otra tarea comienza a actualizar el superbloque, puede bloquear la escritura de rwsem B durante la secuencia de bloqueo anterior y puede bloquearse al intentar bloquear la lectura de rwsem A en nilfs_count_free_blocks(). Sin embargo, no es necesario tomar rwsem A en nilfs_count_free_blocks() porque, dentro de la secci\u00f3n de bloqueo, solo lee un \u00fanico dato entero en una estructura compartida con nilfs_sufile_get_ncleansegs(). Esto ha sucedido despu\u00e9s del commit aa474a220180 (\"nilfs2: a\u00f1adir variable local para almacenar en cach\u00e9 el n\u00famero de segmentos limpios\"), incluso antes de que se introdujera este error. Por lo tanto, esto resuelve el problema de interbloqueo simplemente eliminando el sem\u00e1foro en nilfs_count_free_blocks()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49851.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49851.json index 66dfca866ca..aa621ad3af5 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49851.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49851.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49851", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.680", - "lastModified": "2025-05-01T15:16:08.680", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fix reserved memory setup\n\nCurrently, RISC-V sets up reserved memory using the \"early\" copy of the\ndevice tree. As a result, when trying to get a reserved memory region\nusing of_reserved_mem_lookup(), the pointer to reserved memory regions\nis using the early, pre-virtual-memory address which causes a kernel\npanic when trying to use the buffer's name:\n\n Unable to handle kernel paging request at virtual address 00000000401c31ac\n Oops [#1]\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 6.0.0-rc1-00001-g0d9d6953d834 #1\n Hardware name: Microchip PolarFire-SoC Icicle Kit (DT)\n epc : string+0x4a/0xea\n ra : vsnprintf+0x1e4/0x336\n epc : ffffffff80335ea0 ra : ffffffff80338936 sp : ffffffff81203be0\n gp : ffffffff812e0a98 tp : ffffffff8120de40 t0 : 0000000000000000\n t1 : ffffffff81203e28 t2 : 7265736572203a46 s0 : ffffffff81203c20\n s1 : ffffffff81203e28 a0 : ffffffff81203d22 a1 : 0000000000000000\n a2 : ffffffff81203d08 a3 : 0000000081203d21 a4 : ffffffffffffffff\n a5 : 00000000401c31ac a6 : ffff0a00ffffff04 a7 : ffffffffffffffff\n s2 : ffffffff81203d08 s3 : ffffffff81203d00 s4 : 0000000000000008\n s5 : ffffffff000000ff s6 : 0000000000ffffff s7 : 00000000ffffff00\n s8 : ffffffff80d9821a s9 : ffffffff81203d22 s10: 0000000000000002\n s11: ffffffff80d9821c t3 : ffffffff812f3617 t4 : ffffffff812f3617\n t5 : ffffffff812f3618 t6 : ffffffff81203d08\n status: 0000000200000100 badaddr: 00000000401c31ac cause: 000000000000000d\n [] vsnprintf+0x1e4/0x336\n [] vprintk_store+0xf6/0x344\n [] vprintk_emit+0x56/0x192\n [] vprintk_default+0x16/0x1e\n [] vprintk+0x72/0x80\n [] _printk+0x36/0x50\n [] print_reserved_mem+0x1c/0x24\n [] paging_init+0x528/0x5bc\n [] setup_arch+0xd0/0x592\n [] start_kernel+0x82/0x73c\n\nearly_init_fdt_scan_reserved_mem() takes no arguments as it operates on\ninitial_boot_params, which is populated by early_init_dt_verify(). On\nRISC-V, early_init_dt_verify() is called twice. Once, directly, in\nsetup_arch() if CONFIG_BUILTIN_DTB is not enabled and once indirectly,\nvery early in the boot process, by parse_dtb() when it calls\nearly_init_dt_scan_nodes().\n\nThis first call uses dtb_early_va to set initial_boot_params, which is\nnot usable later in the boot process when\nearly_init_fdt_scan_reserved_mem() is called. On arm64 for example, the\ncorresponding call to early_init_dt_scan_nodes() uses fixmap addresses\nand doesn't suffer the same fate.\n\nMove early_init_fdt_scan_reserved_mem() further along the boot sequence,\nafter the direct call to early_init_dt_verify() in setup_arch() so that\nthe names use the correct virtual memory addresses. The above supposed\nthat CONFIG_BUILTIN_DTB was not set, but should work equally in the case\nwhere it is - unflatted_and_copy_device_tree() also updates\ninitial_boot_params." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: correcci\u00f3n de la configuraci\u00f3n de memoria reservada Actualmente, RISC-V configura la memoria reservada utilizando la copia \"temprana\" del \u00e1rbol de dispositivos. Como resultado, al intentar obtener una regi\u00f3n de memoria reservada usando of_reserved_mem_lookup(), el puntero a las regiones de memoria reservadas usa la direcci\u00f3n anterior a la memoria virtual, lo que causa un p\u00e1nico del kernel al intentar usar el nombre del b\u00fafer: Unable to handle kernel paging request at virtual address 00000000401c31ac Oops [#1] M\u00f3dulos vinculados: CPU: 0 PID: 0 Comm: swapper Not tainted 6.0.0-rc1-00001-g0d9d6953d834 #1 Nombre del hardware: Microchip PolarFire-SoC Icicle Kit (DT) epc : string+0x4a/0xea ra : vsnprintf+0x1e4/0x336 epc : ffffffff80335ea0 ra : ffffffff80338936 sp : ffffffff81203be0 gp: ffffffff812e0a98 tp: ffffffff8120de40 t0: 0000000000000000 t1: ffffffff81203e28 t2: 7265736572203a46 s0: ffffffff81203c20 s1: ffffffff81203e28 a0: ffffffff81203d22 a1: 0000000000000000 a2: ffffffff81203d08 a3: 0000000081203d21 a4: ffffffffffffffff a5: 00000000401c31ac a6 : ffff0a00ffffff04 a7 : ffffffffffffffff s2 : ffffffff81203d08 s3 : ffffffff81203d00 s4 : 0000000000000008 s5 : ffffffff000000ff s6 : 0000000000ffffff s7 : 00000000ffffff00 s8 : ffffffff80d9821a s9 : ffffffff81203d22 s10: 000000000000002 s11: ffffffff80d9821c t3 : ffffffff812f3617 t4: ffffffff812f3617 t5: ffffffff812f3618 t6: ffffffff81203d08 estado: 0000000200000100 direcci\u00f3n incorrecta: 00000000401c31ac causa: 000000000000000d [] vsnprintf+0x1e4/0x336 [] vprintk_store+0xf6/0x344 [] vprintk_emit+0x56/0x192 [] vprintk_default+0x16/0x1e [] vprintk+0x72/0x80 [] _printk+0x36/0x50 [] print_reserved_mem+0x1c/0x24 [] paging_init+0x528/0x5bc [] setup_arch+0xd0/0x592 [] start_kernel+0x82/0x73c early_init_fdt_scan_reserved_mem() no toma argumentos ya que opera en initial_boot_params, que se completa con early_init_dt_verify(). En RISC-V, early_init_dt_verify() se llama dos veces: una directamente, en setup_arch() si CONFIG_BUILTIN_DTB no est\u00e1 habilitado, y otra indirectamente, en una fase muy temprana del proceso de arranque, mediante parse_dtb() al llamar a early_init_dt_scan_nodes(). Esta primera llamada utiliza dtb_early_va para establecer initial_boot_params, que no se puede utilizar posteriormente en el proceso de arranque cuando se llama a early_init_fdt_scan_reserved_mem(). En arm64, por ejemplo, la llamada correspondiente a early_init_dt_scan_nodes() utiliza direcciones fixmap y no sufre el mismo problema. Desplace early_init_fdt_scan_reserved_mem() m\u00e1s adelante en la secuencia de arranque, despu\u00e9s de la llamada directa a early_init_dt_verify() en setup_arch() para que los nombres utilicen las direcciones de memoria virtual correctas. Lo anterior supuso que CONFIG_BUILTIN_DTB no estaba configurado, pero deber\u00eda funcionar igualmente en el caso en que lo est\u00e9: unflatted_and_copy_device_tree() tambi\u00e9n actualiza initial_boot_params." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49852.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49852.json index 92fb90486c1..bfba3ecc422 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49852.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49852.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49852", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.787", - "lastModified": "2025-05-01T15:16:08.787", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: process: fix kernel info leakage\n\nthread_struct's s[12] may contain random kernel memory content, which\nmay be finally leaked to userspace. This is a security hole. Fix it\nby clearing the s[12] array in thread_struct when fork.\n\nAs for kthread case, it's better to clear the s[12] array as well." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: proceso: correcci\u00f3n de fuga de informaci\u00f3n del kernel. El array s[12] de thread_struct puede contener contenido aleatorio de memoria del kernel, que podr\u00eda filtrarse al espacio de usuario. Esto representa una vulnerabilidad de seguridad. Para solucionarlo, borre la matriz s[12] de thread_struct al bifurcar. En el caso de kthread, es recomendable borrar tambi\u00e9n la matriz s[12]." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49853.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49853.json index e127690c831..9f2ebe6c082 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49853.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49853.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49853", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.890", - "lastModified": "2025-05-01T15:16:08.890", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macvlan: fix memory leaks of macvlan_common_newlink\n\nkmemleak reports memory leaks in macvlan_common_newlink, as follows:\n\n ip link add link eth0 name .. type macvlan mode source macaddr add\n \n\nkmemleak reports:\n\nunreferenced object 0xffff8880109bb140 (size 64):\n comm \"ip\", pid 284, jiffies 4294986150 (age 430.108s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z.....\n 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk\n backtrace:\n [] kmem_cache_alloc_trace+0x1c7/0x300\n [] macvlan_hash_add_source+0x45/0xc0\n [] macvlan_changelink_sources+0xd7/0x170\n [] macvlan_common_newlink+0x38c/0x5a0\n [] macvlan_newlink+0xe/0x20\n [] __rtnl_newlink+0x7af/0xa50\n [] rtnl_newlink+0x48/0x70\n ...\n\nIn the scenario where the macvlan mode is configured as 'source',\nmacvlan_changelink_sources() will be execured to reconfigure list of\nremote source mac addresses, at the same time, if register_netdevice()\nreturn an error, the resource generated by macvlan_changelink_sources()\nis not cleaned up.\n\nUsing this patch, in the case of an error, it will execute\nmacvlan_flush_sources() to ensure that the resource is cleaned up." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: macvlan: corregir fugas de memoria de macvlan_common_newlink kmemleak informa de fugas de memoria en macvlan_common_newlink, como se indica a continuaci\u00f3n: ip link add link eth0 name .. type macvlan mode source macaddr add kmemleak informa: objeto no referenciado 0xffff8880109bb140 (tama\u00f1o 64): comm \"ip\", pid 284, jiffies 4294986150 (edad 430.108s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z..... 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk seguimiento inverso: [] kmem_cache_alloc_trace+0x1c7/0x300 [] macvlan_hash_add_source+0x45/0xc0 [] macvlan_changelink_sources+0xd7/0x170 [] macvlan_common_newlink+0x38c/0x5a0 [] macvlan_newlink+0xe/0x20 [] __rtnl_newlink+0x7af/0xa50 [] rtnl_newlink+0x48/0x70 ... En el escenario donde el modo macvlan est\u00e1 configurado como 'origen', se ejecutar\u00e1 macvlan_changelink_sources() para reconfigurar la lista de direcciones MAC de origen remoto. Al mismo tiempo, si register_netdevice() devuelve un error, el recurso generado por macvlan_changelink_sources() no se limpia. Con este parche, en caso de error, se ejecutar\u00e1 macvlan_flush_sources() para garantizar que el recurso se limpie." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49854.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49854.json index 43c35feb373..55d74ccf5f3 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49854.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49854.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49854", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:08.997", - "lastModified": "2025-05-01T15:16:08.997", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: Fix an error handling path in mctp_init()\n\nIf mctp_neigh_init() return error, the routes resources should\nbe released in the error handling path. Otherwise some resources\nleak." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mctp: Se corrige una ruta de gesti\u00f3n de errores en mctp_init(). Si mctp_neigh_init() devuelve un error, los recursos de las rutas deben liberarse en la ruta de gesti\u00f3n de errores. De lo contrario, se producen fugas de recursos." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49855.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49855.json index c8389edf043..f7c4b955dd9 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49855.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49855.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49855", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.090", - "lastModified": "2025-05-01T15:16:09.090", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg\n\nipc_pcie_read_bios_cfg() is using the acpi_evaluate_dsm() to\nobtain the wwan power state configuration from BIOS but is\nnot freeing the acpi_object. The acpi_evaluate_dsm() returned\nacpi_object to be freed.\n\nFree the acpi_object after use." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: se corrige la p\u00e9rdida de memoria en ipc_pcie_read_bios_cfg. ipc_pcie_read_bios_cfg() utiliza acpi_evaluate_dsm() para obtener la configuraci\u00f3n del estado de energ\u00eda de wwan desde la BIOS, pero no libera acpi_object. Acpi_evaluate_dsm() devolvi\u00f3 acpi_object para su liberaci\u00f3n. Libere acpi_object despu\u00e9s de su uso." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49856.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49856.json index cdf727d99e7..607b3355005 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49856.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49856.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49856", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.197", - "lastModified": "2025-05-01T15:16:09.197", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: call napi_schedule_prep() to ensure we own a napi\n\nA recent patch exposed another issue in napi_get_frags()\ncaught by syzbot [1]\n\nBefore feeding packets to GRO, and calling napi_complete()\nwe must first grab NAPI_STATE_SCHED.\n\n[1]\nWARNING: CPU: 0 PID: 3612 at net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076\nModules linked in:\nCPU: 0 PID: 3612 Comm: syz-executor408 Not tainted 6.1.0-rc3-syzkaller-00175-g1118b2049d77 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:napi_complete_done+0x45b/0x880 net/core/dev.c:6076\nCode: c1 ea 03 0f b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 04 00 00 41 89 5d 1c e9 73 fc ff ff e8 b5 53 22 fa <0f> 0b e9 82 fe ff ff e8 a9 53 22 fa 48 8b 5c 24 08 31 ff 48 89 de\nRSP: 0018:ffffc90003c4f920 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000030 RCX: 0000000000000000\nRDX: ffff8880251c0000 RSI: ffffffff875a58db RDI: 0000000000000007\nRBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888072d02628\nR13: ffff888072d02618 R14: ffff888072d02634 R15: 0000000000000000\nFS: 0000555555f13300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055c44d3892b8 CR3: 00000000172d2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\nnapi_complete include/linux/netdevice.h:510 [inline]\ntun_get_user+0x206d/0x3a60 drivers/net/tun.c:1980\ntun_chr_write_iter+0xdb/0x200 drivers/net/tun.c:2027\ncall_write_iter include/linux/fs.h:2191 [inline]\ndo_iter_readv_writev+0x20b/0x3b0 fs/read_write.c:735\ndo_iter_write+0x182/0x700 fs/read_write.c:861\nvfs_writev+0x1aa/0x630 fs/read_write.c:934\ndo_writev+0x133/0x2f0 fs/read_write.c:977\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f37021a3c19" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tun: llamar a napi_schedule_prep() para asegurarnos de que poseemos un napi Un parche reciente expuso otro problema en napi_get_frags() detectado por syzbot [1] Antes de alimentar paquetes a GRO y llamar a napi_complete(), primero debemos obtener NAPI_STATE_SCHED. [1] ADVERTENCIA: CPU: 0 PID: 3612 en net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076 M\u00f3dulos vinculados: CPU: 0 PID: 3612 Comm: syz-executor408 No contaminado 6.1.0-rc3-syzkaller-00175-g1118b2049d77 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 RIP: 0010:napi_complete_done+0x45b/0x880 net/core/dev.c:6076 C\u00f3digo: c1 ea 03 0f b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 04 00 00 41 89 5d 1c e9 73 fc ff ff e8 b5 53 22 fa <0f> 0b e9 82 fe ff ff e8 a9 53 22 fa 48 8b 5c 24 08 31 ff 48 89 de RSP: 0018:ffffc90003c4f920 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000030 RCX: 000000000000000 RDX: ffff8880251c0000 RSI: ffffffff875a58db RDI: 0000000000000007 RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff888072d02628 R13: ffff888072d02618 R14: ffff888072d02634 R15: 0000000000000000 FS: 0000555555f13300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c44d3892b8 CR3: 00000000172d2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: napi_complete include/linux/netdevice.h:510 [inline] tun_get_user+0x206d/0x3a60 drivers/net/tun.c:1980 tun_chr_write_iter+0xdb/0x200 drivers/net/tun.c:2027 call_write_iter include/linux/fs.h:2191 [inline] do_iter_readv_writev+0x20b/0x3b0 fs/read_write.c:735 do_iter_write+0x182/0x700 fs/read_write.c:861 vfs_writev+0x1aa/0x630 fs/read_write.c:934 do_writev+0x133/0x2f0 fs/read_write.c:977 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f37021a3c19 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49857.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49857.json index 21f429c3b57..a043c7ee706 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49857.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49857.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49857", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.307", - "lastModified": "2025-05-01T15:16:09.307", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()\n\nWhen prestera_sdma_switch_init() failed, the memory pointed to by\nsw->rxtx isn't released. Fix it. Only be compiled, not be tested." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: marvell: prestera: se corrige una fuga de memoria en prestera_rxtx_switch_init(). Cuando prestera_sdma_switch_init() falla, la memoria a la que apunta sw->rxtx no se libera. Se debe corregir. Solo se compilar\u00e1, no se probar\u00e1." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49858.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49858.json index cc5324e0826..b97b52c97bb 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49858.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49858.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49858", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.410", - "lastModified": "2025-05-01T15:16:09.410", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: Se corrige la comprobaci\u00f3n del umbral de SQE. La forma actual de comprobar el recuento de SQE disponibles, basada en el recuento de SQB actualizado por hardware, podr\u00eda provocar que el controlador env\u00ede un SQE incluso antes de que se procese en NAPI el CQE del SQE previamente transmitido en el mismo \u00edndice, lo que resulta en la p\u00e9rdida de punteros SKB y, por lo tanto, una fuga. Se soluciona esto comprobando un \u00edndice de consumidor que se actualiza una vez procesado el CQE." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49859.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49859.json index 3f1c744fd6e..5f85aaeb3e3 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49859.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49859.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49859", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.510", - "lastModified": "2025-05-01T15:16:09.510", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapbether: fix issue of invalid opcode in lapbeth_open()\n\nIf lapb_register() failed when lapb device goes to up for the first time,\nthe NAPI is not disabled. As a result, the invalid opcode issue is\nreported when the lapb device goes to up for the second time.\n\nThe stack info is as follows:\n[ 1958.311422][T11356] kernel BUG at net/core/dev.c:6442!\n[ 1958.312206][T11356] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[ 1958.315979][T11356] RIP: 0010:napi_enable+0x16a/0x1f0\n[ 1958.332310][T11356] Call Trace:\n[ 1958.332817][T11356] \n[ 1958.336135][T11356] lapbeth_open+0x18/0x90\n[ 1958.337446][T11356] __dev_open+0x258/0x490\n[ 1958.341672][T11356] __dev_change_flags+0x4d4/0x6a0\n[ 1958.345325][T11356] dev_change_flags+0x93/0x160\n[ 1958.346027][T11356] devinet_ioctl+0x1276/0x1bf0\n[ 1958.346738][T11356] inet_ioctl+0x1c8/0x2d0\n[ 1958.349638][T11356] sock_ioctl+0x5d1/0x750\n[ 1958.356059][T11356] __x64_sys_ioctl+0x3ec/0x1790\n[ 1958.365594][T11356] do_syscall_64+0x35/0x80\n[ 1958.366239][T11356] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 1958.377381][T11356] " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: lapbether: se corrige el problema de un c\u00f3digo de operaci\u00f3n no v\u00e1lido en lapbeth_open(). Si lapb_register() falla al iniciar el dispositivo lapb por primera vez, NAPI no se desactiva. Por lo tanto, el problema de c\u00f3digo de operaci\u00f3n no v\u00e1lido se reporta al iniciar el dispositivo lapb por segunda vez. La informaci\u00f3n de la pila es la siguiente: [ 1958.311422][T11356] kernel BUG at net/core/dev.c:6442! [ 1958.312206][T11356] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 1958.315979][T11356] RIP: 0010:napi_enable+0x16a/0x1f0 [ 1958.332310][T11356] Call Trace: [ 1958.332817][T11356] [ 1958.336135][T11356] lapbeth_open+0x18/0x90 [ 1958.337446][T11356] __dev_open+0x258/0x490 [ 1958.341672][T11356] __dev_change_flags+0x4d4/0x6a0 [ 1958.345325][T11356] dev_change_flags+0x93/0x160 [ 1958.346027][T11356] devinet_ioctl+0x1276/0x1bf0 [ 1958.346738][T11356] inet_ioctl+0x1c8/0x2d0 [ 1958.349638][T11356] sock_ioctl+0x5d1/0x750 [ 1958.356059][T11356] __x64_sys_ioctl+0x3ec/0x1790 [ 1958.365594][T11356] do_syscall_64+0x35/0x80 [ 1958.366239][T11356] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 1958.377381][T11356] " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49860.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49860.json index 77c566967b4..326d747b4d2 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49860.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49860.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49860", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.610", - "lastModified": "2025-05-01T15:16:09.610", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: fix memory leak when register device fail\n\nIf device_register() fails, it should call put_device() to give\nup reference, the name allocated in dev_set_name() can be freed\nin callback function kobject_cleanup()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma-glue: corrige p\u00e9rdida de memoria cuando falla el registro del dispositivo Si device_register() falla, debe llamar a put_device() para entregar la referencia, el nombre asignado en dev_set_name() se puede liberar en la funci\u00f3n de devoluci\u00f3n de llamada kobject_cleanup()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49861.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49861.json index 37c8d1a2b34..26a305db737 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49861.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49861.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49861", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:09.727", - "lastModified": "2025-05-01T15:16:09.727", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()\n\nA clk_prepare_enable() call in the probe is not balanced by a corresponding\nclk_disable_unprepare() in the remove function.\n\nAdd the missing call." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: mv_xor_v2: Se corrige una fuga de recursos en mv_xor_v2_remove(). Una llamada clk_prepare_enable() en la sonda no se compensa con la llamada clk_disable_unprepare() correspondiente en la funci\u00f3n de eliminaci\u00f3n. Agregue la llamada faltante." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49862.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49862.json index 3fc93a6e41a..92a7eaafc5e 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49862.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49862.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49862", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.097", - "lastModified": "2025-05-01T15:16:11.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header\n\nThis is a follow-up for commit 974cb0e3e7c9 (\"tipc: fix uninit-value\nin tipc_nl_compat_name_table_dump\") where it should have type casted\nsizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative\nvalue.\n\nsyzbot reported a call trace because of it:\n\n BUG: KMSAN: uninit-value in ...\n tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934\n __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238\n tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321\n tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324\n genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]\n genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792\n netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501\n genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: corrige la comprobaci\u00f3n de longitud del tlv msg->req en tipc_nl_compat_name_table_dump_header Este es un seguimiento del commit 974cb0e3e7c9 (\"tipc: corrige uninit-value en tipc_nl_compat_name_table_dump\") donde deber\u00eda haber convertido el tipo sizeof(..) a int para que funcione cuando TLV_GET_DATA_LEN() devuelve un valor negativo. syzbot inform\u00f3 un seguimiento de llamadas debido a esto: ERROR: KMSAN: valor no inicializado en ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238 tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321 tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501 genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49863.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49863.json index d80273c7657..1b31fc04b54 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49863.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49863.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49863", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.203", - "lastModified": "2025-05-01T15:16:11.203", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rx_register()\n\nIt causes NULL pointer dereference when testing as following:\n(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.\n(b) use syscall(__NR_sendmsg, ...) to create bond link device and vxcan\n link device, and bind vxcan device to bond device (can also use\n ifenslave command to bind vxcan device to bond device).\n(c) use syscall(__NR_socket, 0x1dul, 3ul, 1) to create CAN socket.\n(d) use syscall(__NR_bind, ...) to bind the bond device to CAN socket.\n\nThe bond device invokes the can-raw protocol registration interface to\nreceive CAN packets. However, ml_priv is not allocated to the dev,\ndev_rcv_lists is assigned to NULL in can_rx_register(). In this case,\nit will occur the NULL pointer dereference issue.\n\nThe following is the stack information:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 122a4067 P4D 122a4067 PUD 1223c067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:can_rx_register+0x12d/0x1e0\nCall Trace:\n\nraw_enable_filters+0x8d/0x120\nraw_enable_allfilters+0x3b/0x130\nraw_bind+0x118/0x4f0\n__sys_bind+0x163/0x1a0\n__x64_sys_bind+0x1e/0x30\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: af_can: corrige la desreferencia del puntero NULL en can_rx_register() Provoca la desreferencia del puntero NULL cuando se prueba lo siguiente: (a) use syscall(__NR_socket, 0x10ul, 3ul, 0) para crear el socket netlink. (b) use syscall(__NR_sendmsg, ...) para crear el dispositivo de enlace de enlace y el dispositivo de enlace vxcan, y enlace el dispositivo vxcan al dispositivo de enlace (tambi\u00e9n puede usar el comando ifenslave para enlazar el dispositivo vxcan al dispositivo de enlace). (c) use syscall(__NR_socket, 0x1dul, 3ul, 1) para crear el socket CAN. (d) use syscall(__NR_bind, ...) para enlazar el dispositivo de enlace al socket CAN. El dispositivo de enlace invoca la interfaz de registro del protocolo can-raw para recibir paquetes CAN. Sin embargo, ml_priv no est\u00e1 asignado a dev, y dev_rcv_lists est\u00e1 asignado a NULL en can_rx_register(). En este caso, se producir\u00e1 el problema de desreferencia del puntero NULL. La siguiente es la informaci\u00f3n de la pila: ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 PGD 122a4067 P4D 122a4067 PUD 1223c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:can_rx_register+0x12d/0x1e0 Seguimiento de llamadas: raw_enable_filters+0x8d/0x120 raw_enable_allfilters+0x3b/0x130 raw_bind+0x118/0x4f0 __sys_bind+0x163/0x1a0 __x64_sys_bind+0x1e/0x30 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49864.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49864.json index 034cc33bb66..8ba9235085a 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49864.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49864.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49864", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.313", - "lastModified": "2025-05-01T15:16:11.313", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()\n\n./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: Se corrige la desreferencia del puntero NULL en svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p es NULL pero est\u00e1 desreferenciado." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49865.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49865.json index 578011eec97..1b6d10491d8 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49865.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49865.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49865", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.420", - "lastModified": "2025-05-01T15:16:11.420", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network\n\nWhen copying a `struct ifaddrlblmsg` to the network, __ifal_reserved\nremained uninitialized, resulting in a 1-byte infoleak:\n\n BUG: KMSAN: kernel-network-infoleak in __netdev_start_xmit ./include/linux/netdevice.h:4841\n __netdev_start_xmit ./include/linux/netdevice.h:4841\n netdev_start_xmit ./include/linux/netdevice.h:4857\n xmit_one net/core/dev.c:3590\n dev_hard_start_xmit+0x1dc/0x800 net/core/dev.c:3606\n __dev_queue_xmit+0x17e8/0x4350 net/core/dev.c:4256\n dev_queue_xmit ./include/linux/netdevice.h:3009\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:307\n __netlink_deliver_tap+0x728/0xad0 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338\n __netlink_sendskb net/netlink/af_netlink.c:1263\n netlink_sendskb+0x1d9/0x200 net/netlink/af_netlink.c:1272\n netlink_unicast+0x56d/0xf50 net/netlink/af_netlink.c:1360\n nlmsg_unicast ./include/net/netlink.h:1061\n rtnl_unicast+0x5a/0x80 net/core/rtnetlink.c:758\n ip6addrlbl_get+0xfad/0x10f0 net/ipv6/addrlabel.c:628\n rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082\n ...\n Uninit was created at:\n slab_post_alloc_hook+0x118/0xb00 mm/slab.h:742\n slab_alloc_node mm/slub.c:3398\n __kmem_cache_alloc_node+0x4f2/0x930 mm/slub.c:3437\n __do_kmalloc_node mm/slab_common.c:954\n __kmalloc_node_track_caller+0x117/0x3d0 mm/slab_common.c:975\n kmalloc_reserve net/core/skbuff.c:437\n __alloc_skb+0x27a/0xab0 net/core/skbuff.c:509\n alloc_skb ./include/linux/skbuff.h:1267\n nlmsg_new ./include/net/netlink.h:964\n ip6addrlbl_get+0x490/0x10f0 net/ipv6/addrlabel.c:608\n rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082\n netlink_rcv_skb+0x299/0x550 net/netlink/af_netlink.c:2540\n rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319\n netlink_unicast+0x9ab/0xf50 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0xebc/0x10f0 net/netlink/af_netlink.c:1921\n ...\n\nThis patch ensures that the reserved field is always initialized." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: addrlabel: corregir fuga de informaci\u00f3n al enviar struct ifaddrlblmsg a la red Al copiar un `struct ifaddrlblmsg` a la red, __ifal_reserved permaneci\u00f3 sin inicializar, lo que result\u00f3 en una fuga de informaci\u00f3n de 1 byte: ERROR: KMSAN: kernel-network-infoleak en __netdev_start_xmit ./include/linux/netdevice.h:4841 __netdev_start_xmit ./include/linux/netdevice.h:4841 netdev_start_xmit ./include/linux/netdevice.h:4857 xmit_one net/core/dev.c:3590 dev_hard_start_xmit+0x1dc/0x800 net/core/dev.c:3606 __dev_queue_xmit+0x17e8/0x4350 net/core/dev.c:4256 dev_queue_xmit ./include/linux/netdevice.h:3009 __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 __netlink_deliver_tap+0x728/0xad0 net/netlink/af_netlink.c:325 netlink_deliver_tap net/netlink/af_netlink.c:338 __netlink_sendskb net/netlink/af_netlink.c:1263 netlink_sendskb+0x1d9/0x200 net/netlink/af_netlink.c:1272 netlink_unicast+0x56d/0xf50 net/netlink/af_netlink.c:1360 nlmsg_unicast ./include/net/netlink.h:1061 rtnl_unicast+0x5a/0x80 net/core/rtnetlink.c:758 ip6addrlbl_get+0xfad/0x10f0 net/ipv6/addrlabel.c:628 rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082 ... Uninit se cre\u00f3 en: slab_post_alloc_hook+0x118/0xb00 mm/slab.h:742 slab_alloc_node mm/slub.c:3398 __kmem_cache_alloc_node+0x4f2/0x930 mm/slub.c:3437 __do_kmalloc_node mm/slab_common.c:954 __kmalloc_node_track_caller+0x117/0x3d0 mm/slab_common.c:975 kmalloc_reserve net/core/skbuff.c:437 __alloc_skb+0x27a/0xab0 net/core/skbuff.c:509 alloc_skb ./include/linux/skbuff.h:1267 nlmsg_new ./include/net/netlink.h:964 ip6addrlbl_get+0x490/0x10f0 net/ipv6/addrlabel.c:608 rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082 netlink_rcv_skb+0x299/0x550 net/netlink/af_netlink.c:2540 rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6109 netlink_unicast_kernel net/netlink/af_netlink.c:1319 netlink_unicast+0x9ab/0xf50 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xebc/0x10f0 net/netlink/af_netlink.c:1921 ... Este parche garantiza que el campo reservado siempre se inicialice." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49866.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49866.json index 09b642e6b42..b9bf1a97733 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49866.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49866.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49866", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.530", - "lastModified": "2025-05-01T15:16:11.530", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: mhi: fix memory leak in mhi_mbim_dellink\n\nMHI driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch sets needs_free_netdev to true when registers\nnetwork device, which makes netdev subsystem call free_netdev()\nautomatically after unregister_netdevice()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: mhi: se corrige una fuga de memoria en mhi_mbim_dellink. El controlador MHI registra el dispositivo de red sin configurar el indicador needs_free_netdev y NO llama a free_netdev() al cancelar el registro del dispositivo de red, lo que provoca una fuga de memoria. Este parche establece needs_free_netdev como verdadero al registrar el dispositivo de red, lo que hace que el subsistema netdev llame autom\u00e1ticamente a free_netdev() despu\u00e9s de unregister_netdevice()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49867.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49867.json index 320ca731160..4d0fec1ae47 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49867.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49867.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49867", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.633", - "lastModified": "2025-05-01T15:16:11.633", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix memory leak in ipc_wwan_dellink\n\nIOSM driver registers network device without setting the\nneeds_free_netdev flag, and does NOT call free_netdev() when\nunregisters network device, which causes a memory leak.\n\nThis patch sets needs_free_netdev to true when registers\nnetwork device, which makes netdev subsystem call free_netdev()\nautomatically after unregister_netdevice()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: se corrige una fuga de memoria en ipc_wwan_dellink. El controlador IOSM registra el dispositivo de red sin configurar el indicador needs_free_netdev y NO llama a free_netdev() al cancelar el registro del dispositivo de red, lo que provoca una fuga de memoria. Este parche establece needs_free_netdev como verdadero al registrar el dispositivo de red, lo que hace que el subsistema netdev llame autom\u00e1ticamente a free_netdev() despu\u00e9s de cancelar el registro de netdevice()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49868.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49868.json index 27de7f12e7e..993d7653519 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49868.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49868.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49868", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.733", - "lastModified": "2025-05-01T15:16:11.733", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ralink: mt7621-pci: add sentinel to quirks table\n\nWith mt7621 soc_dev_attr fixed to register the soc as a device,\nkernel will experience an oops in soc_device_match_attr\n\nThis quirk test was introduced in the staging driver in\ncommit 9445ccb3714c (\"staging: mt7621-pci-phy: add quirks for 'E2'\nrevision using 'soc_device_attribute'\"). The staging driver was removed,\nand later re-added in commit d87da32372a0 (\"phy: ralink: Add PHY driver\nfor MT7621 PCIe PHY\") for kernel 5.11" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: ralink: mt7621-pci: a\u00f1adir centinela a la tabla de peculiaridades. Con la correcci\u00f3n de la variable mt7621 soc_dev_attr para registrar el SOC como dispositivo, el kernel experimentar\u00e1 un error en soc_device_match_attr. Esta prueba de peculiaridades se introdujo en el controlador de pruebas en el commit 9445ccb3714c (\"staging: mt7621-pci-phy: a\u00f1adir peculiaridades para la revisi\u00f3n 'E2' mediante 'soc_device_attribute'\"). El controlador de pruebas se elimin\u00f3 y se volvi\u00f3 a a\u00f1adir posteriormente en el commit d87da32372a0 (\"phy: ralink: A\u00f1adir controlador PHY para MT7621 PCIe PHY\") para el kernel 5.11." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49869.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49869.json index 9e7812287dd..a119c504557 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49869.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49869.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49869", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.830", - "lastModified": "2025-05-01T15:16:11.830", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix possible crash in bnxt_hwrm_set_coal()\n\nDuring the error recovery sequence, the rtnl_lock is not held for the\nentire duration and some datastructures may be freed during the sequence.\nCheck for the BNXT_STATE_OPEN flag instead of netif_running() to ensure\nthat the device is fully operational before proceeding to reconfigure\nthe coalescing settings.\n\nThis will fix a possible crash like this:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 10 PID: 181276 Comm: ethtool Kdump: loaded Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1\nHardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019\nRIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en]\nCode: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 <48> 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6\nRSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5\nRDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28\nRBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c\nR13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0\nFS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ethnl_set_coalesce+0x3ce/0x4c0\n genl_family_rcv_msg_doit.isra.15+0x10f/0x150\n genl_family_rcv_msg+0xb3/0x160\n ? coalesce_fill_reply+0x480/0x480\n genl_rcv_msg+0x47/0x90\n ? genl_family_rcv_msg+0x160/0x160\n netlink_rcv_skb+0x4c/0x120\n genl_rcv+0x24/0x40\n netlink_unicast+0x196/0x230\n netlink_sendmsg+0x204/0x3d0\n sock_sendmsg+0x4c/0x50\n __sys_sendto+0xee/0x160\n ? syscall_trace_enter+0x1d3/0x2c0\n ? __audit_syscall_exit+0x249/0x2a0\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x5b/0x1a0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\nRIP: 0033:0x7f38524163bb" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bnxt_en: Se corrige un posible fallo en bnxt_hwrm_set_coal(). Durante la secuencia de recuperaci\u00f3n de errores, el bloqueo rtnl_lock no se mantiene durante toda la secuencia y algunas estructuras de datos podr\u00edan liberarse durante la misma. Compruebe el indicador BNXT_STATE_OPEN en lugar de netif_running() para asegurarse de que el dispositivo est\u00e9 completamente operativo antes de reconfigurar los ajustes de coalescencia. Esto solucionar\u00e1 un posible fallo como este: ERROR: no se puede controlar la desreferencia del puntero NULL del n\u00facleo en 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 10 PID: 181276 Comm: ethtool Kdump: cargado Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1 Nombre del hardware: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 15/08/2019 RIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en] C\u00f3digo: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 <48> 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6 RSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246 RAX: 000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5 RDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28 RBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c R13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0 FS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Rastreo de llamadas: ethnl_set_coalesce+0x3ce/0x4c0 genl_family_rcv_msg_doit.isra.15+0x10f/0x150 genl_family_rcv_msg+0xb3/0x160 ? coalesce_fill_reply+0x480/0x480 genl_rcv_msg+0x47/0x90 ? genl_family_rcv_msg+0x160/0x160 netlink_rcv_skb+0x4c/0x120 genl_rcv+0x24/0x40 netlink_unicast+0x196/0x230 netlink_sendmsg+0x204/0x3d0 sock_sendmsg+0x4c/0x50 __sys_sendto+0xee/0x160 ? syscall_trace_enter+0x1d3/0x2c0 ? __audit_syscall_exit+0x249/0x2a0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x5b/0x1a0 entry_SYSCALL_64_after_hwframe+0x65/0xca RIP: 0033:0x7f38524163bb" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49870.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49870.json index d930f996408..e6b6d78a052 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49870.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49870.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49870", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:11.937", - "lastModified": "2025-05-01T15:16:11.937", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix undefined behavior in bit shift for CAP_TO_MASK\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in security/commoncap.c:1252:2\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n \n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n cap_task_prctl+0x561/0x6f0\n security_task_prctl+0x5a/0xb0\n __x64_sys_prctl+0x61/0x8f0\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: capacidades: corregir comportamiento indefinido en el cambio de bits para CAP_TO_MASK El cambio de un valor con signo de 32 bits por 31 bits no est\u00e1 definido, por lo que se cambia el bit significativo a sin signo. El seguimiento de llamadas de advertencia de UBSAN como se muestra a continuaci\u00f3n: UBSAN: desplazamiento fuera de los l\u00edmites en security/commoncap.c:1252:2 El desplazamiento a la izquierda de 1 por 31 lugares no se puede representar en el tipo 'int' Seguimiento de llamadas: dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c cap_task_prctl+0x561/0x6f0 security_task_prctl+0x5a/0xb0 __x64_sys_prctl+0x61/0x8f0 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49871.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49871.json index 7ba1cb08d70..80f9969c1b9 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49871.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49871.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49871", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.030", - "lastModified": "2025-05-01T15:16:12.030", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix memory leaks of napi_get_frags\n\nkmemleak reports after running test_progs:\n\nunreferenced object 0xffff8881b1672dc0 (size 232):\n comm \"test_progs\", pid 394388, jiffies 4354712116 (age 841.975s)\n hex dump (first 32 bytes):\n e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g.....\n 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............\n backtrace:\n [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150\n [<0000000041c7fc09>] __napi_build_skb+0x15/0x50\n [<00000000431c7079>] __napi_alloc_skb+0x26e/0x540\n [<000000003ecfa30e>] napi_get_frags+0x59/0x140\n [<0000000099b2199e>] tun_get_user+0x183d/0x3bb0 [tun]\n [<000000008a5adef0>] tun_chr_write_iter+0xc0/0x1b1 [tun]\n [<0000000049993ff4>] do_iter_readv_writev+0x19f/0x320\n [<000000008f338ea2>] do_iter_write+0x135/0x630\n [<000000008a3377a4>] vfs_writev+0x12e/0x440\n [<00000000a6b5639a>] do_writev+0x104/0x280\n [<00000000ccf065d8>] do_syscall_64+0x3b/0x90\n [<00000000d776e329>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\ntun_get_user()\n napi_gro_frags()\n napi_frags_finish()\n case GRO_NORMAL:\n gro_normal_one()\n list_add_tail(&skb->list, &napi->rx_list);\n <-- While napi->rx_count < READ_ONCE(gro_normal_batch),\n <-- gro_normal_list() is not called, napi->rx_list is not empty\n <-- not ask to complete the gro work, will cause memory leaks in\n <-- following tun_napi_del()\n...\ntun_napi_del()\n netif_napi_del()\n __netif_napi_del()\n <-- &napi->rx_list is not empty, which caused memory leaks\n\nTo fix, add napi_complete() after napi_gro_frags()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tun: Se corrigen las fugas de memoria de napi_get_frags que informa kmemleak tras ejecutar test_progs: objeto sin referencia 0xffff8881b1672dc0 (tama\u00f1o 232): comm \"test_progs\", pid 394388, jiffies 4354712116 (edad 841,975 s) volcado hexadecimal (primeros 32 bytes): e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g..... 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace: [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150 [<0000000041c7fc09>] __napi_build_skb+0x15/0x50 [<00000000431c7079>] __napi_alloc_skb+0x26e/0x540 [<000000003ecfa30e>] napi_get_frags+0x59/0x140 [<0000000099b2199e>] tun_get_user+0x183d/0x3bb0 [tun] [<000000008a5adef0>] tun_chr_write_iter+0xc0/0x1b1 [tun] El problema ocurre en los siguientes escenarios: tun_get_user() napi_gro_frags() napi_frags_finish() caso GRO_NORMAL: gro_normal_one() list_add_tail(&skb->list, &napi->rx_list); <-- Mientras napi->rx_count < READ_ONCE(gro_normal_batch), <-- gro_normal_list() no se llama, napi->rx_list no est\u00e1 vac\u00edo <-- no solicita completar el trabajo de gro, causar\u00e1 p\u00e9rdidas de memoria en <-- siguientes tun_napi_del() ... tun_napi_del() netif_napi_del() __netif_napi_del() <-- &napi->rx_list no est\u00e1 vac\u00edo, lo que caus\u00f3 p\u00e9rdidas de memoria Para corregirlo, agregue napi_complete() despu\u00e9s de napi_gro_frags()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49872.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49872.json index 95601033da9..703c6debd8c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49872.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49872.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49872", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.133", - "lastModified": "2025-05-01T15:16:12.133", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix panic on frag_list with mixed head alloc types\n\nSince commit 3dcbdb134f32 (\"net: gso: Fix skb_segment splat when\nsplitting gso_size mangled skb having linear-headed frag_list\"), it is\nallowed to change gso_size of a GRO packet. However, that commit assumes\nthat \"checking the first list_skb member suffices; i.e if either of the\nlist_skb members have non head_frag head, then the first one has too\".\n\nIt turns out this assumption does not hold. We've seen BUG_ON being hit\nin skb_segment when skbs on the frag_list had differing head_frag with\nthe vmxnet3 driver. This happens because __netdev_alloc_skb and\n__napi_alloc_skb can return a skb that is page backed or kmalloced\ndepending on the requested size. As the result, the last small skb in\nthe GRO packet can be kmalloced.\n\nThere are three different locations where this can be fixed:\n\n(1) We could check head_frag in GRO and not allow GROing skbs with\n different head_frag. However, that would lead to performance\n regression on normal forward paths with unmodified gso_size, where\n !head_frag in the last packet is not a problem.\n\n(2) Set a flag in bpf_skb_net_grow and bpf_skb_net_shrink indicating\n that NETIF_F_SG is undesirable. That would need to eat a bit in\n sk_buff. Furthermore, that flag can be unset when all skbs on the\n frag_list are page backed. To retain good performance,\n bpf_skb_net_grow/shrink would have to walk the frag_list.\n\n(3) Walk the frag_list in skb_segment when determining whether\n NETIF_F_SG should be cleared. This of course slows things down.\n\nThis patch implements (3). To limit the performance impact in\nskb_segment, the list is walked only for skbs with SKB_GSO_DODGY set\nthat have gso_size changed. Normal paths thus will not hit it.\n\nWe could check only the last skb but since we need to walk the whole\nlist anyway, let's stay on the safe side." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gso: correcci\u00f3n del p\u00e1nico en frag_list con tipos de asignaci\u00f3n de encabezado mixtos. Desde el commit 3dcbdb134f32 (\"net: gso: correcci\u00f3n del error skb_segment al dividir gso_size de un skb alterado con frag_list de encabezado lineal\"), se permite cambiar gso_size de un paquete GRO. Sin embargo, esta confirmaci\u00f3n asume que basta con comprobar el primer miembro de list_skb; es decir, si alguno de los miembros de list_skb tiene un encabezado distinto de head_frag, el primero tambi\u00e9n lo tendr\u00e1. Resulta que esta suposici\u00f3n no se cumple. Hemos observado que se ha alcanzado BUG_ON en skb_segment cuando los skbs de frag_list ten\u00edan un head_frag distinto con el controlador vmxnet3. Esto se debe a que __netdev_alloc_skb y __napi_alloc_skb pueden devolver un skb con respaldo de p\u00e1gina o asignado a km, seg\u00fan el tama\u00f1o solicitado. Como resultado, el \u00faltimo skb peque\u00f1o en el paquete GRO puede ser asignado a km. Hay tres ubicaciones diferentes donde esto puede ser corregido: (1) Podr\u00edamos revisar head_frag en GRO y no permitir que GROing skbs con diferente head_frag. Sin embargo, eso llevar\u00eda a una regresi\u00f3n del rendimiento en rutas de avance normales con gso_size sin modificar, donde !head_frag en el \u00faltimo paquete no es un problema. (2) Establecer un indicador en bpf_skb_net_grow y bpf_skb_net_shrink que indique que NETIF_F_SG no es deseable. Esto requerir\u00eda consumir un poco en sk_buff. Adem\u00e1s, ese indicador puede ser desactivado cuando todos los skbs en la frag_list est\u00e1n en retroceso de p\u00e1gina. Para mantener un buen rendimiento, bpf_skb_net_grow/shrink tendr\u00eda que recorrer la frag_list. (3) Recorrer la frag_list en skb_segment al determinar si NETIF_F_SG debe ser borrado. Esto, por supuesto, ralentiza el proceso. Este parche implementa (3). Para limitar el impacto en el rendimiento de skb_segment, la lista solo se recorre para skb con SKB_GSO_DODGY configurado y gso_size modificado. Por lo tanto, las rutas normales no la alcanzar\u00e1n. Podr\u00edamos revisar solo el \u00faltimo skb, pero como necesitamos recorrer la lista completa de todos modos, mejor optemos por lo seguro." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49873.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49873.json index 56f3a0611c0..67ed5c609ab 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49873.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49873.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49873", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.240", - "lastModified": "2025-05-01T15:16:12.240", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix wrong reg type conversion in release_reference()\n\nSome helper functions will allocate memory. To avoid memory leaks, the\nverifier requires the eBPF program to release these memories by calling\nthe corresponding helper functions.\n\nWhen a resource is released, all pointer registers corresponding to the\nresource should be invalidated. The verifier use release_references() to\ndo this job, by apply __mark_reg_unknown() to each relevant register.\n\nIt will give these registers the type of SCALAR_VALUE. A register that\nwill contain a pointer value at runtime, but of type SCALAR_VALUE, which\nmay allow the unprivileged user to get a kernel pointer by storing this\nregister into a map.\n\nUsing __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this\nproblem." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Arreglar conversi\u00f3n de tipo de registro incorrecta en release_reference() Algunas funciones auxiliares asignar\u00e1n memoria. Para evitar fugas de memoria, el verificador requiere que el programa eBPF libere estas memorias llamando a las funciones auxiliares correspondientes. Cuando se libera un recurso, todos los registros de puntero correspondientes al recurso deben invalidarse. El verificador usa release_references() para realizar este trabajo, aplicando __mark_reg_unknown() a cada registro relevante. Les dar\u00e1 a estos registros el tipo SCALAR_VALUE. Un registro que contendr\u00e1 un valor de puntero en tiempo de ejecuci\u00f3n, pero de tipo SCALAR_VALUE, puede permitir que el usuario sin privilegios obtenga un puntero del kernel almacenando este registro en un mapa. Usar __mark_reg_not_init() mientras NO allow_ptr_leaks puede mitigar este problema." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49874.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49874.json index 2d48914eefa..e46184a54bb 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49874.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49874.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49874", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.340", - "lastModified": "2025-05-01T15:16:12.340", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: fix possible memory leak in mousevsc_probe()\n\nIf hid_add_device() returns error, it should call hid_destroy_device()\nto free hid_dev which is allocated in hid_allocate_device()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: hyperv: corrige posible p\u00e9rdida de memoria en mousevsc_probe() Si hid_add_device() devuelve un error, debe llamar a hid_destroy_device() para liberar hid_dev que est\u00e1 asignado en hid_allocate_device()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49875.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49875.json index dccb581ff71..aaefb6b9a17 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49875.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49875.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49875", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.450", - "lastModified": "2025-05-01T15:16:12.450", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE\n\nWhen using bpftool to pin {PROG, MAP, LINK} without FILE,\nsegmentation fault will occur. The reson is that the lack\nof FILE will cause strlen to trigger NULL pointer dereference.\nThe corresponding stacktrace is shown below:\n\ndo_pin\n do_pin_any\n do_pin_fd\n mount_bpffs_for_pin\n strlen(name) <- NULL pointer dereference\n\nFix it by adding validation to the common process." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpftool: Se corrige la desreferencia de puntero nulo al anclar {PROG, MAP, LINK} sin archivo. Al usar bpftool para anclar {PROG, MAP, LINK} sin archivo, se produce un fallo de segmentaci\u00f3n. La raz\u00f3n es que la falta de archivo provoca que strlen active la desreferencia de puntero nulo. El seguimiento de pila correspondiente se muestra a continuaci\u00f3n: do_pin do_pin_any do_pin_fd mount_bpffs_for_pin strlen(name) <- Desreferencia de puntero nulo. Se corrige a\u00f1adiendo validaci\u00f3n al proceso com\u00fan." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49876.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49876.json index 023bfb6b112..537142a8da5 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49876.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49876.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49876", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.550", - "lastModified": "2025-05-01T15:16:12.550", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()\n\nWhen device is running and the interface status is changed, the gpf issue\nis triggered. The problem triggering process is as follows:\nThread A: Thread B\nieee80211_runtime_change_iftype() process_one_work()\n ... ...\n ieee80211_do_stop() ...\n ... ...\n sdata->bss = NULL ...\n ... ieee80211_subif_start_xmit()\n ieee80211_multicast_to_unicast\n //!sdata->bss->multicast_to_unicast\n cause gpf issue\n\nWhen the interface status is changed, the sending queue continues to send\npackets. After the bss is set to NULL, the bss is accessed. As a result,\nthis causes a general-protection-fault issue.\n\nThe following is the stack information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f]\nWorkqueue: mld mld_ifc_work\nRIP: 0010:ieee80211_subif_start_xmit+0x25b/0x1310\nCall Trace:\n\ndev_hard_start_xmit+0x1be/0x990\n__dev_queue_xmit+0x2c9a/0x3b60\nip6_finish_output2+0xf92/0x1520\nip6_finish_output+0x6af/0x11e0\nip6_output+0x1ed/0x540\nmld_sendpack+0xa09/0xe70\nmld_ifc_work+0x71c/0xdb0\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit() Cuando el dispositivo est\u00e1 en ejecuci\u00f3n y se cambia el estado de la interfaz, se activa el problema gpf. El proceso de activaci\u00f3n del problema es el siguiente: Hilo A: Hilo B ieee80211_runtime_change_iftype() process_one_work() ... ... ieee80211_do_stop() ... ... ... sdata->bss = NULL ... ... ieee80211_subif_start_xmit() ieee80211_multicast_to_unicast //!sdata->bss->multicast_to_unicast cause gpf issue Cuando se cambia el estado de la interfaz, la cola de env\u00edo contin\u00faa enviando paquetes. Despu\u00e9s de que bss se establece en NULL, se accede a bss. Como resultado, esto causa un problema de general-protection-fault. La siguiente es la informaci\u00f3n de la pila: falla de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref en el rango [0x0000000000000178-0x000000000000017f] Cola de trabajo: mld mld_ifc_work RIP: 0010:ieee80211_subif_start_xmit+0x25b/0x1310 Rastreo de llamadas: dev_hard_start_xmit+0x1be/0x990 __dev_queue_xmit+0x2c9a/0x3b60 ip6_finish_output2+0xf92/0x1520 ip6_finish_output+0x6af/0x11e0 ip6_output+0x1ed/0x540 mld_sendpack+0xa09/0xe70 mld_ifc_work+0x71c/0xdb0 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49877.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49877.json index db6e6790303..74859409ee9 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49877.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49877.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49877", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.653", - "lastModified": "2025-05-01T15:16:12.653", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues\n\nWhen running `test_sockmap` selftests, the following warning appears:\n\n WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0\n Call Trace:\n \n inet_csk_destroy_sock+0x55/0x110\n tcp_rcv_state_process+0xd28/0x1380\n ? tcp_v4_do_rcv+0x77/0x2c0\n tcp_v4_do_rcv+0x77/0x2c0\n __release_sock+0x106/0x130\n __tcp_close+0x1a7/0x4e0\n tcp_close+0x20/0x70\n inet_release+0x3c/0x80\n __sock_release+0x3a/0xb0\n sock_close+0x14/0x20\n __fput+0xa3/0x260\n task_work_run+0x59/0xb0\n exit_to_user_mode_prepare+0x1b3/0x1c0\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x48/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root case is in commit 84472b436e76 (\"bpf, sockmap: Fix more uncharged\nwhile msg has more_data\"), where I used msg->sg.size to replace the tosend,\ncausing breakage:\n\n if (msg->apply_bytes && msg->apply_bytes < tosend)\n tosend = psock->apply_bytes;" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: corrige la advertencia sk->sk_forward_alloc de sk_stream_kill_queues Al ejecutar las pruebas autom\u00e1ticas `test_sockmap`, aparece la siguiente advertencia: ADVERTENCIA: CPU: 2 PID: 197 en net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0 Seguimiento de llamadas: inet_csk_destroy_sock+0x55/0x110 tcp_rcv_state_process+0xd28/0x1380 ? tcp_v4_do_rcv+0x77/0x2c0 tcp_v4_do_rcv+0x77/0x2c0 __release_sock+0x106/0x130 __tcp_close+0x1a7/0x4e0 tcp_close+0x20/0x70 inet_release+0x3c/0x80 __sock_release+0x3a/0xb0 sock_close+0x14/0x20 __fput+0xa3/0x260 task_work_run+0x59/0xb0 exit_to_user_mode_prepare+0x1b3/0x1c0 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x48/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae El caso ra\u00edz est\u00e1 en el commit 84472b436e76 (\"bpf, sockmap: Arreglar m\u00e1s archivos no cargados mientras msg tiene more_data\"), donde utilic\u00e9 msg->sg.size para reemplazar tosend, lo que caus\u00f3 fallas: if (msg->apply_bytes && msg->apply_bytes < tosend) tosend = psock->apply_bytes;" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49878.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49878.json index cd0b6c914c7..5ae0007575c 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49878.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49878.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49878", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.753", - "lastModified": "2025-05-01T15:16:12.753", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, verifier: Fix memory leak in array reallocation for stack state\n\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\nwere setting their allocation pointers to NULL, but on error krealloc()\ndoes not touch the original allocation. This would result in a memory\nresource leak. Instead, free the old allocation on the error handling\npath.\n\nThe memory leak information is as follows as also reported by Zhengchao:\n\n unreferenced object 0xffff888019801800 (size 256):\n comm \"bpf_repo\", pid 6490, jiffies 4294959200 (age 17.170s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000b211474b>] __kmalloc_node_track_caller+0x45/0xc0\n [<0000000086712a0b>] krealloc+0x83/0xd0\n [<00000000139aab02>] realloc_array+0x82/0xe2\n [<00000000b1ca41d1>] grow_stack_state+0xfb/0x186\n [<00000000cd6f36d2>] check_mem_access.cold+0x141/0x1341\n [<0000000081780455>] do_check_common+0x5358/0xb350\n [<0000000015f6b091>] bpf_check.cold+0xc3/0x29d\n [<000000002973c690>] bpf_prog_load+0x13db/0x2240\n [<00000000028d1644>] __sys_bpf+0x1605/0x4ce0\n [<00000000053f29bd>] __x64_sys_bpf+0x75/0xb0\n [<0000000056fedaf5>] do_syscall_64+0x35/0x80\n [<000000002bd58261>] entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, verificador: Se corrige una fuga de memoria en la reasignaci\u00f3n de matriz para el estado de la pila. Si krealloc() devuelve un error (NULL), los usuarios de realloc_array() establec\u00edan sus punteros de asignaci\u00f3n en NULL, pero en caso de error, krealloc() no modifica la asignaci\u00f3n original. Esto provocar\u00eda una fuga de recursos de memoria. En su lugar, se libera la asignaci\u00f3n anterior en la ruta de gesti\u00f3n de errores. La informaci\u00f3n de fuga de memoria es la siguiente, tal como lo inform\u00f3 Zhengchao: objeto sin referencia 0xffff888019801800 (tama\u00f1o 256): comm \"bpf_repo\", pid 6490, jiffies 4294959200 (edad 17.170s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000b211474b>] __kmalloc_node_track_caller+0x45/0xc0 [<0000000086712a0b>] krealloc+0x83/0xd0 [<00000000139aab02>] realloc_array+0x82/0xe2 [<00000000b1ca41d1>] grow_stack_state+0xfb/0x186 [<00000000cd6f36d2>] check_mem_access.cold+0x141/0x1341 [<0000000081780455>] do_check_common+0x5358/0xb350 [<0000000015f6b091>] bpf_check.cold+0xc3/0x29d [<000000002973c690>] bpf_prog_load+0x13db/0x2240 [<00000000028d1644>] __sys_bpf+0x1605/0x4ce0 [<00000000053f29bd>] __x64_sys_bpf+0x75/0xb0 [<0000000056fedaf5>] do_syscall_64+0x35/0x80 [<000000002bd58261>] entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49879.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49879.json index 1716681ebad..49ae6e95fa5 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49879.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49879.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49879", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.857", - "lastModified": "2025-05-01T15:16:12.857", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG_ON() when directory entry has invalid rec_len\n\nThe rec_len field in the directory entry has to be a multiple of 4. A\ncorrupted filesystem image can be used to hit a BUG() in\next4_rec_len_to_disk(), called from make_indexed_dir().\n\n ------------[ cut here ]------------\n kernel BUG at fs/ext4/ext4.h:2413!\n ...\n RIP: 0010:make_indexed_dir+0x53f/0x5f0\n ...\n Call Trace:\n \n ? add_dirent_to_buf+0x1b2/0x200\n ext4_add_entry+0x36e/0x480\n ext4_add_nondir+0x2b/0xc0\n ext4_create+0x163/0x200\n path_openat+0x635/0xe90\n do_filp_open+0xb4/0x160\n ? __create_object.isra.0+0x1de/0x3b0\n ? _raw_spin_unlock+0x12/0x30\n do_sys_openat2+0x91/0x150\n __x64_sys_open+0x6c/0xa0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe fix simply adds a call to ext4_check_dir_entry() to validate the\ndirectory entry, returning -EFSCORRUPTED if the entry is invalid." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de BUG_ON() cuando la entrada de directorio tiene un rec_len no v\u00e1lido El campo rec_len en la entrada de directorio debe ser un m\u00faltiplo de 4. Una imagen de sistema de archivos da\u00f1ada se puede usar para generar un BUG() en ext4_rec_len_to_disk(), llamado desde make_indexed_dir(). ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Rastreo de llamadas: ? add_dirent_to_buf+0x1b2/0x200 ext4_add_entry+0x36e/0x480 ext4_add_nondir+0x2b/0xc0 ext4_create+0x163/0x200 path_openat+0x635/0xe90 do_filp_open+0xb4/0x160 ? __create_object.isra.0+0x1de/0x3b0 ? _raw_spin_unlock+0x12/0x30 do_sys_openat2+0x91/0x150 __x64_sys_open+0x6c/0xa0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 La soluci\u00f3n simplemente agrega una llamada a ext4_check_dir_entry() para validar la entrada del directorio, devolviendo -EFSCORRUPTED si la entrada no es v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49880.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49880.json index 902ce8d588c..edd5f7e8f5b 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49880.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49880.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49880", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:12.960", - "lastModified": "2025-05-01T15:16:12.960", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in 'ext4_da_release_space'\n\nSyzkaller report issue as follows:\nEXT4-fs (loop0): Free/Dirty block details\nEXT4-fs (loop0): free_blocks=0\nEXT4-fs (loop0): dirty_blocks=0\nEXT4-fs (loop0): Block reservation details\nEXT4-fs (loop0): i_reserved_data_blocks=0\nEXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 92 at fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524\nModules linked in:\nCPU: 0 PID: 92 Comm: kworker/u4:4 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nRIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528\nRSP: 0018:ffffc900015f6c90 EFLAGS: 00010296\nRAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00\nRDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000\nRBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5\nR10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000\nR13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740\nFS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461\n mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589\n ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852\n do_writepages+0x3c3/0x680 mm/page-writeback.c:2469\n __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870\n wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044\n wb_do_writeback fs/fs-writeback.c:2187 [inline]\n wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \n\nAbove issue may happens as follows:\next4_da_write_begin\n ext4_create_inline_data\n ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);\n ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA);\n__ext4_ioctl\n ext4_ext_migrate -> will lead to eh->eh_entries not zero, and set extent flag\next4_da_write_begin\n ext4_da_convert_inline_data_to_extent\n ext4_da_write_inline_data_begin\n ext4_da_map_blocks\n ext4_insert_delayed_block\n\t if (!ext4_es_scan_clu(inode, &ext4_es_is_delonly, lblk))\n\t if (!ext4_es_scan_clu(inode, &ext4_es_is_mapped, lblk))\n\t ext4_clu_mapped(inode, EXT4_B2C(sbi, lblk)); -> will return 1\n\t allocated = true;\n ext4_es_insert_delayed_block(inode, lblk, allocated);\next4_writepages\n mpage_map_and_submit_extent(handle, &mpd, &give_up_on_write); -> return -ENOSPC\n mpage_release_unused_pages(&mpd, give_up_on_write); -> give_up_on_write == 1\n ext4_es_remove_extent\n ext4_da_release_space(inode, reserved);\n if (unlikely(to_free > ei->i_reserved_data_blocks))\n\t -> to_free == 1 but ei->i_reserved_data_blocks == 0\n\t -> then trigger warning as above\n\nTo solve above issue, forbid inode do migrate which has inline data." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: correcci\u00f3n de advertencia en 'ext4_da_release_space' Syzkaller informa del problema de la siguiente manera: EXT4-fs (loop0): Detalles del bloque libre/sucio EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Detalles de la reserva del bloque EXT4-fs (loop0): i_reserved_data_blocks=0 Advertencia de EXT4-fs (dispositivo loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 con solo 0 bloques de datos reservados ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 92 en fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524 M\u00f3dulos vinculados: CPU: 0 PID: 92 Comm: kworker/u4:4 No contaminado 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 22/09/2022 Cola de trabajo: escritura diferida wb_workfn (flush-7:0) RIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528 RSP: 0018:ffffc900015f6c90 EFLAGS: 00010296 RAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00 RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 RBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5 R10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000 R13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Rastreo de llamadas: ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461 mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589 ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852 do_writepages+0x3c3/0x680 mm/page-writeback.c:2469 __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587 writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870 wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227 process_one_work+0x877/0xdb0 kernel/workqueue.c:2289 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 El problema anterior puede ocurrir de la siguiente manera: ext4_da_write_begin ext4_create_inline_data ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS); ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA); __ext4_ioctl ext4_ext_migrate -> har\u00e1 que eh->eh_entries no sea cero y establecer\u00e1 el indicador de extensi\u00f3n ext4_da_write_begin ext4_da_convert_inline_data_to_extent ext4_da_write_inline_data_begin ext4_da_map_blocks ext4_insert_delayed_block si (!ext4_es_scan_clu(inodo, &ext4_es_is_delonly, lblk)) si (!ext4_es_scan_clu(inodo, &ext4_es_is_mapped, lblk)) ext4_clu_mapped(inodo, EXT4_B2C(sbi, lblk)); -> devolver\u00e1 1 asignado = verdadero; ext4_es_insert_delayed_block(inodo, lblk, asignado); ext4_writepages mpage_map_and_submit_extent(handle, &mpd, &give_up_on_write); -> return -ENOSPC mpage_release_unused_pages(&mpd, give_up_on_write); -> give_up_on_write == 1 ext4_es_remove_extent ext4_da_release_space(inode, reserved); if (unlikely(to_free > ei->i_reserved_data_blocks)) -> to_free == 1 but ei->i_reserved_data_blocks == 0 -> then trigger WARNING Como se indica arriba, para resolver el problema anterior, proh\u00edba migrar los inodes que tienen datos en l\u00ednea." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49881.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49881.json index 90193ba17e5..a311cd86bac 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49881.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49881.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49881", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.077", - "lastModified": "2025-05-01T15:16:13.077", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix memory leak in query_regdb_file()\n\nIn the function query_regdb_file() the alpha2 parameter is duplicated\nusing kmemdup() and subsequently freed in regdb_fw_cb(). However,\nrequest_firmware_nowait() can fail without calling regdb_fw_cb() and\nthus leak memory." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: cfg80211: se corrige una fuga de memoria en query_regdb_file(). En la funci\u00f3n query_regdb_file(), el par\u00e1metro alpha2 se duplica mediante kmemdup() y posteriormente se libera en regdb_fw_cb(). Sin embargo, request_firmware_nowait() puede fallar sin llamar a regdb_fw_cb() y, por lo tanto, provocar una fuga de memoria." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49882.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49882.json index b3049ee24ca..bb13af15dee 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49882.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49882.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49882", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.183", - "lastModified": "2025-05-01T15:16:13.183", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache\n\nReject kvm_gpc_check() and kvm_gpc_refresh() if the cache is inactive.\nNot checking the active flag during refresh is particularly egregious, as\nKVM can end up with a valid, inactive cache, which can lead to a variety\nof use-after-free bugs, e.g. consuming a NULL kernel pointer or missing\nan mmu_notifier invalidation due to the cache not being on the list of\ngfns to invalidate.\n\nNote, \"active\" needs to be set if and only if the cache is on the list\nof caches, i.e. is reachable via mmu_notifier events. If a relevant\nmmu_notifier event occurs while the cache is \"active\" but not on the\nlist, KVM will not acquire the cache's lock and so will not serailize\nthe mmu_notifier event with active users and/or kvm_gpc_refresh().\n\nA race between KVM_XEN_ATTR_TYPE_SHARED_INFO and KVM_XEN_HVM_EVTCHN_SEND\ncan be exploited to trigger the bug.\n\n1. Deactivate shinfo cache:\n\nkvm_xen_hvm_set_attr\ncase KVM_XEN_ATTR_TYPE_SHARED_INFO\n kvm_gpc_deactivate\n kvm_gpc_unmap\n gpc->valid = false\n gpc->khva = NULL\n gpc->active = false\n\nResult: active = false, valid = false\n\n2. Cause cache refresh:\n\nkvm_arch_vm_ioctl\ncase KVM_XEN_HVM_EVTCHN_SEND\n kvm_xen_hvm_evtchn_send\n kvm_xen_set_evtchn\n kvm_xen_set_evtchn_fast\n kvm_gpc_check\n return -EWOULDBLOCK because !gpc->valid\n kvm_xen_set_evtchn_fast\n return -EWOULDBLOCK\n kvm_gpc_refresh\n hva_to_pfn_retry\n gpc->valid = true\n gpc->khva = not NULL\n\nResult: active = false, valid = true\n\n3. Race ioctl KVM_XEN_HVM_EVTCHN_SEND against ioctl\nKVM_XEN_ATTR_TYPE_SHARED_INFO:\n\nkvm_arch_vm_ioctl\ncase KVM_XEN_HVM_EVTCHN_SEND\n kvm_xen_hvm_evtchn_send\n kvm_xen_set_evtchn\n kvm_xen_set_evtchn_fast\n read_lock gpc->lock\n kvm_xen_hvm_set_attr case\n KVM_XEN_ATTR_TYPE_SHARED_INFO\n mutex_lock kvm->lock\n kvm_xen_shared_info_init\n kvm_gpc_activate\n gpc->khva = NULL\n kvm_gpc_check\n [ Check passes because gpc->valid is\n still true, even though gpc->khva\n is already NULL. ]\n shinfo = gpc->khva\n pending_bits = shinfo->evtchn_pending\n CRASH: test_and_set_bit(..., pending_bits)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: Rechazar intentos de consumir o actualizar gfn_to_pfn_cache inactivo. Rechazar kvm_gpc_check() y kvm_gpc_refresh() si la cach\u00e9 est\u00e1 inactiva. No verificar el indicador de activo durante la actualizaci\u00f3n es particularmente grave, ya que KVM puede terminar con una cach\u00e9 v\u00e1lida inactiva, lo que puede provocar diversos errores de use-after-free, como consumir un puntero de kernel nulo o perder una invalidaci\u00f3n de mmu_notifier debido a que la cach\u00e9 no est\u00e1 en la lista de gfns para invalidar. Tenga en cuenta que \"active\" debe establecerse solo si la cach\u00e9 est\u00e1 en la lista de cach\u00e9s, es decir, es accesible mediante eventos mmu_notifier. Si se produce un evento mmu_notifier relevante mientras la cach\u00e9 est\u00e1 activa, pero no est\u00e1 en la lista, KVM no adquirir\u00e1 el bloqueo de la cach\u00e9 y, por lo tanto, no serializar\u00e1 el evento mmu_notifier con usuarios activos ni con kvm_gpc_refresh(). Una competencia entre KVM_XEN_ATTR_TYPE_SHARED_INFO y KVM_XEN_HVM_EVTCHN_SEND puede explotarse para activar el error. 1. Desactivar cach\u00e9 shinfo: kvm_xen_hvm_set_attr caso KVM_XEN_ATTR_TYPE_SHARED_INFO kvm_gpc_deactivate kvm_gpc_unmap gpc->valid = falso gpc->khva = NULL gpc->active = falso Resultado: activo = falso, v\u00e1lido = falso 2. Causar actualizaci\u00f3n de cach\u00e9: kvm_arch_vm_ioctl caso KVM_XEN_HVM_EVTCHN_SEND kvm_xen_hvm_evtchn_send kvm_xen_set_evtchn kvm_xen_set_evtchn_fast kvm_gpc_check devolver -EWOULDBLOCK porque !gpc->valid kvm_xen_set_evtchn_fast devolver -EWOULDBLOCK kvm_gpc_refresh hva_to_pfn_retry gpc->valid = verdadero gpc->khva = no NULL Resultado: activo = falso, v\u00e1lido = verdadero 3. Competencia ioctl KVM_XEN_HVM_EVTCHN_SEND contra ioctl KVM_XEN_ATTR_TYPE_SHARED_INFO: kvm_arch_vm_ioctl caso KVM_XEN_HVM_EVTCHN_SEND kvm_xen_hvm_evtchn_send kvm_xen_set_evtchn kvm_xen_set_evtchn_fast read_lock gpc->lock kvm_xen_hvm_set_attr caso KVM_XEN_ATTR_TYPE_SHARED_INFO mutex_lock kvm->lock kvm_xen_shared_info_init kvm_gpc_activate gpc->khva = NULL kvm_gpc_check [ La comprobaci\u00f3n pasa porque gpc->valid sigue siendo cierto, aunque gpc->khva ya sea NULL. ] shinfo = gpc->khva pending_bits = shinfo->evtchn_pending CRASH: test_and_set_bit(..., pending_bits)" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49883.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49883.json index 23398dab0b3..9b18aced595 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49883.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49883.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49883", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.287", - "lastModified": "2025-05-01T15:16:13.287", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: smm: number of GPRs in the SMRAM image depends on the image format\n\nOn 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will\naccess 16 gprs to 32-bit smram image, causing out-ouf-bound ram\naccess.\n\nOn 32 bit host, the rsm_load_state_64/enter_smm_save_state_64\nis compiled out, thus access overflow can't happen." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: smm: el n\u00famero de GPR en la imagen SMRAM depende del formato de la imagen. En un host de 64 bits, si el invitado no tiene X86_FEATURE_LM, KVM acceder\u00e1 a 16 GPRS en la imagen SMRAM de 32 bits, lo que provocar\u00e1 un acceso a la RAM fuera de los l\u00edmites. En un host de 32 bits, rsm_load_state_64/enter_smm_save_state_64 se compila, por lo que no se puede producir un desbordamiento de acceso." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49884.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49884.json index 1f59cedcfbe..c2e7b0ddec0 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49884.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49884.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49884", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.387", - "lastModified": "2025-05-01T15:16:13.387", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Initialize gfn_to_pfn_cache locks in dedicated helper\n\nMove the gfn_to_pfn_cache lock initialization to another helper and\ncall the new helper during VM/vCPU creation. There are race\nconditions possible due to kvm_gfn_to_pfn_cache_init()'s\nability to re-initialize the cache's locks.\n\nFor example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and\nkvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock.\n\n (thread 1) | (thread 2)\n |\n kvm_xen_set_evtchn_fast |\n read_lock_irqsave(&gpc->lock, ...) |\n | kvm_gfn_to_pfn_cache_init\n | rwlock_init(&gpc->lock)\n read_unlock_irqrestore(&gpc->lock, ...) |\n\nRename \"cache_init\" and \"cache_destroy\" to activate+deactivate to\navoid implying that the cache really is destroyed/freed.\n\nNote, there more races in the newly named kvm_gpc_activate() that will\nbe addressed separately.\n\n[sean: call out that this is a bug fix]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: Inicializar bloqueos de gfn_to_pfn_cache en un asistente dedicado. Trasladar la inicializaci\u00f3n del bloqueo de gfn_to_pfn_cache a otro asistente y llamar al nuevo asistente durante la creaci\u00f3n de la m\u00e1quina virtual o la vCPU. Es posible que se produzcan condiciones de competencia debido a la capacidad de kvm_gfn_to_pfn_cache_init() de reinicializar los bloqueos de la cach\u00e9. Por ejemplo: una competencia entre ioctl(KVM_XEN_HVM_EVTCHN_SEND) y kvm_gfn_to_pfn_cache_init() provoca un bloqueo de gpc de shinfo da\u00f1ado. (hilo 1) | (hilo 2) | kvm_xen_set_evtchn_fast | read_lock_irqsave(&gpc->lock, ...) | | kvm_gfn_to_pfn_cache_init | rwlock_init(&gpc->lock) read_unlock_irqrestore(&gpc->lock, ...) | Renombra \"cache_init\" y \"cache_destroy\" como activate+deactivate para evitar que la cach\u00e9 se destruya o libere. Ten en cuenta que hay m\u00e1s ejecuciones en el nuevo nombre kvm_gpc_activate() que se abordar\u00e1n por separado. [sean: se indica que se trata de una correcci\u00f3n de error]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49885.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49885.json index 2b806241434..23b2dc69c4e 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49885.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49885.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49885", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.480", - "lastModified": "2025-05-01T15:16:13.480", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()\n\nChange num_ghes from int to unsigned int, preventing an overflow\nand causing subsequent vmalloc() to fail.\n\nThe overflow happens in ghes_estatus_pool_init() when calculating\nlen during execution of the statement below as both multiplication\noperands here are signed int:\n\nlen += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE);\n\nThe following call trace is observed because of this bug:\n\n[ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1\n[ 9.317131] Call Trace:\n[ 9.317134] \n[ 9.317137] dump_stack_lvl+0x49/0x5f\n[ 9.317145] dump_stack+0x10/0x12\n[ 9.317146] warn_alloc.cold+0x7b/0xdf\n[ 9.317150] ? __device_attach+0x16a/0x1b0\n[ 9.317155] __vmalloc_node_range+0x702/0x740\n[ 9.317160] ? device_add+0x17f/0x920\n[ 9.317164] ? dev_set_name+0x53/0x70\n[ 9.317166] ? platform_device_add+0xf9/0x240\n[ 9.317168] __vmalloc_node+0x49/0x50\n[ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0\n[ 9.317176] vmalloc+0x21/0x30\n[ 9.317177] ghes_estatus_pool_init+0x43/0xa0\n[ 9.317179] acpi_hest_init+0x129/0x19c\n[ 9.317185] acpi_init+0x434/0x4a4\n[ 9.317188] ? acpi_sleep_proc_init+0x2a/0x2a\n[ 9.317190] do_one_initcall+0x48/0x200\n[ 9.317195] kernel_init_freeable+0x221/0x284\n[ 9.317200] ? rest_init+0xe0/0xe0\n[ 9.317204] kernel_init+0x1a/0x130\n[ 9.317205] ret_from_fork+0x22/0x30\n[ 9.317208] \n\n[ rjw: Subject and changelog edits ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: APEI: Se corrige el desbordamiento de enteros en ghes_estatus_pool_init(). Se cambia num_ghes de int a unsigned int, lo que evita un desbordamiento y provoca el fallo de vmalloc(). El desbordamiento ocurre en ghes_estatus_pool_init() al calcular len durante la ejecuci\u00f3n de la siguiente instrucci\u00f3n, ya que ambos operandos de multiplicaci\u00f3n son int con signo: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); El siguiente seguimiento de llamadas se observa debido a este error: [ 9.317108] swapper/0: error de vmalloc: tama\u00f1o 18446744071562596352, excede el total de p\u00e1ginas, modo: 0xcc0 (GFP_KERNEL), nodemask = (null), cpuset = /, mems_allowed = 0-1 [ 9.317131] Seguimiento de llamadas: [ 9.317134] [ 9.317137] dump_stack_lvl + 0x49/0x5f [ 9.317145] dump_stack + 0x10/0x12 [ 9.317146] warn_alloc.cold + 0x7b/0xdf [ 9.317150] ? __adjunto_dispositivo+0x16a/0x1b0 [ 9.317155] __rango_nodo_vmalloc+0x702/0x740 [ 9.317160] ? agregado_dispositivo+0x17f/0x920 [ 9.317164] ? nombre_conjunto_dispositivo+0x53/0x70 [ 9.317166] ? agregado_dispositivo_plataforma+0xf9/0x240 [ 9.317168] __nodo_vmalloc+0x49/0x50 [ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0 [ 9.317176] vmalloc+0x21/0x30 [ 9.317177] ghes_estatus_pool_init+0x43/0xa0 [ 9.317179] acpi_hest_init+0x129/0x19c [ 9.317185] acpi_init+0x434/0x4a4 [9.317188]? acpi_sleep_proc_init+0x2a/0x2a [9.317190] do_one_initcall+0x48/0x200 [9.317195] kernel_init_freeable+0x221/0x284 [9.317200] ? rest_init+0xe0/0xe0 [ 9.317204] kernel_init+0x1a/0x130 [ 9.317205] ret_from_fork+0x22/0x30 [ 9.317208] [ rjw: Asunto y ediciones del registro de cambios ]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49886.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49886.json index caf42a6aa7d..eafecf5b2c4 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49886.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49886.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49886", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.590", - "lastModified": "2025-05-01T15:16:13.590", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Panic on bad configs that #VE on \"private\" memory access\n\nAll normal kernel memory is \"TDX private memory\". This includes\neverything from kernel stacks to kernel text. Handling\nexceptions on arbitrary accesses to kernel memory is essentially\nimpossible because they can happen in horribly nasty places like\nkernel entry/exit. But, TDX hardware can theoretically _deliver_\na virtualization exception (#VE) on any access to private memory.\n\nBut, it's not as bad as it sounds. TDX can be configured to never\ndeliver these exceptions on private memory with a \"TD attribute\"\ncalled ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this\nattribute, but it can check it.\n\nEnsure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it\nis unset. There is no sane way for Linux to run with this\nattribute clear so a panic() is appropriate.\n\nThere's small window during boot before the check where kernel\nhas an early #VE handler. But the handler is only for port I/O\nand will also panic() as soon as it sees any other #VE, such as\na one generated by a private memory access.\n\n[ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().\n\t Add Kirill's tested-by because I made changes since\n\t he wrote this. ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/tdx: P\u00e1nico en configuraciones incorrectas que generan #VE al acceder a memoria \"privada\". Toda la memoria normal del kernel es \"memoria privada TDX\". Esto incluye todo, desde las pilas del kernel hasta el texto del kernel. Gestionar excepciones en accesos arbitrarios a la memoria del kernel es pr\u00e1cticamente imposible, ya que pueden ocurrir en lugares muy peligrosos, como la entrada/salida del kernel. Sin embargo, el hardware TDX, en teor\u00eda, puede generar una excepci\u00f3n de virtualizaci\u00f3n (#VE) en cualquier acceso a memoria privada. Sin embargo, no es tan grave como parece. TDX se puede configurar para que nunca genere estas excepciones en memoria privada con un \"atributo TD\" llamado ATTR_SEPT_VE_DISABLE. El invitado no tiene forma de *configurar* este atributo, pero puede comprobarlo. Aseg\u00farese de que ATTR_SEPT_VE_DISABLE est\u00e9 configurado en el arranque inicial. Si no est\u00e1 configurado, utilice panic(). No hay una forma sensata de que Linux se ejecute con este atributo sin configurar, por lo que es apropiado usar panic(). Hay una peque\u00f1a ventana durante el arranque antes de la comprobaci\u00f3n donde el kernel tiene un controlador de #VE temprano. Sin embargo, este controlador solo sirve para la E/S de puerto y tambi\u00e9n se pondr\u00e1 en p\u00e1nico() en cuanto detecte cualquier otro #VE, como uno generado por un acceso a memoria privada. [dhansen: Reescribir el registro de cambios y reorganizar con el nuevo tdx_parse_tdinfo(). A\u00f1adir la prueba de Kirill porque hice cambios desde que escribi\u00f3 esto.]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49887.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49887.json index 13382db627e..034529d7f97 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49887.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49887.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49887", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.690", - "lastModified": "2025-05-01T15:16:13.690", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: meson: vdec: corrige posible p\u00e9rdida de recuento de referencias en vdec_probe(). Se debe llamar a v4l2_device_unregister para colocar el recuento de referencias obtenido por v4l2_device_register cuando vdec_probe falla o se llama a vdec_remove." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49888.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49888.json index 963e3365d54..8799e03c611 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49888.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49888.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49888", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.790", - "lastModified": "2025-05-01T15:16:13.790", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: avoid kprobe recursion\n\nThe cortex_a76_erratum_1463225_debug_handler() function is called when\nhandling debug exceptions (and synchronous exceptions from BRK\ninstructions), and so is called when a probed function executes. If the\ncompiler does not inline cortex_a76_erratum_1463225_debug_handler(), it\ncan be probed.\n\nIf cortex_a76_erratum_1463225_debug_handler() is probed, any debug\nexception or software breakpoint exception will result in recursive\nexceptions leading to a stack overflow. This can be triggered with the\nftrace multiple_probes selftest, and as per the example splat below.\n\nThis is a regression caused by commit:\n\n 6459b8469753e9fe (\"arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround\")\n\n... which removed the NOKPROBE_SYMBOL() annotation associated with the\nfunction.\n\nMy intent was that cortex_a76_erratum_1463225_debug_handler() would be\ninlined into its caller, el1_dbg(), which is marked noinstr and cannot\nbe probed. Mark cortex_a76_erratum_1463225_debug_handler() as\n__always_inline to ensure this.\n\nExample splat prior to this patch (with recursive entries elided):\n\n| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events\n| # echo p do_el0_svc >> /sys/kernel/debug/tracing/kprobe_events\n| # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable\n| Insufficient stack space to handle exception!\n| ESR: 0x0000000096000047 -- DABT (current EL)\n| FAR: 0xffff800009cefff0\n| Task stack: [0xffff800009cf0000..0xffff800009cf4000]\n| IRQ stack: [0xffff800008000000..0xffff800008004000]\n| Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0]\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : arm64_enter_el1_dbg+0x4/0x20\n| lr : el1_dbg+0x24/0x5c\n| sp : ffff800009cf0000\n| x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000\n| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n| x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068\n| x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000\n| x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n| x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n| x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0\n| x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000\n| x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4\n| x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040\n| Kernel panic - not syncing: kernel stack overflow\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| Call trace:\n| dump_backtrace+0xe4/0x104\n| show_stack+0x18/0x4c\n| dump_stack_lvl+0x64/0x7c\n| dump_stack+0x18/0x38\n| panic+0x14c/0x338\n| test_taint+0x0/0x2c\n| panic_bad_stack+0x104/0x118\n| handle_bad_stack+0x34/0x48\n| __bad_stack+0x78/0x7c\n| arm64_enter_el1_dbg+0x4/0x20\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| do_el0_svc+0x0/0x28\n| el0t_64_sync_handler+0x84/0xf0\n| el0t_64_sync+0x18c/0x190\n| Kernel Offset: disabled\n| CPU features: 0x0080,00005021,19001080\n| Memory Limit: none\n| ---[ end Kernel panic - not syncing: kernel stack overflow ]---\n\nWith this patch, cortex_a76_erratum_1463225_debug_handler() is inlined\ninto el1_dbg(), and el1_dbg() cannot be probed:\n\n| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events\n| sh: write error: No such file or directory\n| # grep -w cortex_a76_errat\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: entrada: evitar la recursi\u00f3n de kprobe. La funci\u00f3n cortex_a76_erratum_1463225_debug_handler() se llama al gestionar excepciones de depuraci\u00f3n (y excepciones s\u00edncronas de instrucciones BRK), y por lo tanto se llama cuando se ejecuta una funci\u00f3n sondeada. Si el compilador no inserta en l\u00ednea cortex_a76_erratum_1463225_debug_handler(), se puede sondear. Si se sondea cortex_a76_erratum_1463225_debug_handler(), cualquier excepci\u00f3n de depuraci\u00f3n o excepci\u00f3n de punto de interrupci\u00f3n de software resultar\u00e1 en excepciones recursivas que conducen a un desbordamiento de pila. Esto se puede activar con la autoprueba ftrace multiple_probes y como se muestra en el ejemplo a continuaci\u00f3n. Esta es una regresi\u00f3n causada por el commit 6459b8469753e9fe (\"arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround\"), que elimin\u00f3 la anotaci\u00f3n NOKPROBE_SYMBOL() asociada a la funci\u00f3n. Mi intenci\u00f3n era que cortex_a76_erratum_1463225_debug_handler() would be inlined into its caller, el1_dbg(), which is marked noinstr and cannot be probed. Mark cortex_a76_erratum_1463225_debug_handler() as __always_inline to ensure this. Example splat prior to this patch (with recursive entries elided): | # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events | # echo p do_el0_svc >> /sys/kernel/debug/tracing/kprobe_events | # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable | Insufficient stack space to handle exception! | ESR: 0x0000000096000047 -- DABT (current EL) | FAR: 0xffff800009cefff0 | Task stack: [0xffff800009cf0000..0xffff800009cf4000] | IRQ stack: [0xffff800008000000..0xffff800008004000] | Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0] | CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2 | Hardware name: linux,dummy-virt (DT) | pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : arm64_enter_el1_dbg+0x4/0x20 | lr : el1_dbg+0x24/0x5c | sp : ffff800009cf0000 | x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068 | x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000 | x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 | x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 | x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0 | x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000 | x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4 | x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040 | Kernel panic - not syncing: kernel stack overflow | CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2 | Hardware name: linux,dummy-virt (DT) | Call trace: | dump_backtrace+0xe4/0x104 | show_stack+0x18/0x4c | dump_stack_lvl+0x64/0x7c | dump_stack+0x18/0x38 | panic+0x14c/0x338 | test_taint+0x0/0x2c | panic_bad_stack+0x104/0x118 | handle_bad_stack+0x34/0x48 | __bad_stack+0x78/0x7c | arm64_enter_el1_dbg+0x4/0x20 | el1h_64_sync_handler+0x40/0x98 | el1h_64_sync+0x64/0x68 | cortex_a76_erratum_1463225_debug_handler+0x0/0x34 ... | el1h_64_sync_handler+0x40/0x98 | el1h_64_sync+0x64/0x68 | cortex_a76_erratum_1463225_debug_handler+0x0/0x34 ... | el1h_64_sync_handler+0x40/0x98 | el1h_64_sync+0x64/0x68 | cortex_a76_erratum_1463225_debug_handler+0x0/0x34 | el1h_64_sync_handler+0x40/0x98 | el1h_64_sync+0x64/0x68 | do_el0_svc+0x0/0x28 | el0t_64_sync_handler+0x84/0xf0 | el0t_64_sync+0x18c/0x190 | Kernel Offset: disabled | CPU features: 0x0080,00005021,19001080 | Memory Limit: none | ---[ end Kernel panic - not syncing: kernel stack overflow ]--- With this patch, cortex_a76_erratum_1463225_debug_handler() is inlined into el1_dbg(), and el1_dbg() cannot be probed: | # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events | sh: write error: No such file or directory | # grep -w cortex_a76_errat ---truncado---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49889.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49889.json index 1a7c462326b..5b0e72f961d 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49889.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49889.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49889", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:13.897", - "lastModified": "2025-05-01T15:16:13.897", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()\n\nOn some machines the number of listed CPUs may be bigger than the actual\nCPUs that exist. The tracing subsystem allocates a per_cpu directory with\naccess to the per CPU ring buffer via a cpuX file. But to save space, the\nring buffer will only allocate buffers for online CPUs, even though the\nCPU array will be as big as the nr_cpu_ids.\n\nWith the addition of waking waiters on the ring buffer when closing the\nfile, the ring_buffer_wake_waiters() now needs to make sure that the\nbuffer is allocated (with the irq_work allocated with it) before trying to\nwake waiters, as it will cause a NULL pointer dereference.\n\nWhile debugging this, I added a NULL check for the buffer itself (which is\nOK to do), and also NULL pointer checks against buffer->buffers (which is\nnot fine, and will WARN) as well as making sure the CPU number passed in\nis within the nr_cpu_ids (which is also not fine if it isn't).\n\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ring-buffer: Comprobar si hay un cpu_buffer nulo en ring_buffer_wake_waiters() En algunas m\u00e1quinas, el n\u00famero de CPU listadas puede ser mayor que el de CPU reales existentes. El subsistema de rastreo asigna un directorio per_cpu con acceso al b\u00fafer de anillo por CPU a trav\u00e9s de un archivo cpuX. Pero para ahorrar espacio, el b\u00fafer de anillo solo asignar\u00e1 b\u00faferes para las CPU en l\u00ednea, aunque la matriz de CPU ser\u00e1 tan grande como nr_cpu_ids. Con la adici\u00f3n de despertar a los que esperan en el b\u00fafer de anillo al cerrar el archivo, ring_buffer_wake_waiters() ahora debe asegurarse de que el b\u00fafer est\u00e9 asignado (con el irq_work asignado con \u00e9l) antes de intentar despertar a los que esperan, ya que provocar\u00e1 una desreferencia de puntero nulo. Durante la depuraci\u00f3n, a\u00f1ad\u00ed una comprobaci\u00f3n de valores nulos para el propio b\u00fafer (lo cual es correcto), as\u00ed como comprobaciones de punteros nulos contra buffer->buffers (lo cual no es correcto y generar\u00e1 una advertencia), adem\u00e1s de asegurarme de que el n\u00famero de CPU introducido est\u00e9 dentro del nr_cpu_ids (lo cual tampoco es correcto si no lo est\u00e1). Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49890.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49890.json index c5185abba68..a2c93a801eb 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49890.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49890.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49890", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.000", - "lastModified": "2025-05-01T15:16:14.000", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix potential memleak on error path from vfs_getxattr_alloc()\n\nIn cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to\ncomplete the memory allocation of tmpbuf, if we have completed\nthe memory allocation of tmpbuf, but failed to call handler->get(...),\nthere will be a memleak in below logic:\n\n |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)\n | /* ^^^ alloc for tmpbuf */\n |-- value = krealloc(*xattr_value, error + 1, flags)\n | /* ^^^ alloc memory */\n |-- error = handler->get(handler, ...)\n | /* error! */\n |-- *xattr_value = value\n | /* xattr_value is &tmpbuf (memory leak!) */\n\nSo we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.\n\n[PM: subject line and backtrace tweaks]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: capacidades: reparar posible fuga de memoria en la ruta de error de vfs_getxattr_alloc() En cap_inode_getsecurity(), utilizaremos vfs_getxattr_alloc() para completar la asignaci\u00f3n de memoria de tmpbuf, si hemos completado la asignaci\u00f3n de memoria de tmpbuf, pero no pudimos llamar a handler->get(...), habr\u00e1 una fuga de memoria en la siguiente l\u00f3gica: |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ asignar para tmpbuf */ |-- valor = krealloc(*xattr_value, error + 1, flags) | /* ^^^ asignar memoria */ |-- error = handler->get(handler, ...) | /* \u00a1error! */ |-- *xattr_value = valor | /* xattr_value es &tmpbuf (\u00a1p\u00e9rdida de memoria!) */ Intentaremos liberar (tmpbuf) despu\u00e9s de que vfs_getxattr_alloc() no pueda solucionarlo. [MP: l\u00ednea de asunto y ajustes de backtrace]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49891.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49891.json index be02b4242e3..a0b0408f7ef 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49891.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49891.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49891", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.107", - "lastModified": "2025-05-01T15:16:14.107", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\n\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\n\nunreferenced object 0xffff888143b14000 (size 2048):\n comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\n hex dump (first 32 bytes):\n 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\n backtrace:\n [<000000006d7b836b>] kmalloc_trace+0x27/0xa0\n [<0000000009528b5b>] 0xffffffffa059006f\n [<000000008408b580>] do_one_initcall+0x87/0x2a0\n [<00000000c4980a7e>] do_init_module+0xdf/0x320\n [<00000000d775aad0>] load_module+0x3006/0x3390\n [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0\n [<000000003726480d>] do_syscall_64+0x35/0x80\n [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: kprobe: Se corrige la fuga de memoria en test_gen_kprobe/kretprobe_cmd(). test_gen_kprobe_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 cuando no haya fallo. Se traslada kfree(buf) de la ruta de fallo a la ruta com\u00fan para evitar la fuga de memoria. El mismo motivo y soluci\u00f3n se aplican en test_gen_kretprobe_cmd(). Objeto sin referencia 0xffff888143b14000 (size 2048): comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s) hex dump (first 32 bytes): 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys backtrace: [<000000006d7b836b>] kmalloc_trace+0x27/0xa0 [<0000000009528b5b>] 0xffffffffa059006f [<000000008408b580>] do_one_initcall+0x87/0x2a0 [<00000000c4980a7e>] do_init_module+0xdf/0x320 [<00000000d775aad0>] load_module+0x3006/0x3390 [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0 [<000000003726480d>] do_syscall_64+0x35/0x80 [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49892.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49892.json index 00bb942cc5c..7c6ae5d3ed7 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49892.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49892.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49892", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.210", - "lastModified": "2025-05-01T15:16:14.210", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix use-after-free for dynamic ftrace_ops\n\nKASAN reported a use-after-free with ftrace ops [1]. It was found from\nvmcore that perf had registered two ops with the same content\nsuccessively, both dynamic. After unregistering the second ops, a\nuse-after-free occurred.\n\nIn ftrace_shutdown(), when the second ops is unregistered, the\nFTRACE_UPDATE_CALLS command is not set because there is another enabled\nops with the same content. Also, both ops are dynamic and the ftrace\ncallback function is ftrace_ops_list_func, so the\nFTRACE_UPDATE_TRACE_FUNC command will not be set. Eventually the value\nof 'command' will be 0 and ftrace_shutdown() will skip the rcu\nsynchronization.\n\nHowever, ftrace may be activated. When the ops is released, another CPU\nmay be accessing the ops. Add the missing synchronization to fix this\nproblem.\n\n[1]\nBUG: KASAN: use-after-free in __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\nBUG: KASAN: use-after-free in ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\nRead of size 8 at addr ffff56551965bbc8 by task syz-executor.2/14468\n\nCPU: 1 PID: 14468 Comm: syz-executor.2 Not tainted 5.10.0 #7\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0x0/0x40c arch/arm64/kernel/stacktrace.c:132\n show_stack+0x30/0x40 arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1b4/0x248 lib/dump_stack.c:118\n print_address_description.constprop.0+0x28/0x48c mm/kasan/report.c:387\n __kasan_report mm/kasan/report.c:547 [inline]\n kasan_report+0x118/0x210 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load8+0x98/0xc0 mm/kasan/generic.c:253\n __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\n ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\n ftrace_graph_call+0x0/0x4\n __might_sleep+0x8/0x100 include/linux/perf_event.h:1170\n __might_fault mm/memory.c:5183 [inline]\n __might_fault+0x58/0x70 mm/memory.c:5171\n do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]\n strncpy_from_user+0x1f4/0x4b0 lib/strncpy_from_user.c:139\n getname_flags+0xb0/0x31c fs/namei.c:149\n getname+0x2c/0x40 fs/namei.c:209\n [...]\n\nAllocated by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track mm/kasan/common.c:56 [inline]\n __kasan_kmalloc mm/kasan/common.c:479 [inline]\n __kasan_kmalloc.constprop.0+0x110/0x13c mm/kasan/common.c:449\n kasan_kmalloc+0xc/0x14 mm/kasan/common.c:493\n kmem_cache_alloc_trace+0x440/0x924 mm/slub.c:2950\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:675 [inline]\n perf_event_alloc.part.0+0xb4/0x1350 kernel/events/core.c:11230\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n __arm64_sys_perf_event_open+0x6c/0x80 kernel/events/core.c:11723\n [...]\n\nFreed by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track+0x24/0x34 mm/kasan/common.c:56\n kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:358\n __kasan_slab_free.part.0+0x11c/0x1b0 mm/kasan/common.c:437\n __kasan_slab_free mm/kasan/common.c:445 [inline]\n kasan_slab_free+0x2c/0x40 mm/kasan/common.c:446\n slab_free_hook mm/slub.c:1569 [inline]\n slab_free_freelist_hook mm/slub.c:1608 [inline]\n slab_free mm/slub.c:3179 [inline]\n kfree+0x12c/0xc10 mm/slub.c:4176\n perf_event_alloc.part.0+0xa0c/0x1350 kernel/events/core.c:11434\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n [...]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ftrace: Arreglo de use-after-free para ftrace_ops din\u00e1micos KASAN inform\u00f3 de un use-after-free con operaciones ftrace [1]. Se encontr\u00f3 desde vmcore que perf hab\u00eda registrado dos operaciones con el mismo contenido sucesivamente, ambas din\u00e1micas. Despu\u00e9s de anular el registro de la segunda operaci\u00f3n, se produjo un use-after-free. En ftrace_shutdown(), cuando se anula el registro de la segunda operaci\u00f3n, el comando FTRACE_UPDATE_CALLS no se establece porque hay otra operaci\u00f3n habilitada con el mismo contenido. Adem\u00e1s, ambas operaciones son din\u00e1micas y la funci\u00f3n de devoluci\u00f3n de llamada de ftrace es ftrace_ops_list_func, por lo que el comando FTRACE_UPDATE_TRACE_FUNC no se establecer\u00e1. Finalmente, el valor de 'command' ser\u00e1 0 y ftrace_shutdown() omitir\u00e1 la sincronizaci\u00f3n de rcu. Sin embargo, ftrace puede estar activado. Cuando se libera la operaci\u00f3n, otra CPU puede estar accediendo a ella. Agregue la sincronizaci\u00f3n faltante para solucionar este problema. [1] ERROR: KASAN: use-after-free en __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [en l\u00ednea] ERROR: KASAN: use-after-free en ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff56551965bbc8 por la tarea syz-executor.2/14468 CPU: 1 PID: 14468 Comm: syz-executor.2 No contaminado 5.10.0 #7 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: dump_backtrace+0x0/0x40c arch/arm64/kernel/stacktrace.c:132 show_stack+0x30/0x40 arch/arm64/kernel/stacktrace.c:196 __dump_stack lib/dump_stack.c:77 [en l\u00ednea] dump_stack+0x1b4/0x248 lib/dump_stack.c:118 print_address_description.constprop.0+0x28/0x48c mm/kasan/report.c:387 __kasan_report mm/kasan/report.c:547 [en l\u00ednea] kasan_report+0x118/0x210 mm/kasan/report.c:564 check_memory_region_inline mm/kasan/generic.c:187 [en l\u00ednea] __asan_load8+0x98/0xc0 mm/kasan/generic.c:253 __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [en l\u00ednea] ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049 ftrace_graph_call+0x0/0x4 __might_sleep+0x8/0x100 include/linux/perf_event.h:1170 __might_fault mm/memory.c:5183 [en l\u00ednea] __might_fault+0x58/0x70 mm/memory.c:5171 do_strncpy_from_user lib/strncpy_from_user.c:41 [en l\u00ednea] strncpy_from_user+0x1f4/0x4b0 lib/strncpy_from_user.c:139 getname_flags+0xb0/0x31c fs/namei.c:149 getname+0x2c/0x40 fs/namei.c:209 [...] Asignado por la tarea 14445: kasan_save_stack+0x24/0x50 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [en l\u00ednea] __kasan_kmalloc mm/kasan/common.c:479 [en l\u00ednea] __kasan_kmalloc.constprop.0+0x110/0x13c mm/kasan/common.c:449 kasan_kmalloc+0xc/0x14 mm/kasan/common.c:493 kmem_cache_alloc_trace+0x440/0x924 mm/slub.c:2950 kmalloc include/linux/slab.h:563 [en l\u00ednea] kzalloc include/linux/slab.h:675 [en l\u00ednea] perf_event_alloc.part.0+0xb4/0x1350 kernel/events/core.c:11230 perf_event_alloc kernel/events/core.c:11733 [en l\u00ednea] __do_sys_perf_event_open kernel/events/core.c:11831 [en l\u00ednea] __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723 __arm64_sys_perf_event_open+0x6c/0x80 kernel/events/core.c:11723 [...] Liberado por la tarea 14445: kasan_save_stack+0x24/0x50 mm/kasan/common.c:48 kasan_set_track+0x24/0x34 mm/kasan/common.c:56 kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:358 __kasan_slab_free.part.0+0x11c/0x1b0 mm/kasan/common.c:437 __kasan_slab_free mm/kasan/common.c:445 [en l\u00ednea] kasan_slab_free+0x2c/0x40 mm/kasan/common.c:446 slab_free_hook mm/slub.c:1569 [en l\u00ednea] slab_free_freelist_hook mm/slub.c:1608 [en l\u00ednea] slab_free mm/slub.c:3179 [en l\u00ednea] kfree+0x12c/0xc10 mm/slub.c:4176 perf_event_alloc.part.0+0xa0c/0x1350 kernel/events/core.c:11434 perf_event_alloc kernel/events/core.c:11733 [en l\u00ednea] __do_sys_perf_event_open kernel/events/core.c:11831 [en l\u00ednea] __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723 [...]" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49893.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49893.json index 3b714d7e759..a51e08387b3 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49893.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49893.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49893", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.317", - "lastModified": "2025-05-01T15:16:14.317", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix cxl_region leak, cleanup targets at region delete\n\nWhen a region is deleted any targets that have been previously assigned\nto that region hold references to it. Trigger those references to\ndrop by detaching all targets at unregister_region() time.\n\nOtherwise that region object will leak as userspace has lost the ability\nto detach targets once region sysfs is torn down." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/region: Se corrige la fuga de cxl_region y se limpian los objetivos al eliminar una regi\u00f3n. Al eliminar una regi\u00f3n, todos los objetivos previamente asignados a ella contienen referencias a ella. Para eliminar esas referencias, desvincula todos los objetivos durante la ejecuci\u00f3n de unregister_region(). De lo contrario, el objeto de regi\u00f3n se filtrar\u00e1, ya que el espacio de usuario ha perdido la capacidad de desvincular objetivos una vez que se desmantela el sistema operativo de la regi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49894.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49894.json index 0a2e96dc763..432954fbeec 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49894.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49894.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49894", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.417", - "lastModified": "2025-05-01T15:16:14.417", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix region HPA ordering validation\n\nSome regions may not have any address space allocated. Skip them when\nvalidating HPA order otherwise a crash like the following may result:\n\n devm_cxl_add_region: cxl_acpi cxl_acpi.0: decoder3.4: created region9\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [..]\n RIP: 0010:store_targetN+0x655/0x1740 [cxl_core]\n [..]\n Call Trace:\n \n kernfs_fop_write_iter+0x144/0x200\n vfs_write+0x24a/0x4d0\n ksys_write+0x69/0xf0\n do_syscall_64+0x3a/0x90\n\nstore_targetN+0x655/0x1740:\nalloc_region_ref at drivers/cxl/core/region.c:676\n(inlined by) cxl_port_attach_region at drivers/cxl/core/region.c:850\n(inlined by) cxl_region_attach at drivers/cxl/core/region.c:1290\n(inlined by) attach_target at drivers/cxl/core/region.c:1410\n(inlined by) store_targetN at drivers/cxl/core/region.c:1453" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/region: Corregir la validaci\u00f3n del ordenamiento HPA de la regi\u00f3n. Algunas regiones pueden no tener ning\u00fan espacio de direcciones asignado. Om\u00edtalos al validar el orden de HPA; de lo contrario, puede producirse un fallo como el siguiente: devm_cxl_add_region: cxl_acpi cxl_acpi.0: decoder3.4: created region9 BUG: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 [..] RIP: 0010:store_targetN+0x655/0x1740 [cxl_core] [..] Seguimiento de llamadas: kernfs_fop_write_iter+0x144/0x200 vfs_write+0x24a/0x4d0 ksys_write+0x69/0xf0 do_syscall_64+0x3a/0x90 store_targetN+0x655/0x1740: alloc_region_ref at drivers/cxl/core/region.c:676 (integrado por) cxl_port_attach_region en drivers/cxl/core/region.c:850 (integrado por) cxl_region_attach en drivers/cxl/core/region.c:1290 (integrado por) attached_target en drivers/cxl/core/region.c:1410 (integrado por) store_targetN en drivers/cxl/core/region.c:1453" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49895.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49895.json index d301ad22baf..d52494266d8 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49895.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49895.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49895", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.517", - "lastModified": "2025-05-01T15:16:14.517", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix decoder allocation crash\n\nWhen an intermediate port's decoders have been exhausted by existing\nregions, and creating a new region with the port in question in it's\nhierarchical path is attempted, cxl_port_attach_region() fails to find a\nport decoder (as would be expected), and drops into the failure / cleanup\npath.\n\nHowever, during cleanup of the region reference, a sanity check attempts\nto dereference the decoder, which in the above case didn't exist. This\ncauses a NULL pointer dereference BUG.\n\nTo fix this, refactor the decoder allocation and de-allocation into\nhelper routines, and in this 'free' routine, check that the decoder,\n@cxld, is valid before attempting any operations on it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/region: Fix decoder assignment crash Cuando los decodificadores de un puerto intermedio han sido agotados por las regiones existentes, y se intenta crear una nueva regi\u00f3n con el puerto en cuesti\u00f3n en su ruta jer\u00e1rquica, cxl_port_attach_region() no puede encontrar un decodificador de puerto (como ser\u00eda de esperar), y cae en la ruta de error/limpieza. Sin embargo, durante la limpieza de la referencia de la regi\u00f3n, una comprobaci\u00f3n de cordura intenta desreferenciar el decodificador, que en el caso anterior no exist\u00eda. Esto causa un ERROR de desreferencia de puntero NULL. Para corregir esto, refactorice la asignaci\u00f3n y desasignaci\u00f3n del decodificador en rutinas de ayuda, y en esta rutina 'libre', verifique que el decodificador, @cxld, sea v\u00e1lido antes de intentar cualquier operaci\u00f3n en \u00e9l." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49896.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49896.json index 51def7e5c8c..e7f6e7ad114 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49896.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49896.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49896", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.643", - "lastModified": "2025-05-01T15:16:14.643", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pmem: Fix cxl_pmem_region and cxl_memdev leak\n\nWhen a cxl_nvdimm object goes through a ->remove() event (device\nphysically removed, nvdimm-bridge disabled, or nvdimm device disabled),\nthen any associated regions must also be disabled. As highlighted by the\ncxl-create-region.sh test [1], a single device may host multiple\nregions, but the driver was only tracking one region at a time. This\nleads to a situation where only the last enabled region per nvdimm\ndevice is cleaned up properly. Other regions are leaked, and this also\ncauses cxl_memdev reference leaks.\n\nFix the tracking by allowing cxl_nvdimm objects to track multiple region\nassociations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/pmem: Arregla la fuga de cxl_pmem_region y cxl_memdev Cuando un objeto cxl_nvdimm pasa por un evento ->remove() (dispositivo eliminado f\u00edsicamente, nvdimm-bridge deshabilitado o dispositivo nvdimm deshabilitado), entonces cualquier regi\u00f3n asociada tambi\u00e9n debe deshabilitarse. Como se destaca en la prueba cxl-create-region.sh [1], un solo dispositivo puede albergar m\u00faltiples regiones, pero el controlador solo rastreaba una regi\u00f3n a la vez. Esto lleva a una situaci\u00f3n en la que solo la \u00faltima regi\u00f3n habilitada por dispositivo nvdimm se limpia correctamente. Se filtran otras regiones, y esto tambi\u00e9n causa fugas de referencia de cxl_memdev. Arregla el rastreo permitiendo que los objetos cxl_nvdimm rastreen m\u00faltiples asociaciones de regiones." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49897.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49897.json index a527fceca87..65e56df8cf4 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49897.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49897.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49897", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.747", - "lastModified": "2025-05-01T15:16:14.747", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: fix keyring memory leak on mount failure\n\nCommit d7e7b9af104c (\"fscrypt: stop using keyrings subsystem for\nfscrypt_master_key\") moved the keyring destruction from __put_super() to\ngeneric_shutdown_super() so that the filesystem's block device(s) are\nstill available. Unfortunately, this causes a memory leak in the case\nwhere a mount is attempted with the test_dummy_encryption mount option,\nbut the mount fails after the option has already been processed.\n\nTo fix this, attempt the keyring destruction in both places." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscrypt: correcci\u00f3n de fuga de memoria del llavero en caso de fallo de montaje. El commit d7e7b9af104c (\"fscrypt: dejar de usar el subsistema de llaveros para fscrypt_master_key\") traslad\u00f3 la destrucci\u00f3n del llavero de __put_super() a generic_shutdown_super() para que los dispositivos de bloque del sistema de archivos sigan disponibles. Desafortunadamente, esto provoca una fuga de memoria si se intenta un montaje con la opci\u00f3n test_dummy_encryption, pero el montaje falla despu\u00e9s de que la opci\u00f3n ya se haya procesado. Para solucionarlo, intente la destrucci\u00f3n del llavero en ambos lugares." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49898.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49898.json index bd6347ed114..1fc7acb3422 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49898.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49898.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49898", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.850", - "lastModified": "2025-05-01T15:16:14.850", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix tree mod log mishandling of reallocated nodes\n\nWe have been seeing the following panic in production\n\n kernel BUG at fs/btrfs/tree-mod-log.c:677!\n invalid opcode: 0000 [#1] SMP\n RIP: 0010:tree_mod_log_rewind+0x1b4/0x200\n RSP: 0000:ffffc9002c02f890 EFLAGS: 00010293\n RAX: 0000000000000003 RBX: ffff8882b448c700 RCX: 0000000000000000\n RDX: 0000000000008000 RSI: 00000000000000a7 RDI: ffff88877d831c00\n RBP: 0000000000000002 R08: 000000000000009f R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000100c40 R12: 0000000000000001\n R13: ffff8886c26d6a00 R14: ffff88829f5424f8 R15: ffff88877d831a00\n FS: 00007fee1d80c780(0000) GS:ffff8890400c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fee1963a020 CR3: 0000000434f33002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n btrfs_get_old_root+0x12b/0x420\n btrfs_search_old_slot+0x64/0x2f0\n ? tree_mod_log_oldest_root+0x3d/0xf0\n resolve_indirect_ref+0xfd/0x660\n ? ulist_alloc+0x31/0x60\n ? kmem_cache_alloc_trace+0x114/0x2c0\n find_parent_nodes+0x97a/0x17e0\n ? ulist_alloc+0x30/0x60\n btrfs_find_all_roots_safe+0x97/0x150\n iterate_extent_inodes+0x154/0x370\n ? btrfs_search_path_in_tree+0x240/0x240\n iterate_inodes_from_logical+0x98/0xd0\n ? btrfs_search_path_in_tree+0x240/0x240\n btrfs_ioctl_logical_to_ino+0xd9/0x180\n btrfs_ioctl+0xe2/0x2ec0\n ? __mod_memcg_lruvec_state+0x3d/0x280\n ? do_sys_openat2+0x6d/0x140\n ? kretprobe_dispatcher+0x47/0x70\n ? kretprobe_rethook_handler+0x38/0x50\n ? rethook_trampoline_handler+0x82/0x140\n ? arch_rethook_trampoline_callback+0x3b/0x50\n ? kmem_cache_free+0xfb/0x270\n ? do_sys_openat2+0xd5/0x140\n __x64_sys_ioctl+0x71/0xb0\n do_syscall_64+0x2d/0x40\n\nWhich is this code in tree_mod_log_rewind()\n\n\tswitch (tm->op) {\n case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING:\n\t\tBUG_ON(tm->slot < n);\n\nThis occurs because we replay the nodes in order that they happened, and\nwhen we do a REPLACE we will log a REMOVE_WHILE_FREEING for every slot,\nstarting at 0. 'n' here is the number of items in this block, which in\nthis case was 1, but we had 2 REMOVE_WHILE_FREEING operations.\n\nThe actual root cause of this was that we were replaying operations for\na block that shouldn't have been replayed. Consider the following\nsequence of events\n\n1. We have an already modified root, and we do a btrfs_get_tree_mod_seq().\n2. We begin removing items from this root, triggering KEY_REPLACE for\n it's child slots.\n3. We remove one of the 2 children this root node points to, thus triggering\n the root node promotion of the remaining child, and freeing this node.\n4. We modify a new root, and re-allocate the above node to the root node of\n this other root.\n\nThe tree mod log looks something like this\n\n\tlogical 0\top KEY_REPLACE (slot 1)\t\t\tseq 2\n\tlogical 0\top KEY_REMOVE (slot 1)\t\t\tseq 3\n\tlogical 0\top KEY_REMOVE_WHILE_FREEING (slot 0)\tseq 4\n\tlogical 4096\top LOG_ROOT_REPLACE (old logical 0)\tseq 5\n\tlogical 8192\top KEY_REMOVE_WHILE_FREEING (slot 1)\tseq 6\n\tlogical 8192\top KEY_REMOVE_WHILE_FREEING (slot 0)\tseq 7\n\tlogical 0\top LOG_ROOT_REPLACE (old logical 8192)\tseq 8\n\n>From here the bug is triggered by the following steps\n\n1. Call btrfs_get_old_root() on the new_root.\n2. We call tree_mod_log_oldest_root(btrfs_root_node(new_root)), which is\n currently logical 0.\n3. tree_mod_log_oldest_root() calls tree_mod_log_search_oldest(), which\n gives us the KEY_REPLACE seq 2, and since that's not a\n LOG_ROOT_REPLACE we incorrectly believe that we don't have an old\n root, because we expect that the most recent change should be a\n LOG_ROOT_REPLACE.\n4. Back in tree_mod_log_oldest_root() we don't have a LOG_ROOT_REPLACE,\n so we don't set old_root, we simply use our e\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige el mal manejo del registro de mod de \u00e1rbol de nodos reasignados \u00a1Hemos estado viendo el siguiente ERROR de p\u00e1nico en el kernel de producci\u00f3n en fs/btrfs/tree-mod-log.c:677! c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] SMP RIP: 0010:tree_mod_log_rewind+0x1b4/0x200 RSP: 0000:ffffc9002c02f890 EFLAGS: 00010293 RAX: 0000000000000003 RBX: ffff8882b448c700 RCX: 0000000000000000 RDX: 0000000000008000 RSI: 00000000000000a7 RDI: ffff88877d831c00 RBP: 0000000000000002 R08: 000000000000009f R09: 00000000000000000 R10: 0000000000000000 R11: 00000000000100c40 R12: 000000000000001 R13: ffff8886c26d6a00 R14: ffff88829f5424f8 R15: ffff88877d831a00 FS: 00007fee1d80c780(0000) GS:ffff8890400c0000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee1963a020 CR3: 0000000434f33002 CR4: 00000000007706e0 DR0: 00000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Rastreo de llamadas: btrfs_get_old_root+0x12b/0x420 btrfs_search_old_slot+0x64/0x2f0 ? tree_mod_log_oldest_root+0x3d/0xf0 resolve_indirect_ref+0xfd/0x660 ? ulist_alloc+0x31/0x60 ? kmem_cache_alloc_trace+0x114/0x2c0 find_parent_nodes+0x97a/0x17e0 ? ulist_alloc+0x30/0x60 btrfs_find_all_roots_safe+0x97/0x150 iterate_extent_inodes+0x154/0x370 ? btrfs_search_path_in_tree+0x240/0x240 iterate_inodes_from_logical+0x98/0xd0 ? btrfs_search_path_in_tree+0x240/0x240 btrfs_ioctl_logical_to_ino+0xd9/0x180 btrfs_ioctl+0xe2/0x2ec0 ? __mod_memcg_lruvec_state+0x3d/0x280 ? do_sys_openat2+0x6d/0x140 ? kretprobe_dispatcher+0x47/0x70 ? kretprobe_rethook_handler+0x38/0x50 ? rethook_trampoline_handler+0x82/0x140 ? arch_rethook_trampoline_callback+0x3b/0x50 ? kmem_cache_free+0xfb/0x270 ? do_sys_openat2+0xd5/0x140 __x64_sys_ioctl+0x71/0xb0 do_syscall_64+0x2d/0x40 Which is this code in tree_mod_log_rewind() switch (tm->op) { case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING: BUG_ON(tm->slot < n); Esto ocurre porque reproducimos los nodos en el orden en que sucedieron, y cuando hacemos un REPLACE registraremos un REMOVE_WHILE_FREEING para cada ranura, comenzando en 0. 'n' aqu\u00ed es el n\u00famero de elementos en este bloque, que en este caso era 1, pero ten\u00edamos 2 operaciones REMOVE_WHILE_FREEING. La causa ra\u00edz real de esto fue que est\u00e1bamos reproduciendo operaciones para un bloque que no deber\u00eda haberse reproducido. Considere la siguiente secuencia de eventos: 1. Tenemos una ra\u00edz ya modificada y ejecutamos btrfs_get_tree_mod_seq(). 2. Comenzamos a eliminar elementos de esta ra\u00edz, activando KEY_REPLACE para sus ranuras secundarias. 3. Eliminamos uno de los dos hijos a los que apunta este nodo ra\u00edz, lo que activa la promoci\u00f3n del hijo restante y libera este nodo. 4. Modificamos una nueva ra\u00edz y reasignamos el nodo anterior al nodo ra\u00edz de esta otra ra\u00edz. El registro de mod del \u00e1rbol se parece a esto l\u00f3gico 0 op KEY_REPLACE (ranura 1) seq 2 l\u00f3gico 0 op KEY_REMOVE (ranura 1) seq 3 l\u00f3gico 0 op KEY_REMOVE_WHILE_FREEING (ranura 0) seq 4 l\u00f3gico 4096 op LOG_ROOT_REPLACE (antiguo l\u00f3gico 0) seq 5 l\u00f3gico 8192 op KEY_REMOVE_WHILE_FREEING (ranura 1) seq 6 l\u00f3gico 8192 op KEY_REMOVE_WHILE_FREEING (ranura 0) seq 7 l\u00f3gico 0 op LOG_ROOT_REPLACE (antiguo l\u00f3gico 8192) seq 8 >A partir de aqu\u00ed el error se activa con los siguientes pasos 1. Llama a btrfs_get_old_root() en new_root. 2. Llamamos a tree_mod_log_oldest_root(btrfs_root_node(new_root)), que actualmente tiene un valor l\u00f3gico 0. 3. tree_mod_log_oldest_root() llama a tree_mod_log_search_oldest(), que nos proporciona la secuencia KEY_REPLACE 2. Dado que no es un LOG_ROOT_REPLACE, creemos err\u00f3neamente que no tenemos una ra\u00edz antigua, ya que esperamos que el cambio m\u00e1s reciente sea un LOG_ROOT_REPLACE. 4. En tree_mod_log_oldest_root(), no tenemos un LOG_ROOT_REPLACE, por lo que no establecemos old_root; simplemente usamos nuestra e ---truncated---" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-498xx/CVE-2022-49899.json b/CVE-2022/CVE-2022-498xx/CVE-2022-49899.json index c487917555d..625235a94bf 100644 --- a/CVE-2022/CVE-2022-498xx/CVE-2022-49899.json +++ b/CVE-2022/CVE-2022-498xx/CVE-2022-49899.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49899", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:14.953", - "lastModified": "2025-05-01T15:16:14.953", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscrypt: stop using keyrings subsystem for fscrypt_master_key\n\nThe approach of fs/crypto/ internally managing the fscrypt_master_key\nstructs as the payloads of \"struct key\" objects contained in a\n\"struct key\" keyring has outlived its usefulness. The original idea was\nto simplify the code by reusing code from the keyrings subsystem.\nHowever, several issues have arisen that can't easily be resolved:\n\n- When a master key struct is destroyed, blk_crypto_evict_key() must be\n called on any per-mode keys embedded in it. (This started being the\n case when inline encryption support was added.) Yet, the keyrings\n subsystem can arbitrarily delay the destruction of keys, even past the\n time the filesystem was unmounted. Therefore, currently there is no\n easy way to call blk_crypto_evict_key() when a master key is\n destroyed. Currently, this is worked around by holding an extra\n reference to the filesystem's request_queue(s). But it was overlooked\n that the request_queue reference is *not* guaranteed to pin the\n corresponding blk_crypto_profile too; for device-mapper devices that\n support inline crypto, it doesn't. This can cause a use-after-free.\n\n- When the last inode that was using an incompletely-removed master key\n is evicted, the master key removal is completed by removing the key\n struct from the keyring. Currently this is done via key_invalidate().\n Yet, key_invalidate() takes the key semaphore. This can deadlock when\n called from the shrinker, since in fscrypt_ioctl_add_key(), memory is\n allocated with GFP_KERNEL under the same semaphore.\n\n- More generally, the fact that the keyrings subsystem can arbitrarily\n delay the destruction of keys (via garbage collection delay, or via\n random processes getting temporary key references) is undesirable, as\n it means we can't strictly guarantee that all secrets are ever wiped.\n\n- Doing the master key lookups via the keyrings subsystem results in the\n key_permission LSM hook being called. fscrypt doesn't want this, as\n all access control for encrypted files is designed to happen via the\n files themselves, like any other files. The workaround which SELinux\n users are using is to change their SELinux policy to grant key search\n access to all domains. This works, but it is an odd extra step that\n shouldn't really have to be done.\n\nThe fix for all these issues is to change the implementation to what I\nshould have done originally: don't use the keyrings subsystem to keep\ntrack of the filesystem's fscrypt_master_key structs. Instead, just\nstore them in a regular kernel data structure, and rework the reference\ncounting, locking, and lifetime accordingly. Retain support for\nRCU-mode key lookups by using a hash table. Replace fscrypt_sb_free()\nwith fscrypt_sb_delete(), which releases the keys synchronously and runs\na bit earlier during unmount, so that block devices are still available.\n\nA side effect of this patch is that neither the master keys themselves\nnor the filesystem keyrings will be listed in /proc/keys anymore.\n(\"Master key users\" and the master key users keyrings will still be\nlisted.) However, this was mostly an implementation detail, and it was\nintended just for debugging purposes. I don't know of anyone using it.\n\nThis patch does *not* change how \"master key users\" (->mk_users) works;\nthat still uses the keyrings subsystem. That is still needed for key\nquotas, and changing that isn't necessary to solve the issues listed\nabove. If we decide to change that too, it would be a separate patch.\n\nI've marked this as fixing the original commit that added the fscrypt\nkeyring, but as noted above the most important issue that this patch\nfixes wasn't introduced until the addition of inline encryption support." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscrypt: dejar de usar el subsistema de llaveros para fscrypt_master_key. El enfoque de fs/crypto/, que gestionaba internamente las estructuras fscrypt_master_key como payloads de objetos \"struct key\" contenidos en un llavero \"struct key\", ha dejado de ser \u00fatil. La idea original era simplificar el c\u00f3digo reutilizando c\u00f3digo del subsistema de llaveros. Sin embargo, han surgido varios problemas que no se pueden resolver f\u00e1cilmente: - Cuando se destruye una estructura de clave maestra, se debe llamar a blk_crypto_evict_key() en cualquier clave por modo incrustada en ella. (Esto empez\u00f3 a ocurrir cuando se a\u00f1adi\u00f3 la compatibilidad con el cifrado en l\u00ednea). Sin embargo, el subsistema de llaveros puede retrasar arbitrariamente la destrucci\u00f3n de claves, incluso despu\u00e9s de que se desmontara el sistema de archivos. Por lo tanto, actualmente no hay una forma sencilla de llamar a blk_crypto_evict_key() cuando se destruye una clave maestra. Actualmente, esto se soluciona manteniendo una referencia adicional a las colas de solicitudes (solicitudes) del sistema de archivos. Sin embargo, se pas\u00f3 por alto que la referencia a la cola de solicitudes *no* garantiza que tambi\u00e9n fije el perfil blk_crypto_profile correspondiente; para los dispositivos con mapeador de dispositivos que admiten criptograf\u00eda en l\u00ednea, no lo hace. Esto puede causar un uso despu\u00e9s de la liberaci\u00f3n. - Cuando se expulsa el \u00faltimo inodo que usaba una clave maestra eliminada de forma incompleta, la eliminaci\u00f3n de la clave maestra se completa eliminando la estructura de la clave del anillo de claves. Actualmente, esto se realiza mediante key_invalidate(). Sin embargo, key_invalidate() toma el sem\u00e1foro de la clave. Esto puede generar un bloqueo al ser llamado desde el reductor, ya que en fscrypt_ioctl_add_key(), la memoria se asigna con GFP_KERNEL bajo el mismo sem\u00e1foro. En t\u00e9rminos m\u00e1s generales, el hecho de que el subsistema de llaveros pueda retrasar arbitrariamente la destrucci\u00f3n de claves (mediante un retraso en la recolecci\u00f3n de basura o mediante procesos aleatorios que obtienen referencias temporales a las claves) es indeseable, ya que significa que no podemos garantizar estrictamente que todos los secretos se borren. Realizar las b\u00fasquedas de la clave maestra a trav\u00e9s del subsistema de llaveros resulta en la llamada al gancho LSM key_permission. fscrypt no desea esto, ya que todo el control de acceso a los archivos cifrados est\u00e1 dise\u00f1ado para realizarse a trav\u00e9s de los propios archivos, como cualquier otro archivo. La soluci\u00f3n alternativa que utilizan los usuarios de SELinux es cambiar su pol\u00edtica de SELinux para otorgar acceso de b\u00fasqueda de claves a todos los dominios. Esto funciona, pero es un paso adicional extra\u00f1o que realmente no deber\u00eda ser necesario. La soluci\u00f3n para todos estos problemas es cambiar la implementaci\u00f3n a lo que deber\u00eda haber hecho originalmente: no usar el subsistema de llaveros para realizar un seguimiento de las estructuras fscrypt_master_key del sistema de archivos. En su lugar, simplemente almac\u00e9nelos en una estructura de datos de kernel normal y modifique el recuento de referencias, el bloqueo y la duraci\u00f3n seg\u00fan corresponda. Mantenga la compatibilidad con las b\u00fasquedas de claves en modo RCU mediante una tabla hash. Reemplace fscrypt_sb_free() por fscrypt_sb_delete(), que libera las claves sincr\u00f3nicamente y se ejecuta un poco antes durante el desmontaje, para que los dispositivos de bloque sigan disponibles. Un efecto secundario de este parche es que ni las claves maestras ni los conjuntos de claves del sistema de archivos aparecer\u00e1n en /proc/keys. (Los \"usuarios de clave maestra\" y los conjuntos de claves de los usuarios de clave maestra seguir\u00e1n apareciendo). Sin embargo, esto era principalmente un detalle de implementaci\u00f3n y estaba destinado \u00fanicamente a fines de depuraci\u00f3n. No conozco a nadie que lo use. Este parche *no* cambia el funcionamiento de los \"usuarios de clave maestra\" (->mk_users)--- truncado ----" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49900.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49900.json index 16155072baf..029df7d547f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49900.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49900.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49900", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.060", - "lastModified": "2025-05-01T15:16:15.060", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix adapter not be removed in piix4_remove()\n\nIn piix4_probe(), the piix4 adapter will be registered in:\n\n piix4_probe()\n piix4_add_adapters_sb800() / piix4_add_adapter()\n i2c_add_adapter()\n\nBased on the probed device type, piix4_add_adapters_sb800() or single\npiix4_add_adapter() will be called.\nFor the former case, piix4_adapter_count is set as the number of adapters,\nwhile for antoher case it is not set and kept default *zero*.\n\nWhen piix4 is removed, piix4_remove() removes the adapters added in\npiix4_probe(), basing on the piix4_adapter_count value.\nBecause the count is zero for the single adapter case, the adapter won't\nbe removed and makes the sources allocated for adapter leaked, such as\nthe i2c client and device.\n\nThese sources can still be accessed by i2c or bus and cause problems.\nAn easily reproduced case is that if a new adapter is registered, i2c\nwill get the leaked adapter and try to call smbus_algorithm, which was\nalready freed:\n\nTriggered by: rmmod i2c_piix4 && modprobe max31730\n\n BUG: unable to handle page fault for address: ffffffffc053d860\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Oops: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 3752 Comm: modprobe Tainted: G\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:i2c_default_probe (drivers/i2c/i2c-core-base.c:2259) i2c_core\n RSP: 0018:ffff888107477710 EFLAGS: 00000246\n ...\n \n i2c_detect (drivers/i2c/i2c-core-base.c:2302) i2c_core\n __process_new_driver (drivers/i2c/i2c-core-base.c:1336) i2c_core\n bus_for_each_dev (drivers/base/bus.c:301)\n i2c_for_each_dev (drivers/i2c/i2c-core-base.c:1823) i2c_core\n i2c_register_driver (drivers/i2c/i2c-core-base.c:1861) i2c_core\n do_one_initcall (init/main.c:1296)\n do_init_module (kernel/module/main.c:2455)\n ...\n \n ---[ end trace 0000000000000000 ]---\n\nFix this problem by correctly set piix4_adapter_count as 1 for the\nsingle adapter so it can be normally removed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: piix4: Adaptador de correcci\u00f3n que no se eliminar\u00e1 en piix4_remove() En piix4_probe(), el adaptador piix4 se registrar\u00e1 en: piix4_probe() piix4_add_adapters_sb800() / piix4_add_adapter() i2c_add_adapter() En funci\u00f3n del tipo de dispositivo sondeado, se llamar\u00e1 a piix4_add_adapters_sb800() o a un solo piix4_add_adapter(). Para el primer caso, piix4_adapter_count se establece como el n\u00famero de adaptadores, mientras que para otro caso no se establece y se mantiene predeterminado *cero*. Cuando se elimina piix4, piix4_remove() elimina los adaptadores agregados en piix4_probe(), bas\u00e1ndose en el valor de piix4_adapter_count. Dado que el conteo es cero en el caso de un solo adaptador, este no se eliminar\u00e1 y se filtrar\u00e1n las fuentes asignadas, como el cliente y el dispositivo i2c. Estas fuentes a\u00fan pueden ser accedidas por i2c o el bus, lo que puede causar problemas. Un caso que se reproduce f\u00e1cilmente es que si se registra un nuevo adaptador, i2c obtendr\u00e1 el adaptador filtrado e intentar\u00e1 llamar a smbus_algorithm, que ya se hab\u00eda liberado: Activado por: rmmod i2c_piix4 y modprobe max31730 ERROR: no se puede controlar el error de p\u00e1gina para la direcci\u00f3n: ffffffffc053d860 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 3752 Comm: modprobe Tainted: G Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:i2c_default_probe (drivers/i2c/i2c-core-base.c:2259) i2c_core RSP: 0018:ffff888107477710 EFLAGS: 00000246 ... i2c_detect (controladores/i2c/i2c-core-base.c:2302) i2c_core __process_new_driver (controladores/i2c/i2c-core-base.c:1336) i2c_core bus_for_each_dev (controladores/base/bus.c:301) i2c_for_each_dev (controladores/i2c/i2c-core-base.c:1823) i2c_core i2c_register_driver (controladores/i2c/i2c-core-base.c:1861) i2c_core do_one_initcall (init/main.c:1296) do_init_module (kernel/module/main.c:2455) ... ---[ fin del seguimiento 0000000000000000 ]--- Solucione este problema configurando correctamente piix4_adapter_count como 1 para el adaptador \u00fanico de modo que se pueda quitar normalmente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49901.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49901.json index 8a0fcb79e45..da0f74c7e04 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49901.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49901.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49901", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.167", - "lastModified": "2025-05-01T15:16:15.167", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\n\nThere is a kmemleak caused by modprobe null_blk.ko\n\nunreferenced object 0xffff8881acb1f000 (size 1024):\n comm \"modprobe\", pid 836, jiffies 4294971190 (age 27.068s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\n backtrace:\n [<000000004a10c249>] kmalloc_node_trace+0x22/0x60\n [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350\n [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\n [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440\n [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0\n [<00000000d10c98c3>] 0xffffffffc450d69d\n [<00000000b9299f48>] 0xffffffffc4538392\n [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0\n [<00000000b389383b>] do_init_module+0x1a4/0x680\n [<0000000087cf3542>] load_module+0x6249/0x7110\n [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200\n [<00000000fdcfff51>] do_syscall_64+0x35/0x80\n [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThat is because q->ma_ops is set to NULL before blk_release_queue is\ncalled.\n\nblk_mq_init_queue_data\n blk_mq_init_allocated_queue\n blk_mq_realloc_hw_ctxs\n for (i = 0; i < set->nr_hw_queues; i++) {\n old_hctx = xa_load(&q->hctx_table, i);\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\t\t[1]\n if (!old_hctx)\n\t break;\n\n xa_for_each_start(&q->hctx_table, j, hctx, j)\n blk_mq_exit_hctx(q, set, hctx, j); \t\t\t[2]\n\n if (!q->nr_hw_queues)\t\t\t\t\t[3]\n goto err_hctxs;\n\n err_exit:\n q->mq_ops = NULL;\t\t\t \t\t\t[4]\n\n blk_put_queue\n blk_release_queue\n if (queue_is_mq(q))\t\t\t\t\t[5]\n blk_mq_release(q);\n\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\n[2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and\nwill be cleaned up in blk_mq_release.\n[3]: q->nr_hw_queues is 0.\n[4]: Set q->mq_ops to NULL.\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\nwill not be called. The hctxs in q->unused_hctx_list are leaked.\n\nTo fix it, call blk_release_queue in exception path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-mq: Se corrige kmemleak en blk_mq_init_allocated_queue Hay una kmemleak causada por modprobe null_blk.ko objeto no referenciado 0xffff8881acb1f000 (tama\u00f1o 1024): comm \"modprobe\", pid 836, jiffies 4294971190 (edad 27.068s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [<000000004a10c249>] kmalloc_node_trace+0x22/0x60 [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350 [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0 [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440 [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0 [<00000000d10c98c3>] 0xffffffffc450d69d [<00000000b9299f48>] 0xffffffffc4538392 [<0000000061c39ed6>] hacer_una_llamada_inicio+0xd0/0x4f0 [<00000000b389383b>] hacer_m\u00f3dulo_inicio+0x1a4/0x680 [<0000000087cf3542>] cargar_m\u00f3dulo+0x6249/0x7110 [<00000000beba61b8>] __hacer_m\u00f3dulo_finit_sys+0x140/0x200 [<00000000fdcfff51>] hacer_llamada_al_sistema_64+0x35/0x80 [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Esto se debe a que q->ma_ops se establece en NULL antes de llamar a blk_release_queue. blk_mq_init_queue_data blk_mq_init_allocated_queue blk_mq_realloc_hw_ctxs para (i = 0; i < set->nr_hw_queues; i++) { old_hctx = xa_load(&q->hctx_table, i); si (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1] si (!old_hctx) break; xa_for_each_start(&q->hctx_table, j, hctx, j) blk_mq_exit_hctx(q, set, hctx, j); [2] if (!q->nr_hw_queues) [3] goto err_hctxs; err_exit: q->mq_ops = NULL; [4] blk_put_queue blk_release_queue if (queue_is_mq(q)) [5] blk_mq_release(q); [1]: blk_mq_alloc_and_init_hctx fall\u00f3 en i != 0. [2]: Los hctxs asignados por [1] se mueven a q->unused_hctx_list y se limpiar\u00e1n en blk_mq_release. [3]: q->nr_hw_queues es 0. [4]: Establece q->mq_ops en NULL. [5]: queue_is_mq devuelve falso debido a [4]. No se llamar\u00e1 a blk_mq_release. Los hctxs en q->unused_hctx_list tienen fugas. Para solucionarlo, llame a blk_release_queue en la ruta de excepci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49902.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49902.json index 4d27a31cbdd..c619a41ed4c 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49902.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49902.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49902", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.270", - "lastModified": "2025-05-01T15:16:15.270", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix possible memory leak for rq_wb on add_disk failure\n\nkmemleak reported memory leaks in device_add_disk():\n\nkmemleak: 3 new suspected memory leaks\n\nunreferenced object 0xffff88800f420800 (size 512):\n comm \"modprobe\", pid 4275, jiffies 4295639067 (age 223.512s)\n hex dump (first 32 bytes):\n 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................\n 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000d3662699>] kmalloc_trace+0x26/0x60\n [<00000000edc7aadc>] wbt_init+0x50/0x6f0\n [<0000000069601d16>] wbt_enable_default+0x157/0x1c0\n [<0000000028fc393f>] blk_register_queue+0x2a4/0x420\n [<000000007345a042>] device_add_disk+0x6fd/0xe40\n [<0000000060e6aab0>] nbd_dev_add+0x828/0xbf0 [nbd]\n ...\n\nIt is because the memory allocated in wbt_enable_default() is not\nreleased in device_add_disk() error path.\nNormally, these memory are freed in:\n\ndel_gendisk()\n rq_qos_exit()\n rqos->ops->exit(rqos);\n wbt_exit()\n\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\nHowever in the error path of device_add_disk(), only\nblk_unregister_queue() is called and make rq_wb memory leaked.\n\nAdd rq_qos_exit() to the error path to fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: Reparar posible p\u00e9rdida de memoria para rq_wb en caso de error de add_disk kmemleak inform\u00f3 p\u00e9rdidas de memoria en device_add_disk(): kmemleak: 3 nuevas p\u00e9rdidas de memoria sospechosas objeto no referenciado 0xffff88800f420800 (tama\u00f1o 512): comm \"modprobe\", pid 4275, jiffies 4295639067 (edad 223.512s) volcado hexadecimal (primeros 32 bytes): 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 ................ 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d3662699>] kmalloc_trace+0x26/0x60 [<00000000edc7aadc>] wbt_init+0x50/0x6f0 [<0000000069601d16>] wbt_enable_default+0x157/0x1c0 [<0000000028fc393f>] blk_register_queue+0x2a4/0x420 [<000000007345a042>] device_add_disk+0x6fd/0xe40 [<0000000060e6aab0>] nbd_dev_add+0x828/0xbf0 [nbd] ... Esto se debe a que la memoria asignada en wbt_enable_default() no se libera en la ruta de error device_add_disk(). Normalmente, esta memoria se libera en: del_gendisk() rq_qos_exit() rqos->ops->exit(rqos); wbt_exit(). Por lo tanto, se llama a rq_qos_exit() para liberar la memoria rq_wb para wbt_init(). Sin embargo, en la ruta de error de device_add_disk(), solo se llama a blk_unregister_queue(), lo que provoca una fuga de memoria en rq_wb. Agregue rq_qos_exit() a la ruta de error para corregirlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49903.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49903.json index f7f532ddf51..3cfbb0a48af 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49903.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49903.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49903", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.373", - "lastModified": "2025-05-01T15:16:15.373", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix WARNING in ip6_route_net_exit_late()\n\nDuring the initialization of ip6_route_net_init_late(), if file\nipv6_route or rt6_stats fails to be created, the initialization is\nsuccessful by default. Therefore, the ipv6_route or rt6_stats file\ndoesn't be found during the remove in ip6_route_net_exit_late(). It\nwill cause WRNING.\n\nThe following is the stack information:\nname 'rt6_stats'\nWARNING: CPU: 0 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nPKRU: 55555554\nCall Trace:\n\nops_exit_list+0xb0/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: correcci\u00f3n de una advertencia en ip6_route_net_exit_late(). Durante la inicializaci\u00f3n de ip6_route_net_init_late(), si no se crea el archivo ipv6_route o rt6_stats, la inicializaci\u00f3n se realiza correctamente por defecto. Por lo tanto, no se encuentra el archivo ipv6_route o rt6_stats durante la eliminaci\u00f3n en ip6_route_net_exit_late(). Esto provocar\u00e1 una advertencia. La siguiente es la informaci\u00f3n de la pila: nombre 'rt6_stats' ADVERTENCIA: CPU: 0 PID: 9 en fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 M\u00f3dulos vinculados: Cola de trabajo: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 PKRU: 55555554 Seguimiento de llamadas: ops_exit_list+0xb0/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 workers_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49904.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49904.json index 0310770018e..67ba4cc9211 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49904.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49904.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49904", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.480", - "lastModified": "2025-05-01T15:16:15.480", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet, neigh: Fix null-ptr-deref in neigh_table_clear()\n\nWhen IPv6 module gets initialized but hits an error in the middle,\nkenel panic with:\n\nKASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f]\nCPU: 1 PID: 361 Comm: insmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:__neigh_ifdown.isra.0+0x24b/0x370\nRSP: 0018:ffff888012677908 EFLAGS: 00000202\n...\nCall Trace:\n \n neigh_table_clear+0x94/0x2d0\n ndisc_cleanup+0x27/0x40 [ipv6]\n inet6_init+0x21c/0x2cb [ipv6]\n do_one_initcall+0xd3/0x4d0\n do_init_module+0x1ae/0x670\n...\nKernel panic - not syncing: Fatal exception\n\nWhen ipv6 initialization fails, it will try to cleanup and calls:\n\nneigh_table_clear()\n neigh_ifdown(tbl, NULL)\n pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev == NULL))\n # dev_net(NULL) triggers null-ptr-deref.\n\nFix it by passing NULL to pneigh_queue_purge() in neigh_ifdown() if dev\nis NULL, to make kernel not panic immediately." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net, neigh: Fix null-ptr-deref en neigh_table_clear() Cuando se inicializa un m\u00f3dulo IPv6 pero se produce un error en el medio, kenel entra en p\u00e1nico con: KASAN: null-ptr-deref en el rango [0x0000000000000598-0x000000000000059f] CPU: 1 PID: 361 Comm: insmod Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:__neigh_ifdown.isra.0+0x24b/0x370 RSP: 0018:ffff888012677908 EFLAGS: 00000202 ... Seguimiento de llamadas: neigh_table_clear+0x94/0x2d0 ndisc_cleanup+0x27/0x40 [ipv6] inet6_init+0x21c/0x2cb [ipv6] do_one_initcall+0xd3/0x4d0 do_init_module+0x1ae/0x670 ... P\u00e1nico del kernel - no sincroniza: Excepci\u00f3n fatal Cuando falla la inicializaci\u00f3n de ipv6, intentar\u00e1 limpiar y llamar\u00e1 a: neigh_table_clear() neigh_ifdown(tbl, NULL) pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev == NULL)) # dev_net(NULL) activa null-ptr-deref. Corr\u00edjalo pasando NULL a pneigh_queue_purge() en neigh_ifdown() si dev es NULL, para que el kernel no entre en p\u00e1nico inmediatamente." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49905.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49905.json index bd4afbe7b12..03504ab5c15 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49905.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49905.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49905", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.593", - "lastModified": "2025-05-01T15:16:15.593", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible leaked pernet namespace in smc_init()\n\nIn smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called\nwithout any error handling.\nIf it fails, registering of &smc_net_ops won't be reverted.\nAnd if smc_nl_init() fails, &smc_net_stat_ops itself won't be reverted.\n\nThis leaves wild ops in subsystem linkedlist and when another module\ntries to call register_pernet_operations() it triggers page fault:\n\nBUG: unable to handle page fault for address: fffffbfff81b964c\nRIP: 0010:register_pernet_operations+0x1b9/0x5f0\nCall Trace:\n \n register_pernet_subsys+0x29/0x40\n ebtables_init+0x58/0x1000 [ebtables]\n ..." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: Se corrige una posible fuga de espacio de nombres pernet en smc_init(). En smc_init(), se llama a register_pernet_subsys(&smc_net_stat_ops) sin gestionar errores. Si falla, el registro de &smc_net_ops no se revertir\u00e1. Y si smc_nl_init() falla, &smc_net_stat_ops no se revertir\u00e1. Esto deja operaciones salvajes en la lista enlazada del subsistema y cuando otro m\u00f3dulo intenta llamar a register_pernet_operations() desencadena un error de p\u00e1gina: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: fffffbfff81b964c RIP: 0010:register_pernet_operations+0x1b9/0x5f0 Rastreo de llamada: register_pernet_subsys+0x29/0x40 ebtables_init+0x58/0x1000 [ebtables] ... " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49906.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49906.json index af61202e39a..85cd18db349 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49906.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49906.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49906", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.703", - "lastModified": "2025-05-01T15:16:15.703", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Free rwi on reset success\n\nFree the rwi structure in the event that the last rwi in the list\nprocessed successfully. The logic in commit 4f408e1fa6e1 (\"ibmvnic:\nretry reset if there are no other resets\") introduces an issue that\nresults in a 32 byte memory leak whenever the last rwi in the list\ngets processed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ibmvnic: Liberar rwi al reiniciarse correctamente. Libera la estructura rwi si el \u00faltimo rwi de la lista se ha procesado correctamente. La l\u00f3gica del commit 4f408e1fa6e1 (\"ibmvnic: reintentar reiniciar si no hay otros reinicios\") genera un problema que provoca una p\u00e9rdida de memoria de 32 bytes cada vez que se procesa el \u00faltimo rwi de la lista." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49907.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49907.json index 76651cdc081..c89cc870a41 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49907.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49907.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49907", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.810", - "lastModified": "2025-05-01T15:16:15.810", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: fix undefined behavior in bit shift for __mdiobus_register\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in drivers/net/phy/mdio_bus.c:586:27\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n \n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n __mdiobus_register+0x49d/0x4e0\n fixed_mdio_bus_init+0xd8/0x12d\n do_one_initcall+0x76/0x430\n kernel_init_freeable+0x3b3/0x422\n kernel_init+0x24/0x1e0\n ret_from_fork+0x1f/0x30\n " + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mdio: corrige comportamiento indefinido en el desplazamiento de bits para __mdiobus_register El desplazamiento de un valor de 32 bits con signo en 31 bits no est\u00e1 definido, por lo que se cambia el bit significativo a sin signo. El seguimiento de llamadas de advertencia de UBSAN como se muestra a continuaci\u00f3n: UBSAN: desplazamiento fuera de los l\u00edmites en drivers/net/phy/mdio_bus.c:586:27 El desplazamiento a la izquierda de 1 por 31 lugares no se puede representar en el tipo 'int' Seguimiento de llamadas: dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c __mdiobus_register+0x49d/0x4e0 fixed_mdio_bus_init+0xd8/0x12d do_one_initcall+0x76/0x430 kernel_init_freeable+0x3b3/0x422 kernel_init+0x24/0x1e0 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49908.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49908.json index 1b732939744..3c7c5e1a8bf 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49908.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49908.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49908", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:15.920", - "lastModified": "2025-05-01T15:16:15.920", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix memory leak in vhci_write\n\nSyzkaller reports a memory leak as follows:\n====================================\nBUG: memory leak\nunreferenced object 0xffff88810d81ac00 (size 240):\n [...]\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:418\n [] alloc_skb include/linux/skbuff.h:1257 [inline]\n [] bt_skb_alloc include/net/bluetooth/bluetooth.h:469 [inline]\n [] vhci_get_user drivers/bluetooth/hci_vhci.c:391 [inline]\n [] vhci_write+0x5f/0x230 drivers/bluetooth/hci_vhci.c:511\n [] call_write_iter include/linux/fs.h:2192 [inline]\n [] new_sync_write fs/read_write.c:491 [inline]\n [] vfs_write+0x42d/0x540 fs/read_write.c:578\n [] ksys_write+0x9d/0x160 fs/read_write.c:631\n [] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n====================================\n\nHCI core will uses hci_rx_work() to process frame, which is queued to\nthe hdev->rx_q tail in hci_recv_frame() by HCI driver.\n\nYet the problem is that, HCI core may not free the skb after handling\nACL data packets. To be more specific, when start fragment does not\ncontain the L2CAP length, HCI core just copies skb into conn->rx_skb and\nfinishes frame process in l2cap_recv_acldata(), without freeing the skb,\nwhich triggers the above memory leak.\n\nThis patch solves it by releasing the relative skb, after processing\nthe above case in l2cap_recv_acldata()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: Se corrige la p\u00e9rdida de memoria en vhci_write Syzkaller informa de una p\u00e9rdida de memoria de la siguiente manera: ===================================== ERROR: p\u00e9rdida de memoria del objeto no referenciado 0xffff88810d81ac00 (tama\u00f1o 240): [...] volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:418 [] alloc_skb include/linux/skbuff.h:1257 [en l\u00ednea] [] bt_skb_alloc include/net/bluetooth/bluetooth.h:469 [en l\u00ednea] [] vhci_get_user drivers/bluetooth/hci_vhci.c:391 [en l\u00ednea] [] vhci_write+0x5f/0x230 drivers/bluetooth/hci_vhci.c:511 [] call_write_iter include/linux/fs.h:2192 [en l\u00ednea] [] new_sync_write fs/read_write.c:491 [en l\u00ednea] [] vfs_write+0x42d/0x540 fs/read_write.c:578 [] ksys_write+0x9d/0x160 fs/read_write.c:631 [] do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd ====================================== El n\u00facleo HCI utiliza hci_rx_work() para procesar la trama, que el controlador HCI pone en cola en la cola hdev->rx_q en hci_recv_frame(). Sin embargo, el problema es que el n\u00facleo HCI puede no liberar el skb despu\u00e9s de procesar los paquetes de datos ACL. Para ser m\u00e1s espec\u00edficos, cuando el fragmento de inicio no contiene la longitud L2CAP, el n\u00facleo HCI simplemente copia el skb en conn->rx_skb y finaliza el procesamiento de la trama en l2cap_recv_acldata(), sin liberar el skb, lo que desencadena la p\u00e9rdida de memoria mencionada anteriormente. Este parche lo resuelve liberando el skb relativo, despu\u00e9s de procesar el caso mencionado en l2cap_recv_acldata()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49909.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49909.json index 48a8359fced..984dbe43b9f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49909.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49909.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49909", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.030", - "lastModified": "2025-05-01T15:16:16.030", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix use-after-free in l2cap_conn_del()\n\nWhen l2cap_recv_frame() is invoked to receive data, and the cid is\nL2CAP_CID_A2MP, if the channel does not exist, it will create a channel.\nHowever, after a channel is created, the hold operation of the channel\nis not performed. In this case, the value of channel reference counting\nis 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del()\ninvokes the close hook function of A2MP to release the channel. Then\n l2cap_chan_unlock(chan) will trigger UAF issue.\n\nThe process is as follows:\nReceive data:\nl2cap_data_channel()\n a2mp_channel_create() --->channel ref is 2\n l2cap_chan_put() --->channel ref is 1\n\nTriger event:\n hci_error_reset()\n hci_dev_do_close()\n ...\n l2cap_disconn_cfm()\n l2cap_conn_del()\n l2cap_chan_hold() --->channel ref is 2\n l2cap_chan_del() --->channel ref is 1\n a2mp_chan_close_cb() --->channel ref is 0, release channel\n l2cap_chan_unlock() --->UAF of channel\n\nThe detailed Call Trace is as follows:\nBUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0\nRead of size 8 at addr ffff8880160664b8 by task kworker/u11:1/7593\nWorkqueue: hci0 hci_error_reset\nCall Trace:\n \n dump_stack_lvl+0xcd/0x134\n print_report.cold+0x2ba/0x719\n kasan_report+0xb1/0x1e0\n kasan_check_range+0x140/0x190\n __mutex_unlock_slowpath+0xa6/0x5e0\n l2cap_conn_del+0x404/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n \n\nAllocated by task 7593:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0xa9/0xd0\n l2cap_chan_create+0x40/0x930\n amp_mgr_create+0x96/0x990\n a2mp_channel_create+0x7d/0x150\n l2cap_recv_frame+0x51b8/0x9a70\n l2cap_recv_acldata+0xaa3/0xc00\n hci_rx_work+0x702/0x1220\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nFreed by task 7593:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n ____kasan_slab_free+0x167/0x1c0\n slab_free_freelist_hook+0x89/0x1c0\n kfree+0xe2/0x580\n l2cap_chan_put+0x22a/0x2d0\n l2cap_conn_del+0x3fc/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: correcci\u00f3n de use-after-free en l2cap_conn_del(). Cuando se invoca l2cap_recv_frame() para recibir datos y el CID es L2CAP_CID_A2MP, si el canal no existe, se crea uno. Sin embargo, una vez creado el canal, no se realiza la operaci\u00f3n de retenci\u00f3n. En este caso, el valor del recuento de referencias del canal es 1. Como resultado, tras la activaci\u00f3n de hci_error_reset(), l2cap_conn_del() invoca la funci\u00f3n de cierre de A2MP para liberar el canal. Entonces, l2cap_chan_unlock(chan) activar\u00e1 el problema de UAF. El proceso es el siguiente: Recibir datos: l2cap_data_channel() a2mp_channel_create() --->la referencia del canal es 2 l2cap_chan_put() --->la referencia del canal es 1 Evento desencadenador: hci_error_reset() hci_dev_do_close() ... l2cap_disconn_cfm() l2cap_conn_del() l2cap_chan_hold() --->la referencia del canal es 2 l2cap_chan_del() --->la referencia del canal es 1 a2mp_chan_close_cb() --->la referencia del canal es 0, liberar el canal l2cap_chan_unlock() --->UAF del canal El seguimiento de llamadas detallado es el siguiente: ERROR: KASAN: use-after-free en __mutex_unlock_slowpath+0xa6/0x5e0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880160664b8 por la tarea kworker/u11:1/7593 Cola de trabajo: hci0 Rastreo de llamadas hci_error_reset: dump_stack_lvl+0xcd/0x134 print_report.cold+0x2ba/0x719 kasan_report+0xb1/0x1e0 kasan_check_range+0x140/0x190 __mutex_unlock_slowpath+0xa6/0x5e0 l2cap_conn_del+0x404/0x7b0 l2cap_disconn_cfm+0x8c/0xc0 hci_conn_hash_flush+0x11f/0x260 hci_dev_close_sync+0x5f5/0x11f0 hci_dev_do_close+0x2d/0x70 hci_error_reset+0x9e/0x140 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 Allocated by task 7593: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0xa9/0xd0 l2cap_chan_create+0x40/0x930 amp_mgr_create+0x96/0x990 a2mp_channel_create+0x7d/0x150 l2cap_recv_frame+0x51b8/0x9a70 l2cap_recv_acldata+0xaa3/0xc00 hci_rx_work+0x702/0x1220 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 Freed by task 7593: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_set_free_info+0x20/0x30 ____kasan_slab_free+0x167/0x1c0 slab_free_freelist_hook+0x89/0x1c0 kfree+0xe2/0x580 l2cap_chan_put+0x22a/0x2d0 l2cap_conn_del+0x3fc/0x7b0 l2cap_disconn_cfm+0x8c/0xc0 hci_conn_hash_flush+0x11f/0x260 hci_dev_close_sync+0x5f5/0x11f0 hci_dev_do_close+0x2d/0x70 hci_error_reset+0x9e/0x140 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0xbe/0xd0 call_rcu+0x99/0x740 netlink_release+0xe6a/0x1cf0 __sock_release+0xcd/0x280 sock_close+0x18/0x20 __fput+0x27c/0xa90 task_work_run+0xdd/0x1a0 exit_to_user_mode_prepare+0x23c/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0xbe/0xd0 call_rcu+0x99/0x740 netlink_release+0xe6a/0x1cf0 __sock_release+0xcd/0x280 sock_close+0x18/0x20 __fput+0x27c/0xa90 task_work_run+0xdd/0x1a0 exit_to_user_mode_prepare+0x23c/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49910.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49910.json index 6fc22c2be27..60e024c8c28 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49910.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49910.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49910", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.147", - "lastModified": "2025-05-01T15:16:16.147", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu\n\nFix the race condition between the following two flows that run in\nparallel:\n\n1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) ->\n __sock_queue_rcv_skb.\n\n2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram.\n\nAn SKB can be queued by the first flow and immediately dequeued and\nfreed by the second flow, therefore the callers of l2cap_reassemble_sdu\ncan't use the SKB after that function returns. However, some places\ncontinue accessing struct l2cap_ctrl that resides in the SKB's CB for a\nshort time after l2cap_reassemble_sdu returns, leading to a\nuse-after-free condition (the stack trace is below, line numbers for\nkernel 5.19.8).\n\nFix it by keeping a local copy of struct l2cap_ctrl.\n\nBUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\nRead of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169\n\nWorkqueue: hci0 hci_rx_work [bluetooth]\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n \n\nAllocated by task 43169:\n kasan_save_stack (mm/kasan/common.c:39)\n __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)\n __alloc_skb (net/core/skbuff.c:414)\n l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth\n l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth\n hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth\n process_one_work (kernel/workqueue.c:2289)\n worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)\n kthread (kernel/kthread.c:376)\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n\nFreed by task 27920:\n kasan_save_stack (mm/kasan/common.c:39)\n kasan_set_track (mm/kasan/common.c:45)\n kasan_set_free_info (mm/kasan/generic.c:372)\n ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)\n slab_free_freelist_hook (mm/slub.c:1780)\n kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)\n skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)\n bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth\n l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth\n sock_read_iter (net/socket.c:1087)\n new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)\n vfs_read (fs/read_write.c:482)\n ksys_read (fs/read_write.c:620)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: Se corrige eluse-after-free causado por l2cap_reassemble_sdu. Se corrige la condici\u00f3n de ejecuci\u00f3n entre los dos flujos que se ejecutan en paralelo: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) -> __sock_queue_rcv_skb. 2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram. Un SKB puede ser puesto en cola por el primer flujo e inmediatamente desencolado y liberado por el segundo flujo; por lo tanto, quienes llaman a l2cap_reassemble_sdu no pueden usar el SKB despu\u00e9s del retorno de la funci\u00f3n. Sin embargo, en algunos lugares, se contin\u00faa accediendo a la estructura l2cap_ctrl, que reside en el CB de la SKB, durante un breve periodo despu\u00e9s del retorno de l2cap_reassemble_sdu, lo que genera una condici\u00f3n de use-after-free (el seguimiento de la pila se encuentra a continuaci\u00f3n; los n\u00fameros de l\u00ednea corresponden al kernel 5.19.8). Para solucionarlo, mantenga una copia local de la estructura l2cap_ctrl. ERROR: KASAN: use-after-free en l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff88812025f2f0 por la tarea kworker/u17:3/43169 Cola de trabajo: hci0 hci_rx_work [bluetooth] Rastreo de llamadas: dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth ret_from_fork (arch/x86/entry/entry_64.S:306) Allocated by task 43169: kasan_save_stack (mm/kasan/common.c:39) __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293) __alloc_skb (net/core/skbuff.c:414) l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth process_one_work (kernel/workqueue.c:2289) worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437) kthread (kernel/kthread.c:376) ret_from_fork (arch/x86/entry/entry_64.S:306) Freed by task 27920: kasan_save_stack (mm/kasan/common.c:39) kasan_set_track (mm/kasan/common.c:45) kasan_set_free_info (mm/kasan/generic.c:372) ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328) slab_free_freelist_hook (mm/slub.c:1780) kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553) skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323) bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth sock_read_iter (net/socket.c:1087) new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401) vfs_read (fs/read_write.c:482) ksys_read (fs/read_write.c:620) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49911.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49911.json index 9229c0f201f..552d4bf4514 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49911.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49911.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49911", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.260", - "lastModified": "2025-05-01T15:16:16.260", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: enforce documented limit to prevent allocating huge memory\n\nDaniel Xu reported that the hash:net,iface type of the ipset subsystem does\nnot limit adding the same network with different interfaces to a set, which\ncan lead to huge memory usage or allocation failure.\n\nThe quick reproducer is\n\n$ ipset create ACL.IN.ALL_PERMIT hash:net,iface hashsize 1048576 timeout 0\n$ for i in $(seq 0 100); do /sbin/ipset add ACL.IN.ALL_PERMIT 0.0.0.0/0,kaf_$i timeout 0 -exist; done\n\nThe backtrace when vmalloc fails:\n\n [Tue Oct 25 00:13:08 2022] ipset: vmalloc error: size 1073741848, exceeds total pages\n <...>\n [Tue Oct 25 00:13:08 2022] Call Trace:\n [Tue Oct 25 00:13:08 2022] \n [Tue Oct 25 00:13:08 2022] dump_stack_lvl+0x48/0x60\n [Tue Oct 25 00:13:08 2022] warn_alloc+0x155/0x180\n [Tue Oct 25 00:13:08 2022] __vmalloc_node_range+0x72a/0x760\n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_add+0x7c0/0xb20\n [Tue Oct 25 00:13:08 2022] ? __kmalloc_large_node+0x4a/0x90\n [Tue Oct 25 00:13:08 2022] kvmalloc_node+0xa6/0xd0\n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_resize+0x99/0x710\n <...>\n\nThe fix is to enforce the limit documented in the ipset(8) manpage:\n\n> The internal restriction of the hash:net,iface set type is that the same\n> network prefix cannot be stored with more than 64 different interfaces\n> in a single set." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ipset: aplicar el l\u00edmite documentado para evitar la asignaci\u00f3n de grandes cantidades de memoria. Daniel Xu inform\u00f3 que el tipo hash:net,iface del subsistema ipset no limita la adici\u00f3n de la misma red con diferentes interfaces a un conjunto, lo que puede provocar un uso excesivo de memoria o fallos de asignaci\u00f3n. El reproductor r\u00e1pido es: $ ipset create ACL.IN.ALL_PERMIT hash:net,iface hashsize 1048576 timeout 0 $ for i in $(seq 0 100); do /sbin/ipset add ACL.IN.ALL_PERMIT 0.0.0.0/0,kaf_$i timeout 0 -exist; hecho El backtrace cuando vmalloc falla: [Tue Oct 25 00:13:08 2022] ipset: vmalloc error: size 1073741848, exceeds total pages <...> [Tue Oct 25 00:13:08 2022] Call Trace: [Tue Oct 25 00:13:08 2022] [Tue Oct 25 00:13:08 2022] dump_stack_lvl+0x48/0x60 [Tue Oct 25 00:13:08 2022] warn_alloc+0x155/0x180 [Tue Oct 25 00:13:08 2022] __vmalloc_node_range+0x72a/0x760 [Tue Oct 25 00:13:08 2022] ? hash_netiface4_add+0x7c0/0xb20 [Tue Oct 25 00:13:08 2022] ? __kmalloc_large_node+0x4a/0x90 [Tue Oct 25 00:13:08 2022] kvmalloc_node+0xa6/0xd0 [Tue Oct 25 00:13:08 2022] ? hash_netiface4_resize+0x99/0x710 <...> La soluci\u00f3n es aplicar el l\u00edmite documentado en la p\u00e1gina de manual de ipset(8): > La restricci\u00f3n interna del tipo de conjunto hash:net,iface es que el mismo prefijo de red no se puede almacenar con m\u00e1s de 64 interfaces diferentes en un solo conjunto." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49912.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49912.json index 0c16adbd465..04332dbfed6 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49912.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49912.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49912", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.363", - "lastModified": "2025-05-01T15:16:16.363", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix ulist leaks in error paths of qgroup self tests\n\nIn the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests,\nif we fail to add the tree ref, remove the extent item or remove the\nextent ref, we are returning from the test function without freeing the\n\"old_roots\" ulist that was allocated by the previous calls to\nbtrfs_find_all_roots(). Fix that by calling ulist_free() before returning." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrigen fugas de ulist en las rutas de error de las autopruebas de qgroup. En las autopruebas de qgroup test_no_shared_qgroup() y test_multiple_refs(), si no se a\u00f1ade la referencia del \u00e1rbol, se elimina el elemento de extensi\u00f3n o se elimina la referencia de extensi\u00f3n, se regresa de la funci\u00f3n de prueba sin liberar la ulist \"old_roots\" asignada por las llamadas anteriores a btrfs_find_all_roots(). Se puede solucionar llamando a ulist_free() antes de regresar." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49913.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49913.json index 69c8aba18e5..2ae833fcbb0 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49913.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49913.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49913", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.477", - "lastModified": "2025-05-01T15:16:16.477", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix inode list leak during backref walking at find_parent_nodes()\n\nDuring backref walking, at find_parent_nodes(), if we are dealing with a\ndata extent and we get an error while resolving the indirect backrefs, at\nresolve_indirect_refs(), or in the while loop that iterates over the refs\nin the direct refs rbtree, we end up leaking the inode lists attached to\nthe direct refs we have in the direct refs rbtree that were not yet added\nto the refs ulist passed as argument to find_parent_nodes(). Since they\nwere not yet added to the refs ulist and prelim_release() does not free\nthe lists, on error the caller can only free the lists attached to the\nrefs that were added to the refs ulist, all the remaining refs get their\ninode lists never freed, therefore leaking their memory.\n\nFix this by having prelim_release() always free any attached inode list\nto each ref found in the rbtree, and have find_parent_nodes() set the\nref's inode list to NULL once it transfers ownership of the inode list\nto a ref added to the refs ulist passed to find_parent_nodes()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: correcci\u00f3n de fuga de lista de inodos durante el recorrido de backref en find_parent_nodes() Durante el recorrido de backref, en find_parent_nodes(), si estamos tratando con una extensi\u00f3n de datos y obtenemos un error al resolver los backrefs indirectos, en resolve_indirect_refs(), o en el bucle while que itera sobre los refs en el rbtree de refs directos, terminamos filtrando las listas de inodos adjuntas a los refs directos que tenemos en el rbtree de refs directos que a\u00fan no se agregaron a la ulist de refs pasada como argumento a find_parent_nodes(). Dado que a\u00fan no se agregaron a la ulist de refs y prelim_release() no libera las listas, en caso de error, el llamador solo puede liberar las listas adjuntas a los refs que se agregaron a la ulist de refs, todas las referencias restantes obtienen sus listas de inodos nunca liberadas, por lo tanto, filtran su memoria. Para solucionar este problema, haga que prelim_release() siempre libere cualquier lista de inodos adjunta a cada referencia encontrada en el rbtree y que find_parent_nodes() establezca la lista de inodos de la referencia en NULL una vez que transfiera la propiedad de la lista de inodos a una referencia agregada a la lista de referencias pasada a find_parent_nodes()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49914.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49914.json index 765153f2618..20c5c30f446 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49914.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49914.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49914", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.593", - "lastModified": "2025-05-01T15:16:16.593", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix inode list leak during backref walking at resolve_indirect_refs()\n\nDuring backref walking, at resolve_indirect_refs(), if we get an error\nwe jump to the 'out' label and call ulist_free() on the 'parents' ulist,\nwhich frees all the elements in the ulist - however that does not free\nany inode lists that may be attached to elements, through the 'aux' field\nof a ulist node, so we end up leaking lists if we have any attached to\nthe unodes.\n\nFix this by calling free_leaf_list() instead of ulist_free() when we exit\nfrom resolve_indirect_refs(). The static function free_leaf_list() is\nmoved up for this to be possible and it's slightly simplified by removing\nunnecessary code." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: correcci\u00f3n de fuga de lista de inodos durante el recorrido de backref en resolve_indirect_refs() Durante el recorrido de backref, en resolve_indirect_refs(), si obtenemos un error saltamos a la etiqueta 'out' y llamamos a ulist_free() en la ulist 'parents', que libera todos los elementos en la ulist - sin embargo, eso no libera ninguna lista de inodos que pueda estar adjunta a elementos, a trav\u00e9s del campo 'aux' de un nodo ulist, por lo que terminamos filtrando listas si tenemos alguna adjunta a los unodes. Arregle esto llamando a free_leaf_list() en lugar de ulist_free() cuando salimos de resolve_indirect_refs(). La funci\u00f3n est\u00e1tica free_leaf_list() se mueve hacia arriba para que esto sea posible y se simplifica ligeramente eliminando c\u00f3digo innecesario." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49915.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49915.json index c9cbc1d4bc7..4653cf7b25f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49915.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49915.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49915", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.710", - "lastModified": "2025-05-01T15:16:16.710", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_register_device()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device's\nbus_id string array\"), the name of device is allocated dynamically,\nadd put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nSet device class before put_device() to avoid null release() function\nWARN message in device_release()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: se corrige una posible p\u00e9rdida de memoria en mISDN_register_device() Despu\u00e9s de el commit 1fa5ae857bb1 (\"n\u00facleo del controlador: deshacerse de la matriz de cadenas bus_id del dispositivo de estructura\"), el nombre del dispositivo se asigna din\u00e1micamente, agregue put_device() para renunciar a la referencia, de modo que el nombre se pueda liberar en kobject_cleanup() cuando el refcount sea 0. Establezca la clase del dispositivo antes de put_device() para evitar el mensaje WARN de la funci\u00f3n release() nula en device_release()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49916.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49916.json index 929ecbd91c1..7632524823b 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49916.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49916.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49916", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.820", - "lastModified": "2025-05-01T15:16:16.820", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: Fix NULL pointer dereference in rose_send_frame()\n\nThe syzkaller reported an issue:\n\nKASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]\nCPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: rcu_gp srcu_invoke_callbacks\nRIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101\nCall Trace:\n \n rose_transmit_clear_request+0x1d5/0x290 net/rose/rose_link.c:255\n rose_rx_call_request+0x4c0/0x1bc0 net/rose/af_rose.c:1009\n rose_loopback_timer+0x19e/0x590 net/rose/rose_loopback.c:111\n call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790\n __run_timers kernel/time/timer.c:1768 [inline]\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803\n __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571\n [...]\n \n\nIt triggers NULL pointer dereference when 'neigh->dev->dev_addr' is\ncalled in the rose_send_frame(). It's the first occurrence of the\n`neigh` is in rose_loopback_timer() as `rose_loopback_neigh', and\nthe 'dev' in 'rose_loopback_neigh' is initialized sa nullptr.\n\nIt had been fixed by commit 3b3fd068c56e3fbea30090859216a368398e39bf\n(\"rose: Fix Null pointer dereference in rose_send_frame()\") ever.\nBut it's introduced by commit 3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8\n(\"rose: check NULL rose_loopback_neigh->loopback\") again.\n\nWe fix it by add NULL check in rose_transmit_clear_request(). When\nthe 'dev' in 'neigh' is NULL, we don't reply the request and just\nclear it.\n\nsyzkaller don't provide repro, and I provide a syz repro like:\nr0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)\nioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'rose0\\x00', 0x201})\nr1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)\nbind$rose(r1, &(0x7f00000000c0)=@full={0xb, @dev, @null, 0x0, [@null, @null, @netrom, @netrom, @default, @null]}, 0x40)\nconnect$rose(r1, &(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rose: Se corrige la desreferencia del puntero NULL en rose_send_frame() Syzkaller inform\u00f3 un problema: KASAN: null-ptr-deref en el rango [0x0000000000000380-0x0000000000000387] CPU: 0 PID: 4069 Comm: kworker/0:15 No contaminado 6.0.0-syzkaller-02734-g0326074ff465 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 22/09/2022 Cola de trabajo: rcu_gp srcu_invoke_callbacks RIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101 Rastreo de llamadas: rose_transmit_clear_request+0x1d5/0x290 net/rose/rose_link.c:255 rose_rx_call_request+0x4c0/0x1bc0 net/rose/af_rose.c:1009 rose_loopback_timer+0x19e/0x590 net/rose/rose_loopback.c:111 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [en l\u00ednea] __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790 __run_timers kernel/time/timer.c:1768 [en l\u00ednea] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571 [...] Activa la desreferencia de puntero nulo cuando se llama a 'neigh->dev->dev_addr' en rose_send_frame(). Es la primera vez que `neigh` aparece en rose_loopback_timer() como `rose_loopback_neigh', y `dev' en `rose_loopback_neigh' se inicializa como nullptr. Se corrigi\u00f3 con el commit 3b3fd068c56e3fbea30090859216a368398e39bf (\"rose: Corregir la desreferencia de puntero nulo en rose_send_frame()\"). Pero esto se introduce de nuevo con el commit 3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8 (\"rose: check NULL rose_loopback_neigh->loopback\"). Lo solucionamos a\u00f1adiendo una comprobaci\u00f3n NULL en rose_transmit_clear_request(). Cuando el valor de \"dev\" en \"neigh\" es NULL, no respondemos a la solicitud y simplemente la borramos. syzkaller no proporciona reproducci\u00f3n, y yo proporciono una reproducci\u00f3n syz como: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'rose0\\x00', 0x201}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r1, &(0x7f00000000c0)=@full={0xb, @dev, @null, 0x0, [@null, @null, @netrom, @netrom, @default, @null]}, 0x40) conectar$rosa(r1, &(0x7f0000000240)=@corto={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remoto={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)" } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49917.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49917.json index ba96cffbe25..5e756668491 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49917.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49917.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49917", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:16.927", - "lastModified": "2025-05-01T15:16:16.927", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in ip_vs_app_net_cleanup()\n\nDuring the initialization of ip_vs_app_net_init(), if file ip_vs_app\nfails to be created, the initialization is successful by default.\nTherefore, the ip_vs_app file doesn't be found during the remove in\nip_vs_app_net_cleanup(). It will cause WRNING.\n\nThe following is the stack information:\nname 'ip_vs_app'\nWARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipvs: correcci\u00f3n de una advertencia en ip_vs_app_net_cleanup(). Durante la inicializaci\u00f3n de ip_vs_app_net_init(), si no se crea el archivo ip_vs_app, la inicializaci\u00f3n se realiza correctamente por defecto. Por lo tanto, el archivo ip_vs_app no se encuentra durante la eliminaci\u00f3n en ip_vs_app_net_cleanup(). Esto provocar\u00e1 un error WRNING. La siguiente es la informaci\u00f3n de la pila: nombre 'ip_vs_app' ADVERTENCIA: CPU: 1 PID: 9 en fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 M\u00f3dulos vinculados en: Cola de trabajo: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 Seguimiento de llamadas: ops_exit_list+0x125/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49918.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49918.json index 38d33d40e14..09efdfc5936 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49918.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49918.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49918", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.060", - "lastModified": "2025-05-01T15:16:17.060", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in __ip_vs_cleanup_batch()\n\nDuring the initialization of ip_vs_conn_net_init(), if file ip_vs_conn\nor ip_vs_conn_sync fails to be created, the initialization is successful\nby default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't\nbe found during the remove.\n\nThe following is the stack information:\nname 'ip_vs_conn_sync'\nWARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712\nremove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n\n__ip_vs_cleanup_batch+0x7d/0x120\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipvs: correcci\u00f3n de una ADVERTENCIA en __ip_vs_cleanup_batch(). Durante la inicializaci\u00f3n de ip_vs_conn_net_init(), si no se crea el archivo ip_vs_conn o ip_vs_conn_sync, la inicializaci\u00f3n se realiza correctamente por defecto. Por lo tanto, no se encuentra el archivo ip_vs_conn o ip_vs_conn_sync durante la eliminaci\u00f3n. La siguiente es la informaci\u00f3n de la pila: nombre 'ip_vs_conn_sync' ADVERTENCIA: CPU: 3 PID: 9 en fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 M\u00f3dulos vinculados en: Cola de trabajo: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 Seguimiento de llamadas: __ip_vs_cleanup_batch+0x7d/0x120 ops_exit_list+0x125/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49919.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49919.json index 481724bdc46..ec7eaea5a7c 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49919.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49919.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49919", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.380", - "lastModified": "2025-05-01T15:16:17.380", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release flow rule object from commit path\n\nNo need to postpone this to the commit release path, since no packets\nare walking over this object, this is accessed from control plane only.\nThis helped uncovered UAF triggered by races with the netlink notifier." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: liberaci\u00f3n del objeto de regla de flujo desde la ruta de confirmaci\u00f3n. No es necesario posponer esto hasta la ruta de liberaci\u00f3n de la confirmaci\u00f3n, ya que ning\u00fan paquete pasa por este objeto; solo se accede a \u00e9l desde el plano de control. Esto ayud\u00f3 a descubrir el UAF activado por ejecuciones con el notificador netlink." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49920.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49920.json index d22a13fb73f..4d6d8237bb7 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49920.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49920.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49920", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.517", - "lastModified": "2025-05-01T15:16:17.517", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: netlink notifier might race to release objects\n\ncommit release path is invoked via call_rcu and it runs lockless to\nrelease the objects after rcu grace period. The netlink notifier handler\nmight win race to remove objects that the transaction context is still\nreferencing from the commit release path.\n\nCall rcu_barrier() to ensure pending rcu callbacks run to completion\nif the list of transactions to be destroyed is not empty." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: el notificador netlink podr\u00eda acelerar la liberaci\u00f3n de objetos. La ruta de liberaci\u00f3n de confirmaci\u00f3n se invoca mediante call_rcu y se ejecuta sin bloqueo para liberar los objetos despu\u00e9s del per\u00edodo de gracia de rcu. El controlador del notificador netlink podr\u00eda ganar la ejecuci\u00f3n para eliminar objetos de la ruta de liberaci\u00f3n de confirmaci\u00f3n a los que el contexto de la transacci\u00f3n a\u00fan hace referencia. Se debe llamar a rcu_barrier() para garantizar que las devoluciones de llamada rcu pendientes se ejecuten por completo si la lista de transacciones a destruir no est\u00e1 vac\u00eda." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49921.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49921.json index 4111a53d383..0d3bfa7e5f9 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49921.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49921.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49921", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.627", - "lastModified": "2025-05-01T15:16:17.627", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Fix use after free in red_enqueue()\n\nWe can't use \"skb\" again after passing it to qdisc_enqueue(). This is\nbasically identical to commit 2f09707d0c97 (\"sch_sfb: Also store skb\nlen before calling child enqueue\")." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: Se corrige el use after free en red_enqueue(). No podemos volver a usar \"skb\" despu\u00e9s de pasarlo a qdisc_enqueue(). Esto es pr\u00e1cticamente id\u00e9ntico a el commit 2f09707d0c97 (\"sch_sfb: Tambi\u00e9n se almacena la longitud de skb antes de llamar a la cola secundaria\")." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49922.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49922.json index 8eacad18e19..59b4ad1b41d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49922.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49922.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49922", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.747", - "lastModified": "2025-05-01T15:16:17.747", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()\n\nnfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb\nshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()\nwill only free skb when i2c_master_send() return >=0, which means skb\nwill memleak when i2c_master_send() failed. Free skb no matter whether\ni2c_master_send() succeeds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nfcmrvl: Se corrige una posible fuga de memoria en nfcmrvl_i2c_nci_send(). nfcmrvl_i2c_nci_send() ser\u00e1 llamado por nfcmrvl_nci_send(), y skb deber\u00eda liberarse en nfcmrvl_i2c_nci_send(). Sin embargo, nfcmrvl_nci_send() solo liberar\u00e1 skb cuando i2c_master_send() devuelva >=0, lo que significa que skb sufrir\u00e1 fugas de memoria si i2c_master_send() falla. Skb se libera independientemente de si i2c_master_send() tiene \u00e9xito." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49923.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49923.json index 5799b099fdb..e23e8988d16 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49923.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49923.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49923", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:17.900", - "lastModified": "2025-05-01T15:16:17.900", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nxp-nci: Fix potential memory leak in nxp_nci_send()\n\nnxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when\nnxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()\nrun succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the\nresult, the skb will memleak. nxp_nci_send() should also free the skb\nwhen nxp_nci_i2c_write() succeeds." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: nxp-nci: Se corrige una posible fuga de memoria en nxp_nci_send(). nxp_nci_send() llamar\u00e1 a nxp_nci_i2c_write() y solo liberar\u00e1 skb cuando nxp_nci_i2c_write() falle. Sin embargo, incluso si la ejecuci\u00f3n de nxp_nci_i2c_write() tiene \u00e9xito, skb no se liberar\u00e1 en nxp_nci_i2c_write(). Como resultado, skb sufrir\u00e1 una fuga de memoria. nxp_nci_send() tambi\u00e9n deber\u00eda liberar skb cuando nxp_nci_i2c_write() tenga \u00e9xito." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49924.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49924.json index 0a663168485..93a71fe8f18 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49924.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49924.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49924", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.170", - "lastModified": "2025-05-01T15:16:18.170", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: Fix potential memory leak in fdp_nci_send()\n\nfdp_nci_send() will call fdp_nci_i2c_write that will not free skb in\nthe function. As a result, when fdp_nci_i2c_write() finished, the skb\nwill memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()\nfinished." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: fdp: Se corrige una posible fuga de memoria en fdp_nci_send(). fdp_nci_send() llamar\u00e1 a fdp_nci_i2c_write, lo que no liberar\u00e1 skb en la funci\u00f3n. Como resultado, al finalizar fdp_nci_i2c_write(), skb sufrir\u00e1 una fuga de memoria. fdp_nci_send() deber\u00eda liberar skb despu\u00e9s de finalizar fdp_nci_i2c_write()." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49925.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49925.json index 096a259560f..0ccfb2e4f74 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49925.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49925.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49925", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.337", - "lastModified": "2025-05-01T15:16:18.337", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix null-ptr-deref in ib_core_cleanup()\n\nKASAN reported a null-ptr-deref error:\n\n KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n CPU: 1 PID: 379\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:destroy_workqueue+0x2f/0x740\n RSP: 0018:ffff888016137df8 EFLAGS: 00000202\n ...\n Call Trace:\n ib_core_cleanup+0xa/0xa1 [ib_core]\n __do_sys_delete_module.constprop.0+0x34f/0x5b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fa1a0d221b7\n ...\n\nIt is because the fail of roce_gid_mgmt_init() is ignored:\n\n ib_core_init()\n roce_gid_mgmt_init()\n gid_cache_wq = alloc_ordered_workqueue # fail\n ...\n ib_core_cleanup()\n roce_gid_mgmt_cleanup()\n destroy_workqueue(gid_cache_wq)\n # destroy an unallocated wq\n\nFix this by catching the fail of roce_gid_mgmt_init() in ib_core_init()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/core: Fix null-ptr-deref en ib_core_cleanup() KASAN inform\u00f3 un error null-ptr-deref: KASAN: null-ptr-deref en el rango [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:destroy_workqueue+0x2f/0x740 RSP: 0018:ffff888016137df8 EFLAGS: 00000202 ... Seguimiento de llamadas: ib_core_cleanup+0xa/0xa1 [ib_core] __do_sys_delete_module.constprop.0+0x34f/0x5b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa1a0d221b7 ... It is because the fail of roce_gid_mgmt_init() is ignored: ib_core_init() roce_gid_mgmt_init() gid_cache_wq = alloc_ordered_workqueue # fail ... ib_core_cleanup() roce_gid_mgmt_cleanup() destroy_workqueue(gid_cache_wq) # destroy an unallocated wq Fix this by catching the fail of roce_gid_mgmt_init() in ib_core_init(). " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49926.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49926.json index 9db5db6140b..f89f3109224 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49926.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49926.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49926", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.440", - "lastModified": "2025-05-01T15:16:18.440", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Fix possible memory leaks in dsa_loop_init()\n\nkmemleak reported memory leaks in dsa_loop_init():\n\nkmemleak: 12 new suspected memory leaks\n\nunreferenced object 0xffff8880138ce000 (size 2048):\n comm \"modprobe\", pid 390, jiffies 4295040478 (age 238.976s)\n backtrace:\n [<000000006a94f1d5>] kmalloc_trace+0x26/0x60\n [<00000000a9c44622>] phy_device_create+0x5d/0x970\n [<00000000d0ee2afc>] get_phy_device+0xf3/0x2b0\n [<00000000dca0c71f>] __fixed_phy_register.part.0+0x92/0x4e0\n [<000000008a834798>] fixed_phy_register+0x84/0xb0\n [<0000000055223fcb>] dsa_loop_init+0xa9/0x116 [dsa_loop]\n ...\n\nThere are two reasons for memleak in dsa_loop_init().\n\nFirst, fixed_phy_register() create and register phy_device:\n\nfixed_phy_register()\n get_phy_device()\n phy_device_create() # freed by phy_device_free()\n phy_device_register() # freed by phy_device_remove()\n\nBut fixed_phy_unregister() only calls phy_device_remove().\nSo the memory allocated in phy_device_create() is leaked.\n\nSecond, when mdio_driver_register() fail in dsa_loop_init(),\nit just returns and there is no cleanup for phydevs.\n\nFix the problems by catching the error of mdio_driver_register()\nin dsa_loop_init(), then calling both fixed_phy_unregister() and\nphy_device_free() to release phydevs.\nAlso add a function for phydevs cleanup to avoid duplacate." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: Se corrigen posibles fugas de memoria en dsa_loop_init() kmemleak inform\u00f3 de fugas de memoria en dsa_loop_init(): kmemleak: 12 nuevas fugas de memoria sospechosas objeto no referenciado 0xffff8880138ce000 (tama\u00f1o 2048): comm \"modprobe\", pid 390, jiffies 4295040478 (edad 238,976 s) backtrace: [<000000006a94f1d5>] kmalloc_trace+0x26/0x60 [<00000000a9c44622>] phy_device_create+0x5d/0x970 [<00000000d0ee2afc>] Hay dos razones para la p\u00e9rdida de memoria en dsa_loop_init(). Primero, fixed_phy_register() crea y registra phy_device: fixed_phy_register() get_phy_device() phy_device_create() # liberado por phy_device_free() phy_device_register() # liberado por phy_device_remove() Pero fixed_phy_unregister() solo llama a phy_device_remove(). Por lo tanto, la memoria asignada en phy_device_create() se filtra. Segundo, cuando mdio_driver_register() falla en dsa_loop_init(), simplemente regresa y no hay limpieza para phydevs. Solucione los problemas capturando el error de mdio_driver_register() en dsa_loop_init(), luego llame a fixed_phy_unregister() y phy_device_free() para liberar phydevs. Tambi\u00e9n agregue una funci\u00f3n para la limpieza de phydevs para evitar la duplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49927.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49927.json index f27f5352055..d2ee57b724d 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49927.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49927.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49927", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.657", - "lastModified": "2025-05-01T15:16:18.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4: Fix kmemleak when allocate slot failed\n\nIf one of the slot allocate failed, should cleanup all the other\nallocated slots, otherwise, the allocated slots will leak:\n\n unreferenced object 0xffff8881115aa100 (size 64):\n comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)\n hex dump (first 32 bytes):\n 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<000000007a4c434a>] nfs4_find_or_create_slot+0x8e/0x130\n [<000000005472a39c>] nfs4_realloc_slot_table+0x23f/0x270\n [<00000000cd8ca0eb>] nfs40_init_client+0x4a/0x90\n [<00000000128486db>] nfs4_init_client+0xce/0x270\n [<000000008d2cacad>] nfs4_set_client+0x1a2/0x2b0\n [<000000000e593b52>] nfs4_create_server+0x300/0x5f0\n [<00000000e4425dd2>] nfs4_try_get_tree+0x65/0x110\n [<00000000d3a6176f>] vfs_get_tree+0x41/0xf0\n [<0000000016b5ad4c>] path_mount+0x9b3/0xdd0\n [<00000000494cae71>] __x64_sys_mount+0x190/0x1d0\n [<000000005d56bdec>] do_syscall_64+0x35/0x80\n [<00000000687c9ae4>] entry_SYSCALL_64_after_hwframe+0x46/0xb0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs4: Se corrige kmemleak cuando falla la asignaci\u00f3n de ranura Si falla la asignaci\u00f3n de una ranura, se deben limpiar todas las dem\u00e1s ranuras asignadas, de lo contrario, las ranuras asignadas tendr\u00e1n fugas: objeto sin referencia 0xffff8881115aa100 (tama\u00f1o 64): comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (edad 115.037s) volcado hexadecimal (primeros 32 bytes): 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso:[<000000007a4c434a>] nfs4_find_or_create_slot+0x8e/0x130 [<000000005472a39c>] nfs4_realloc_slot_table+0x23f/0x270 [<00000000cd8ca0eb>] nfs40_init_client+0x4a/0x90 [<00000000128486db>] nfs4_init_client+0xce/0x270 [<000000008d2cacad>] nfs4_set_client+0x1a2/0x2b0 [<000000000e593b52>] nfs4_create_server+0x300/0x5f0 [<00000000e4425dd2>] nfs4_try_get_tree+0x65/0x110 [<00000000d3a6176f>] vfs_get_tree+0x41/0xf0 [<0000000016b5ad4c>] path_mount+0x9b3/0xdd0 [<00000000494cae71>] __x64_sys_mount+0x190/0x1d0 [<000000005d56bdec>] do_syscall_64+0x35/0x80 [<00000000687c9ae4>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49928.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49928.json index 69f0413b68d..d2a7101c5e7 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49928.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49928.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49928", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.783", - "lastModified": "2025-05-01T15:16:18.783", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix null-ptr-deref when xps sysfs alloc failed\n\nThere is a null-ptr-deref when xps sysfs alloc failed:\n BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0\n Read of size 8 at addr 0000000000000030 by task gssproxy/457\n\n CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9\n Call Trace:\n \n dump_stack_lvl+0x34/0x44\n kasan_report+0xa3/0x120\n sysfs_do_create_link_sd+0x40/0xd0\n rpc_sysfs_client_setup+0x161/0x1b0\n rpc_new_client+0x3fc/0x6e0\n rpc_create_xprt+0x71/0x220\n rpc_create+0x1d4/0x350\n gssp_rpc_create+0xc3/0x160\n set_gssp_clnt+0xbc/0x140\n write_gssp+0x116/0x1a0\n proc_reg_write+0xd6/0x130\n vfs_write+0x177/0x690\n ksys_write+0xb9/0x150\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen the xprt_switch sysfs alloc failed, should not add xprt and\nswitch sysfs to it, otherwise, maybe null-ptr-deref; also initialize\nthe 'xps_sysfs' to NULL to avoid oops when destroy it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: Se corrige null-ptr-deref cuando falla la asignaci\u00f3n de sysfs en XPS. Hay un null-ptr-deref cuando falla la asignaci\u00f3n de sysfs en XPS: ERROR: KASAN: null-ptr-deref en sysfs_do_create_link_sd+0x40/0xd0 Lectura de tama\u00f1o 8 en la direcci\u00f3n 0000000000000030 por la tarea gssproxy/457 CPU: 5 PID: 457 Comm: gssproxy No contaminado 6.0.0-09040-g02357b27ee03 #9 Rastreo de llamadas: dump_stack_lvl+0x34/0x44 kasan_report+0xa3/0x120 sysfs_do_create_link_sd+0x40/0xd0 rpc_sysfs_client_setup+0x161/0x1b0 rpc_new_client+0x3fc/0x6e0 rpc_create_xprt+0x71/0x220 rpc_create+0x1d4/0x350 gssp_rpc_create+0xc3/0x160 set_gssp_clnt+0xbc/0x140 write_gssp+0x116/0x1a0 proc_reg_write+0xd6/0x130 vfs_write+0x177/0x690 ksys_write+0xb9/0x150 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Cuando la asignaci\u00f3n sysfs xprt_switch falla, no se debe agregar xprt y switch sysfs a \u00e9l, de lo contrario, tal vez null-ptr-deref; tambi\u00e9n inicialice 'xps_sysfs' a NULL para evitar errores al destruirlo." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49929.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49929.json index 3722ff2ebce..b9e604c940f 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49929.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49929.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49929", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.887", - "lastModified": "2025-05-01T15:16:18.887", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix mr leak in RESPST_ERR_RNR\n\nrxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr)\nto drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning:\n\n WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe]\n...\n Call Trace:\n rxe_dereg_mr+0x4c/0x60 [rdma_rxe]\n ib_dereg_mr_user+0xa8/0x200 [ib_core]\n ib_mr_pool_destroy+0x77/0xb0 [ib_core]\n nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma]\n nvme_rdma_free_queue+0x40/0x50 [nvme_rdma]\n nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma]\n nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma]\n process_one_work+0x582/0xa40\n ? pwq_dec_nr_in_flight+0x100/0x100\n ? rwlock_bug.part.0+0x60/0x60\n worker_thread+0x2a9/0x700\n ? process_one_work+0xa40/0xa40\n kthread+0x168/0x1a0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rxe: Reparar fuga de mr en RESPST_ERR_RNR rxe_recheck_mr() aumentar\u00e1 el ref_cnt de mr, por lo que debemos llamar a rxe_put(mr) para eliminar el ref_cnt de mr en RESPST_ERR_RNR para evitar la siguiente advertencia: ADVERTENCIA: CPU: 0 PID: 4156 en drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe] ... Rastreo de llamadas: rxe_dereg_mr+0x4c/0x60 [rdma_rxe] ib_dereg_mr_user+0xa8/0x200 [ib_core] ib_mr_pool_destroy+0x77/0xb0 [ib_core] nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma] nvme_rdma_free_queue+0x40/0x50 [nvme_rdma] nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma] nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma] process_one_work+0x582/0xa40 ? pwq_dec_nr_in_flight+0x100/0x100 ? rwlock_bug.part.0+0x60/0x60 worker_thread+0x2a9/0x700 ? process_one_work+0xa40/0xa40 kthread+0x168/0x1a0 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49930.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49930.json index de81d1181fa..ee80185afc8 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49930.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49930.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49930", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:18.983", - "lastModified": "2025-05-01T15:16:18.983", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer problem in free_mr_init()\n\nLock grab occurs in a concurrent scenario, resulting in stepping on a NULL\npointer. It should be init mutex_init() first before use the lock.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Call trace:\n __mutex_lock.constprop.0+0xd0/0x5c0\n __mutex_lock_slowpath+0x1c/0x2c\n mutex_lock+0x44/0x50\n free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2]\n hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2]\n hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2]\n ib_dereg_mr_user+0x54/0x124\n uverbs_free_mr+0x24/0x30\n destroy_hw_idr_uobject+0x38/0x74\n uverbs_destroy_uobject+0x48/0x1c4\n uobj_destroy+0x74/0xcc\n ib_uverbs_cmd_verbs+0x368/0xbb0\n ib_uverbs_ioctl+0xec/0x1a4\n __arm64_sys_ioctl+0xb4/0x100\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x58/0x190\n do_el0_svc+0x30/0x90\n el0_svc+0x2c/0xb4\n el0t_64_sync_handler+0x1a4/0x1b0\n el0t_64_sync+0x19c/0x1a0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/hns: Se solucion\u00f3 el problema del puntero nulo en free_mr_init(). La captura de bloqueo ocurre en un escenario concurrente, lo que resulta en la sobreexposici\u00f3n a un puntero nulo. Se debe inicializar mutex_init() antes de usar el bloqueo. No se puede gestionar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000000 Rastreo de llamadas: __mutex_lock.constprop.0+0xd0/0x5c0 __mutex_lock_slowpath+0x1c/0x2c mutex_lock+0x44/0x50 free_mr_send_cmd_to_hw+0x7c/0x1c0 [hns_roce_hw_v2] hns_roce_v2_dereg_mr+0x30/0x40 [hns_roce_hw_v2] hns_roce_dereg_mr+0x4c/0x130 [hns_roce_hw_v2] ib_dereg_mr_user+0x54/0x124 uverbs_free_mr+0x24/0x30 destroy_hw_idr_uobject+0x38/0x74 uverbs_destroy_uobject+0x48/0x1c4 uobj_destroy+0x74/0xcc ib_uverbs_cmd_verbs+0x368/0xbb0 ib_uverbs_ioctl+0xec/0x1a4 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x58/0x190 do_el0_svc+0x30/0x90 el0_svc+0x2c/0xb4 el0t_64_sync_handler+0x1a4/0x1b0 el0t_64_sync+0x19c/0x1a0 " } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-499xx/CVE-2022-49931.json b/CVE-2022/CVE-2022-499xx/CVE-2022-49931.json index b6629067c7f..9095d014a54 100644 --- a/CVE-2022/CVE-2022-499xx/CVE-2022-49931.json +++ b/CVE-2022/CVE-2022-499xx/CVE-2022-49931.json @@ -2,13 +2,17 @@ "id": "CVE-2022-49931", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T15:16:19.087", - "lastModified": "2025-05-01T15:16:19.087", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Correctly move list in sc_disable()\n\nCommit 13bac861952a (\"IB/hfi1: Fix abba locking issue with sc_disable()\")\nincorrectly tries to move a list from one list head to another. The\nresult is a kernel crash.\n\nThe crash is triggered when a link goes down and there are waiters for a\nsend to complete. The following signature is seen:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n [...]\n Call Trace:\n sc_disable+0x1ba/0x240 [hfi1]\n pio_freeze+0x3d/0x60 [hfi1]\n handle_freeze+0x27/0x1b0 [hfi1]\n process_one_work+0x1b0/0x380\n ? process_one_work+0x380/0x380\n worker_thread+0x30/0x360\n ? process_one_work+0x380/0x380\n kthread+0xd7/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThe fix is to use the correct call to move the list." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/hfi1: Mover correctamente la lista en sc_disable(). El commit 13bac861952a (\"IB/hfi1: Solucionar el problema de bloqueo de abba con sc_disable()\") intenta mover incorrectamente una lista de una cabecera a otra. Esto provoca un fallo del kernel. El fallo se activa cuando un enlace se cae y hay esperas para que se complete un env\u00edo. Se observa la siguiente firma: ERROR: desreferencia de puntero nulo del kernel, direcci\u00f3n: 000000000000030 [...] Seguimiento de llamadas: sc_disable+0x1ba/0x240 [hfi1] pio_freeze+0x3d/0x60 [hfi1] handle_freeze+0x27/0x1b0 [hfi1] process_one_work+0x1b0/0x380 ? process_one_work+0x380/0x380 worker_thread+0x30/0x360 ? process_one_work+0x380/0x380 kthread+0xd7/0x100 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 La soluci\u00f3n es utilizar la llamada correcta para mover la lista." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37517.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37517.json index bef87726fb3..8144341cede 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37517.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37517.json @@ -2,13 +2,17 @@ "id": "CVE-2023-37517", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:15.953", - "lastModified": "2025-04-30T22:15:15.953", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached." + }, + { + "lang": "es", + "value": "La falta de encabezados \"sin cach\u00e9\" en HCL Leap permite que se almacenen en cach\u00e9 datos confidenciales." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37535.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37535.json index 33c9e40343d..13289c04490 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37535.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37535.json @@ -2,13 +2,17 @@ "id": "CVE-2023-37535", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:16.090", - "lastModified": "2025-04-30T22:15:16.090", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters." + }, + { + "lang": "es", + "value": "La lista blanca de protocolos URI insuficiente en HCL Domino Volt y Domino Leap permite la inyecci\u00f3n de scripts a trav\u00e9s de par\u00e1metros de consulta." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45721.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45721.json index 119795a8740..93ebaa98226 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45721.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45721.json @@ -2,13 +2,17 @@ "id": "CVE-2023-45721", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:16.223", - "lastModified": "2025-04-30T22:15:16.223", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information." + }, + { + "lang": "es", + "value": "La configuraci\u00f3n predeterminada insuficiente en HCL Leap permite el acceso an\u00f3nimo a la informaci\u00f3n del directorio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46669.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46669.json index 533732ed8e7..3735fd6ee01 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46669.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46669.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46669", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T13:15:49.000", - "lastModified": "2025-05-01T13:15:49.000", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11142.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11142.json index a142b68a1bb..7ba90ab887e 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11142.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11142.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11142", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-05-02T08:15:15.247", - "lastModified": "2025-05-02T08:15:15.247", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11390.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11390.json index 1083c4259e8..829f3c709ae 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11390.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11390.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11390", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T14:15:34.913", - "lastModified": "2025-05-01T14:15:34.913", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-119xx/CVE-2024-11994.json b/CVE-2024/CVE-2024-119xx/CVE-2024-11994.json index b8245382a4d..da02b20dc57 100644 --- a/CVE-2024/CVE-2024-119xx/CVE-2024-11994.json +++ b/CVE-2024/CVE-2024-119xx/CVE-2024-11994.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11994", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T14:15:35.093", - "lastModified": "2025-05-01T14:15:35.093", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-120xx/CVE-2024-12023.json b/CVE-2024/CVE-2024-120xx/CVE-2024-12023.json index d90be74e516..4f10a4ba325 100644 --- a/CVE-2024/CVE-2024-120xx/CVE-2024-12023.json +++ b/CVE-2024/CVE-2024-120xx/CVE-2024-12023.json @@ -2,8 +2,8 @@ "id": "CVE-2024-12023", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:43.097", - "lastModified": "2025-05-02T04:15:43.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13322.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13322.json index deeaa22f9db..8a9f8850553 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13322.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13322.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13322", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:44.210", - "lastModified": "2025-05-02T04:15:44.210", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13344.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13344.json index f88707e622d..907ce27fe69 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13344.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13344.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13344", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:45.430", - "lastModified": "2025-05-02T04:15:45.430", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-133xx/CVE-2024-13381.json b/CVE-2024/CVE-2024-133xx/CVE-2024-13381.json index 276b4774309..8902543b45c 100644 --- a/CVE-2024/CVE-2024-133xx/CVE-2024-13381.json +++ b/CVE-2024/CVE-2024-133xx/CVE-2024-13381.json @@ -2,13 +2,17 @@ "id": "CVE-2024-13381", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-01T06:15:33.553", - "lastModified": "2025-05-01T18:15:53.797", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Calculated Fields Form de WordPress anterior a la versi\u00f3n 5.2.62 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13418.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13418.json index 3cdda3c1de2..def92d11a8f 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13418.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13418.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13418", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:45.697", - "lastModified": "2025-05-02T04:15:45.697", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13419.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13419.json index 6a6356d96b3..2e945525844 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13419.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13419.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13419", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:45.873", - "lastModified": "2025-05-02T04:15:45.873", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13420.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13420.json index b9f1bc172ab..9499f0338b0 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13420.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13420.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13420", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:46.047", - "lastModified": "2025-05-02T04:15:46.047", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13845.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13845.json index ef5f6b61d06..f50c8cf6329 100644 --- a/CVE-2024/CVE-2024-138xx/CVE-2024-13845.json +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13845.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13845", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T05:15:51.583", - "lastModified": "2025-05-01T05:15:51.583", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13858.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13858.json index 9b7919b9434..00dba1b7b57 100644 --- a/CVE-2024/CVE-2024-138xx/CVE-2024-13858.json +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13858.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13858", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T07:15:50.860", - "lastModified": "2025-05-02T07:15:50.860", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13859.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13859.json index 3c221c5a6d9..c9cfac58cbe 100644 --- a/CVE-2024/CVE-2024-138xx/CVE-2024-13859.json +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13859.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13859", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T07:15:51.067", - "lastModified": "2025-05-02T07:15:51.067", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-138xx/CVE-2024-13860.json b/CVE-2024/CVE-2024-138xx/CVE-2024-13860.json index d63a89dfc5a..fb1ef2edc11 100644 --- a/CVE-2024/CVE-2024-138xx/CVE-2024-13860.json +++ b/CVE-2024/CVE-2024-138xx/CVE-2024-13860.json @@ -2,8 +2,8 @@ "id": "CVE-2024-13860", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T07:15:51.220", - "lastModified": "2025-05-02T07:15:51.220", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13943.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13943.json index d5c389ee45a..68c9dfea1c6 100644 --- a/CVE-2024/CVE-2024-139xx/CVE-2024-13943.json +++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13943.json @@ -2,13 +2,17 @@ "id": "CVE-2024-13943", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:20.520", - "lastModified": "2025-04-30T20:15:20.520", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the QCMAP_ConnectionManager component. An attacker can abuse the service to assign LAN addresses to the WWAN. An attacker can leverage this vulnerability to access network services that were only intended to be exposed to the internal LAN. Was ZDI-CAN-23199." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escape de la zona protegida con validaci\u00f3n de entrada incorrecta del m\u00f3dem Iris QCMAP_ConnectionManager de Tesla Model S. Esta vulnerabilidad permite a atacantes locales escapar de la zona de pruebas en los veh\u00edculos Tesla Model S afectados. Para explotar esta vulnerabilidad, un atacante debe primero ejecutar c\u00f3digo con privilegios bajos en el sistema objetivo. La falla espec\u00edfica se encuentra en el componente QCMAP_ConnectionManager. Un atacante puede abusar del servicio para asignar direcciones LAN a la WWAN. Un atacante puede aprovechar esta vulnerabilidad para acceder a servicios de red que solo estaban destinados a estar expuestos a la LAN interna. Era ZDI-CAN-23199." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30115.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30115.json index c3e71556aae..cf411f4a4e6 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30115.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30115.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30115", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:16.453", - "lastModified": "2025-04-30T22:15:16.453", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget." + }, + { + "lang": "es", + "value": "Una pol\u00edtica de depuraci\u00f3n insuficiente en HCL Leap permite client-side script injection en la aplicaci\u00f3n implementada a trav\u00e9s del widget HTML." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30145.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30145.json index 6c4298edc2a..77824aa0f52 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30145.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30145.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30145", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:16.590", - "lastModified": "2025-04-30T22:15:16.590", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications." + }, + { + "lang": "es", + "value": "M\u00faltiples vectores en HCL Domino Volt y Domino Leap permiten client-side script injection en el entorno de creaci\u00f3n y en las aplicaciones implementadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30146.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30146.json index b9592f01b1e..332a59e5221 100644 --- a/CVE-2024/CVE-2024-301xx/CVE-2024-30146.json +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30146.json @@ -2,13 +2,17 @@ "id": "CVE-2024-30146", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-30T22:15:16.720", - "lastModified": "2025-04-30T22:15:16.720", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver's filesystem." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado del endpoint en HCL Domino Leap permite que ciertos usuarios administradores importen aplicaciones desde el sistema de archivos del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json index 0dd0f743df8..3f4b4376119 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36732", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:57.937", - "lastModified": "2024-11-21T09:22:34.047", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:50:56.837", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8058A82-101A-4B97-9169-0EEFDB712EA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json index 57e1b0964d2..187151cffc9 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36734", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:58.030", - "lastModified": "2024-11-21T09:22:34.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:49:19.357", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +61,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8058A82-101A-4B97-9169-0EEFDB712EA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Redmept1on/7420cd59f30defda07cf7bb4bf4a92cd", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Redmept1on/7420cd59f30defda07cf7bb4bf4a92cd", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json index 179d14445c9..68e31b91eb3 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36737", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.643", - "lastModified": "2024-11-21T09:22:34.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T13:02:55.920", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -55,14 +55,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8058A82-101A-4B97-9169-0EEFDB712EA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Redmept1on/3a77cc722f82b57f99ccbe835aacf27d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Redmept1on/3a77cc722f82b57f99ccbe835aacf27d", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json index 60ea692569b..8013b196d4f 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36742", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T17:15:51.157", - "lastModified": "2024-11-21T09:22:35.287", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T13:17:04.193", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +61,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8058A82-101A-4B97-9169-0EEFDB712EA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Redmept1on/761f0d0d09a912b8b93e0cf8dd877e94", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Redmept1on/761f0d0d09a912b8b93e0cf8dd877e94", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json index 7b55d7ce19f..70a4f308e7f 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36743", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.723", - "lastModified": "2024-11-21T09:22:35.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:53:16.250", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,14 +61,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E8058A82-101A-4B97-9169-0EEFDB712EA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Redmept1on/64aa53d37e99975725a7d3e2dc9d9761", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Redmept1on/64aa53d37e99975725a7d3e2dc9d9761", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47784.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47784.json index 0bc25f4c478..71f44f50266 100644 --- a/CVE-2024/CVE-2024-477xx/CVE-2024-47784.json +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47784.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47784", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-04-30T19:15:54.083", - "lastModified": "2025-04-30T19:15:54.083", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI\nThis issue affects ANC software version 1.1.4 and earlier." + }, + { + "lang": "es", + "value": "Cambio de contrase\u00f1a no verificado para el software ANC que permite a un atacante autenticado eludir la verificaci\u00f3n de contrase\u00f1a antigua en el formulario de cambio de contrase\u00f1a a trav\u00e9s de una HMI web. Este problema afecta a la versi\u00f3n 1.1.4 y anteriores del software ANC." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48905.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48905.json index e54bac147b5..ba221ea8916 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48905.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48905.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48905", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T21:15:52.033", - "lastModified": "2025-05-01T21:15:52.033", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint." + }, + { + "lang": "es", + "value": "Sematell ReplyOne 7.4.3.0 tiene permisos inseguros para el endpoint /rest/sessions." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48906.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48906.json index 1ea6d8dd626..48eb8230cd7 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48906.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48906.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48906", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T21:15:52.160", - "lastModified": "2025-05-01T21:15:52.160", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name." + }, + { + "lang": "es", + "value": "Sematell ReplyOne 7.4.3.0 permite XSS a trav\u00e9s de un nombre de archivo adjunto en un correo electr\u00f3nico de ReplyDesk." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48907.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48907.json index 3d6f7e69b30..15959008781 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48907.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48907.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48907", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T21:15:52.270", - "lastModified": "2025-05-01T21:15:52.270", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API." + }, + { + "lang": "es", + "value": "Sematell ReplyOne 7.4.3.0 permite SSRF a trav\u00e9s de la API del servidor de aplicaciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5032.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5032.json index 4bcbbb51533..eeb567c95ca 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5032.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5032.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5032", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-13T06:15:03.633", - "lastModified": "2024-11-21T09:46:48.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:43:16.680", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:toolstack:sully:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.3.1", + "matchCriteriaId": "B84EFEFB-9307-44BF-9F6E-5357A975E7E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/4bb92693-23b3-4250-baee-af38b7e615e0/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/4bb92693-23b3-4250-baee-af38b7e615e0/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5033.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5033.json index 998794b419a..c437997c7fb 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5033.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5033.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5033", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-13T06:15:03.707", - "lastModified": "2024-11-21T09:46:49.147", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:42:24.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:toolstack:sully:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.3.1", + "matchCriteriaId": "B84EFEFB-9307-44BF-9F6E-5357A975E7E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/dd42765a-1300-453f-9835-6e646c87e496/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/dd42765a-1300-453f-9835-6e646c87e496/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5034.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5034.json index 50a678d2e2b..1c84bec722d 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5034.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5034.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5034", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-13T06:15:03.780", - "lastModified": "2024-11-21T09:46:49.320", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:34:04.860", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:toolstack:sully:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.3.1", + "matchCriteriaId": "B84EFEFB-9307-44BF-9F6E-5357A975E7E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/31f3a3b5-07bf-4cb3-b358-8488808733e0/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/31f3a3b5-07bf-4cb3-b358-8488808733e0/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5074.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5074.json index 03cef7a9b45..b9c95b8d6db 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5074.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5074.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5074", "sourceIdentifier": "contact@wpscan.com", "published": "2024-07-13T06:15:03.840", - "lastModified": "2024-11-21T09:46:54.600", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-05-02T12:20:02.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,14 +39,52 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tipsandtricks-hq:wp_emember:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "10.6.6", + "matchCriteriaId": "C9489765-0B59-4172-884C-11B72CFEAB8D" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/174a2ba8-0215-480f-93ec-83ebc4a3200e/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/174a2ba8-0215-480f-93ec-83ebc4a3200e/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52903.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52903.json index 80c2b58f6da..d567cb364bc 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52903.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52903.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52903", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-01T23:15:50.317", - "lastModified": "2025-05-01T23:15:50.317", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52976.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52976.json index 948abe034d0..db662d60b8f 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52976.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52976.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52976", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T14:15:35.527", - "lastModified": "2025-05-01T14:15:35.527", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52979.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52979.json index cd0f7064727..2784f3bc65b 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52979.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52979.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52979", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T14:15:35.690", - "lastModified": "2025-05-01T14:15:35.690", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55909.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55909.json index ae4467369fa..1f0e1aba893 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55909.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55909.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55909", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-02T01:15:52.567", - "lastModified": "2025-05-02T01:15:52.567", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55910.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55910.json index 476cdf8c6da..6f0048d5b1c 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55910.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55910.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55910", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-02T01:15:53.867", - "lastModified": "2025-05-02T01:15:53.867", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55912.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55912.json index a02aa6177e1..619765cf844 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55912.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55912.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55912", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-02T01:15:54.000", - "lastModified": "2025-05-02T01:15:54.000", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-559xx/CVE-2024-55913.json b/CVE-2024/CVE-2024-559xx/CVE-2024-55913.json index 06edb94d99a..6bf215c2cdb 100644 --- a/CVE-2024/CVE-2024-559xx/CVE-2024-55913.json +++ b/CVE-2024/CVE-2024-559xx/CVE-2024-55913.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55913", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-02T01:15:54.140", - "lastModified": "2025-05-02T01:15:54.140", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-576xx/CVE-2024-57698.json b/CVE-2024/CVE-2024-576xx/CVE-2024-57698.json index f4dad93420a..36651f5caae 100644 --- a/CVE-2024/CVE-2024-576xx/CVE-2024-57698.json +++ b/CVE-2024/CVE-2024-576xx/CVE-2024-57698.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57698", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-29T20:15:25.110", - "lastModified": "2025-04-30T15:16:00.237", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6029.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6029.json index 8fecfa1f605..ff7fb881b55 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6029.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6029.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6029", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:20.900", - "lastModified": "2025-04-30T20:15:20.900", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability.\n \nThe specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197." + }, + { + "lang": "es", + "value": "Vulnerabilidad de elusi\u00f3n del firewall en condiciones de ejecuci\u00f3n del m\u00f3dem Iris del Tesla Model S. Esta vulnerabilidad permite a atacantes adyacentes a la red eludir el firewall del m\u00f3dem Iris en los veh\u00edculos Tesla Model S afectados. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en el servicio de firewall. El problema se debe a un fallo al obtener el bloqueo de xtables. Un atacante puede aprovechar esta vulnerabilidad para eludir las reglas del firewall. Anteriormente, se denominaba ZDI-CAN-23197." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6030.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6030.json index c71ea14ea5e..ab3f536bf0f 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6030.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6030.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6030", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:21.030", - "lastModified": "2025-04-30T20:15:21.030", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability.\n \nThe specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escape del entorno de pruebas de oFono con privilegios innecesarios en el Tesla Model S. Esta vulnerabilidad permite a atacantes locales escapar del entorno de pruebas en los veh\u00edculos Tesla Model S afectados. Para explotar esta vulnerabilidad, un atacante debe primero ejecutar c\u00f3digo dentro del entorno de pruebas en el sistema objetivo. La falla espec\u00edfica se encuentra en el proceso oFono, que permite a un atacante modificar interfaces. Un atacante puede aprovechar esta vulnerabilidad para eludir el entorno de pruebas de red de iptables. Anteriormente, se denominaba ZDI-CAN-23200." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6031.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6031.json index 51cc23dd0a1..bf198f6519b 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6031.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6031.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6031", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:21.153", - "lastModified": "2025-04-30T20:15:21.153", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n \nThe specific flaw exists within the parsing of responses from AT commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23198." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo por desbordamiento de b\u00fafer basado en el mont\u00f3n del comando AT oFono del Tesla Model S. Esta vulnerabilidad permite a atacantes locales ejecutar c\u00f3digo arbitrario en los veh\u00edculos Tesla Model S afectados. Para explotar esta vulnerabilidad, un atacante debe primero obtener la capacidad de ejecutar c\u00f3digo en el m\u00f3dem objetivo. La falla espec\u00edfica se encuentra en el an\u00e1lisis de las respuestas de los comandos AT. El problema se debe a la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en el mont\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del dispositivo. Anteriormente, se denominaba ZDI-CAN-23198." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6032.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6032.json index a4902a2a03f..c0e7c94ce43 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6032.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6032.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6032", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:21.283", - "lastModified": "2025-04-30T20:15:21.283", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability.\n \nThe specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo por inyecci\u00f3n de comandos ql_atfwd en el m\u00f3dem Iris del Tesla Model S. Esta vulnerabilidad permite a atacantes locales ejecutar c\u00f3digo arbitrario en los veh\u00edculos Tesla Model S afectados. Para explotar esta vulnerabilidad, un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo en el sistema objetivo. La falla espec\u00edfica se encuentra en el proceso ql_atfwd. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el m\u00f3dem objetivo con acceso root. Era ZDI-CAN-23201." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9876.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9876.json index 40bde7a7026..c5c828422f3 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9876.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9876.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9876", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-04-30T19:15:54.740", - "lastModified": "2025-04-30T19:15:54.740", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": ": Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4." + }, + { + "lang": "es", + "value": ":Vulnerabilidad de modificaci\u00f3n de datos asumidos inmutables (MAID) en ABB ANC, ABB ANC-L, ABB ANC-mini. Este problema afecta a ANC: hasta la versi\u00f3n 1.1.4; ANC-L: hasta la versi\u00f3n 1.1.4; ANC-mini: hasta la versi\u00f3n 1.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9877.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9877.json index b9922695bec..4bcd46b3258 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9877.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9877.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9877", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-04-30T19:15:54.907", - "lastModified": "2025-04-30T19:15:54.907", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": ": Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4." + }, + { + "lang": "es", + "value": ":Vulnerabilidad en el uso del m\u00e9todo de solicitud GET con cadenas de consulta sensibles en ABB ANC, ABB ANC-L, ABB ANC-mini. Este problema afecta a ANC: hasta 1.1.4; ANC-L: hasta 1.1.4; ANC-mini: hasta 1.1.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-00xx/CVE-2025-0072.json b/CVE-2025/CVE-2025-00xx/CVE-2025-0072.json index 45837a65f23..05aaa904f90 100644 --- a/CVE-2025/CVE-2025-00xx/CVE-2025-0072.json +++ b/CVE-2025/CVE-2025-00xx/CVE-2025-0072.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0072", "sourceIdentifier": "arm-security@arm.com", "published": "2025-05-02T10:15:15.947", - "lastModified": "2025-05-02T10:15:15.947", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0427.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0427.json index 61be4c71515..cf55e68f97f 100644 --- a/CVE-2025/CVE-2025-04xx/CVE-2025-0427.json +++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0427.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0427", "sourceIdentifier": "arm-security@arm.com", "published": "2025-05-02T10:15:16.637", - "lastModified": "2025-05-02T10:15:16.637", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-05xx/CVE-2025-0520.json b/CVE-2025/CVE-2025-05xx/CVE-2025-0520.json index 6ba12702b5d..114e5be417f 100644 --- a/CVE-2025/CVE-2025-05xx/CVE-2025-0520.json +++ b/CVE-2025/CVE-2025-05xx/CVE-2025-0520.json @@ -2,13 +2,17 @@ "id": "CVE-2025-0520", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-04-29T20:15:25.230", - "lastModified": "2025-04-29T20:15:25.230", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos sin restricciones en ShowDoc causada por una validaci\u00f3n incorrecta de la extensi\u00f3n del archivo permite la ejecuci\u00f3n de PHP arbitrario, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Este problema afecta a ShowDoc: antes de 2.8.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json index 761e4c12055..07175d86fac 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0716.json @@ -2,8 +2,8 @@ "id": "CVE-2025-0716", "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", "published": "2025-04-29T17:15:39.790", - "lastModified": "2025-04-29T19:15:53.537", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \u00a0and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status ." + }, + { + "lang": "es", + "value": "La limpieza incorrecta del valor de los atributos 'href' y 'xlink:href' en los elementos SVG '' de AngularJS permite a los atacantes eludir las restricciones comunes de las fuentes de im\u00e1genes. Esto puede provocar suplantaci\u00f3n de contenido (https://owasp.org/www-community/attacks/Content_Spoofing) y afectar negativamente el rendimiento y el comportamiento de la aplicaci\u00f3n al usar im\u00e1genes demasiado grandes o de carga lenta. Este problema afecta a todas las versiones de AngularJS. Nota: El proyecto AngularJS ha finalizado su ciclo de vida y no recibir\u00e1 actualizaciones para solucionar este problema. Para m\u00e1s informaci\u00f3n, consulte aqu\u00ed: https://docs.angularjs.org/misc/version-support-status." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1301.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1301.json index dfe92c0dc57..33f3bac162c 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1301.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1301.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1301", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-05-02T11:15:46.000", - "lastModified": "2025-05-02T11:15:46.000", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1304.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1304.json index f1c85df7bc0..2aba059df30 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1304.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1304.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1304", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T04:16:43.183", - "lastModified": "2025-05-01T04:16:43.183", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1305.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1305.json index b3e6fb8165a..4af971dc83f 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1305.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1305.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1305", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T04:16:47.947", - "lastModified": "2025-05-01T04:16:47.947", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1326.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1326.json index fd32ab7d2a0..3b79f6f58e6 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1326.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1326.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1326", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:46.530", - "lastModified": "2025-05-02T04:15:46.530", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1327.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1327.json index a7f0b5ca06b..025f690da75 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1327.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1327.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1327", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:46.760", - "lastModified": "2025-05-02T04:15:46.760", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1333.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1333.json index 48329d135e2..d558253e11f 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1333.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1333.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1333", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-01T22:15:16.657", - "lastModified": "2025-05-01T22:15:16.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1529.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1529.json index c4b8e818e0e..c5a185d27b7 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1529.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1529.json @@ -2,8 +2,8 @@ "id": "CVE-2025-1529", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T12:15:16.093", - "lastModified": "2025-05-01T12:15:16.093", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json index 5db551d1a14..517ce9e51bd 100644 --- a/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1551.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1551", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-04-29T16:15:29.870", - "lastModified": "2025-04-29T16:15:29.870", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1 y 9.0.0.1 es vulnerable a ataques de cross-site scripting. Esta vulnerabilidad permite a un atacante no autenticado incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2082.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2082.json index 193107ce08e..72dcb80f0ac 100644 --- a/CVE-2025/CVE-2025-20xx/CVE-2025-2082.json +++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2082.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2082", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2025-04-30T20:15:21.563", - "lastModified": "2025-04-30T20:15:21.563", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de enteros en el VCSEC del Tesla Model 3. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en los veh\u00edculos Tesla Model 3 afectados. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica se encuentra en el m\u00f3dulo VCSEC. Al manipular la respuesta del certificado enviada desde el Tire Pressure Monitoring System (TPMS), un atacante puede provocar un desbordamiento de enteros antes de escribir en memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del m\u00f3dulo VCSEC y enviar mensajes arbitrarios al bus CAN del veh\u00edculo. Anteriormente, se denominaba ZDI-CAN-23800." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-214xx/CVE-2025-21416.json b/CVE-2025/CVE-2025-214xx/CVE-2025-21416.json index 2070c9abcf6..222b4635689 100644 --- a/CVE-2025/CVE-2025-214xx/CVE-2025-21416.json +++ b/CVE-2025/CVE-2025-214xx/CVE-2025-21416.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21416", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:38.700", - "lastModified": "2025-04-30T18:15:38.700", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network." + }, + { + "lang": "es", + "value": "La falta de autorizaci\u00f3n en Azure Virtual Desktop permite que un atacante autorizado eleve privilegios en una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2168.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2168.json index df5e91cb683..cf0c37d92af 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2168.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2168.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2168", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T04:16:53.127", - "lastModified": "2025-05-01T04:16:53.127", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2170.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2170.json index 3def3c3e632..6e0a0537103 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2170.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2170.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2170", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2025-04-30T19:15:55.227", - "lastModified": "2025-05-01T14:15:37.177", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad de Server-side request forgery (SSRF) en la interfaz SMA1000 Appliance Work Place, que en condiciones espec\u00edficas podr\u00eda permitir que un atacante remoto no autenticado haga que el dispositivo realice solicitudes a una ubicaci\u00f3n no deseada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22882.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22882.json index e89452c7e77..7a3159c3339 100644 --- a/CVE-2025/CVE-2025-228xx/CVE-2025-22882.json +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22882.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22882", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-30T08:15:31.360", - "lastModified": "2025-04-30T08:15:31.360", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda permitir a un atacante aprovechar la l\u00f3gica de depuraci\u00f3n para ejecutar c\u00f3digo arbitrario al analizar el archivo CBDGL." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22883.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22883.json index 3ef1c3c288b..e5e45517a7e 100644 --- a/CVE-2025/CVE-2025-228xx/CVE-2025-22883.json +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22883.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22883", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-30T08:15:31.600", - "lastModified": "2025-04-30T08:15:31.600", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo DVP." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-228xx/CVE-2025-22884.json b/CVE-2025/CVE-2025-228xx/CVE-2025-22884.json index ed3a8d3c574..b1434266335 100644 --- a/CVE-2025/CVE-2025-228xx/CVE-2025-22884.json +++ b/CVE-2025/CVE-2025-228xx/CVE-2025-22884.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22884", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-30T08:15:31.760", - "lastModified": "2025-04-30T08:15:31.760", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo DVP." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23139.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23139.json index 30555593ad7..ea9d447cdda 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23139.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23139.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23139", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:49.693", - "lastModified": "2025-05-02T07:15:59.770", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: Fix another race during initialization\n\nDo not set 'HCI_UART_PROTO_READY' before call 'hci_uart_register_dev()'.\nPossible race is when someone calls 'hci_tty_uart_close()' after this bit\nis set, but 'hci_uart_register_dev()' wasn't done. This leads to access\nto uninitialized fields. To fix it let's set this bit after device was\nregistered (as before patch c411c62cc133) and to fix previous problem let's\nadd one more bit in addition to 'HCI_UART_PROTO_READY' which allows to\nperform power up without original bit set (pls see commit c411c62cc133).\n\nCrash backtrace from syzbot report:\n\nRIP: 0010:skb_queue_empty_lockless include/linux/skbuff.h:1887 [inline]\nRIP: 0010:skb_queue_purge_reason+0x6d/0x140 net/core/skbuff.c:3936\n\nCall Trace:\n \n skb_queue_purge include/linux/skbuff.h:3364 [inline]\n mrvl_close+0x2f/0x90 drivers/bluetooth/hci_mrvl.c:100\n hci_uart_tty_close+0xb6/0x120 drivers/bluetooth/hci_ldisc.c:557\n tty_ldisc_close drivers/tty/tty_ldisc.c:455 [inline]\n tty_ldisc_kill+0x66/0xc0 drivers/tty/tty_ldisc.c:613\n tty_ldisc_release+0xc9/0x120 drivers/tty/tty_ldisc.c:781\n tty_release_struct+0x10/0x80 drivers/tty/tty_io.c:1690\n tty_release+0x4ef/0x640 drivers/tty/tty_io.c:1861\n __fput+0x86/0x2a0 fs/file_table.c:450\n task_work_run+0x82/0xb0 kernel/task_work.c:239\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0xa3/0x1b0 kernel/entry/common.c:218\n do_syscall_64+0x9a/0x190 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci_uart: Corrige otra ejecuci\u00f3n durante la inicializaci\u00f3n No establezca 'HCI_UART_PROTO_READY' antes de llamar a 'hci_uart_register_dev()'. La posible ejecuci\u00f3n es cuando alguien llama a 'hci_tty_uart_close()' despu\u00e9s de que este bit est\u00e9 establecido, pero no se realiz\u00f3 'hci_uart_register_dev()'. Esto lleva al acceso a campos no inicializados. Para solucionarlo, establezcamos este bit despu\u00e9s de que el dispositivo se haya registrado (como antes del parche c411c62cc133) y para solucionar el problema anterior, agreguemos un bit m\u00e1s adem\u00e1s de 'HCI_UART_PROTO_READY' que permite realizar el encendido sin el bit original establecido (consulte el commit c411c62cc133). Seguimiento de fallos del informe de syzbot: RIP: 0010:skb_queue_empty_lockless include/linux/skbuff.h:1887 [en l\u00ednea] RIP: 0010:skb_queue_purge_reason+0x6d/0x140 net/core/skbuff.c:3936 Seguimiento de llamadas: skb_queue_purge include/linux/skbuff.h:3364 [inline] mrvl_close+0x2f/0x90 drivers/bluetooth/hci_mrvl.c:100 hci_uart_tty_close+0xb6/0x120 drivers/bluetooth/hci_ldisc.c:557 tty_ldisc_close drivers/tty/tty_ldisc.c:455 [inline] tty_ldisc_kill+0x66/0xc0 drivers/tty/tty_ldisc.c:613 tty_ldisc_release+0xc9/0x120 drivers/tty/tty_ldisc.c:781 tty_release_struct+0x10/0x80 drivers/tty/tty_io.c:1690 tty_release+0x4ef/0x640 drivers/tty/tty_io.c:1861 __fput+0x86/0x2a0 fs/file_table.c:450 task_work_run+0x82/0xb0 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xa3/0x1b0 kernel/entry/common.c:218 do_syscall_64+0x9a/0x190 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23140.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23140.json index 6115e106553..a5a683a0453 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23140.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23140.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23140", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:49.807", - "lastModified": "2025-05-02T07:15:59.917", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0'\n WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test->num_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: pci_endpoint_test: evitar el problema de las interrupciones restantes despu\u00e9s del error request_irq Despu\u00e9s de que devm_request_irq() falla con un error en pci_endpoint_test_request_irq(), se llama a pci_endpoint_test_free_irq_vectors() asumiendo que se han liberado todas las IRQ. Sin embargo, algunas IRQ solicitadas permanecen sin liberar, por lo que a\u00fan quedan entradas /proc/irq/* restantes y esto genera un WARN() con el siguiente mensaje: remove_proc_entry: eliminando el directorio no vac\u00edo 'irq/30', filtrando al menos 'pci-endpoint-test.0' ADVERTENCIA: CPU: 0 PID: 202 en fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c Para resolver este problema, establezca el n\u00famero de IRQ restantes en test->num_irqs y libere las IRQ con anticipaci\u00f3n llamando a pci_endpoint_test_release_irq(). [kwilczynski: registro de confirmaciones]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23141.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23141.json index f9a3a19408b..749f3118dfd 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23141.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23141.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23141", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:49.910", - "lastModified": "2025-05-01T13:15:49.910", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23142.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23142.json index cd22baf67f2..9594fc3e842 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23142.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23142.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23142", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.017", - "lastModified": "2025-05-02T07:16:00.053", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: detect and prevent references to a freed transport in sendmsg\n\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\n\nThere's a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\n\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\n\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\n\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\n\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\n\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2])." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: detectar y prevenir referencias a un transporte liberado en sendmsg. sctp_sendmsg() reutiliza asociaciones y transportes cuando es posible mediante una b\u00fasqueda basada en el endpoint del socket y la direcci\u00f3n de destino del mensaje. A continuaci\u00f3n, sctp_sendmsg_to_asoc() establece el transporte seleccionado en todos los fragmentos de mensaje que se enviar\u00e1n. Existe una posible condici\u00f3n de ejecuci\u00f3n si otro subproceso activa la eliminaci\u00f3n de ese transporte seleccionado, por ejemplo, desvinculando expl\u00edcitamente una direcci\u00f3n con setsockopt(SCTP_SOCKOPT_BINDX_REM), despu\u00e9s de configurar los fragmentos y antes de enviar el mensaje. Esto puede ocurrir si el b\u00fafer de env\u00edo est\u00e1 lleno, durante el periodo en que el subproceso emisor libera temporalmente el bloqueo del socket en sctp_wait_for_sndbuf(). Esto provoca que el acceso a los datos de transporte en sctp_outq_select_transport(), al vaciar la cola de salida de la asociaci\u00f3n, resulte en una lectura de use-after-free. Este cambio evita este escenario al indicar sctp_transport_free() la liberaci\u00f3n del transporte, etiquet\u00e1ndolo como \"muerto\". Para ello, el parche restaura el bit \"muerto\" en la estructura sctp_transport, que se elimin\u00f3 en el commit 47faa1e4c50e (\"sctp: eliminar el campo muerto de sctp_transport\"). Si el hilo emisor ha liberado el bloqueo del socket en sctp_wait_for_sndbuf(), el bit se vuelve a comprobar tras volver a adquirir el bloqueo para detectar la eliminaci\u00f3n. Esto se realiza manteniendo una referencia al transporte para evitar que se libere durante el proceso. Si el transporte se elimin\u00f3 mientras se liberaba el bloqueo del socket, sctp_sendmsg_to_asoc() devolver\u00e1 -EAGAIN para que el espacio de usuario pueda reintentar el env\u00edo. El error fue detectado por una instancia privada de syzbot (consulte el informe de errores [1] y el reproductor de C que lo activa [2])." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23143.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23143.json index c60c51d56f9..0a95f0734f2 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23143.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23143.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23143", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.127", - "lastModified": "2025-05-01T13:15:50.127", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23144.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23144.json index a37fd478be0..b7b8d148396 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23144.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23144.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23144", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.237", - "lastModified": "2025-05-02T07:16:00.167", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led_bl: Hold led_access lock when calling led_sysfs_disable()\n\nLockdep detects the following issue on led-backlight removal:\n [ 142.315935] ------------[ cut here ]------------\n [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80\n ...\n [ 142.500725] Call trace:\n [ 142.503176] led_sysfs_enable+0x54/0x80 (P)\n [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl]\n [ 142.511742] platform_remove+0x30/0x58\n [ 142.515501] device_remove+0x54/0x90\n ...\n\nIndeed, led_sysfs_enable() has to be called with the led_access\nlock held.\n\nHold the lock when calling led_sysfs_disable()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: backlight: led_bl: Mantener el bloqueo de led_access al llamar a led_sysfs_disable() Lockdep detecta el siguiente problema al eliminar la retroiluminaci\u00f3n LED: [ 142.315935] ------------[ cortar aqu\u00ed ]------------ [ 142.315954] ADVERTENCIA: CPU: 2 PID: 292 en drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [ 142.500725] Rastreo de llamada: [ 142.503176] led_sysfs_enable+0x54/0x80 (P) [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl] [ 142.511742] platform_remove+0x30/0x58 [ 142.515501] device_remove+0x54/0x90 ... De hecho, led_sysfs_enable() debe llamarse con el bloqueo de led_access activado. Mantenga el bloqueo al llamar a led_sysfs_disable()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23145.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23145.json index 7362263f00c..fe28f88ef35 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23145.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23145.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23145", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.343", - "lastModified": "2025-05-02T07:16:00.283", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL.\n\nCall trace:\n\n mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n ip_local_deliver (./net/ipv4/ip_input.c:254)\n ip_rcv_finish (./net/ipv4/ip_input.c:449)\n ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n'subflow_req->msk' ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the 'subflow_req->msk' under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: se corrige el puntero NULL en can_accept_new_subflow Al probar la herramienta de evaluaci\u00f3n comparativa valkey con MPTCP, el kernel entra en p\u00e1nico en 'mptcp_can_accept_new_subflow' porque subflow_req->msk es NULL. Rastreo de llamadas: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminador 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... Seg\u00fan el registro de depuraci\u00f3n, la misma solicitud recibi\u00f3 dos SYN-ACK en muy poco tiempo, probablemente porque el cliente retransmite el SYN-ACK por varias razones. Incluso si los paquetes se transmiten con un intervalo de tiempo relevante, el servidor puede procesarlos en diferentes CPU simult\u00e1neamente. La propiedad de 'subflow_req->msk' se transfiere primero al subflujo, lo que conlleva el riesgo de una desreferencia de puntero nulo. Este parche corrige este problema moviendo 'subflow_req->msk' bajo la condici\u00f3n `own_req == true`. Tenga en cuenta que la comprobaci\u00f3n !msk en subflow_hmac_valid() puede omitirse, ya que ya existe en la rama own_req de mpj, donde se ha movido el c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23146.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23146.json index 60e257925b5..a366beeef9c 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23146.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23146.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23146", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.453", - "lastModified": "2025-05-02T07:16:00.410", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: ene-kb3930: Fix a potential NULL pointer dereference\n\nThe off_gpios could be NULL. Add missing check in the kb3930_probe().\nThis is similar to the issue fixed in commit b1ba8bcb2d1f\n(\"backlight: hx8357: Fix potential NULL pointer dereference\").\n\nThis was detected by our static analysis tool." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mfd: ene-kb3930: Se corrige una posible desreferencia de puntero nulo. El valor off_gpios podr\u00eda ser nulo. Se a\u00f1ade la comprobaci\u00f3n faltante en kb3930_probe(). Esto es similar al problema corregido en el commit b1ba8bcb2d1f (\"backlight: hx8357: Se corrige una posible desreferencia de puntero nulo\"). Esto fue detectado por nuestra herramienta de an\u00e1lisis est\u00e1tico." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23147.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23147.json index e70db6669d8..368df726779 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23147.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23147.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23147", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.563", - "lastModified": "2025-05-02T07:16:00.510", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: Add NULL pointer check in i3c_master_queue_ibi()\n\nThe I3C master driver may receive an IBI from a target device that has not\nbeen probed yet. In such cases, the master calls `i3c_master_queue_ibi()`\nto queue an IBI work task, leading to \"Unable to handle kernel read from\nunreadable memory\" and resulting in a kernel panic.\n\nTypical IBI handling flow:\n1. The I3C master scans target devices and probes their respective drivers.\n2. The target device driver calls `i3c_device_request_ibi()` to enable IBI\n and assigns `dev->ibi = ibi`.\n3. The I3C master receives an IBI from the target device and calls\n `i3c_master_queue_ibi()` to queue the target device driver\u2019s IBI\n handler task.\n\nHowever, since target device events are asynchronous to the I3C probe\nsequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`,\nleading to a kernel panic.\n\nAdd a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing\nan uninitialized `dev->ibi`, ensuring stability." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: A\u00f1adir comprobaci\u00f3n de puntero nulo en i3c_master_queue_ibi(). El controlador maestro I3C puede recibir una IBI de un dispositivo de destino que a\u00fan no se ha sondeado. En tales casos, el maestro llama a `i3c_master_queue_ibi()` para poner en cola una tarea de trabajo IBI, lo que genera el error \"No se puede manejar la lectura del kernel desde memoria ilegible\" y provoca un p\u00e1nico del kernel. Flujo t\u00edpico de manejo de IBI: 1. El maestro I3C escanea los dispositivos de destino y sondea sus respectivos controladores. 2. El controlador del dispositivo de destino llama a `i3c_device_request_ibi()` para habilitar IBI y asigna `dev->ibi = ibi`. 3. El maestro I3C recibe una IBI del dispositivo de destino y llama a `i3c_master_queue_ibi()` para poner en cola la tarea de manejo de IBI del controlador del dispositivo de destino. Sin embargo, dado que los eventos del dispositivo de destino son as\u00edncronos a la secuencia de sondeo I3C, el paso 3 puede ocurrir antes del paso 2, lo que provoca que `dev->ibi` sea `NULL` y provoque un p\u00e1nico del kernel. Agregue una comprobaci\u00f3n de puntero NULL en `i3c_master_queue_ibi()` para evitar el acceso a un `dev->ibi` sin inicializar, garantizando as\u00ed la estabilidad." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23148.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23148.json index 174d51adc7f..52e0563e61b 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23148.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23148.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23148", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.670", - "lastModified": "2025-05-02T07:16:00.603", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()\n\nsoc_dev_attr->revision could be NULL, thus,\na pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: samsung: exynos-chipid: Se ha a\u00f1adido una comprobaci\u00f3n de puntero nulo en exynos_chipid_probe(). soc_dev_attr->revision podr\u00eda ser nulo, por lo que se ha a\u00f1adido una comprobaci\u00f3n de puntero para evitar posibles desreferencias de punteros nulos. Esto es similar a la correcci\u00f3n en el commit 3027e7b15b02 (\"ice: Se corrigen algunos problemas de desreferencia de puntero nulo en ice_ptp.c\"). Nuestra herramienta de an\u00e1lisis est\u00e1tico ha detectado este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23149.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23149.json index 08361413e3a..77bf1747f8b 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23149.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23149.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23149", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.780", - "lastModified": "2025-05-01T13:15:50.780", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23150.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23150.json index 69b473b9890..0004e175164 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23150.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23150.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23150", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:50.893", - "lastModified": "2025-05-02T07:16:00.697", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \n\nThe following loop is located right above 'if' statement.\n\nfor (i = count-1; i >= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 > blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n'i' in this case could go down to -1, in which case sum of active entries\nwouldn't exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige el error de uno en uno en do_split Syzkaller detect\u00f3 un problema de use-after-free en ext4_insert_dentry que fue causado por un acceso fuera de los l\u00edmites debido a una divisi\u00f3n incorrecta en do_split. ERROR: KASAN: use-after-free en ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 Escritura de tama\u00f1o 251 en la direcci\u00f3n ffff888074572f14 por la tarea syz-executor335/5847 CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 No contaminado 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 30/10/2024 Rastreo de llamadas: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154 make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455 ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796 ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431 vfs_symlink+0x137/0x2e0 fs/namei.c:4615 do_symlinkat+0x222/0x3a0 fs/namei.c:4641 __do_sys_symlink fs/namei.c:4662 [inline] __se_sys_symlink fs/namei.c:4660 [inline] __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f El siguiente bucle se encuentra justo encima de la declaraci\u00f3n 'if'. for (i = count-1; i >= 0; i--) { /* \u00bfhay m\u00e1s de la mitad de esta entrada en la 2da mitad del bloque? */ if (size + map[i].size/2 > blocksize/2) break; size += map[i].size; move++; } En este caso, la 'i' podr\u00eda bajar a -1, en cuyo caso la suma de las entradas activas no superar\u00eda la mitad del tama\u00f1o del bloque. Sin embargo, el comportamiento anterior tambi\u00e9n se dividir\u00eda por la mitad si la suma superara el tama\u00f1o del \u00faltimo bloque. Esto, al tener demasiados archivos con nombres largos en un solo bloque, podr\u00eda provocar un acceso fuera de los l\u00edmites y el consiguiente uso despu\u00e9s de la liberaci\u00f3n. Encontrado por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con Syzkaller." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23151.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23151.json index a9a99230caf..3f75aa79ab6 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23151.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23151.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23151", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.003", - "lastModified": "2025-05-02T07:16:00.797", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver's tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: host: Correcci\u00f3n de la competencia entre unprepare y queue_buf. Un controlador de cliente podr\u00eda usar mhi_unprepare_from_transfer() para silenciar los datos entrantes durante su desconexi\u00f3n. El controlador de cliente tambi\u00e9n podr\u00eda estar procesando datos simult\u00e1neamente, lo que resulta en una llamada a mhi_queue_buf(), que invocar\u00e1 mhi_gen_tre(). Si mhi_gen_tre() se ejecuta despu\u00e9s de que mhi_unprepare_from_transfer() haya desconectado el canal, se producir\u00e1 un p\u00e1nico debido a una desreferencia no v\u00e1lida que provoca un fallo de p\u00e1gina. Esto ocurre porque mhi_gen_tre() no verifica el estado del canal despu\u00e9s de bloquearlo. Para solucionar esto, haga que mhi_gen_tre() confirme que el estado del canal es v\u00e1lido o devuelva un error para evitar acceder a los datos desinicializados. [mani: etiqueta estable a\u00f1adida]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23152.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23152.json index 3f308185b9a..0a5fe16290c 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23152.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23152.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23152", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.110", - "lastModified": "2025-05-01T13:15:51.110", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23153.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23153.json index 4d507918bb8..0bb4441beff 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23153.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23153.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23153", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.210", - "lastModified": "2025-05-01T13:15:51.210", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23154.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23154.json index cecf20178fa..62476451980 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23154.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23154.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23154", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.310", - "lastModified": "2025-05-01T13:15:51.310", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23155.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23155.json index abc41c3a83a..b54211f6d31 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23155.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23155.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23155", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.413", - "lastModified": "2025-05-01T13:15:51.413", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23156.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23156.json index 8da09f00975..7baa65b8941 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23156.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23156.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23156", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.517", - "lastModified": "2025-05-02T07:16:00.877", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: refactor hfi packet parsing logic\n\nwords_count denotes the number of words in total payload, while data\npoints to payload of various property within it. When words_count\nreaches last word, data can access memory beyond the total payload. This\ncan lead to OOB access. With this patch, the utility api for handling\nindividual properties now returns the size of data consumed. Accordingly\nremaining bytes are calculated before parsing the payload, thereby\neliminates the OOB access possibilities." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: hfi_parser: refactorizaci\u00f3n de la l\u00f3gica de an\u00e1lisis de paquetes HFI. words_count indica el n\u00famero de palabras en el payload total, mientras que data apunta al payload de varias propiedades dentro de ella. Cuando words_count alcanza la \u00faltima palabra, data puede acceder a memoria m\u00e1s all\u00e1 de payload total. Esto puede provocar accesos fuera de banda (OOB). Con este parche, la API de utilidad para gestionar propiedades individuales ahora devuelve el tama\u00f1o de los datos consumidos. Por consiguiente, los bytes restantes se calculan antes de analizar el payload, eliminando as\u00ed las posibilidades de accesos fuera de banda (OOB)." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23157.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23157.json index 83e87d5e0af..e535344145c 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23157.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23157.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23157", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.623", - "lastModified": "2025-05-02T07:16:00.967", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: add check to avoid out of bound access\n\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: hfi_parser: a\u00f1adir comprobaci\u00f3n para evitar accesos fuera de los l\u00edmites. Existe la posibilidad de que init_codecs se invoque varias veces durante la manipulaci\u00f3n de la carga \u00fatil del firmware de v\u00eddeo. En tal caso, si codecs_count se incrementa a un valor superior a MAX_CODEC_NUM, puede haber accesos fuera de los l\u00edmites. Restablezca el contador para que siempre comience desde el principio." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23158.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23158.json index ba8697c40d2..ca4b6fff498 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23158.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23158.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23158", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.733", - "lastModified": "2025-05-02T07:16:01.067", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add check to handle incorrect queue size\n\nqsize represents size of shared queued between driver and video\nfirmware. Firmware can modify this value to an invalid large value. In\nsuch situation, empty_space will be bigger than the space actually\navailable. Since new_wr_idx is not checked, so the following code will\nresult in an OOB write.\n...\nqsize = qhdr->q_size\n\nif (wr_idx >= rd_idx)\n empty_space = qsize - (wr_idx - rd_idx)\n....\nif (new_wr_idx < qsize) {\n memcpy(wr_ptr, packet, dwords << 2) --> OOB write\n\nAdd check to ensure qsize is within the allocated size while\nreading and writing packets into the queue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: hfi: se ha a\u00f1adido una comprobaci\u00f3n para gestionar el tama\u00f1o incorrecto de queue size qsize representa el tama\u00f1o de la cola compartida entre el controlador y el firmware de v\u00eddeo. El firmware puede modificar este valor a un valor grande no v\u00e1lido. En tal situaci\u00f3n, el espacio vac\u00edo ser\u00e1 mayor que el espacio realmente disponible. Dado que new_wr_idx no se comprueba, el siguiente c\u00f3digo resultar\u00e1 en una escritura fuera de banda (OOB). ... qsize = qhdr->q_size if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) .... if (new_wr_idx < qsize) { memcpy(wr_ptr, packet, dwords << 2) --> Escritura fuera de banda (OOB). Se ha a\u00f1adido una comprobaci\u00f3n para garantizar que qsize se encuentre dentro del tama\u00f1o asignado al leer y escribir paquetes en la cola." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23159.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23159.json index e5388081338..7d2ab7720c5 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23159.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23159.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23159", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.843", - "lastModified": "2025-05-02T07:16:01.163", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr->buf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: hfi: se ha a\u00f1adido una comprobaci\u00f3n para gestionar la escritura OOB en la regi\u00f3n sfr. sfr->buf_size se encuentra en memoria compartida y puede ser modificado por un usuario malintencionado. Es posible escribir OOB cuando el tama\u00f1o es mayor que el del b\u00fafer de datos sfr. En estos casos, limite el tama\u00f1o al tama\u00f1o asignado." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23160.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23160.json index 01c1a0a09a4..0c144897e89 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23160.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23160.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23160", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:51.957", - "lastModified": "2025-05-01T13:15:51.957", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23161.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23161.json index 70b10a7abd9..4b21834b265 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23161.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23161.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23161", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.060", - "lastModified": "2025-05-02T07:16:01.250", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type\n\nThe access to the PCI config space via pci_ops::read and pci_ops::write is\na low-level hardware access. The functions can be accessed with disabled\ninterrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this\npurpose.\n\nA spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be\nacquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in\nthe same context as the pci_lock.\n\nMake vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with\ninterrupts disabled.\n\nThis was reported as:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n Call Trace:\n rt_spin_lock+0x4e/0x130\n vmd_pci_read+0x8d/0x100 [vmd]\n pci_user_read_config_byte+0x6f/0xe0\n pci_read_config+0xfe/0x290\n sysfs_kf_bin_read+0x68/0x90\n\n[bigeasy: reword commit message]\nTested-off-by: Luis Claudio R. Goncalves \n[kwilczynski: commit log]\n[bhelgaas: add back report info from\nhttps://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: vmd: Convertir vmd_dev::cfg_lock en tipo raw_spinlock_t El acceso al espacio de configuraci\u00f3n PCI mediante pci_ops::read y pci_ops::write es un acceso de hardware de bajo nivel. Se puede acceder a las funciones con interrupciones deshabilitadas incluso en PREEMPT_RT. El pci_lock es un raw_spinlock_t para este prop\u00f3sito. Un spinlock_t se convierte en un bloqueo inactivo en PREEMPT_RT, por lo que no se puede adquirir con interrupciones deshabilitadas. Se accede a vmd_dev::cfg_lock en el mismo contexto que el pci_lock. Convertir vmd_dev::cfg_lock en un tipo raw_spinlock_t para que pueda usarse con interrupciones deshabilitadas. Esto se inform\u00f3 como: ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/locking/spinlock_rt.c:48 Rastreo de llamadas: rt_spin_lock+0x4e/0x130 vmd_pci_read+0x8d/0x100 [vmd] pci_user_read_config_byte+0x6f/0xe0 pci_read_config+0xfe/0x290 sysfs_kf_bin_read+0x68/0x90 [bigeasy: reformular el mensaje de confirmaci\u00f3n] Probado por: Luis Claudio R. Goncalves [kwilczynski: registro de confirmaciones] [bhelgaas: agregar informaci\u00f3n del informe de https://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23162.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23162.json index 4585acbc067..5373a77ada0 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23162.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23162.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23162", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.167", - "lastModified": "2025-05-01T13:15:52.167", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23163.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23163.json index 60441f02dac..0625e3d72c5 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23163.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23163.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23163", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.273", - "lastModified": "2025-05-02T07:16:01.337", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don't propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(&dev->lock);\n[ 1.212944] lock(&dev->lock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev->flags & IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev->vlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan's allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 > /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: vlan: no propagar indicadores al abrir Con el bloqueo de la instancia del dispositivo, ahora existe la posibilidad de un interbloqueo: [ 1.211455] =============================================== [ 1.211571] ADVERTENCIA: posible bloqueo recursivo detectado [ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 No contaminado [ 1.211823] -------------------------------------------- [ 1.211936] ip/184 is trying to acquire lock: [ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0 [ 1.212207] [ 1.212207] but task is already holding lock: [ 1.212332] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0 [ 1.212487] [ 1.212487] other info that might help us debug this: [ 1.212626] Possible unsafe locking scenario: [ 1.212626] [ 1.212751] CPU0 [ 1.212815] ---- [ 1.212871] lock(&dev->lock); [ 1.212944] lock(&dev->lock); [ 1.213016] [ 1.213016] *** DEADLOCK *** [ 1.213016] [ 1.213143] May be due to missing lock nesting notation [ 1.213143] [ 1.213294] 3 locks held by ip/184: [ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0 [ 1.213543] #1: ffffffff84e5fc70 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0 [ 1.213727] #2: ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0 [ 1.213895] [ 1.213895] stack backtrace: [ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 [ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 [ 1.213994] Call Trace: [ 1.213995] [ 1.213996] dump_stack_lvl+0x8e/0xd0 [ 1.214000] print_deadlock_bug+0x28b/0x2a0 [ 1.214020] lock_acquire+0xea/0x2a0 [ 1.214027] __mutex_lock+0xbf/0xd40 [ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev->flags & IFF_ALLMULTI [ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev [ 1.214042] __dev_open+0x145/0x270 [ 1.214046] __dev_change_flags+0xb0/0x1e0 [ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev [ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev->vlan_info [ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0 [ 1.214058] notifier_call_chain+0x78/0x120 [ 1.214062] netif_open+0x6d/0x90 [ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0 [ 1.214066] bond_enslave+0x64c/0x1230 [ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0 [ 1.214077] do_setlink+0x516/0x13b0 [ 1.214094] rtnl_newlink+0xaba/0xb80 [ 1.214132] rtnetlink_rcv_msg+0x440/0x490 [ 1.214144] netlink_rcv_skb+0xeb/0x120 [ 1.214150] netlink_unicast+0x1f9/0x320 [ 1.214153] netlink_sendmsg+0x346/0x3f0 [ 1.214157] __sock_sendmsg+0x86/0xb0 [ 1.214160] ____sys_sendmsg+0x1c8/0x220 [ 1.214164] ___sys_sendmsg+0x28f/0x2d0 [ 1.214179] __x64_sys_sendmsg+0xef/0x140 [ 1.214184] do_syscall_64+0xec/0x1d0 [ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1.214191] RIP: 0033:0x7f2d1b4a7e56 Device setup: netdevsim0 (down) ^ ^ bond netdevsim1.100@netdevsim1 allmulticast=on (down) Al esclavizar el dispositivo inferior (netdevsim0) que tiene una VLAN, propagamos los indicadores allmuti/promisc de la VLAN durante ndo_open. Esto provoca el (re)bloqueo de real_dev. Allmulti/promisc se propaga cuando cambian los indicadores, no cuando est\u00e1n abiertos. Hay un ligero cambio sem\u00e1ntico: las VLAN inactivas ahora propagan los indicadores, pero es poco probable que esto cause los problemas reales. Reproductor: echo 0 1 > /sys/bus/netdevsim/new_device dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*) dev=$(echo $dev_path | rev | cut -d/ -f1 | rev) ip link set dev $dev name netdevsim0 ip link set dev netdevsim0 up ip link add link netdevsim0 name netdevsim0.100 type vlan id 100 ip link set dev netdevsim0.100 allm ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json index ee36d71380b..d552300e40f 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23177.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23177", "sourceIdentifier": "cna@cyber.gov.il", "published": "2025-04-29T16:15:30.017", - "lastModified": "2025-04-29T16:15:30.017", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-427: Uncontrolled Search Path Element" + }, + { + "lang": "es", + "value": "CWE-427: Elemento de ruta de b\u00fasqueda no controlada" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json index 2789ce88481..1d0ba6418be 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23178.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23178", "sourceIdentifier": "cna@cyber.gov.il", "published": "2025-04-29T16:15:30.157", - "lastModified": "2025-04-29T16:15:30.157", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints" + }, + { + "lang": "es", + "value": "CWE-923: Restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoints previstos" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json index ce9c1ce687d..6c73c87b9b2 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23179.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23179", "sourceIdentifier": "cna@cyber.gov.il", "published": "2025-04-29T16:15:30.297", - "lastModified": "2025-04-29T16:15:30.297", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-798: Use of Hard-coded Credentials" + }, + { + "lang": "es", + "value": "CWE-798: Uso de credenciales codificadas" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json index 11fac30ef74..f9b69afbdc0 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23180.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23180", "sourceIdentifier": "cna@cyber.gov.il", "published": "2025-04-29T17:15:40.687", - "lastModified": "2025-04-29T17:15:40.687", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-250: Execution with Unnecessary Privileges" + }, + { + "lang": "es", + "value": "CWE-250: Ejecuci\u00f3n con privilegios innecesarios" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json index e80148cd5eb..dd2767be6ab 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23181.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23181", "sourceIdentifier": "cna@cyber.gov.il", "published": "2025-04-29T17:15:40.907", - "lastModified": "2025-04-29T17:15:40.907", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-250: Execution with Unnecessary Privileges" + }, + { + "lang": "es", + "value": "CWE-250: Ejecuci\u00f3n con privilegios innecesarios" } ], "metrics": { diff --git a/CVE-2025/CVE-2025-232xx/CVE-2025-23244.json b/CVE-2025/CVE-2025-232xx/CVE-2025-23244.json index 23116cc5191..d5f77833f4b 100644 --- a/CVE-2025/CVE-2025-232xx/CVE-2025-23244.json +++ b/CVE-2025/CVE-2025-232xx/CVE-2025-23244.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23244", "sourceIdentifier": "psirt@nvidia.com", "published": "2025-05-01T14:15:36.060", - "lastModified": "2025-05-01T14:15:36.060", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-232xx/CVE-2025-23245.json b/CVE-2025/CVE-2025-232xx/CVE-2025-23245.json index 2934976ac9a..15cb30ca70f 100644 --- a/CVE-2025/CVE-2025-232xx/CVE-2025-23245.json +++ b/CVE-2025/CVE-2025-232xx/CVE-2025-23245.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23245", "sourceIdentifier": "psirt@nvidia.com", "published": "2025-05-01T14:15:36.250", - "lastModified": "2025-05-01T15:16:19.810", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service." + }, + { + "lang": "es", + "value": "El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad en el Administrador de GPU Virtual (complemento vGPU), que permite a un invitado acceder a recursos globales. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-232xx/CVE-2025-23246.json b/CVE-2025/CVE-2025-232xx/CVE-2025-23246.json index f165ce82759..a0af421a754 100644 --- a/CVE-2025/CVE-2025-232xx/CVE-2025-23246.json +++ b/CVE-2025/CVE-2025-232xx/CVE-2025-23246.json @@ -2,13 +2,17 @@ "id": "CVE-2025-23246", "sourceIdentifier": "psirt@nvidia.com", "published": "2025-05-01T15:16:19.970", - "lastModified": "2025-05-01T15:16:19.970", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service." + }, + { + "lang": "es", + "value": "El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad en el Administrador de GPU Virtual (complemento vGPU), que permite que un invitado consuma recursos sin control. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-232xx/CVE-2025-23254.json b/CVE-2025/CVE-2025-232xx/CVE-2025-23254.json index e112a23e50a..f1c21cf4ee4 100644 --- a/CVE-2025/CVE-2025-232xx/CVE-2025-23254.json +++ b/CVE-2025/CVE-2025-232xx/CVE-2025-23254.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23254", "sourceIdentifier": "psirt@nvidia.com", "published": "2025-05-01T14:15:36.507", - "lastModified": "2025-05-01T14:15:36.507", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-240xx/CVE-2025-24091.json b/CVE-2025/CVE-2025-240xx/CVE-2025-24091.json index 65c898c6a7b..24826181c5d 100644 --- a/CVE-2025/CVE-2025-240xx/CVE-2025-24091.json +++ b/CVE-2025/CVE-2025-240xx/CVE-2025-24091.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24091", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-30T18:15:39.203", - "lastModified": "2025-04-30T21:15:54.160", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service." + }, + { + "lang": "es", + "value": "Una aplicaci\u00f3n podr\u00eda suplantar las notificaciones del sistema. Las notificaciones sensibles ahora requieren permisos restringidos. Este problema se solucion\u00f3 en iOS 18.3, iPadOS 18.3 y iPadOS 17.7.3. Una aplicaci\u00f3n podr\u00eda causar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-241xx/CVE-2025-24132.json b/CVE-2025/CVE-2025-241xx/CVE-2025-24132.json index 0679fe86bdf..313cdf97577 100644 --- a/CVE-2025/CVE-2025-241xx/CVE-2025-24132.json +++ b/CVE-2025/CVE-2025-241xx/CVE-2025-24132.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24132", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-30T21:15:54.343", - "lastModified": "2025-05-01T14:15:36.733", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 mejorando la gesti\u00f3n de la memoria. Este problema se solucion\u00f3 en el SDK de audio de AirPlay 2.7.1, el SDK de v\u00eddeo de AirPlay 3.6.0.126 y el complemento de comunicaci\u00f3n de CarPlay R18.1. Un atacante en la red local podr\u00eda provocar el cierre inesperado de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json index 9db0fecc80c..031bd81a7ad 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24338", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T11:15:48.150", - "lastModified": "2025-04-30T11:15:48.150", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cAdministra datos de la aplicaci\u00f3n\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con pocos privilegios) ejecutar c\u00f3digo arbitrario del lado del cliente en el contexto del navegador de otro usuario a trav\u00e9s de m\u00faltiples solicitudes HTTP manipuladas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json index 2aba9014e7b..6a74aaee1ce 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24339", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T11:15:49.623", - "lastModified": "2025-04-30T11:15:49.623", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto no autenticado realizar varios ataques contra los usuarios del sistema vulnerable, incluido el envenenamiento de cach\u00e9 web o Man-in-the-Middle (MitM), a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json index 22b8c3df9c0..a42fc2109d9 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24340", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T11:15:49.797", - "lastModified": "2025-04-30T11:15:49.797", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el archivo de configuraci\u00f3n de usuarios del sistema operativo ctrlX puede permitir que un atacante remoto autenticado (con pocos privilegios) recupere las contrase\u00f1as de texto simple de otros usuarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24341.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24341.json index 58ed5571cf9..b590729b24e 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24341.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24341.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24341", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:15.493", - "lastModified": "2025-04-30T12:15:15.493", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con privilegios bajos) inducir una denegaci\u00f3n de servicio (DoS) en el dispositivo mediante m\u00faltiples solicitudes HTTP manipuladas. En el peor de los casos, se requiere un reinicio completo para recuperar el control del dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24342.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24342.json index 00779860e80..4b217121521 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24342.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24342.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24342", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:17.490", - "lastModified": "2025-04-30T12:15:17.490", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad de inicio de sesi\u00f3n de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto no autenticado adivinar nombres de usuario v\u00e1lidos a trav\u00e9s de m\u00faltiples solicitudes HTTP manipuladas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24343.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24343.json index 12eefd6e5aa..c3d8a2f4e06 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24343.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24343.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24343", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:17.903", - "lastModified": "2025-04-30T12:15:17.903", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cAdministra datos de la aplicaci\u00f3n\u201d de la aplicaci\u00f3n web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) escriba archivos arbitrarios en rutas arbitrarias del sistema de archivos a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24344.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24344.json index 125f76fe8d3..7d4209cee16 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24344.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24344.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24344", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:18.120", - "lastModified": "2025-04-30T12:15:18.120", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en los mensajes de notificaci\u00f3n de errores de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto no autenticado inyectar etiquetas HTML arbitrarias y, posiblemente, ejecutar c\u00f3digo arbitrario del lado del cliente en el contexto del navegador de otro usuario a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24345.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24345.json index 73b238399ae..78ecb57c785 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24345.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24345.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24345", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:18.310", - "lastModified": "2025-04-30T12:15:18.310", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cHosts\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the \u201chosts\u201d file in an unintended manner via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cHosts\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con privilegios bajos) manipular el archivo \u201chosts\u201d de manera no intencionada a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24346.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24346.json index f3ba32a42d8..81be8d33fd4 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24346.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24346.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24346", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:18.503", - "lastModified": "2025-04-30T12:15:18.503", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cProxy\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the \u201c/etc/environment\u201d file via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cProxy\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con pocos privilegios) manipular el archivo \u201c/etc/environment\u201d a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24347.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24347.json index fcb918035f2..f5cdc154dec 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24347.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24347.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24347", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:18.683", - "lastModified": "2025-04-30T12:15:18.683", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cInterfaces de red\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con pocos privilegios) manipular el archivo de configuraci\u00f3n de red a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24348.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24348.json index 89362ffa075..97511f62776 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24348.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24348.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24348", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:21.233", - "lastModified": "2025-04-30T12:15:21.233", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cInterfaces de red\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con pocos privilegios) manipular el archivo de configuraci\u00f3n de la red inal\u00e1mbrica a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24349.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24349.json index b8747a16c6f..2e9ce64b947 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24349.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24349.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24349", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:21.413", - "lastModified": "2025-04-30T12:15:21.413", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cInterfaces de red\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con pocos privilegios) eliminar la configuraci\u00f3n de las interfaces de red f\u00edsicas a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24350.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24350.json index c2ca4252f92..4e06c8414da 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24350.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24350.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24350", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:21.573", - "lastModified": "2025-04-30T12:15:21.573", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cCertificates and Keys\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cCertificados y claves\u201d de la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con privilegios bajos) escribir certificados arbitrarios en rutas arbitrarias del sistema de archivos a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24351.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24351.json index ff5b2ab3867..c0d9ac00d00 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24351.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24351.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24351", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:21.937", - "lastModified": "2025-04-30T12:15:21.937", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cRemote Logging\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user \u201croot\u201d via a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad de \u201cRegistro remoto\u201d de la aplicaci\u00f3n web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) ejecute comandos arbitrarios del sistema operativo en el contexto del usuario \u201croot\u201d a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-245xx/CVE-2025-24522.json b/CVE-2025/CVE-2025-245xx/CVE-2025-24522.json index 236f06de25f..e0f712ca81c 100644 --- a/CVE-2025/CVE-2025-245xx/CVE-2025-24522.json +++ b/CVE-2025/CVE-2025-245xx/CVE-2025-24522.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24522", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:57.097", - "lastModified": "2025-05-01T19:15:57.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system." + }, + { + "lang": "es", + "value": "KUNBUS Revolution Pi OS Bookworm 01/2025 es vulnerable porque la autenticaci\u00f3n no est\u00e1 configurada por defecto para el servidor Node-RED. Esto puede otorgar a un atacante remoto no autenticado acceso total al servidor Node-RED, donde puede ejecutar comandos arbitrarios en el sistema operativo subyacente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-248xx/CVE-2025-24887.json b/CVE-2025/CVE-2025-248xx/CVE-2025-24887.json index 957b3f9fb9c..52ff8fb5408 100644 --- a/CVE-2025/CVE-2025-248xx/CVE-2025-24887.json +++ b/CVE-2025/CVE-2025-248xx/CVE-2025-24887.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24887", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T19:15:55.070", - "lastModified": "2025-04-30T19:15:55.070", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10." + }, + { + "lang": "es", + "value": "OpenCTI es una plataforma de inteligencia de ciberamenazas de c\u00f3digo abierto. En versiones desde la 6.4.8 hasta anteriores a la 6.4.10, se pueden omitir las listas de permitidos/denegados, lo que permite al usuario cambiar atributos que no se deben modificar. Es posible activar o desactivar la opci\u00f3n \"external\" y cambiar el valor del token de un usuario. Tambi\u00e9n es posible editar atributos que no est\u00e1n en la lista de permitidos, como \"otp_qr\" y \"otp_activated\". Si existen usuarios externos en la configuraci\u00f3n de OpenCTI y la informaci\u00f3n sobre sus identidades es confidencial, las vulnerabilidades mencionadas anteriormente se pueden utilizar para enumerar las cuentas de usuario existentes como un usuario est\u00e1ndar con privilegios bajos. Este problema se ha corregido en la versi\u00f3n 6.4.10." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-24xx/CVE-2025-2421.json b/CVE-2025/CVE-2025-24xx/CVE-2025-2421.json new file mode 100644 index 00000000000..5f65103cb45 --- /dev/null +++ b/CVE-2025/CVE-2025-24xx/CVE-2025-2421.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2421", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-05-02T12:15:15.803", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://sambabox.io/2025/04/14/version-5-1/", + "source": "iletisim@usom.gov.tr" + }, + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0101", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-24xx/CVE-2025-2488.json b/CVE-2025/CVE-2025-24xx/CVE-2025-2488.json new file mode 100644 index 00000000000..9a522b7dcd9 --- /dev/null +++ b/CVE-2025/CVE-2025-24xx/CVE-2025-2488.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2488", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2025-05-02T12:15:16.340", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sambabox.io/2025/04/14/version-5-1/", + "source": "iletisim@usom.gov.tr" + }, + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0101", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25016.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25016.json index 34649ab700a..3de7997a9d3 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25016.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25016.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25016", "sourceIdentifier": "bressers@elastic.co", "published": "2025-05-01T14:15:36.930", - "lastModified": "2025-05-01T14:15:36.930", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json index 71d1edd4d5c..ac6698818c8 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25403.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25403", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-29T16:15:30.437", - "lastModified": "2025-04-29T16:15:30.437", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php." + }, + { + "lang": "es", + "value": "Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 es vulnerable a la inyecci\u00f3n SQL en admin/modules/master_file/coll_type.php." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json index b10b9552366..5f737dd94d1 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25962.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25962", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-29T16:15:30.580", - "lastModified": "2025-04-29T16:15:30.580", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function" + }, + { + "lang": "es", + "value": "Un problema en Coresmartcontracts Uniswap v.3.0 y corregido en v.4.0 permite que un atacante remoto escale privilegios a trav\u00e9s de la funci\u00f3n _modifyPosition" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2605.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2605.json new file mode 100644 index 00000000000..2aa12cf06b1 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2605.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-2605", + "sourceIdentifier": "psirt@honeywell.com", + "published": "2025-05-02T13:15:46.440", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.honeywell.com/us/en/product-security#security-notices", + "source": "psirt@honeywell.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27007.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27007.json index 2a0ea624c33..b17012d81ed 100644 --- a/CVE-2025/CVE-2025-270xx/CVE-2025-27007.json +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27007.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27007", "sourceIdentifier": "audit@patchstack.com", "published": "2025-05-01T11:15:54.517", - "lastModified": "2025-05-01T11:15:54.517", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-271xx/CVE-2025-27134.json b/CVE-2025/CVE-2025-271xx/CVE-2025-27134.json index a8490895712..830dc1ec8bc 100644 --- a/CVE-2025/CVE-2025-271xx/CVE-2025-27134.json +++ b/CVE-2025/CVE-2025-271xx/CVE-2025-27134.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27134", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:00.927", - "lastModified": "2025-04-30T16:15:35.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3." + }, + { + "lang": "es", + "value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y gestionar tareas pendientes, capaz de gestionar un gran n\u00famero de notas organizadas en cuadernos. Antes de la versi\u00f3n 3.3.3, exist\u00eda una vulnerabilidad de escalada de privilegios en el servidor Joplin, que permit\u00eda a usuarios no administradores explotar el endpoint de la API `PATCH /api/users/:id` para establecer el campo `is_admin` en 1. Esta vulnerabilidad permite a usuarios malintencionados con pocos privilegios realizar acciones administrativas sin la debida autorizaci\u00f3n. Este problema se ha corregido en la versi\u00f3n 3.3.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27365.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27365.json index 6b0d1848ea4..2123624c6c3 100644 --- a/CVE-2025/CVE-2025-273xx/CVE-2025-27365.json +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27365.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27365", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-05-01T22:15:17.500", - "lastModified": "2025-05-01T22:15:17.500", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27409.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27409.json index 0c810b23a05..d1bdfe6b9cf 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27409.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27409.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27409", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.067", - "lastModified": "2025-04-30T16:15:35.163", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, path traversal is possible in Joplin Server if static file path starts with `css/pluginAssets` or `js/pluginAssets`. The `findLocalFile` function in the `default route` calls `localFileFromUrl` to check for special `pluginAssets` paths. If the function returns a path, the result is returned directly, without checking for path traversal. The vulnerability allows attackers to read files outside the intended directories. This issue has been patched in version 3.3.3." + }, + { + "lang": "es", + "value": "Joplin es una aplicaci\u00f3n gratuita y de c\u00f3digo abierto para tomar notas y gestionar tareas pendientes, capaz de gestionar un gran n\u00famero de notas organizadas en cuadernos. Antes de la versi\u00f3n 3.3.3, era posible path traversal en Joplin Server si la ruta est\u00e1tica del archivo comenzaba por `css/pluginAssets` o `js/pluginAssets`. La funci\u00f3n `findLocalFile` de la `ruta predeterminada` llama a `localFileFromUrl` para buscar rutas especiales de `pluginAssets`. Si la funci\u00f3n devuelve una ruta, el resultado se devuelve directamente, sin comprobar si hay path traversal. Esta vulnerabilidad permite a los atacantes leer archivos fuera de los directorios previstos. Este problema se ha corregido en la versi\u00f3n 3.3.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27532.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27532.json index 77b0ddb68a5..fe99de2e81e 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27532.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27532.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27532", "sourceIdentifier": "psirt@bosch.com", "published": "2025-04-30T12:15:22.230", - "lastModified": "2025-04-30T12:15:22.230", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u201cBackup & Restore\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funcionalidad \u201cCopia de seguridad y restauraci\u00f3n\u201d de la aplicaci\u00f3n web de ctrlX OS permite que un atacante remoto autenticado (con pocos privilegios) acceda a informaci\u00f3n secreta a trav\u00e9s de m\u00faltiples solicitudes HTTP manipuladas." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27611.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27611.json index e4a3d9de19c..717119e17e4 100644 --- a/CVE-2025/CVE-2025-276xx/CVE-2025-27611.json +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27611.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27611", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T20:15:21.430", - "lastModified": "2025-04-30T20:15:21.430", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1." + }, + { + "lang": "es", + "value": "base-x es un codificador y decodificador base de cualquier alfabeto que utiliza compresi\u00f3n de ceros a la izquierda, al estilo de Bitcoin. Las versiones 4.0.0, 5.0.0 y todas las anteriores a la 3.0.11 son vulnerables a que los atacantes enga\u00f1en a los usuarios para que env\u00eden fondos a una direcci\u00f3n no deseada. Este problema se ha corregido en las versiones 3.0.11, 4.0.1 y 5.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2812.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2812.json index cac98f5d25b..04f04cbac00 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2812.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2812.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2812", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-05-02T09:15:20.210", - "lastModified": "2025-05-02T09:15:20.210", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2816.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2816.json index 7d87671bff5..8913928e6ab 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2816.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2816.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2816", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T03:15:14.627", - "lastModified": "2025-05-01T03:15:14.627", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2817.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2817.json index 867f239e41d..3b6d18fac5b 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2817.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2817.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2817", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:32.220", - "lastModified": "2025-05-01T15:16:20.250", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:49.480", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2880.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2880.json index 7d3adf99da8..26bcd0a474e 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2880.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2880.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2880", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:19.750", - "lastModified": "2025-05-02T03:15:19.750", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2890.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2890.json index d5ab22aa16e..ddcc623ae2c 100644 --- a/CVE-2025/CVE-2025-28xx/CVE-2025-2890.json +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2890.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2890", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-30T09:15:14.503", - "lastModified": "2025-04-30T09:15:14.503", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento tagDiv Opt-In Builder para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo mediante el par\u00e1metro 'subscriptionCouponId' en todas las versiones hasta la 1.7 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, a\u00f1adir consultas SQL adicionales a consultas ya existentes que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-298xx/CVE-2025-29825.json b/CVE-2025/CVE-2025-298xx/CVE-2025-29825.json index f778a35f040..94ecddb9d24 100644 --- a/CVE-2025/CVE-2025-298xx/CVE-2025-29825.json +++ b/CVE-2025/CVE-2025-298xx/CVE-2025-29825.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29825", "sourceIdentifier": "secure@microsoft.com", "published": "2025-05-02T02:15:16.317", - "lastModified": "2025-05-02T02:15:16.317", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29906.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29906.json index aa3fda37f0c..aa97c57a3d9 100644 --- a/CVE-2025/CVE-2025-299xx/CVE-2025-29906.json +++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29906.json @@ -2,13 +2,17 @@ "id": "CVE-2025-29906", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-29T23:16:04.393", - "lastModified": "2025-04-29T23:16:04.393", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11." + }, + { + "lang": "es", + "value": "Finit es un sistema de inicio r\u00e1pido para sistemas Linux. Las versiones 3.0-rc1 y anteriores a la 4.11 incluyen una implementaci\u00f3n de getty para la directiva de configuraci\u00f3n `tty`, que permite omitir `/bin/login`, lo que permite a un usuario iniciar sesi\u00f3n como cualquier usuario sin autenticaci\u00f3n. Este problema se ha corregido en la versi\u00f3n 4.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-302xx/CVE-2025-30202.json b/CVE-2025/CVE-2025-302xx/CVE-2025-30202.json index 3cea08f6c1d..4d9fb30a2ef 100644 --- a/CVE-2025/CVE-2025-302xx/CVE-2025-30202.json +++ b/CVE-2025/CVE-2025-302xx/CVE-2025-30202.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30202", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T01:15:51.800", - "lastModified": "2025-04-30T01:15:51.800", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts. Any client with network access to this host can connect to this XPUB socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker. By potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher. This issue has been patched in version 0.8.5." + }, + { + "lang": "es", + "value": "vLLM es un motor de inferencia y servicio de alto rendimiento y eficiente en memoria para LLM. Las versiones a partir de la 0.5.2 y anteriores a la 0.8.5 son vulnerables a denegaci\u00f3n de servicio y exposici\u00f3n de datos a trav\u00e9s de ZeroMQ en implementaciones de vLLM multinodo. En una implementaci\u00f3n de vLLM multinodo, vLLM utiliza ZeroMQ para algunos fines de comunicaci\u00f3n multinodo. El host vLLM principal abre un socket XPUB ZeroMQ y lo vincula a TODAS las interfaces. Si bien el socket siempre est\u00e1 abierto para implementaciones multinodo, solo se utiliza al realizar paralelismo tensorial en varios hosts. Cualquier cliente con acceso de red a este host puede conectarse a este socket XPUB a menos que su puerto est\u00e9 bloqueado por un firewall. Una vez conectados, estos clientes arbitrarios recibir\u00e1n los mismos datos transmitidos a todos los hosts vLLM secundarios. Estos datos son informaci\u00f3n interna del estado de vLLM que no es \u00fatil para un atacante. Al conectarse a este socket muchas veces y no leer los datos publicados, un atacante tambi\u00e9n puede causar una denegaci\u00f3n de servicio al ralentizar o incluso bloquear al publicador. Este problema se ha corregido en la versi\u00f3n 0.8.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-303xx/CVE-2025-30389.json b/CVE-2025/CVE-2025-303xx/CVE-2025-30389.json index c88e1beeeab..b551bc7705f 100644 --- a/CVE-2025/CVE-2025-303xx/CVE-2025-30389.json +++ b/CVE-2025/CVE-2025-303xx/CVE-2025-30389.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30389", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:46.330", - "lastModified": "2025-04-30T18:15:46.330", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en Azure Bot Framework SDK permite que un atacante no autorizado eleve privilegios en una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-303xx/CVE-2025-30390.json b/CVE-2025/CVE-2025-303xx/CVE-2025-30390.json index d8b3f92ada9..8efbfe84950 100644 --- a/CVE-2025/CVE-2025-303xx/CVE-2025-30390.json +++ b/CVE-2025/CVE-2025-303xx/CVE-2025-30390.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30390", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:46.493", - "lastModified": "2025-04-30T18:15:46.493", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper authorization in Azure allows an authorized attacker to elevate privileges over a network." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en Azure permite que un atacante autorizado eleve privilegios en una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-303xx/CVE-2025-30391.json b/CVE-2025/CVE-2025-303xx/CVE-2025-30391.json index 61d36e899b7..6f43a78c39a 100644 --- a/CVE-2025/CVE-2025-303xx/CVE-2025-30391.json +++ b/CVE-2025/CVE-2025-303xx/CVE-2025-30391.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30391", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:46.657", - "lastModified": "2025-04-30T18:15:46.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en Microsoft Dynamics permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-303xx/CVE-2025-30392.json b/CVE-2025/CVE-2025-303xx/CVE-2025-30392.json index 20e38438859..2bb36600b7b 100644 --- a/CVE-2025/CVE-2025-303xx/CVE-2025-30392.json +++ b/CVE-2025/CVE-2025-303xx/CVE-2025-30392.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30392", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:46.823", - "lastModified": "2025-04-30T18:15:46.823", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en Azure Bot Framework SDK permite que un atacante no autorizado eleve privilegios en una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-304xx/CVE-2025-30422.json b/CVE-2025/CVE-2025-304xx/CVE-2025-30422.json index 3d7a9fc418c..4a76bd7b2e4 100644 --- a/CVE-2025/CVE-2025-304xx/CVE-2025-30422.json +++ b/CVE-2025/CVE-2025-304xx/CVE-2025-30422.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30422", "sourceIdentifier": "product-security@apple.com", "published": "2025-04-30T21:15:54.700", - "lastModified": "2025-05-01T14:15:37.650", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un desbordamiento de b\u00fafer mejorando la validaci\u00f3n de entrada. Este problema se solucion\u00f3 en el SDK de audio de AirPlay 2.7.1, el SDK de v\u00eddeo de AirPlay 3.6.0.126 y el complemento de comunicaci\u00f3n de CarPlay R18.1. Un atacante en la red local podr\u00eda provocar el cierre inesperado de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-320xx/CVE-2025-32011.json b/CVE-2025/CVE-2025-320xx/CVE-2025-32011.json index 1a149759189..f49a8206295 100644 --- a/CVE-2025/CVE-2025-320xx/CVE-2025-32011.json +++ b/CVE-2025/CVE-2025-320xx/CVE-2025-32011.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32011", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:57.357", - "lastModified": "2025-05-01T19:15:57.357", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal." + }, + { + "lang": "es", + "value": "Las versiones 2.5.0 a 2.11.1 de KUNBUS PiCtory tienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n donde un atacante remoto puede omitir la autenticaci\u00f3n para obtener acceso debido a path traversal." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json index 0ea96c16938..764e4493693 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32354.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32354", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-29T16:15:34.770", - "lastModified": "2025-04-29T16:15:34.770", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website." + }, + { + "lang": "es", + "value": "En Zimbra Collaboration (ZCS) 9.0 a 10.1, existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el endpoint GraphQL (/service/extension/graphql) del correo web de Zimbra debido a la falta de validaci\u00f3n del token CSRF. Esto permite a los atacantes realizar operaciones GraphQL no autorizadas, como modificar contactos, cambiar la configuraci\u00f3n de la cuenta y acceder a datos confidenciales del usuario cuando este visita un sitio web malicioso." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32376.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32376.json index f204890b74c..17f89297ab4 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32376.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32376.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32376", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.217", - "lastModified": "2025-04-30T15:16:01.217", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3." + }, + { + "lang": "es", + "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a la 3.4.3 de la rama estable y a la 3.5.0.beta3 de la rama beta, se pod\u00eda superar el l\u00edmite de usuarios para un mensaje directo, lo que permit\u00eda crear un mensaje directo con todos los usuarios de un sitio. Este problema se ha corregido en la versi\u00f3n estable 3.4.3 y la beta 3.5.0.beta3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32444.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32444.json index 74eb2154d41..e76a2aeedda 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32444.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32444.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32444", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T01:15:51.953", - "lastModified": "2025-04-30T01:15:51.953", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5." + }, + { + "lang": "es", + "value": "vLLM es un motor de inferencia y servicio de alto rendimiento y eficiente en memoria para LLM. Las versiones a partir de la 0.6.5 y anteriores a la 0.8.5, que integran vLLM con mooncake, son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo debido al uso de serializaci\u00f3n basada en pickle sobre sockets ZeroMQ no seguros. Los sockets vulnerables estaban configurados para escuchar en todas las interfaces de red, lo que aumenta la probabilidad de que un atacante pueda acceder a los sockets ZeroMQ vulnerables para ejecutar un ataque. Las instancias de vLLM que no utilizan la integraci\u00f3n con mooncake no son vulnerables. Este problema se ha corregido en la versi\u00f3n 0.8.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32777.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32777.json index 4574c14c150..9e8055e29f7 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32777.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32777.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32777", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T19:15:55.353", - "lastModified": "2025-04-30T19:15:55.353", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege escalation, because Volcano users may run their Elastic service and extender plugins in separate pods or nodes from the scheduler. In the Kubernetes security model, node isolation is a security boundary, and as such an attacker is able to cross that boundary in Volcano's case if they have compromised either the vulnerable services or the pod/node in which they are deployed. The scheduler will become unavailable to other users and workloads in the cluster. The scheduler will either crash with an unrecoverable OOM panic or freeze while consuming excessive amounts of memory. This issue has been patched in versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2." + }, + { + "lang": "es", + "value": "Volcano es un sistema de programaci\u00f3n por lotes nativo de Kubernetes. En versiones anteriores a las 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3 y 1.12.0-alpha.2, si un atacante vulneraba el servicio Elastic o el complemento de extensi\u00f3n, pod\u00eda provocar una denegaci\u00f3n de servicio del programador. Esto supone una escalada de privilegios, ya que los usuarios de Volcano pueden ejecutar su servicio Elastic y los complementos de extensi\u00f3n en pods o nodos separados del programador. En el modelo de seguridad de Kubernetes, el aislamiento de nodos es un l\u00edmite de seguridad y, por lo tanto, un atacante puede cruzarlo en el caso de Volcano si ha comprometido los servicios vulnerables o el pod/nodo en el que est\u00e1n implementados. El programador dejar\u00e1 de estar disponible para otros usuarios y cargas de trabajo del cl\u00faster. El programador se bloquear\u00e1 con un p\u00e1nico de OOM irrecuperable o se congelar\u00e1 consumiendo cantidades excesivas de memoria. Este problema se ha solucionado en las versiones 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3 y 1.12.0-alpha.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32881.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32881.json index 7d51da3ee4c..6b65fb34e50 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32881.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32881.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32881", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:54.970", - "lastModified": "2025-05-01T20:15:36.350", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. Por defecto, el GID es el n\u00famero de tel\u00e9fono del usuario, a menos que este lo desactive espec\u00edficamente. Un n\u00famero de tel\u00e9fono es informaci\u00f3n muy sensible, ya que puede asociarse con personas. La aplicaci\u00f3n no cifra el GID en los mensajes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32882.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32882.json index 6e8e96c3c19..0726484a2f5 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32882.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32882.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32882", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.127", - "lastModified": "2025-05-01T20:15:36.530", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. La aplicaci\u00f3n utiliza una implementaci\u00f3n personalizada de cifrado sin mecanismos adicionales de verificaci\u00f3n de integridad. Esto permite que los mensajes sean vulnerables a un atacante que pueda acceder a ellos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32883.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32883.json index 840657a0a19..3d98870e2b1 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32883.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32883.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32883", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.280", - "lastModified": "2025-05-01T20:15:36.820", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message (into existing mesh networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna Mesh con la aplicaci\u00f3n 5.5.3 y el firmware 1.1.12. Esta aplicaci\u00f3n permite inyectar cualquier mensaje personalizado (en redes mesh existentes) con cualquier GID e indicativo mediante una radio definida por software. Esto puede explotarse si el dispositivo se utiliza en un entorno sin cifrar o si la criptograf\u00eda ya ha sido comprometida." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32884.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32884.json index 6b3f16581fc..4f94b6fe151 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32884.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32884.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32884", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.427", - "lastModified": "2025-05-01T20:15:36.977", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en los dispositivos goTenna Mesh con la aplicaci\u00f3n 5.5.3 y el firmware 1.1.12. Por defecto, el GID es el n\u00famero de tel\u00e9fono del usuario, a menos que este lo desactive espec\u00edficamente. Un n\u00famero de tel\u00e9fono es informaci\u00f3n muy sensible, ya que puede asociarse con personas. La aplicaci\u00f3n no cifra el GID en los mensajes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32885.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32885.json index 5f1efa4f005..ec11836754e 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32885.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32885.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32885", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.593", - "lastModified": "2025-05-01T20:15:37.150", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. Esta aplicaci\u00f3n permite inyectar cualquier mensaje personalizado (en redes v1 existentes) con cualquier GID e indicativo mediante una radio definida por software. Esto puede explotarse si el dispositivo se utiliza en un entorno sin cifrar o si la criptograf\u00eda ya ha sido comprometida." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32886.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32886.json index 9bb53814757..6ad6b9cf11e 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32886.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32886.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32886", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.800", - "lastModified": "2025-05-01T20:15:37.360", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. Todos los paquetes enviados por RF tambi\u00e9n se env\u00edan por UART con USB Shell, lo que permite que alguien con acceso local obtenga informaci\u00f3n sobre el protocolo e intercepte datos confidenciales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32887.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32887.json index 3fe506556a2..776fdca3a24 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32887.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32887.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32887", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:55.957", - "lastModified": "2025-05-01T20:15:37.537", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. Un canal de comando incluye el siguiente salto, que puede interceptarse y utilizarse para interrumpir el salto de frecuencia." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32888.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32888.json index 40ade087071..74a5750cdb5 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32888.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32888.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32888", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.107", - "lastModified": "2025-05-01T20:15:37.710", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en los dispositivos goTenna Mesh con la aplicaci\u00f3n 5.5.3 y el firmware 1.1.12. El token de verificaci\u00f3n utilizado para enviar SMS a trav\u00e9s de un servidor goTenna est\u00e1 codificado en la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32889.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32889.json index 18926229e65..f8d9e6cdc3a 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32889.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32889.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32889", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.247", - "lastModified": "2025-05-01T19:15:57.583", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna v1 con la aplicaci\u00f3n 5.5.3 y el firmware 0.25.5. El token de verificaci\u00f3n utilizado para enviar SMS a trav\u00e9s de un servidor goTenna est\u00e1 codificado en la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32890.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32890.json index 030db88fe4d..d044b3314b9 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32890.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32890.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32890", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.390", - "lastModified": "2025-05-01T19:15:57.750", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos goTenna Mesh con la aplicaci\u00f3n 5.5.3 y el firmware 1.1.12. Este problema utiliza una implementaci\u00f3n personalizada de cifrado sin mecanismos adicionales de verificaci\u00f3n de integridad. Esto deja los mensajes vulnerables a un atacante que pueda acceder a ellos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32970.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32970.json index b22b046a99d..bf06040e6da 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32970.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32970.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32970", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.397", - "lastModified": "2025-04-30T16:15:35.907", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0." + }, + { + "lang": "es", + "value": "XWiki es una plataforma wiki gen\u00e9rica. En las versiones 13.5-rc-1 y anteriores a la 15.10.13, 16.0.0-rc-1 y anteriores a la 16.4.4, y 16.5.0-rc-1 y anteriores a la 16.8.0, una vulnerabilidad de redirecci\u00f3n abierta en el filtro de solicitud de conversi\u00f3n HTML permite a los atacantes construir URL en una instancia de XWiki que redirigen a cualquier URL. Este problema se ha corregido en las versiones 15.10.13, 16.4.4 y 16.8.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32971.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32971.json index bdfab47dbe1..71b18111cd8 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32971.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32971.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32971", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.540", - "lastModified": "2025-04-30T16:15:36.010", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1." + }, + { + "lang": "es", + "value": "XWiki es una plataforma wiki gen\u00e9rica. En las versiones desde la 4.5.1 hasta anteriores a la 15.10.13, desde la 16.0.0-rc-1 hasta anteriores a la 16.4.4, y desde la 16.5.0-rc-1 hasta anteriores a la 16.8.0-rc-1, el servicio de scripts de Solr no tiene en cuenta la p\u00e9rdida de permisos de programaci\u00f3n. El servicio de scripts de Solr, accesible a trav\u00e9s de la API de scripts de XWiki, normalmente requiere la llamada a los permisos de programaci\u00f3n. Debido al uso de una API incorrecta para la comprobaci\u00f3n de permisos, no tiene en cuenta que los permisos de programaci\u00f3n podr\u00edan haberse perdido al llamar a `$xcontext.dropPermissions()`. Si alg\u00fan c\u00f3digo depende de esto para la seguridad de ejecutar c\u00f3digo de Velocity con un contexto de autor incorrecto, esto podr\u00eda permitir que un usuario con permisos de script genere una alta carga al indexar documentos o los elimine temporalmente del \u00edndice de b\u00fasqueda. Este problema se ha solucionado en las versiones 15.10.13, 16.4.4 y 16.8.0-rc-1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32972.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32972.json index 3df0172666f..359ae10684c 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32972.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32972.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32972", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.680", - "lastModified": "2025-04-30T16:15:36.113", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1." + }, + { + "lang": "es", + "value": "XWiki es una plataforma wiki gen\u00e9rica. En versiones desde la 6.1-milestone-1 hasta anteriores a la 15.10.12, desde la 16.0.0-rc-1 hasta anteriores a la 16.4.3, y desde la 16.5.0-rc-1 hasta anteriores a la 16.8.0-rc-1, la API de scripts del compilador LESS en XWiki verifica incorrectamente los permisos al llamar a la API de limpieza de cach\u00e9, lo que permite limpiar la cach\u00e9 sin tener permisos de programaci\u00f3n. El \u00fanico impacto es una ralentizaci\u00f3n en la ejecuci\u00f3n de XWiki al rellenar las cach\u00e9s. Dado que esta vulnerabilidad requiere permisos de script para explotarse, y estos permisos ya permiten la ejecuci\u00f3n ilimitada de scripts, el impacto adicional es bajo. Este problema se ha corregido en las versiones 15.10.12, 16.4.3 y 16.8.0-rc-1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32973.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32973.json index c0503589e9c..64ae73a7d62 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32973.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32973.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32973", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.823", - "lastModified": "2025-04-30T16:15:36.230", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1." + }, + { + "lang": "es", + "value": "XWiki es una plataforma wiki gen\u00e9rica. En las versiones 15.9-rc-1 y anteriores a la 15.10.12, 16.0.0-rc-1 y anteriores a la 16.4.3, y 16.5.0-rc-1 y anteriores a la 16.8.0-rc-1, cuando un usuario con permisos de programaci\u00f3n edita un documento en XWiki que fue editado por \u00faltima vez por un usuario sin permisos de programaci\u00f3n y que contiene un objeto XWiki.ComponentClass, no se muestra ninguna advertencia que indique que se otorgar\u00e1n permisos de programaci\u00f3n a este objeto. Un atacante que haya creado un objeto malicioso de este tipo podr\u00eda usarlo para obtener permisos de programaci\u00f3n en la wiki. Para ello, el atacante debe tener permisos de edici\u00f3n en al menos una p\u00e1gina para colocar este objeto y, a continuaci\u00f3n, conseguir que un usuario administrador edite ese documento. Este problema se ha corregido en las versiones 15.10.12, 16.4.3 y 16.8.0-rc-1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32974.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32974.json index 8b37db2ea0b..26457821dd7 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32974.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32974.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32974", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:01.973", - "lastModified": "2025-04-30T16:15:36.397", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0." + }, + { + "lang": "es", + "value": "XWiki es una plataforma wiki gen\u00e9rica. En las versiones 15.9-rc-1 y anteriores a la 15.10.8, y 16.0.0-rc-1 y anteriores a la 16.2.0, el an\u00e1lisis de permisos requeridos no considera las \u00e1reas de texto con el tipo de contenido predeterminado. Al editar una p\u00e1gina, XWiki, desde la versi\u00f3n 15.9, advierte cuando hay contenido en la p\u00e1gina, como una macro de script, que podr\u00eda obtener m\u00e1s permisos debido a la edici\u00f3n. Este an\u00e1lisis no considera ciertos tipos de propiedades, lo que permite a un usuario introducir scripts maliciosos que se ejecutar\u00e1n despu\u00e9s de que un usuario con permisos de script, administrador o programaci\u00f3n haya editado la p\u00e1gina. Dicho script malicioso podr\u00eda afectar la confidencialidad, la integridad y la disponibilidad de toda la instalaci\u00f3n de XWiki. Este problema se ha corregido en las versiones 15.10.8 y 16.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-330xx/CVE-2025-33074.json b/CVE-2025/CVE-2025-330xx/CVE-2025-33074.json index 10bb339fd21..e421e743f31 100644 --- a/CVE-2025/CVE-2025-330xx/CVE-2025-33074.json +++ b/CVE-2025/CVE-2025-330xx/CVE-2025-33074.json @@ -2,8 +2,8 @@ "id": "CVE-2025-33074", "sourceIdentifier": "secure@microsoft.com", "published": "2025-04-30T18:15:47.030", - "lastModified": "2025-04-30T18:15:47.030", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network." + }, + { + "lang": "es", + "value": "La verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en Microsoft Azure Functions permite que un atacante autorizado ejecute c\u00f3digo a trav\u00e9s de una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3301.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3301.json index 96a50d8061f..fd33b21924d 100644 --- a/CVE-2025/CVE-2025-33xx/CVE-2025-3301.json +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3301.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3301", "sourceIdentifier": "product-security@silabs.com", "published": "2025-04-29T14:15:32.643", - "lastModified": "2025-04-29T14:15:32.643", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:49.480", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected." + }, + { + "lang": "es", + "value": "Las contramedidas DPA no est\u00e1n disponibles para las operaciones de acuerdo de claves ECDH y firma EdDSA en Curve25519 y Curve448 en todos los m\u00f3dulos y SoCs Serie 2 debido a la falta de soporte de hardware y software. Un ataque DPA exitoso puede resultar en la exposici\u00f3n de informaci\u00f3n confidencial. La mejor pr\u00e1ctica es utilizar las curvas criptogr\u00e1ficas afectadas y las operaciones con claves ef\u00edmeras para reducir la cantidad de rastros DPA que se pueden recopilar." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3394.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3394.json index 906b8a95372..d5bc1354e01 100644 --- a/CVE-2025/CVE-2025-33xx/CVE-2025-3394.json +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3394.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3394", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-04-30T13:15:48.400", - "lastModified": "2025-04-30T13:15:48.400", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en ABB Automation Builder. Este problema afecta a Automation Builder: hasta 2.8.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3395.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3395.json index 7c7d6210eb9..84b03de7f9a 100644 --- a/CVE-2025/CVE-2025-33xx/CVE-2025-3395.json +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3395.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3395", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2025-04-30T13:15:49.130", - "lastModified": "2025-04-30T13:15:49.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos y almacenamiento de texto sin formato de informaci\u00f3n confidencial en ABB Automation Builder. Este problema afecta a Automation Builder: hasta la versi\u00f3n 2.8.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3438.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3438.json index 30f140c32ac..15432198de9 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3438.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3438.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3438", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T06:15:48.020", - "lastModified": "2025-05-02T06:15:48.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json index 6c864838f35..c0de64c94bf 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3471.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3471", "sourceIdentifier": "contact@wpscan.com", "published": "2025-04-30T06:15:53.153", - "lastModified": "2025-04-30T18:15:47.403", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3488.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3488.json index fe64e673208..f0313e5bb85 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3488.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3488.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3488", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T06:15:48.707", - "lastModified": "2025-05-02T06:15:48.707", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-359xx/CVE-2025-35975.json b/CVE-2025/CVE-2025-359xx/CVE-2025-35975.json index e38de0a403d..52f9e823050 100644 --- a/CVE-2025/CVE-2025-359xx/CVE-2025-35975.json +++ b/CVE-2025/CVE-2025-359xx/CVE-2025-35975.json @@ -2,13 +2,17 @@ "id": "CVE-2025-35975", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:57.887", - "lastModified": "2025-05-01T19:15:57.887", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation." + }, + { + "lang": "es", + "value": "MicroDicom DICOM Viewer es vulnerable a una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario. El usuario debe abrir un archivo DCM malicioso para explotar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-359xx/CVE-2025-35996.json b/CVE-2025/CVE-2025-359xx/CVE-2025-35996.json index 93a562a70a0..4e21d212d23 100644 --- a/CVE-2025/CVE-2025-359xx/CVE-2025-35996.json +++ b/CVE-2025/CVE-2025-359xx/CVE-2025-35996.json @@ -2,13 +2,17 @@ "id": "CVE-2025-35996", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:58.047", - "lastModified": "2025-05-01T19:15:58.047", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack." + }, + { + "lang": "es", + "value": "KUNBUS PiCtory versi\u00f3n 2.11.1 y anteriores son vulnerables cuando un atacante remoto autenticado crea un nombre de archivo especial que puede ser almacenado por los endpoints de la API. Este nombre de archivo se transmite posteriormente al cliente para mostrar una lista de archivos de configuraci\u00f3n. Debido a la falta de un escape o depuraci\u00f3n, el nombre de archivo podr\u00eda ejecutarse como una etiqueta de script HTML, lo que resulta en un ataque de cross-site-scripting." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3501.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3501.json index 2de1fca3210..e1da39e98f8 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3501.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3501.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3501", "sourceIdentifier": "secalert@redhat.com", "published": "2025-04-29T21:15:51.523", - "lastModified": "2025-04-30T03:15:18.960", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una falla en Keycloak. Al configurar la pol\u00edtica de verificaci\u00f3n como \"ALL\", se omite la verificaci\u00f3n del certificado del almac\u00e9n de confianza, lo cual es involuntario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3502.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3502.json index 2507a6b8eda..29a84ed5bfa 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3502.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3502.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3502", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-01T06:15:34.820", - "lastModified": "2025-05-01T15:16:20.400", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento WP Maps para WordPress anterior a la versi\u00f3n 4.7.2 no depura ni escapa de algunas de sus configuraciones de mapas, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json index 2a8c93626db..d0cdcd3f72e 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3503.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3503", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-01T06:15:34.910", - "lastModified": "2025-05-01T06:15:34.910", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3504.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3504.json index 2fe2b2cd122..5db95f0c85c 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3504.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3504.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3504", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-01T06:15:35.013", - "lastModified": "2025-05-01T15:16:20.587", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento WP Maps para WordPress anterior a la versi\u00f3n 4.7.2 no depura ni escapa de algunas de sus configuraciones de mapas, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3510.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3510.json index b3b6f3644e2..567be0b38f1 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3510.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3510.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3510", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:51.480", - "lastModified": "2025-05-02T04:15:51.480", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json index 71afa461433..06519209443 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3513.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3513", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-02T06:15:48.887", - "lastModified": "2025-05-02T06:15:48.887", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3514.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3514.json index 0f81fda465c..c9a4d0a70c4 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3514.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3514.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3514", "sourceIdentifier": "contact@wpscan.com", "published": "2025-05-02T06:15:48.980", - "lastModified": "2025-05-02T06:15:48.980", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3517.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3517.json index bf7a40dbdfa..ebdd9d613ea 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3517.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3517.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3517", "sourceIdentifier": "security@devolutions.net", "published": "2025-05-01T19:15:58.517", - "lastModified": "2025-05-01T19:15:58.517", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Privilege context switching error in PAM JIT feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM JIT account password to be improperly reset after usage via specific actions such as editing the username." + "value": "Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account\u2019s SID when updating the username." + }, + { + "lang": "es", + "value": "El error de cambio de contexto de privilegio en la funci\u00f3n PAM JIT en Devolutions Server 2025.1.5.0 y versiones anteriores permite que una contrase\u00f1a de cuenta PAM JIT se restablezca incorrectamente despu\u00e9s del uso a trav\u00e9s de acciones espec\u00edficas, como editar el nombre de usuario." } ], "metrics": { @@ -42,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-270" + "value": "CWE-266" } ] } diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3521.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3521.json index e017510bbd5..d8f99ccafb4 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3521.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3521.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3521", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T07:15:58.223", - "lastModified": "2025-05-01T07:15:58.223", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3599.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3599.json index defe30d7e81..29b7b457dad 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3599.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3599.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3599", "sourceIdentifier": "secure@symantec.com", "published": "2025-04-30T17:15:50.760", - "lastModified": "2025-04-30T17:15:50.760", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user." + }, + { + "lang": "es", + "value": "Symantec Endpoint Protection Windows Agent, que ejecuta un motor ERASER anterior a 119.1.7.8, puede ser susceptible a una vulnerabilidad de elevaci\u00f3n de privilegios, que puede permitir a un atacante eliminar recursos que normalmente est\u00e1n protegidos de una aplicaci\u00f3n o un usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-365xx/CVE-2025-36521.json b/CVE-2025/CVE-2025-365xx/CVE-2025-36521.json index 684cb61ba9a..3a3cf457904 100644 --- a/CVE-2025/CVE-2025-365xx/CVE-2025-36521.json +++ b/CVE-2025/CVE-2025-365xx/CVE-2025-36521.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36521", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:58.203", - "lastModified": "2025-05-01T19:15:58.203", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation." + }, + { + "lang": "es", + "value": "MicroDicom DICOM Viewer es vulnerable a una lectura fuera de los l\u00edmites, lo que podr\u00eda permitir que un atacante corrompa la memoria de la aplicaci\u00f3n. El usuario debe abrir un archivo DCM malicioso para explotar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-365xx/CVE-2025-36558.json b/CVE-2025/CVE-2025-365xx/CVE-2025-36558.json index a3fc42e3ea7..896a0625b7a 100644 --- a/CVE-2025/CVE-2025-365xx/CVE-2025-36558.json +++ b/CVE-2025/CVE-2025-365xx/CVE-2025-36558.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36558", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-05-01T19:15:58.367", - "lastModified": "2025-05-01T19:15:58.367", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an sso_token, that script will reply to the user and be executed." + }, + { + "lang": "es", + "value": "KUNBUS PiCtory versi\u00f3n 2.11.1 y anteriores son vulnerables a ataques de cross-site scripting mediante el token sso_token utilizado para la autenticaci\u00f3n. Si un atacante proporciona al usuario una URL de PiCtory que contiene un script HTML como token sso_token, dicho script responder\u00e1 al usuario y se ejecutar\u00e1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3670.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3670.json index a3fa830b930..bf3ae31b017 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3670.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3670.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3670", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:20.700", - "lastModified": "2025-05-02T03:15:20.700", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37738.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37738.json index 384a0f9a564..74d058e388e 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37738.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37738.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37738", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.383", - "lastModified": "2025-05-02T07:16:01.437", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: ignore xattrs past end\n\nOnce inside 'ext4_xattr_inode_dec_ref_all' we should\nignore xattrs entries past the 'end' entry.\n\nThis fixes the following KASAN reported issue:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\nRead of size 4 at addr ffff888012c120c4 by task repro/2065\n\nCPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x1fd/0x300\n ? tcp_gro_dev_warn+0x260/0x260\n ? _printk+0xc0/0x100\n ? read_lock_is_recursive+0x10/0x10\n ? irq_work_queue+0x72/0xf0\n ? __virt_addr_valid+0x17b/0x4b0\n print_address_description+0x78/0x390\n print_report+0x107/0x1f0\n ? __virt_addr_valid+0x17b/0x4b0\n ? __virt_addr_valid+0x3ff/0x4b0\n ? __phys_addr+0xb5/0x160\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n kasan_report+0xcc/0x100\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ? ext4_xattr_delete_inode+0xd30/0xd30\n ? __ext4_journal_ensure_credits+0x5f0/0x5f0\n ? __ext4_journal_ensure_credits+0x2b/0x5f0\n ? inode_update_timestamps+0x410/0x410\n ext4_xattr_delete_inode+0xb64/0xd30\n ? ext4_truncate+0xb70/0xdc0\n ? ext4_expand_extra_isize_ea+0x1d20/0x1d20\n ? __ext4_mark_inode_dirty+0x670/0x670\n ? ext4_journal_check_start+0x16f/0x240\n ? ext4_inode_is_fast_symlink+0x2f2/0x3a0\n ext4_evict_inode+0xc8c/0xff0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n ? do_raw_spin_unlock+0x53/0x8a0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n evict+0x4ac/0x950\n ? proc_nr_inodes+0x310/0x310\n ? trace_ext4_drop_inode+0xa2/0x220\n ? _raw_spin_unlock+0x1a/0x30\n ? iput+0x4cb/0x7e0\n do_unlinkat+0x495/0x7c0\n ? try_break_deleg+0x120/0x120\n ? 0xffffffff81000000\n ? __check_object_size+0x15a/0x210\n ? strncpy_from_user+0x13e/0x250\n ? getname_flags+0x1dc/0x530\n __x64_sys_unlinkat+0xc8/0xf0\n do_syscall_64+0x65/0x110\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x434ffd\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8\nRSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107\nRAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd\nRDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005\nRBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001\n \n\nThe buggy address belongs to the object at ffff888012c12000\n which belongs to the cache filp of size 360\nThe buggy address is located 196 bytes inside of\n freed 360-byte region [ffff888012c12000, ffff888012c12168)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c12\nhead: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nflags: 0x40(head|node=0|zone=0)\npage_type: f5(slab)\nraw: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nraw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nhead: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000001 ffffea00004b0481 ffffffffffffffff 0000000000000000\nhead: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888012c12180: fc fc fc fc fc fc fc fc fc\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: ignorar xattrs despu\u00e9s del final Una vez dentro de 'ext4_xattr_inode_dec_ref_all' debemos ignorar las entradas xattrs m\u00e1s all\u00e1 de la entrada 'end'. Esto corrige el siguiente problema informado por KASAN: ====================================================================== ERROR: KASAN: slab-use-after-free en ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888012c120c4 por la tarea repro/2065 CPU: 1 UID: 0 PID: 2065 Comm: repro No contaminado 6.13.0-rc2+ #11 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x1fd/0x300 ? tcp_gro_dev_warn+0x260/0x260 ? _printk+0xc0/0x100 ? read_lock_is_recursive+0x10/0x10 ? irq_work_queue+0x72/0xf0 ? __virt_addr_valid+0x17b/0x4b0 print_address_description+0x78/0x390 print_report+0x107/0x1f0 ? __virt_addr_valid+0x17b/0x4b0 ? __virt_addr_valid+0x3ff/0x4b0 ? __phys_addr+0xb5/0x160 ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 kasan_report+0xcc/0x100 ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 ? ext4_xattr_delete_inode+0xd30/0xd30 ? __ext4_journal_ensure_credits+0x5f0/0x5f0 ? __ext4_journal_ensure_credits+0x2b/0x5f0 ? inode_update_timestamps+0x410/0x410 ext4_xattr_delete_inode+0xb64/0xd30 ? ext4_truncate+0xb70/0xdc0 ? ext4_expand_extra_isize_ea+0x1d20/0x1d20 ? __ext4_mark_inode_dirty+0x670/0x670 ? ext4_journal_check_start+0x16f/0x240 ? ext4_inode_is_fast_symlink+0x2f2/0x3a0 ext4_evict_inode+0xc8c/0xff0 ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 ? do_raw_spin_unlock+0x53/0x8a0 ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 evict+0x4ac/0x950 ? proc_nr_inodes+0x310/0x310 ? trace_ext4_drop_inode+0xa2/0x220 ? _raw_spin_unlock+0x1a/0x30 ? iput+0x4cb/0x7e0 do_unlinkat+0x495/0x7c0 ? try_break_deleg+0x120/0x120 ? 0xffffffff81000000 ? __check_object_size+0x15a/0x210 ? strncpy_from_user+0x13e/0x250 ? getname_flags+0x1dc/0x530 __x64_sys_unlinkat+0xc8/0xf0 do_syscall_64+0x65/0x110 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x434ffd Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8 RSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 RAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001 La direcci\u00f3n con errores pertenece al objeto en ffff888012c12000 que pertenece al filp de cach\u00e9 de tama\u00f1o 360 La direcci\u00f3n con errores se encuentra 196 bytes dentro de la regi\u00f3n liberada de 360 bytes [ffff888012c12000, ffff888012c12168) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page: refcount:1 mapcount:0 mapping:000000000000000 index:0x0 pfn:0x12c12 head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 conteo de pines:0 indicadores: 0x40(cabeza|nodo=0|zona=0) tipo_de_p\u00e1gina: f5(losa) sin procesar: 0000000000000040 ffff888000ad7640 ffffea0000497a00 muerto000000000004 sin procesar: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 cabeza: 0000000000000040 ffff888000ad7640 ffffea0000497a00 muerto000000000004 cabeza: 0000000000000000 0000000000100010 00000001f5000000 00000000000000000 cabeza: 0000000000000001 ffffea00004b0481 ffffffffffffffff 000000000000000 cabeza: 0000000000000002 000000000000000 00000000ffffffff 000000000000000 p\u00e1gina volcada porque: kasan: se detect\u00f3 un acceso incorrecto Estado de la memoria alrededor de la direcci\u00f3n con errores: ffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37739.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37739.json index 101f6f7605d..17acf28a0b8 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37739.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37739.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37739", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.500", - "lastModified": "2025-05-02T07:16:01.533", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()\n\nsyzbot reports an UBSAN issue as below:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in fs/f2fs/node.h:381:10\nindex 18446744073709550692 is out of range for type '__le32[5]' (aka 'unsigned int[5]')\nCPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429\n get_nid fs/f2fs/node.h:381 [inline]\n f2fs_truncate_inode_blocks+0xa5e/0xf60 fs/f2fs/node.c:1181\n f2fs_do_truncate_blocks+0x782/0x1030 fs/f2fs/file.c:808\n f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:836\n f2fs_truncate+0x417/0x720 fs/f2fs/file.c:886\n f2fs_file_write_iter+0x1bdb/0x2550 fs/f2fs/file.c:5093\n aio_write+0x56b/0x7c0 fs/aio.c:1633\n io_submit_one+0x8a7/0x18a0 fs/aio.c:2052\n __do_sys_io_submit fs/aio.c:2111 [inline]\n __se_sys_io_submit+0x171/0x2e0 fs/aio.c:2081\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f238798cde9\n\nindex 18446744073709550692 (decimal, unsigned long long)\n= 0xfffffffffffffc64 (hexadecimal, unsigned long long)\n= -924 (decimal, long long)\n\nIn f2fs_truncate_inode_blocks(), UBSAN detects that get_nid() tries to\naccess .i_nid[-924], it means both offset[0] and level should zero.\n\nThe possible case should be in f2fs_do_truncate_blocks(), we try to\ntruncate inode size to zero, however, dn.ofs_in_node is zero and\ndn.node_page is not an inode page, so it fails to truncate inode page,\nand then pass zeroed free_from to f2fs_truncate_inode_blocks(), result\nin this issue.\n\n\tif (dn.ofs_in_node || IS_INODE(dn.node_page)) {\n\t\tf2fs_truncate_data_blocks_range(&dn, count);\n\t\tfree_from += count;\n\t}\n\nI guess the reason why dn.node_page is not an inode page could be: there\nare multiple nat entries share the same node block address, once the node\nblock address was reused, f2fs_get_node_page() may load a non-inode block.\n\nLet's add a sanity check for such condition to avoid out-of-bounds access\nissue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar el acceso fuera de los l\u00edmites en f2fs_truncate_inode_blocks() syzbot informa un problema de UBSAN como se muestra a continuaci\u00f3n: ------------[ cortar aqu\u00ed ]------------ UBSAN: array-index-out-of-bounds en fs/f2fs/node.h:381:10 el \u00edndice 18446744073709550692 est\u00e1 fuera de rango para el tipo '__le32[5]' (tambi\u00e9n conocido como 'unsigned int[5]') CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 No contaminado 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0 Rastreo de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [en l\u00ednea] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429 get_nid fs/f2fs/node.h:381 [en l\u00ednea] f2fs_truncate_inode_blocks+0xa5e/0xf60 fs/f2fs/node.c:1181 f2fs_do_truncate_blocks+0x782/0x1030 fs/f2fs/file.c:808 f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/archivo.c:836 f2fs_truncate+0x417/0x720 fs/f2fs/archivo.c:886 f2fs_file_write_iter+0x1bdb/0x2550 fs/f2fs/archivo.c:5093 aio_write+0x56b/0x7c0 fs/aio.c:1633 io_submit_one+0x8a7/0x18a0 fs/aio.c:2052 __do_sys_io_submit fs/aio.c:2111 [en l\u00ednea] __se_sys_io_submit+0x171/0x2e0 fs/aio.c:2081 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f238798cde9 \u00edndice 18446744073709550692 (decimal, unsigned long long) = 0xfffffffffffffc64 (hexadecimal, unsigned long long) = -924 (decimal, long long) En f2fs_truncate_inode_blocks(), UBSAN detecta que get_nid() intenta acceder a .i_nid[-924], lo que significa que tanto offset[0] como level deben ser cero. El caso posible deber\u00eda estar en f2fs_do_truncate_blocks(), tratamos de truncar el tama\u00f1o del inodo a cero, sin embargo, dn.ofs_in_node es cero y dn.node_page no es una p\u00e1gina de inodo, por lo que no puede truncar la p\u00e1gina de inodo y luego pasa free_from en cero a f2fs_truncate_inode_blocks(), lo que da como resultado este problema. if (dn.ofs_in_node || IS_INODE(dn.node_page)) { f2fs_truncate_data_blocks_range(&dn, count); free_from += count; } Supongo que la raz\u00f3n por la que dn.node_page no es una p\u00e1gina de inodo podr\u00eda ser: hay varias entradas nat que comparten la misma direcci\u00f3n de bloque de nodo, una vez que se reutiliz\u00f3 la direcci\u00f3n de bloque de nodo, f2fs_get_node_page() puede cargar un bloque que no sea de inodo. Agreguemos una verificaci\u00f3n de cordura para tal condici\u00f3n para evitar problemas de acceso fuera de los l\u00edmites." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37740.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37740.json index 9df853c739f..42007f03c89 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37740.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37740.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37740", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.617", - "lastModified": "2025-05-02T07:16:01.627", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add sanity check for agwidth in dbMount\n\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\n\nTo avoid this issue, add a check for agwidth in dbAllocAG." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: a\u00f1adir una comprobaci\u00f3n de validez para agwidth en dbMount. El ancho en dmapctl del AG es cero, lo que genera un error de divisi\u00f3n al calcular el nivel de p\u00e1gina de control en dbAllocAG. Para evitar este problema, a\u00f1ada una comprobaci\u00f3n para agwidth en dbAllocAG." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37741.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37741.json index d4cca59c267..4f6a00f4dc8 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37741.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37741.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37741", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.723", - "lastModified": "2025-05-02T07:16:01.717", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Prevent copying of nlink with value 0 from disk inode\n\nsyzbot report a deadlock in diFree. [1]\n\nWhen calling \"ioctl$LOOP_SET_STATUS64\", the offset value passed in is 4,\nwhich does not match the mounted loop device, causing the mapping of the\nmounted loop device to be invalidated.\n\nWhen creating the directory and creating the inode of iag in diReadSpecial(),\nread the page of fixed disk inode (AIT) in raw mode in read_metapage(), the\nmetapage data it returns is corrupted, which causes the nlink value of 0 to be\nassigned to the iag inode when executing copy_from_dinode(), which ultimately\ncauses a deadlock when entering diFree().\n\nTo avoid this, first check the nlink value of dinode before setting iag inode.\n\n[1]\nWARNING: possible recursive locking detected\n6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Not tainted\n--------------------------------------------\nsyz-executor301/5309 is trying to acquire lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n\nbut task is already holding lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(&(imap->im_aglock[index]));\n lock(&(imap->im_aglock[index]));\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n5 locks held by syz-executor301/5309:\n #0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515\n #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline]\n #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026\n #2: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669\n\nstack backtrace:\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037\n check_deadlock kernel/locking/lockdep.c:3089 [inline]\n validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891\n __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n jfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156\n evict+0x4e8/0x9b0 fs/inode.c:725\n diFreeSpecial fs/jfs/jfs_imap.c:552 [inline]\n duplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022\n diNewIAG fs/jfs/jfs_imap.c:2597 [inline]\n diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669\n diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdirat fs/namei.c:4295 [inline]\n __se_sys_mkdirat fs/namei.c:4293 [inline]\n __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293\n do_syscall_x64 arch/x86/en\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: Impide la copia de nlink con valor 0 desde el inodo de disco. syzbot informa de un bloqueo en diFree. [1] Al llamar a \"ioctl$LOOP_SET_STATUS64\", el valor de desplazamiento pasado es 4, que no coincide con el dispositivo de bucle montado, lo que invalida la asignaci\u00f3n de dicho dispositivo. Al crear el directorio y el inodo de iag en diReadSpecial(), al leer la p\u00e1gina del inodo de disco fijo (AIT) en modo sin procesar en read_metapage(), los datos de metap\u00e1gina que devuelve est\u00e1n da\u00f1ados, lo que provoca que el valor nlink de 0 se asigne al inodo iag al ejecutar copy_from_dinode(), lo que finalmente provoca un bloqueo al acceder a diFree(). Para evitar esto, compruebe primero el valor nlink de dinode antes de configurar el inodo iag. [1] ADVERTENCIA: se detect\u00f3 un posible bloqueo recursivo 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 No contaminado -------------------------------------------- syz-executor301/5309 est\u00e1 intentando adquirir el bloqueo: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, en: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889 pero la tarea ya tiene el bloqueo: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, en: diAlloc+0x1b6/0x1630 Otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 ---- bloqueo(&(imap->im_aglock[\u00edndice])); bloqueo(&(imap->im_aglock[\u00edndice])); *** BLOQUEO INTERMEDIO *** Puede deberse a la falta de notaci\u00f3n de anidamiento de bloqueos. 5 bloqueos mantenidos por syz-executor301/5309: #0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, en: mnt_want_write+0x3f/0x90 fs/namespace.c:515 #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, en: inode_lock_nested include/linux/fs.h:850 [en l\u00ednea] #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, en: nombre_archivo_crear+0x260/0x540 fs/nombrei.c:4026 #2: ffff888044548920 (&(imap->im_aglock[\u00edndice])){+.+.}-{3:3}, en: diAlloc+0x1b6/0x1630 #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, en: diNewIAG fs/jfs/jfs_imap.c:2460 [en l\u00ednea] #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, en: diAllocExt fs/jfs/jfs_imap.c:1905 [en l\u00ednea] #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, en: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669 #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, en: diNewIAG fs/jfs/jfs_imap.c:2477 [en l\u00ednea] #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, en: diAllocExt fs/jfs/jfs_imap.c:1905 [en l\u00ednea] #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, en: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669 seguimiento de pila: CPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 No contaminado 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037 check_deadlock kernel/locking/lockdep.c:3089 [en l\u00ednea] validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __mutex_lock_common kernel/locking/mutex.c:608 [en l\u00ednea] __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752 diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889 jfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156 evict+0x4e8/0x9b0 fs/inode.c:725 diFreeSpecial fs/jfs/jfs_imap.c:552 [en l\u00ednea] duplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022 diNewIAG fs/jfs/jfs_imap.c:2597 [en l\u00ednea] diAllocExt fs/jfs/jfs_imap.c:1905 [en l\u00ednea] diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdirat fs/namei.c:4295 [en l\u00ednea] __se_sys_mkdirat fs/namei.c:4293 [en " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37742.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37742.json index af8e12ade5d..82244b6facd 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37742.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37742.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37742", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:52.870", - "lastModified": "2025-05-02T07:16:01.817", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of imap allocated in the diMount() function\n\nsyzbot reports that hex_dump_to_buffer is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nhex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nprint_hex_dump+0x13d/0x3e0 lib/hexdump.c:276\ndiFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876\njfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156\nevict+0x723/0xd10 fs/inode.c:796\niput_final fs/inode.c:1946 [inline]\niput+0x97b/0xdb0 fs/inode.c:1972\ntxUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367\ntxLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\njfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733\nkthread+0x6b9/0xef0 kernel/kthread.c:464\nret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4121 [inline]\nslab_alloc_node mm/slub.c:4164 [inline]\n__kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320\nkmalloc_noprof include/linux/slab.h:901 [inline]\ndiMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105\njfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176\njfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523\nget_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636\nget_tree_bdev+0x37/0x50 fs/super.c:1659\njfs_get_tree+0x34/0x40 fs/jfs/super.c:635\nvfs_get_tree+0xb1/0x5a0 fs/super.c:1814\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3560\npath_mount+0x742/0x1f10 fs/namespace.c:3887\ndo_mount fs/namespace.c:3900 [inline]\n__do_sys_mount fs/namespace.c:4111 [inline]\n__se_sys_mount+0x71f/0x800 fs/namespace.c:4088\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088\nx64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n=====================================================\n\nThe reason is that imap is not properly initialized after memory\nallocation. It will cause the snprintf() function to write uninitialized\ndata into linebuf within hex_dump_to_buffer().\n\nFix this by using kzalloc instead of kmalloc to clear its content at the\nbeginning in diMount()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: Se corrige el acceso a un valor no inicializado de imap asignado en la funci\u00f3n diMount() syzbot informa que hex_dump_to_buffer est\u00e1 usando un valor no inicializado: ======================================================== ERROR: KMSAN: un valor no inicializado en hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876 jfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156 evict+0x723/0xd10 fs/inode.c:796 iput_final fs/inode.c:1946 [en l\u00ednea] iput+0x97b/0xdb0 fs/inode.c:1972 txUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [en l\u00ednea] jfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733 kthread+0x6b9/0xef0 kernel/kthread.c:464 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:4121 [en l\u00ednea] slab_alloc_node mm/slub.c:4164 [en l\u00ednea] __kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320 kmalloc_noprof include/linux/slab.h:901 [en l\u00ednea] diMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105 jfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176 jfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523 obtener_\u00e1rbol_bdev_flags+0x6ec/0x910 fs/super.c:1636 obtener_\u00e1rbol_bdev+0x37/0x50 fs/super.c:1659 jfs_obtener_\u00e1rbol+0x34/0x40 fs/jfs/super.c:635 vfs_obtener_\u00e1rbol+0xb1/0x5a0 fs/super.c:1814 hacer_nuevo_montaje+0x71f/0x15e0 fs/espacio_de_nombres.c:3560 path_mount+0x742/0x1f10 fs/namespace.c:3887 do_mount fs/namespace.c:3900 [en l\u00ednea] __do_sys_mount fs/namespace.c:4111 [en l\u00ednea] __se_sys_mount+0x71f/0x800 fs/namespace.c:4088 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4088 x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f == ..." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37743.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37743.json index 3ecb2cc2e8a..9aac9ef085a 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37743.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37743.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37743", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.000", - "lastModified": "2025-05-01T13:15:53.000", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37744.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37744.json index 6b9aa977c58..bb808d26cf6 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37744.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37744.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37744", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.100", - "lastModified": "2025-05-01T13:15:53.100", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37745.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37745.json index 80060a68ea7..7bbf69718bb 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37745.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37745.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37745", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.207", - "lastModified": "2025-05-01T13:15:53.207", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37746.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37746.json index e8b0e5cf84d..434b05f8c92 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37746.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37746.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37746", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.313", - "lastModified": "2025-05-01T13:15:53.313", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37747.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37747.json index 31f2e7be456..cc5873c4373 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37747.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37747.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37747", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.417", - "lastModified": "2025-05-01T13:15:53.417", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37748.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37748.json index e9b721b4f98..5ae14849f0a 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37748.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37748.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37748", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.523", - "lastModified": "2025-05-01T13:15:53.523", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37749.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37749.json index 37b6e12cb16..b18cfc39452 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37749.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37749.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37749", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.633", - "lastModified": "2025-05-02T07:16:01.910", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ppp: Se ha a\u00f1adido la comprobaci\u00f3n de los l\u00edmites para datos de skb en ppp_sync_txmung. Se garantiza que haya suficientes datos en el b\u00fafer lineal de skb antes de acceder a los bytes iniciales. Esto evita posibles accesos fuera de los l\u00edmites al procesar paquetes cortos. Cuando ppp_sync_txmung recibe un paquete entrante con un payload vac\u00eda: (remoto) gef? p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } de la estructura skb (recortada) tail = 0x16, end = 0x140, head = 0xffff88803346f400 \"4\", data = 0xffff88803346f416 \":\\377\", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, no es seguro acceder a los datos[2]. [pabeni@redhat.com: error tipogr\u00e1fico corregido]" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37750.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37750.json index f84957aab56..ed8dfa1ac63 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37750.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37750.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37750", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.740", - "lastModified": "2025-05-01T13:15:53.740", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37751.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37751.json index 2cf2125e762..e723c5282fb 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37751.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37751.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37751", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.843", - "lastModified": "2025-05-01T13:15:53.843", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json index 89919f0ba36..a8b92af37df 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37752.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37752", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:53.933", - "lastModified": "2025-05-01T13:15:53.933", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37753.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37753.json index 6d3f462a91c..45c3ebbb4e9 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37753.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37753.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37753", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.050", - "lastModified": "2025-05-01T13:15:54.050", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37754.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37754.json index 23e79b08f7e..55f8e1eb0d3 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37754.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37754.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37754", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.157", - "lastModified": "2025-05-01T13:15:54.157", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37755.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37755.json index 80125fc6284..6054277dad3 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37755.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37755.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37755", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.267", - "lastModified": "2025-05-01T13:15:54.267", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37756.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37756.json index 236f10f2166..d85d7197812 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37756.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37756.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37756", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.370", - "lastModified": "2025-05-02T07:16:02.007", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: explicitly disallow disconnect\n\nsyzbot discovered that it can disconnect a TLS socket and then\nrun into all sort of unexpected corner cases. I have a vague\nrecollection of Eric pointing this out to us a long time ago.\nSupporting disconnect is really hard, for one thing if offload\nis enabled we'd need to wait for all packets to be _acked_.\nDisconnect is not commonly used, disallow it.\n\nThe immediate problem syzbot run into is the warning in the strp,\nbut that's just the easiest bug to trigger:\n\n WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486\n Call Trace:\n \n tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363\n tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043\n inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678\n sock_recvmsg_nosec net/socket.c:1023 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1045\n __sys_recvfrom+0x202/0x380 net/socket.c:2237" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tls: expl\u00edcitamente deshabilitar la desconexi\u00f3n. syzbot descubri\u00f3 que puede desconectar un socket TLS y luego encontrarse con todo tipo de casos inesperados. Recuerdo vagamente que Eric nos lo se\u00f1al\u00f3 hace mucho tiempo. Admitir la desconexi\u00f3n es muy dif\u00edcil; por ejemplo, si la descarga est\u00e1 habilitada, tendr\u00edamos que esperar a que se ackearan todos los paquetes. La desconexi\u00f3n no se usa com\u00fanmente; deshabilitarla. El problema inmediato con el que se encuentra syzbot es la advertencia en el strp, pero ese es simplemente el error m\u00e1s f\u00e1cil de activar: ADVERTENCIA: CPU: 0 PID: 5834 en net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 Rastreo de llamada: tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363 tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043 inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678 sock_recvmsg_nosec net/socket.c:1023 [en l\u00ednea] sock_recvmsg+0x109/0x280 net/socket.c:1045 __sys_recvfrom+0x202/0x380 net/socket.c:2237" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37757.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37757.json index 50f1d9fa073..ab79fa8e711 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37757.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37757.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37757", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.480", - "lastModified": "2025-05-02T07:16:02.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix memory leak in tipc_link_xmit\n\nIn case the backlog transmit queue for system-importance messages is overloaded,\ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to\nmemory leak and failure when a skb is allocated.\n\nThis commit fixes this issue by purging the skb list before tipc_link_xmit()\nreturns." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: se corrige una fuga de memoria en tipc_link_xmit. Si la cola de transmisi\u00f3n de mensajes importantes del sistema est\u00e1 sobrecargada, tipc_link_xmit() devuelve -ENOBUFS, pero la lista de skb no se purga. Esto provoca una fuga de memoria y un fallo al asignar un skb. Esta confirmaci\u00f3n corrige este problema purgando la lista de skb antes del retorno de tipc_link_xmit()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37758.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37758.json index c3dbc887a4d..bbb0ed21b44 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37758.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37758.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37758", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.583", - "lastModified": "2025-05-02T07:16:02.187", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()\n\ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does\nnot check for this case, which can result in a NULL pointer dereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ata: pata_pxa: Se corrige la posible desreferencia de punteros nulos en pxa_ata_probe(). Devm_ioremap() devuelve NULL en caso de error. Actualmente, pxa_ata_probe() no verifica este caso, lo que puede provocar una desreferencia de punteros nulos. Agregue la comprobaci\u00f3n de NULL despu\u00e9s de devm_ioremap() para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37759.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37759.json index f888ed632f7..ca23c471109 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37759.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37759.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37759", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T13:15:54.690", - "lastModified": "2025-05-01T13:15:54.690", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37760.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37760.json index a3fe5b89561..8bc2ded00ca 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37760.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37760.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37760", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:38.110", - "lastModified": "2025-05-01T14:15:38.110", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37761.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37761.json index f410f9b2857..33cd0ef7330 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37761.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37761.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37761", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:38.377", - "lastModified": "2025-05-01T14:15:38.377", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37762.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37762.json index 70b2873172f..d8c5377b591 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37762.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37762.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37762", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:38.500", - "lastModified": "2025-05-01T14:15:38.500", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37763.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37763.json index eb64c37830a..751d416bf61 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37763.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37763.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37763", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:38.817", - "lastModified": "2025-05-01T14:15:38.817", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37764.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37764.json index 0fa2545b235..acae5abf34b 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37764.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37764.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37764", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:39.150", - "lastModified": "2025-05-01T14:15:39.150", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37765.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37765.json index e14617edb2c..401397df784 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37765.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37765.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37765", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:39.417", - "lastModified": "2025-05-02T07:16:02.273", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix ttm_bo_delayed_delete oops\n\nFix an oops in ttm_bo_delayed_delete which results from dererencing a\ndangling pointer:\n\nOops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP\nCPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216\nHardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024\nWorkqueue: ttm ttm_bo_delayed_delete [ttm]\nRIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290\nCode: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 <41> 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b\nRSP: 0018:ffffbf9383473d60 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffbf9383473d78 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 6b6b6b6b6b6b6b6b\nR13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc\nFS: 0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0\nPKRU: 55555554\nCall Trace:\n \n ? __die_body.cold+0x19/0x26\n ? die_addr+0x3d/0x70\n ? exc_general_protection+0x159/0x460\n ? asm_exc_general_protection+0x27/0x30\n ? dma_resv_iter_first_unlocked+0x55/0x290\n dma_resv_wait_timeout+0x56/0x100\n ttm_bo_delayed_delete+0x69/0xb0 [ttm]\n process_one_work+0x217/0x5c0\n worker_thread+0x1c8/0x3d0\n ? apply_wqattrs_cleanup.part.0+0xc0/0xc0\n kthread+0x10b/0x240\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork+0x40/0x70\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork_asm+0x11/0x20\n \n\nThe cause of this is:\n\n- drm_prime_gem_destroy calls dma_buf_put(dma_buf) which releases the\n reference to the shared dma_buf. The reference count is 0, so the\n dma_buf is destroyed, which in turn decrements the corresponding\n amdgpu_bo reference count to 0, and the amdgpu_bo is destroyed -\n calling drm_gem_object_release then dma_resv_fini (which destroys the\n reservation object), then finally freeing the amdgpu_bo.\n\n- nouveau_bo obj->bo.base.resv is now a dangling pointer to the memory\n formerly allocated to the amdgpu_bo.\n\n- nouveau_gem_object_del calls ttm_bo_put(&nvbo->bo) which calls\n ttm_bo_release, which schedules ttm_bo_delayed_delete.\n\n- ttm_bo_delayed_delete runs and dereferences the dangling resv pointer,\n resulting in a general protection fault.\n\nFix this by moving the drm_prime_gem_destroy call from\nnouveau_gem_object_del to nouveau_bo_del_ttm. This ensures that it will\nbe run after ttm_bo_delayed_delete." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Corrige un oops en ttm_bo_delayed_delete que resulta de la desreferenciaci\u00f3n de un puntero colgante: Oops: fallo de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 No contaminado 6.14.0-rc4-00267-g505460b44513-dirty #216 Nombre del hardware: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 16/01/2024 Cola de trabajo: ttm ttm_bo_delayed_delete [ttm] RIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290 C\u00f3digo: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 <41> 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b RSP: 0018:ffffbf9383473d60 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffbf9383473d78 R08: 000000000000000 R09: 0000000000000000 R10: 000000000000000 R11: 000000000000000 R12: 6b6b6b6b6b6b6b6b R13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc FS: 0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0 PKRU: 55555554 Rastreo de llamadas: ? __die_body.cold+0x19/0x26 ? die_addr+0x3d/0x70 ? exc_general_protection+0x159/0x460 ? asm_exc_general_protection+0x27/0x30 ? dma_resv_iter_first_unlocked+0x55/0x290 dma_resv_wait_timeout+0x56/0x100 ttm_bo_delayed_delete+0x69/0xb0 [ttm] process_one_work+0x217/0x5c0 worker_thread+0x1c8/0x3d0 ? apply_wqattrs_cleanup.part.0+0xc0/0xc0 kthread+0x10b/0x240 ? kthreads_online_cpu+0x140/0x140 ret_from_fork+0x40/0x70 ? kthreads_online_cpu+0x140/0x140 ret_from_fork_asm+0x11/0x20 La causa es: - drm_prime_gem_destroy llama a dma_buf_put(dma_buf), que libera la referencia al dma_buf compartido. El recuento de referencias es 0, por lo que el dma_buf se destruye, lo que a su vez reduce el recuento de referencias amdgpu_bo correspondiente a 0, y el amdgpu_bo se destruye. - Se llama a drm_gem_object_release y luego a dma_resv_fini (que destruye el objeto de reserva), liberando finalmente el amdgpu_bo. - nouveau_bo obj->bo.base.resv ahora es un puntero colgante a la memoria anteriormente asignada a amdgpu_bo. - nouveau_gem_object_del llama a ttm_bo_put(&nvbo->bo), que a su vez llama a ttm_bo_release, que programa ttm_bo_delayed_delete. - ttm_bo_delayed_delete se ejecuta y desreferencia el puntero colgante resv, lo que genera un fallo de protecci\u00f3n general. Para solucionar esto, mueva la llamada drm_prime_gem_destroy de nouveau_gem_object_del a nouveau_bo_del_ttm. Esto garantiza que se ejecute despu\u00e9s de ttm_bo_delayed_delete." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37766.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37766.json index b5150f79813..92c6a369b49 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37766.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37766.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37766", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:39.550", - "lastModified": "2025-05-02T07:16:02.367", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Impide la divisi\u00f3n por cero. El usuario puede establecer cualquier valor de velocidad. Si la velocidad es superior a UINT_MAX/8, es posible la divisi\u00f3n por cero. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37767.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37767.json index b8b57c0760c..791966fbe33 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37767.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37767.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37767", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:39.723", - "lastModified": "2025-05-02T07:16:02.470", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Impide la divisi\u00f3n por cero. El usuario puede establecer cualquier valor de velocidad. Si la velocidad es superior a UINT_MAX/8, es posible la divisi\u00f3n por cero. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37768.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37768.json index 53d90234b66..7b43169b11d 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37768.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37768.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37768", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:39.977", - "lastModified": "2025-05-02T07:16:02.553", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Impide la divisi\u00f3n por cero. El usuario puede establecer cualquier valor de velocidad. Si la velocidad es superior a UINT_MAX/8, es posible la divisi\u00f3n por cero. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37769.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37769.json index 9d5d227a008..f990d59f07d 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37769.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37769.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37769", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.190", - "lastModified": "2025-05-01T14:15:40.190", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37770.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37770.json index b65f96b7080..45176fb119a 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37770.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37770.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37770", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.330", - "lastModified": "2025-05-02T07:16:02.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Impide la divisi\u00f3n por cero. El usuario puede establecer cualquier valor de velocidad. Si la velocidad es superior a UINT_MAX/8, es posible la divisi\u00f3n por cero. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37771.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37771.json index 95a3ad525d6..aa268e7dd1c 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37771.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37771.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37771", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.453", - "lastModified": "2025-05-02T07:16:02.763", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Impide la divisi\u00f3n por cero. El usuario puede establecer cualquier valor de velocidad. Si la velocidad es superior a UINT_MAX/8, es posible la divisi\u00f3n por cero. Encontrada por el Centro de Verificaci\u00f3n de Linux (linuxtesting.org) con SVACE." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37772.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37772.json index 11eb5da523d..c504a3c0f3d 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37772.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37772.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37772", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.580", - "lastModified": "2025-05-01T14:15:40.580", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37773.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37773.json index 3dd3e335db5..ca62cb8f604 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37773.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37773.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37773", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.703", - "lastModified": "2025-05-02T07:16:02.893", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtiofs: a\u00f1adir comprobaci\u00f3n del nombre de la fuente en el contexto del sistema de archivos. En ciertos escenarios, por ejemplo, durante las pruebas fuzz, el nombre de la fuente puede ser nulo, lo que podr\u00eda provocar un p\u00e1nico del kernel. Por lo tanto, se debe a\u00f1adir una comprobaci\u00f3n adicional del nombre de la fuente." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37774.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37774.json index 6011bc07d5b..5b6dde5e031 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37774.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37774.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37774", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:40.877", - "lastModified": "2025-05-01T14:15:40.877", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37775.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37775.json index c089ad4684e..67d47a7bc32 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37775.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37775.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37775", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.197", - "lastModified": "2025-05-01T14:15:41.197", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37776.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37776.json index 3ff10b28248..c074450ada1 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37776.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37776.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37776", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.373", - "lastModified": "2025-05-01T14:15:41.373", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37777.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37777.json index 6ec55b32bcf..136d5a1394c 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37777.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37777.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37777", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.493", - "lastModified": "2025-05-02T07:16:03.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in __smb2_lease_break_noti()\n\nMove tcp_transport free to ksmbd_conn_free. If ksmbd connection is\nreferenced when ksmbd server thread terminates, It will not be freed,\nbut conn->tcp_transport is freed. __smb2_lease_break_noti can be performed\nasynchronously when the connection is disconnected. __smb2_lease_break_noti\ncalls ksmbd_conn_write, which can cause use-after-free\nwhen conn->ksmbd_transport is already freed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige el error \"use-after-free\" en __smb2_lease_break_noti(). Se mueve tcp_transport libre a ksmbd_conn_free. Si se hace referencia a la conexi\u00f3n ksmbd al finalizar el subproceso del servidor ksmbd, no se liberar\u00e1, pero s\u00ed se liberar\u00e1 conn->tcp_transport. __smb2_lease_break_noti puede ejecutarse asincr\u00f3nicamente cuando se desconecta la conexi\u00f3n. __smb2_lease_break_noti llama a ksmbd_conn_write, lo que puede causar un error \"use-after-free\" cuando conn->ksmbd_transport ya est\u00e1 liberado." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37778.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37778.json index d9ec3295e8e..547cce10a23 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37778.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37778.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37778", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.617", - "lastModified": "2025-05-01T14:15:41.617", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37779.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37779.json index b4249f802f6..b94ff092eab 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37779.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37779.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37779", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.733", - "lastModified": "2025-05-01T14:15:41.733", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37780.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37780.json index 33d4db80e86..429cd2cad07 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37780.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37780.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37780", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:41.863", - "lastModified": "2025-05-02T07:16:03.150", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle->f_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: isofs: Impedir el uso de fid demasiado peque\u00f1o. syzbot inform\u00f3 de una lectura fuera de los l\u00edmites de slab en isofs_fh_to_parent. [1] El valor de handle_bytes pasado por el programa de reproducci\u00f3n es igual a 12. En handle_to_path(), solo se asignan 12 bytes de memoria para el miembro de la estructura file_handle->f_handle, lo que provoca un acceso fuera de los l\u00edmites al acceder al miembro parent_block de la estructura isofs_fid en isofs, ya que acceder a parent_block requiere al menos 16 bytes de f_handle. Aqu\u00ed, fh_len se utiliza para confirmar indirectamente que el valor de handle_bytes es mayor que 3 antes de acceder a parent_block. [1] ERROR: KASAN: slab fuera de los l\u00edmites en isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff0000cc030d94 por la tarea syz-executor215/6466 CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 No contaminado 6.14.0-rc7-syzkaller-ga2392f333575 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x198/0x550 mm/kasan/report.c:521 kasan_report+0xd8/0x138 mm/kasan/report.c:634 __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380 isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523 do_handle_to_path+0xa0/0x198 fs/fhandle.c:257 handle_to_path fs/fhandle.c:385 [inline] do_handle_open+0x8cc/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 6466: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306 kmalloc_noprof include/linux/slab.h:905 [inline] handle_to_path fs/fhandle.c:357 [inline] do_handle_open+0x5a4/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37781.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37781.json index 1871a20022b..204b041b40f 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37781.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37781.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37781", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:42.020", - "lastModified": "2025-05-02T07:16:03.287", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cros-ec-tunnel: defer probe if parent EC is not present\n\nWhen i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent\ndevice will not be found, leading to NULL pointer dereference.\n\nThat can also be reproduced by unbinding the controller driver and then\nloading i2c-cros-ec-tunnel module (or binding the device).\n\n[ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 271.998215] #PF: supervisor read access in kernel mode\n[ 272.003351] #PF: error_code(0x0000) - not-present page\n[ 272.008485] PGD 0 P4D 0\n[ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5\n[ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021\n[ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel]\n[ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9\n[ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282\n[ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000\n[ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00\n[ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000\n[ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000\n[ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10\n[ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000\n[ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0\n[ 272.129155] Call Trace:\n[ 272.131606] \n[ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110\n[ 272.137985] platform_probe+0x69/0xa0\n[ 272.141652] really_probe+0x152/0x310\n[ 272.145318] __driver_probe_device+0x77/0x110\n[ 272.149678] driver_probe_device+0x1e/0x190\n[ 272.153864] __driver_attach+0x10b/0x1e0\n[ 272.157790] ? driver_attach+0x20/0x20\n[ 272.161542] bus_for_each_dev+0x107/0x150\n[ 272.165553] bus_add_driver+0x15d/0x270\n[ 272.169392] driver_register+0x65/0x110\n[ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698]\n[ 272.182617] do_one_initcall+0x110/0x350\n[ 272.186543] ? security_kernfs_init_security+0x49/0xd0\n[ 272.191682] ? __kernfs_new_node+0x1b9/0x240\n[ 272.195954] ? security_kernfs_init_security+0x49/0xd0\n[ 272.201093] ? __kernfs_new_node+0x1b9/0x240\n[ 272.205365] ? kernfs_link_sibling+0x105/0x130\n[ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0\n[ 272.214773] ? kernfs_activate+0x57/0x70\n[ 272.218699] ? kernfs_add_one+0x118/0x160\n[ 272.222710] ? __kernfs_create_file+0x71/0xa0\n[ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110\n[ 272.232033] ? internal_create_group+0x453/0x4a0\n[ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0\n[ 272.241355] ? __free_frozen_pages+0x1dc/0x420\n[ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0\n[ 272.250505] ? load_module+0x1509/0x16f0\n[ 272.254431] do_init_module+0x60/0x230\n[ 272.258181] __se_sys_finit_module+0x27a/0x370\n[ 272.262627] do_syscall_64+0x6a/0xf0\n[ 272.266206] ? do_syscall_64+0x76/0xf0\n[ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 272.279887] RIP: 0033:0x7b9309168d39\n[ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8\n[ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: cros-ec-tunnel: aplazar la sonda si el EC principal no est\u00e1 presente. Cuando i2c-cros-ec-tunnel y el controlador EC est\u00e1n integrados, no se encuentra el dispositivo principal EC, lo que provoca una desreferencia de puntero nulo. Esto tambi\u00e9n se puede reproducir desvinculando el controlador y cargando el m\u00f3dulo i2c-cros-ec-tunnel (o vinculando el dispositivo). [ 271.991245] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000058 [ 271.998215] #PF: acceso de lectura del supervisor en modo n\u00facleo [ 272.003351] #PF: error_code(0x0000) - p\u00e1gina no presente [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] [ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110 [ 272.137985] platform_probe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driver_probe_device+0x77/0x110 [ 272.149678] driver_probe_device+0x1e/0x190 [ 272.153864] __driver_attach+0x10b/0x1e0 [ 272.157790] ? driver_attach+0x20/0x20 [ 272.161542] bus_for_each_dev+0x107/0x150 [ 272.165553] bus_add_driver+0x15d/0x270 [ 272.169392] driver_register+0x65/0x110 [ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] do_one_initcall+0x110/0x350 [ 272.186543] ? security_kernfs_init_security+0x49/0xd0 [ 272.191682] ? __kernfs_new_node+0x1b9/0x240 [ 272.195954] ? security_kernfs_init_security+0x49/0xd0 [ 272.201093] ? __kernfs_new_node+0x1b9/0x240 [ 272.205365] ? kernfs_link_sibling+0x105/0x130 [ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0 [ 272.214773] ? kernfs_activate+0x57/0x70 [ 272.218699] ? kernfs_add_one+0x118/0x160 [ 272.222710] ? __kernfs_create_file+0x71/0xa0 [ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110 [ 272.232033] ? internal_create_group+0x453/0x4a0 [ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0 [ 272.241355] ? __free_frozen_pages+0x1dc/0x420 [ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0 [ 272.250505] ? load_module+0x1509/0x16f0 [ 272.254431] do_init_module+0x60/0x230 [ 272.258181] __se_sys_finit_module+0x27a/0x370 [ 272.262627] do_syscall_64+0x6a/0xf0 [ 272.266206] ? do_syscall_64+0x76/0xf0 [ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90 [ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37782.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37782.json index 0ac019d67aa..d7c366c5271 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37782.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37782.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37782", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:42.163", - "lastModified": "2025-05-02T07:16:03.433", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key\n\nSyzbot reported an issue in hfs subsystem:\n\nBUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]\nBUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\nWrite of size 94 at addr ffff8880123cd100 by task syz-executor237/5102\n\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n memcpy_from_page include/linux/highmem.h:423 [inline]\n hfs_bnode_read fs/hfs/bnode.c:35 [inline]\n hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70\n hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159\n hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118\n hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdir fs/namei.c:4300 [inline]\n __se_sys_mkdir fs/namei.c:4298 [inline]\n __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fbdd6057a99\n\nAdd a check for key length in hfs_bnode_read_key to prevent\nout-of-bounds memory access. If the key length is invalid, the\nkey buffer is cleared, improving stability and reliability." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hfs/hfsplus: se corrige slab-out-of-bounds en hfs_bnode_read_key Syzbot inform\u00f3 de un problema en el subsistema hfs: ERROR: KASAN: slab-out-of-bounds en memcpy_from_page include/linux/highmem.h:423 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en hfs_bnode_read fs/hfs/bnode.c:35 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Escritura de tama\u00f1o 94 en la direcci\u00f3n ffff8880123cd100 por la tarea syz-executor237/5102 Rastreo de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 memcpy_from_page include/linux/highmem.h:423 [en l\u00ednea] hfs_bnode_read fs/hfs/bnode.c:35 [en l\u00ednea] hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159 hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdir fs/namei.c:4300 [en l\u00ednea] __se_sys_mkdir fs/namei.c:4298 [en l\u00ednea] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbdd6057a99 Se ha a\u00f1adido una comprobaci\u00f3n de la longitud de la clave en hfs_bnode_read_key para evitar el acceso a memoria fuera de los l\u00edmites. Si la longitud de la clave no es v\u00e1lida, se borra el b\u00fafer de claves, lo que mejora la estabilidad y la fiabilidad." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37783.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37783.json index 09669db52b3..7ae7bd5cbfd 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37783.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37783.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37783", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:42.593", - "lastModified": "2025-05-01T14:15:42.593", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37784.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37784.json index ed76bdf09bf..f59df54f0b0 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37784.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37784.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37784", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:42.770", - "lastModified": "2025-05-01T14:15:42.770", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37786.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37786.json index 7fbaa3c3af3..313edb4ee4e 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37786.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37786.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37786", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:42.890", - "lastModified": "2025-05-01T14:15:42.890", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37787.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37787.json index c09a5aa7699..df2c5b2442e 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37787.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37787.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37787", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.040", - "lastModified": "2025-05-02T07:16:03.780", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond && !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: mv88e6xxx: evitar anular el registro de regiones devlink que nunca se registraron Russell King informa que un sistema con mv88e6xxx desreferencia un puntero NULL al desvincular este controlador: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/ El fallo parece estar en devlink_region_destroy(), que no tolera NULL pero se le asigna un puntero de regi\u00f3n global devlink NULL. Al menos en algunos chips, algunas regiones devlink se registran condicionalmente desde la confirmaci\u00f3n culpable, consulte mv88e6xxx_setup_devlink_regions_global(): if (cond && !cond(chip)) continue; Estos son MV88E6XXX_REGION_STU y MV88E6XXX_REGION_PVT. Si el chip no tiene una STU o PVT, deber\u00eda fallar de esta manera. Para solucionar el problema, evite anular el registro de las regiones nulas, es decir, las que se omitieron al ejecutar mv88e6xxx_setup_devlink_regions_global()." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37788.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37788.json index abec62d9b50..a8c86f6df79 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37788.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37788.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37788", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.163", - "lastModified": "2025-05-02T07:16:03.900", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path\n\nIn the for loop used to allocate the loc_array and bmap for each port, a\nmemory leak is possible when the allocation for loc_array succeeds,\nbut the allocation for bmap fails. This is because when the control flow\ngoes to the label free_eth_finfo, only the allocations starting from\n(i-1)th iteration are freed.\n\nFix that by freeing the loc_array in the bmap allocation error path." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxgb4: Se corrige la fuga de memoria en la ruta de error de cxgb4_init_ethtool_filters(). En el bucle for utilizado para asignar loc_array y bmap para cada puerto, es posible que se produzca una fuga de memoria cuando la asignaci\u00f3n de loc_array se realiza correctamente, pero la de bmap falla. Esto se debe a que, cuando el flujo de control accede a la etiqueta free_eth_finfo, solo se liberan las asignaciones a partir de la iteraci\u00f3n (i-1). Para solucionar esto, libere loc_array en la ruta de error de asignaci\u00f3n de bmap." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37789.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37789.json index e139d11cd83..21a852b6a86 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37789.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37789.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37789", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.290", - "lastModified": "2025-05-02T07:16:04.057", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt's not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: correcci\u00f3n de la validaci\u00f3n de la longitud de la clave anidada en la acci\u00f3n set(). No es seguro acceder a nla_len(ovs_key) si los datos son menores que el encabezado netlink. Compruebe primero que el atributo est\u00e9 correcto." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37790.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37790.json index e43000fb750..a3f1e3a8e20 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37790.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37790.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37790", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.407", - "lastModified": "2025-05-02T07:16:04.183", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn't go away in\nthe middle of a lookup." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mctp: La b\u00fasqueda de enlace Set SOCK_RCU_FREE se ejecuta bajo RCU, por lo que debe asegurarse de que un socket no desaparezca en medio de una b\u00fasqueda." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37791.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37791.json index c8b5c24aeef..bb83cc2ad48 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37791.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37791.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37791", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.540", - "lastModified": "2025-05-01T14:15:43.540", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37792.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37792.json index 062c4ac1e9b..eed7ed61eaa 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37792.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37792.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37792", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.660", - "lastModified": "2025-05-02T07:16:04.340", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btrtl: Prevent potential NULL dereference\n\nThe btrtl_initialize() function checks that rtl_load_file() either\nhad an error or it loaded a zero length file. However, if it loaded\na zero length file then the error code is not set correctly. It\nresults in an error pointer vs NULL bug, followed by a NULL pointer\ndereference. This was detected by Smatch:\n\ndrivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btrtl: Prevenir posible desreferencia de NULL. La funci\u00f3n btrtl_initialize() comprueba si rtl_load_file() tuvo un error o carg\u00f3 un archivo de longitud cero. Sin embargo, si carg\u00f3 un archivo de longitud cero, el c\u00f3digo de error no se configura correctamente. Esto genera un error de puntero de error vs. NULL, seguido de una desreferencia de puntero NULL. Esto fue detectado por Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37793.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37793.json index e6d17ba3ca3..a89c3c1a5d5 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37793.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37793.json @@ -2,8 +2,8 @@ "id": "CVE-2025-37793", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.787", - "lastModified": "2025-05-01T14:15:43.787", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37794.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37794.json index b1b165fd3ab..0cc00255d19 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37794.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37794.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37794", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:43.913", - "lastModified": "2025-05-02T07:16:04.500", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Purge vif txq in ieee80211_do_stop()\n\nAfter ieee80211_do_stop() SKB from vif's txq could still be processed.\nIndeed another concurrent vif schedule_and_wake_txq call could cause\nthose packets to be dequeued (see ieee80211_handle_wake_tx_queue())\nwithout checking the sdata current state.\n\nBecause vif.drv_priv is now cleared in this function, this could lead to\ndriver crash.\n\nFor example in ath12k, ahvif is store in vif.drv_priv. Thus if\nath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif->ah can be\nNULL, leading the ath12k_warn(ahvif->ah,...) call in this function to\ntrigger the NULL deref below.\n\n Unable to handle kernel paging request at virtual address dfffffc000000001\n KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n batman_adv: bat0: Interface deactivated: brbh1337\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [dfffffc000000001] address between user and kernel address ranges\n Internal error: Oops: 0000000096000004 [#1] SMP\n CPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114\n Hardware name: HW (DT)\n pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k]\n lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k]\n sp : ffffffc086ace450\n x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4\n x26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e\n x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0\n x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958\n x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8\n x14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03\n x11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40\n x8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0\n x5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001\n x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008\n Call trace:\n ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P)\n ieee80211_handle_wake_tx_queue+0x16c/0x260\n ieee80211_queue_skb+0xeec/0x1d20\n ieee80211_tx+0x200/0x2c8\n ieee80211_xmit+0x22c/0x338\n __ieee80211_subif_start_xmit+0x7e8/0xc60\n ieee80211_subif_start_xmit+0xc4/0xee0\n __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0\n ieee80211_subif_start_xmit_8023+0x124/0x488\n dev_hard_start_xmit+0x160/0x5a8\n __dev_queue_xmit+0x6f8/0x3120\n br_dev_queue_push_xmit+0x120/0x4a8\n __br_forward+0xe4/0x2b0\n deliver_clone+0x5c/0xd0\n br_flood+0x398/0x580\n br_dev_xmit+0x454/0x9f8\n dev_hard_start_xmit+0x160/0x5a8\n __dev_queue_xmit+0x6f8/0x3120\n ip6_finish_output2+0xc28/0x1b60\n __ip6_finish_output+0x38c/0x638\n ip6_output+0x1b4/0x338\n ip6_local_out+0x7c/0xa8\n ip6_send_skb+0x7c/0x1b0\n ip6_push_pending_frames+0x94/0xd0\n rawv6_sendmsg+0x1a98/0x2898\n inet_sendmsg+0x94/0xe0\n __sys_sendto+0x1e4/0x308\n __arm64_sys_sendto+0xc4/0x140\n do_el0_svc+0x110/0x280\n el0_svc+0x20/0x60\n el0t_64_sync_handler+0x104/0x138\n el0t_64_sync+0x154/0x158\n\nTo avoid that, empty vif's txq at ieee80211_do_stop() so no packet could\nbe dequeued after ieee80211_do_stop() (new packets cannot be queued\nbecause SDATA_STATE_RUNNING is cleared at this point)." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: Purgar la txq de vif en ieee80211_do_stop(). Despu\u00e9s de ieee80211_do_stop(), el SKB de la txq de vif a\u00fan pod\u00eda procesarse. De hecho, otra llamada simult\u00e1nea a vif schedule_and_wake_txq podr\u00eda provocar que esos paquetes se descolgaran (v\u00e9ase ieee80211_handle_wake_tx_queue()) sin comprobar el estado actual de sdata. Dado que vif.drv_priv se borra en esta funci\u00f3n, esto podr\u00eda provocar un fallo del controlador. Por ejemplo, en ath12k, ahvif se almacena en vif.drv_priv. Por lo tanto, si se llama ath12k_mac_op_tx() despu\u00e9s de ieee80211_do_stop(), ahvif->ah puede ser NULL, lo que lleva a la llamada ath12k_warn(ahvif->ah,...) en esta funci\u00f3n a activar la deref NULL a continuaci\u00f3n. No se puede gestionar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual dfffffc000000001 KASAN: null-ptr-deref en el rango [0x000000000000008-0x000000000000000f] batman_adv: bat0: Interfaz desactivada: brbh1337 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: fallo de traducci\u00f3n de nivel 0 Informaci\u00f3n de aborto de datos: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfffffc000000001] direcci\u00f3n entre rangos de direcciones de usuario y kernel Error interno: Oops: 0000000096000004 [#1] SMP CPU: 1 UID: 0 PID: 978 Comm: lbd No contaminado 6.13.0-g633f875b8f1e #114 Nombre del hardware: HW (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k] sp : ffffffc086ace450 x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4 x26: ffffff801d05f7c0 x25: 000000000000000 x24: 000000004000001e x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0 x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958 x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8 x14: ffffff801d05f83c x13: 000000000000000 x12: ffffffb003a0bf03 x11: 000000000000000 x10: ffffffb003a0bf02 x9: ffffff8034a19f40 x8: ffffff801d05f818 x7: 1ffffff0069433dc x6: ffffff8034a19ee0 x5: ffffff801d05f7f0 x4: 0000000000000000 x3: 0000000000000001 x2: 0000000000000000 x1: dfffffc000000000 x0: 0000000000000008 Rastreo de llamadas: ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P) ieee80211_handle_wake_tx_queue+0x16c/0x260 ieee80211_queue_skb+0xeec/0x1d20 ieee80211_tx+0x200/0x2c8 ieee80211_xmit+0x22c/0x338 __ieee80211_subif_start_xmit+0x7e8/0xc60 ieee80211_subif_start_xmit+0xc4/0xee0 __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0 ieee80211_subif_start_xmit_8023+0x124/0x488 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 br_dev_queue_push_xmit+0x120/0x4a8 __br_forward+0xe4/0x2b0 deliver_clone+0x5c/0xd0 br_flood+0x398/0x580 br_dev_xmit+0x454/0x9f8 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 ip6_finish_output2+0xc28/0x1b60 __ip6_finish_output+0x38c/0x638 ip6_output+0x1b4/0x338 ip6_local_out+0x7c/0xa8 ip6_send_skb+0x7c/0x1b0 ip6_push_pending_frames+0x94/0xd0 rawv6_sendmsg+0x1a98/0x2898 inet_sendmsg+0x94/0xe0 __sys_sendto+0x1e4/0x308 __arm64_sys_sendto+0xc4/0x140 do_el0_svc+0x110/0x280 el0_svc+0x20/0x60 el0t_64_sync_handler+0x104/0x138 el0t_64_sync+0x154/0x158 Para evitar eso, vac\u00ede el txq de vif en ieee80211_do_stop() para que ning\u00fan paquete pueda sacarse de la cola despu\u00e9s de ieee80211_do_stop() (los paquetes nuevos no pueden ponerse en cola porque SDATA_STATE_RUNNING se borra en este punto)." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37795.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37795.json index 46b496ca220..e6bd1ce8118 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37795.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37795.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37795", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:44.043", - "lastModified": "2025-05-02T07:16:04.640", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()\n\nThe ieee80211 skb control block key (set when skb was queued) could have\nbeen removed before ieee80211_tx_dequeue() call. ieee80211_tx_dequeue()\nalready called ieee80211_tx_h_select_key() to get the current key, but\nthe latter do not update the key in skb control block in case it is\nNULL. Because some drivers actually use this key in their TX callbacks\n(e.g. ath1{1,2}k_mac_op_tx()) this could lead to the use after free\nbelow:\n\n BUG: KASAN: slab-use-after-free in ath11k_mac_op_tx+0x590/0x61c\n Read of size 4 at addr ffffff803083c248 by task kworker/u16:4/1440\n\n CPU: 3 UID: 0 PID: 1440 Comm: kworker/u16:4 Not tainted 6.13.0-ge128f627f404 #2\n Hardware name: HW (DT)\n Workqueue: bat_events batadv_send_outstanding_bcast_packet\n Call trace:\n show_stack+0x14/0x1c (C)\n dump_stack_lvl+0x58/0x74\n print_report+0x164/0x4c0\n kasan_report+0xac/0xe8\n __asan_report_load4_noabort+0x1c/0x24\n ath11k_mac_op_tx+0x590/0x61c\n ieee80211_handle_wake_tx_queue+0x12c/0x1c8\n ieee80211_queue_skb+0xdcc/0x1b4c\n ieee80211_tx+0x1ec/0x2bc\n ieee80211_xmit+0x224/0x324\n __ieee80211_subif_start_xmit+0x85c/0xcf8\n ieee80211_subif_start_xmit+0xc0/0xec4\n dev_hard_start_xmit+0xf4/0x28c\n __dev_queue_xmit+0x6ac/0x318c\n batadv_send_skb_packet+0x38c/0x4b0\n batadv_send_outstanding_bcast_packet+0x110/0x328\n process_one_work+0x578/0xc10\n worker_thread+0x4bc/0xc7c\n kthread+0x2f8/0x380\n ret_from_fork+0x10/0x20\n\n Allocated by task 1906:\n kasan_save_stack+0x28/0x4c\n kasan_save_track+0x1c/0x40\n kasan_save_alloc_info+0x3c/0x4c\n __kasan_kmalloc+0xac/0xb0\n __kmalloc_noprof+0x1b4/0x380\n ieee80211_key_alloc+0x3c/0xb64\n ieee80211_add_key+0x1b4/0x71c\n nl80211_new_key+0x2b4/0x5d8\n genl_family_rcv_msg_doit+0x198/0x240\n <...>\n\n Freed by task 1494:\n kasan_save_stack+0x28/0x4c\n kasan_save_track+0x1c/0x40\n kasan_save_free_info+0x48/0x94\n __kasan_slab_free+0x48/0x60\n kfree+0xc8/0x31c\n kfree_sensitive+0x70/0x80\n ieee80211_key_free_common+0x10c/0x174\n ieee80211_free_keys+0x188/0x46c\n ieee80211_stop_mesh+0x70/0x2cc\n ieee80211_leave_mesh+0x1c/0x60\n cfg80211_leave_mesh+0xe0/0x280\n cfg80211_leave+0x1e0/0x244\n <...>\n\nReset SKB control block key before calling ieee80211_tx_h_select_key()\nto avoid that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: Actualizar la clave del bloque de control de skb en ieee80211_tx_dequeue() La clave del bloque de control de skb ieee80211 (establecida cuando skb se puso en cola) podr\u00eda haberse eliminado antes de la llamada a ieee80211_tx_dequeue(). ieee80211_tx_dequeue() ya llam\u00f3 a ieee80211_tx_h_select_key() para obtener la clave actual, pero este \u00faltimo no actualiza la clave en el bloque de control de skb en caso de que sea NULL. Debido a que algunos controladores realmente usan esta clave en sus devoluciones de llamada TX (por ejemplo, ath1{1,2}k_mac_op_tx()), esto podr\u00eda llevar a use after free a continuaci\u00f3n: ERROR: KASAN: slab-use-after-free en ath11k_mac_op_tx+0x590/0x61c Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffff803083c248 por la tarea kworker/u16:4/1440 CPU: 3 UID: 0 PID: 1440 Comm: kworker/u16:4 No contaminado 6.13.0-ge128f627f404 #2 Nombre del hardware: HW (DT) Cola de trabajo: bat_events batadv_send_outstanding_bcast_packet Rastreo de llamadas: show_stack+0x14/0x1c (C) dump_stack_lvl+0x58/0x74 print_report+0x164/0x4c0 kasan_report+0xac/0xe8 __asan_report_load4_noabort+0x1c/0x24 ath11k_mac_op_tx+0x590/0x61c ieee80211_handle_wake_tx_queue+0x12c/0x1c8 ieee80211_queue_skb+0xdcc/0x1b4c ieee80211_tx+0x1ec/0x2bc ieee80211_xmit+0x224/0x324 __ieee80211_subif_start_xmit+0x85c/0xcf8 ieee80211_subif_start_xmit+0xc0/0xec4 dev_hard_start_xmit+0xf4/0x28c __dev_queue_xmit+0x6ac/0x318c batadv_send_skb_packet+0x38c/0x4b0 batadv_send_outstanding_bcast_packet+0x110/0x328 process_one_work+0x578/0xc10 worker_thread+0x4bc/0xc7c kthread+0x2f8/0x380 ret_from_fork+0x10/0x20 Allocated by task 1906: kasan_save_stack+0x28/0x4c kasan_save_track+0x1c/0x40 kasan_save_alloc_info+0x3c/0x4c __kasan_kmalloc+0xac/0xb0 __kmalloc_noprof+0x1b4/0x380 ieee80211_key_alloc+0x3c/0xb64 ieee80211_add_key+0x1b4/0x71c nl80211_new_key+0x2b4/0x5d8 genl_family_rcv_msg_doit+0x198/0x240 <...> Freed by task 1494: kasan_save_stack+0x28/0x4c kasan_save_track+0x1c/0x40 kasan_save_free_info+0x48/0x94 __kasan_slab_free+0x48/0x60 kfree+0xc8/0x31c kfree_sensitive+0x70/0x80 ieee80211_key_free_common+0x10c/0x174 ieee80211_free_keys+0x188/0x46c ieee80211_stop_mesh+0x70/0x2cc ieee80211_leave_mesh+0x1c/0x60 cfg80211_leave_mesh+0xe0/0x280 cfg80211_leave+0x1e0/0x244 <...> Restablezca la clave del bloque de control SKB antes de llamar a ieee80211_tx_h_select_key() para evitar eso." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-377xx/CVE-2025-37796.json b/CVE-2025/CVE-2025-377xx/CVE-2025-37796.json index a0f89f260ea..b25088046d2 100644 --- a/CVE-2025/CVE-2025-377xx/CVE-2025-37796.json +++ b/CVE-2025/CVE-2025-377xx/CVE-2025-37796.json @@ -2,13 +2,17 @@ "id": "CVE-2025-37796", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-05-01T14:15:44.173", - "lastModified": "2025-05-02T07:16:04.797", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: at76c50x: fix use after free access in at76_disconnect\n\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: at76c50x: se corrige el use after free en at76_disconnect. La memoria a la que apunta priv se libera al final de la funci\u00f3n at76_delete_device (mediante ieee80211_free_hw). Sin embargo, el c\u00f3digo accede al campo udev del objeto liberado para colocar el dispositivo USB. Esto tambi\u00e9n puede provocar una fuga de memoria del dispositivo USB. Se soluciona usando udev desde la interfaz." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3707.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3707.json index 71f1bbf947d..c67de235e95 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3707.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3707.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3707", "sourceIdentifier": "twcert@cert.org.tw", "published": "2025-05-02T04:15:55.140", - "lastModified": "2025-05-02T04:15:55.140", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3708.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3708.json index c645e5b594c..d76830e0226 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3708.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3708.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3708", "sourceIdentifier": "twcert@cert.org.tw", "published": "2025-05-02T04:15:55.507", - "lastModified": "2025-05-02T04:15:55.507", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3709.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3709.json index 8df27ac95cb..6b5a9ef998a 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3709.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3709.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3709", "sourceIdentifier": "twcert@cert.org.tw", "published": "2025-05-02T04:15:55.707", - "lastModified": "2025-05-02T04:15:55.707", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3746.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3746.json index 921f2557bce..0593aca9a64 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3746.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3746.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3746", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:20.850", - "lastModified": "2025-05-02T03:15:20.850", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3748.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3748.json index 05ed530dff4..3b792affa25 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3748.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3748.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3748", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:55.883", - "lastModified": "2025-05-02T04:15:55.883", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3858.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3858.json index 8c167237028..ef6507c0c54 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3858.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3858.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3858", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T04:15:56.040", - "lastModified": "2025-05-02T04:15:56.040", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3859.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3859.json index fb7324252ea..5b4632e9e21 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3859.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3859.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3859", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-30T17:15:50.903", - "lastModified": "2025-04-30T17:15:50.903", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138." + }, + { + "lang": "es", + "value": "Los sitios web que dirigen a los usuarios a URL largas que provocan la omisi\u00f3n de direcciones en la vista de ubicaci\u00f3n podr\u00edan aprovechar el comportamiento de truncamiento para enga\u00f1ar potencialmente a los usuarios y hacerles pensar que estaban en una p\u00e1gina web diferente. Esta vulnerabilidad afecta a Focus < 138." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3874.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3874.json index c626481b545..8a64acc4c6b 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3874.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3874.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3874", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T12:15:17.400", - "lastModified": "2025-05-01T12:15:17.400", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3889.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3889.json index 4315cffe8ea..799fe4dc5ed 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3889.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3889.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3889", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T12:15:17.630", - "lastModified": "2025-05-01T12:15:17.630", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3890.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3890.json index 19364ad6145..3fd5e4424b1 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3890.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3890.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3890", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T12:15:17.830", - "lastModified": "2025-05-01T12:15:17.830", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-394xx/CVE-2025-39413.json b/CVE-2025/CVE-2025-394xx/CVE-2025-39413.json index 36a7d8ce112..a309e364899 100644 --- a/CVE-2025/CVE-2025-394xx/CVE-2025-39413.json +++ b/CVE-2025/CVE-2025-394xx/CVE-2025-39413.json @@ -2,13 +2,17 @@ "id": "CVE-2025-39413", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-30T18:15:47.197", - "lastModified": "2025-04-30T18:15:47.197", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in David Gwyer Simple Sitemap \u2013 Create a Responsive HTML Sitemap.This issue affects Simple Sitemap \u2013 Create a Responsive HTML Sitemap: from n/a through 3.5.14." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autorizaci\u00f3n faltante en David Gwyer Simple Sitemap \u2013 Create a Responsive HTML Sitemap. Este problema afecta a Simple Sitemap \u2013 Crear un mapa del sitio HTML adaptable: desde n/a hasta 3.5.14." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3910.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3910.json index 253c526940a..642cd3d025e 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3910.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3910.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3910", "sourceIdentifier": "secalert@redhat.com", "published": "2025-04-29T21:15:51.707", - "lastModified": "2025-04-30T03:15:19.073", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una falla en Keycloak. El paquete org.keycloak.authorization podr\u00eda ser vulnerable a eludir acciones obligatorias, lo que permite a los usuarios eludir requisitos como la configuraci\u00f3n de la autenticaci\u00f3n de dos factores." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3911.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3911.json index 3c5c5415192..ffde8011672 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3911.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3911.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3911", "sourceIdentifier": "security@docker.com", "published": "2025-04-29T18:15:44.370", - "lastModified": "2025-04-29T18:15:44.370", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u00a0unintentional disclosure of sensitive information such as api keys, passwords, etc.\n\nA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user." + }, + { + "lang": "es", + "value": "El registro de variables de entorno configuradas para la ejecuci\u00f3n de contenedores en los registros de la aplicaci\u00f3n Docker Desktop podr\u00eda provocar la divulgaci\u00f3n involuntaria de informaci\u00f3n confidencial, como claves API, contrase\u00f1as, etc. Un agente malicioso con acceso de lectura a estos registros podr\u00eda obtener informaci\u00f3n confidencial de credenciales y utilizarla para obtener acceso no autorizado a otros sistemas. A partir de la versi\u00f3n 4.41.0, Docker Desktop ya no registra las variables de entorno configuradas por el usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3952.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3952.json index dce57ed0b98..2af4a10eacd 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3952.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3952.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3952", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T05:15:52.020", - "lastModified": "2025-05-01T05:15:52.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json b/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json index 52c92d2c1f4..9a64e15c84b 100644 --- a/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json +++ b/CVE-2025/CVE-2025-39xx/CVE-2025-3953.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3953", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-30T06:15:53.300", - "lastModified": "2025-04-30T06:15:53.300", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json index f262340a695..adafd383901 100644 --- a/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40615.json @@ -2,13 +2,17 @@ "id": "CVE-2025-40615", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-04-29T16:15:36.160", - "lastModified": "2025-04-29T16:15:36.160", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the \"TEXTO\" parameter in /api/api_ajustes.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) reflejado en Bookgy. Esta vulnerabilidad permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de la v\u00edctima enviando una URL maliciosa a trav\u00e9s del par\u00e1metro \"TEXTO\" en /api/api_ajustes.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json index 3324d7b0494..21eaf87dd25 100644 --- a/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40616.json @@ -2,13 +2,17 @@ "id": "CVE-2025-40616", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-04-29T16:15:36.310", - "lastModified": "2025-04-29T16:15:36.310", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the \"IDRESERVA\" parameter in /bkg_imprimir_comprobante.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) reflejado en Bookgy. Esta vulnerabilidad permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de la v\u00edctima enviando una URL maliciosa a trav\u00e9s del par\u00e1metro \"IDRESERVA\" en /bkg_imprimir_comprobante.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json index 9cc98d9a844..0aa62101b92 100644 --- a/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40617.json @@ -2,13 +2,17 @@ "id": "CVE-2025-40617", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-04-29T16:15:36.450", - "lastModified": "2025-04-29T16:15:36.450", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the \"IDTIPO\", \"IDPISTA\" and \"IDSOCIO\" parameters in /bkg_seleccionar_hora_ajax.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Bookgy. Esta vulnerabilidad podr\u00eda permitir a un atacante recuperar, crear, actualizar y eliminar bases de datos mediante el env\u00edo de una solicitud HTTP a trav\u00e9s de los par\u00e1metros \"IDTIPO\", \"IDPISTA\" e \"IDSOCIO\" en /bkg_seleccionar_hora_ajax.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json index 032f6be1ee6..41c8514141e 100644 --- a/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40618.json @@ -2,13 +2,17 @@ "id": "CVE-2025-40618", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-04-29T16:15:36.580", - "lastModified": "2025-04-29T16:15:36.580", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the \"IDRESERVA\"\u00a0\u00a0parameter in /bkg_imprimir_comprobante.php" + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Bookgy. Esta vulnerabilidad podr\u00eda permitir a un atacante recuperar, crear, actualizar y eliminar bases de datos mediante el env\u00edo de una solicitud HTTP a trav\u00e9s del par\u00e1metro \"IDRESERVA\" en /bkg_imprimir_comprobante.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json b/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json index 74071d321fd..19796ddc7df 100644 --- a/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json +++ b/CVE-2025/CVE-2025-406xx/CVE-2025-40619.json @@ -2,13 +2,17 @@ "id": "CVE-2025-40619", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2025-04-29T16:15:36.727", - "lastModified": "2025-04-29T16:15:36.727", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles." + }, + { + "lang": "es", + "value": "Bookgy no ofrece un control de autorizaci\u00f3n adecuado en varias \u00e1reas de la aplicaci\u00f3n. Esta deficiencia podr\u00eda permitir que un agente malicioso, sin autenticaci\u00f3n, acceda a \u00e1reas privadas o a \u00e1reas destinadas a otros roles." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4062.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4062.json index 6b020bcc76c..fd96ee3bbf9 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4062.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4062.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4062", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T14:15:34.393", - "lastModified": "2025-04-29T14:15:34.393", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:49.480", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects Theater Seat Booking System 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n \"cancel\". La manipulaci\u00f3n del argumento \"cancelcustomername\" provoca un desbordamiento del b\u00fafer en la pila. Es posible lanzar el ataque en el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4063.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4063.json index 65ce3e16e01..ac92c6a7d11 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4063.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4063.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4063", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T14:15:34.563", - "lastModified": "2025-04-29T14:15:34.563", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:49.480", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en code-projects Student Information Management System 1.0, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n cancelar. La manipulaci\u00f3n del argumento first_name/last_name provoca un desbordamiento del b\u00fafer en la pila. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4064.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4064.json index 2f11fa2bc33..93da9acd454 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4064.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4064.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4064", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T14:15:34.737", - "lastModified": "2025-04-29T14:15:34.737", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:49.480", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en ScriptAndTools Online-Travling-System 1.0. Se ha clasificado como cr\u00edtica. Afecta una parte desconocida del archivo /admin/viewenquiry.php. La manipulaci\u00f3n genera controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4065.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4065.json index 8be3c88e4d4..efab1b8a564 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4065.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4065.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4065", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T15:15:54.450", - "lastModified": "2025-04-29T15:15:54.450", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en ScriptAndTools Online-Travling-System 1.0. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/addadvertisement.php. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4066.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4066.json index 709151ab52e..10a5e5f4ece 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4066.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4066.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4066", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T15:15:54.627", - "lastModified": "2025-04-29T15:15:54.627", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en ScriptAndTools Online-Travling-System 1.0. Se ha clasificado como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /admin/addpackage.php. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque podr\u00eda iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4067.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4067.json index 77a62b19028..57560475499 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4067.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4067.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4067", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T15:15:54.800", - "lastModified": "2025-04-29T15:15:54.800", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en ScriptAndTools Online-Travling-System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /admin/viewpackage.php. La manipulaci\u00f3n genera controles de acceso inadecuados. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json index 3fcc384de56..0c7fe891783 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4068.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4068", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T16:15:38.163", - "lastModified": "2025-04-29T16:15:38.163", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en code-projects Simple Movie Ticket Booking System 1.0. Esta vulnerabilidad afecta a la funci\u00f3n changeprize. La manipulaci\u00f3n del argumento \"prize\" provoca un desbordamiento del b\u00fafer en la pila. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json index 3267071b277..c7cc06d3058 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4069.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4069", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T16:15:38.350", - "lastModified": "2025-04-29T18:15:45.100", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en code-projects Product Management System 1.0. La funci\u00f3n add_item se ve afectada por este problema. La manipulaci\u00f3n del argumento st.productname provoca un desbordamiento del b\u00fafer en la pila. Un ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json index f6befd924ce..76da51bd87b 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4070.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4070", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T16:15:38.523", - "lastModified": "2025-04-29T18:15:45.233", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Rail Pass Management System 1.0. Esta afecta a una parte desconocida del archivo /admin/changeimage.php. La manipulaci\u00f3n del argumento editid provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json index a01994ddb6f..77bc9ed30f4 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4071.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4071", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T16:15:38.697", - "lastModified": "2025-04-29T18:15:45.357", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul COVID19 Testing Management System 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /test-details.php. La manipulaci\u00f3n del argumento \"Status\" provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json index cbad7b17f83..5ca51c929f9 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4072.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4072", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T17:15:41.500", - "lastModified": "2025-04-29T19:15:53.750", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Online Nurse Hiring System 1.0, clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /admin/edit-nurse.php. La manipulaci\u00f3n provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. M\u00faltiples par\u00e1metros podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json index 71bdf83a3f0..0910b4c259e 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4073.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4073", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T17:15:41.730", - "lastModified": "2025-04-29T19:15:53.880", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Student Record System 3.20. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /change-password.php. La manipulaci\u00f3n del argumento currentpassword provoca una inyecci\u00f3n SQL. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4074.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4074.json index 82b94f39fd3..e90037e0f34 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4074.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4074.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4074", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T18:15:45.470", - "lastModified": "2025-04-29T18:15:45.470", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Curfew e-Pass Management System 1.0. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/pass-bwdates-report.php. La manipulaci\u00f3n del argumento fromdate/todate provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4075.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4075.json index b32fa9e2de9..16644458369 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4075.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4075.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4075", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T18:15:45.653", - "lastModified": "2025-04-29T18:15:45.653", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input \"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en VMSMan hasta la versi\u00f3n 20250416. Se ha clasificado como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo /login.php. La manipulaci\u00f3n del argumento \"Email\" con la entrada \"> provoca cross-site scripting. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4076.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4076.json index 1416d0f48d5..eda69c72bc5 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4076.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4076.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4076", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T18:15:45.830", - "lastModified": "2025-04-29T18:15:45.830", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en LB-LINK BL-AC3600 hasta la versi\u00f3n 1.0.22. Esta afecta a la funci\u00f3n easy_uci_set_option_string_0 del archivo /cgi-bin/lighttpd.cgi del componente Password Handler. La manipulaci\u00f3n del argumento routepwd provoca la inyecci\u00f3n de comandos. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4077.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4077.json index d4a693550e4..cc6eaab75a3 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4077.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4077.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4077", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T18:15:46.003", - "lastModified": "2025-04-29T18:15:46.003", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en code-projects School Billing System 1.0. Esta vulnerabilidad afecta a la funci\u00f3n searchrec. La manipulaci\u00f3n del argumento \"Nombre\" provoca un desbordamiento del b\u00fafer en la pila. Es posible lanzar el ataque en el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4078.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4078.json index 1fdaa5e4605..d36cc90337d 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4078.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4078.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4078", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T20:15:25.383", - "lastModified": "2025-04-29T20:15:25.383", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Wangshen SecGate 3600 2400. Este problema afecta a un procesamiento desconocido del archivo ?g=log_export_file. La manipulaci\u00f3n del argumento file_name provoca un path traversal. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4079.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4079.json index 00085c01812..b8edddc86f1 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4079.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4079.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4079", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T19:15:54.130", - "lastModified": "2025-04-29T19:15:54.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en PCMan FTP Server hasta la versi\u00f3n 2.0.7. Se ve afectada una funci\u00f3n desconocida del componente RENAME Command Handler. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4080.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4080.json index f21a89c745f..58b60a8e150 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4080.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4080.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4080", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-29T20:15:25.563", - "lastModified": "2025-04-29T20:15:25.563", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Online Nurse Hiring System 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/view-request.php. La manipulaci\u00f3n del argumento viewid provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json index b696ff666ed..72a4d7504bc 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4082.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4082", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:34.913", - "lastModified": "2025-05-01T15:16:21.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4083.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4083.json index 7418a5e62e2..2478328e639 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4083.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4083.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4083", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.003", - "lastModified": "2025-05-01T15:16:21.230", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json index 8650636ec3d..533ae550e3d 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4084.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4084", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.097", - "lastModified": "2025-05-01T15:16:21.373", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json index b7db66ccc09..67d268c9e32 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4085.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4085", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.187", - "lastModified": "2025-04-29T14:15:35.187", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138." + }, + { + "lang": "es", + "value": "Un atacante con control sobre un proceso de contenido podr\u00eda aprovechar el actor privilegiado UITour para filtrar informaci\u00f3n confidencial o escalar privilegios. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 138) y Thunderbird (versi\u00f3n anterior a la 138)." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json index c5efc065f24..3280e9fbe09 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4086.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4086", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.267", - "lastModified": "2025-05-01T15:16:21.470", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json index ec1994ca046..26072bf6817 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4087.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4087", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.357", - "lastModified": "2025-05-01T15:16:21.617", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json index 5cb9c38f26a..5ef13930ba7 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4088.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4088", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.450", - "lastModified": "2025-05-01T15:16:21.777", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json index fa24955ab54..51f1e6d68cd 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4089.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4089", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.537", - "lastModified": "2025-04-29T16:15:39.297", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to insufficient escaping of special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138." + }, + { + "lang": "es", + "value": "Debido a la insuficiente capacidad de escape de caracteres especiales en la funci\u00f3n \"copiar como cURL\", un atacante podr\u00eda enga\u00f1ar a un usuario para que use este comando, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo local en su sistema. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 138) y Thunderbird (versi\u00f3n anterior a la 138)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json index eed2a0dedde..c66ca93d01d 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4090.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4090", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.627", - "lastModified": "2025-05-01T15:16:21.913", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json index 515def7d63f..7e539820ce6 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4091.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4091", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.717", - "lastModified": "2025-05-01T15:16:22.050", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json index 8d3088e8e17..a7955b9899c 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4092.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4092", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.820", - "lastModified": "2025-04-29T16:15:39.707", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138." + }, + { + "lang": "es", + "value": "Errores de seguridad de memoria presentes en Firefox 137 y Thunderbird 137. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y presumimos que, con el esfuerzo suficiente, algunos de ellos podr\u00edan haberse explotado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox 138 y Thunderbird 138." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json index ea7c7511c58..4483fd89fd1 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4093.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4093", "sourceIdentifier": "security@mozilla.org", "published": "2025-04-29T14:15:35.907", - "lastModified": "2025-05-01T15:16:22.180", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4095.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4095.json index 2ca67ef0f73..8b9af458fae 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4095.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4095.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4095", "sourceIdentifier": "security@docker.com", "published": "2025-04-29T18:15:46.180", - "lastModified": "2025-04-29T18:15:46.180", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry." + }, + { + "lang": "es", + "value": "Registry Access Management (RAM) es una funci\u00f3n de seguridad que permite a los administradores restringir el acceso de sus desarrolladores \u00fanicamente a los registros permitidos. Cuando se utiliza un perfil de configuraci\u00f3n de macOS para forzar el inicio de sesi\u00f3n de la organizaci\u00f3n, no se aplican las pol\u00edticas de RAM, lo que permitir\u00eda a los usuarios de Docker Desktop descargar im\u00e1genes no autorizadas y potencialmente maliciosas de cualquier registro." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-40xx/CVE-2025-4099.json b/CVE-2025/CVE-2025-40xx/CVE-2025-4099.json index 4884ffee1fe..84fcbdeda9a 100644 --- a/CVE-2025/CVE-2025-40xx/CVE-2025-4099.json +++ b/CVE-2025/CVE-2025-40xx/CVE-2025-4099.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4099", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T05:15:52.167", - "lastModified": "2025-05-01T05:15:52.167", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4100.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4100.json index 289c552ff73..002c7c0dadb 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4100.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4100.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4100", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-01T07:15:58.693", - "lastModified": "2025-05-01T07:15:58.693", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json index 821f17cdf38..97e28b8db8d 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4108", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T10:15:18.407", - "lastModified": "2025-04-30T10:15:18.407", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul Student Record System 3.20. Se ve afectada una funci\u00f3n desconocida del archivo /add-subject.php. La manipulaci\u00f3n del argumento sub1 provoca una inyecci\u00f3n SQL. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json index 2f4816203fb..820b6314a05 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4109", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T10:15:18.813", - "lastModified": "2025-04-30T10:15:18.813", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Pre-School Enrollment System 1.0, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/edit-subadmin.php. La manipulaci\u00f3n del argumento \"mobilenumber\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros par\u00e1metros tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json index 6a03178e2b4..30d86665e44 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4110", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T11:15:49.983", - "lastModified": "2025-04-30T11:15:49.983", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Pre-School Enrollment System 1.0, clasificada como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo /admin/edit-teacher.php. La manipulaci\u00f3n del argumento \"mobilenumber\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros par\u00e1metros tambi\u00e9n podr\u00edan verse afectados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json index fbacd46ede4..6c6908a0492 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4111", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T11:15:50.283", - "lastModified": "2025-04-30T11:15:50.283", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Pre-School Enrollment System 1.0. Se ha clasificado como cr\u00edtica. Afecta una parte desconocida del archivo /admin/visitor-details.php. La manipulaci\u00f3n del argumento \"Status\" provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json index 1bfaac91202..ec2ff14b775 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4112", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T11:15:50.500", - "lastModified": "2025-04-30T11:15:50.500", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Student Record System 3.20. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /add-course.php. La manipulaci\u00f3n del argumento course-short provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json index b9750cdb3a2..2f5f070163b 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4113", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T11:15:50.760", - "lastModified": "2025-04-30T11:15:50.760", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en PHPGurukul Curfew e-Pass Management System 1.0. Se ha clasificado como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /admin/edit-pass-detail.php. La manipulaci\u00f3n del argumento editid provoca una inyecci\u00f3n SQL. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4114.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4114.json index 3700c66f1f6..4283d568d9a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4114.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4114.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4114", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T12:15:22.640", - "lastModified": "2025-04-30T12:15:22.640", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en Netgear JWNR2000v2 1.0.0.11. La funci\u00f3n check_language_file est\u00e1 afectada. La manipulaci\u00f3n del argumento host provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se contact\u00f3 con el proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4115.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4115.json index 59b22fdbef6..11b519bcf20 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4115.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4115.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4115", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T13:15:49.663", - "lastModified": "2025-04-30T13:15:49.663", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Netgear JWNR2000v2 1.0.0.11. Esta vulnerabilidad afecta a la funci\u00f3n `default_version_is_new`. La manipulaci\u00f3n del argumento `host` provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4116.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4116.json index 8a60b7fbfbb..b7ab0484426 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4116.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4116.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4116", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T13:15:49.867", - "lastModified": "2025-04-30T13:15:49.867", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Netgear JWNR2000v2 1.0.0.11. La funci\u00f3n get_cur_lang_ver se ve afectada por este problema. La manipulaci\u00f3n del argumento host provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4117.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4117.json index 2c3a5c4edf6..b73ed8025e4 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4117.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4117.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4117", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T13:15:50.070", - "lastModified": "2025-04-30T13:15:50.070", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en Netgear JWNR2000v2 1.0.0.11. Esta afecta a la funci\u00f3n sub_41A914. La manipulaci\u00f3n del argumento \"host\" provoca un desbordamiento del b\u00fafer. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4118.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4118.json index 0e974d0d51e..4c5792cc1f1 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4118.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4118.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4118", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T14:15:30.833", - "lastModified": "2025-04-30T14:15:30.833", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en Weitong Mall 1.0.0. Esta afecta a una parte desconocida del archivo /historyList del componente Product History Handler. La manipulaci\u00f3n del argumento isDelete con la entrada 1 genera controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4119.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4119.json index e8a45235ded..3eb3227ec13 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4119.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4119.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4119", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T14:15:31.020", - "lastModified": "2025-04-30T14:15:31.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Weitong Mall 1.0.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /queryTotal del componente Product Statistics Handler. La manipulaci\u00f3n del argumento isDelete con la entrada 1 genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4120.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4120.json index 14a9856b789..7080aa3b2fd 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4120.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4120.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4120", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T14:15:31.200", - "lastModified": "2025-04-30T14:15:31.200", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Netgear JWNR2000v2 1.0.0.11. Se ha clasificado como cr\u00edtica. La funci\u00f3n sub_4238E8 est\u00e1 afectada. La manipulaci\u00f3n del argumento host provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4121.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4121.json index d54d3bc3724..8df1419b03f 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4121.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4121.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4121", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T14:15:31.423", - "lastModified": "2025-04-30T14:15:31.423", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Netgear JWNR2000v2 1.0.0.11. Se ha declarado cr\u00edtica. La funci\u00f3n cmd_wireless se ve afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento \"host\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4122.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4122.json index 250dbc8a898..45f50a5766b 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4122.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4122.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4122", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T15:16:02.590", - "lastModified": "2025-04-30T15:16:02.590", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Netgear JWNR2000v2 1.0.0.11. Se ha clasificado como cr\u00edtica. La funci\u00f3n sub_435E04 se ve afectada por este problema. La manipulaci\u00f3n del argumento \"host\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4124.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4124.json index a1eb595103e..8dcc73e5d52 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4124.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4124.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4124", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-30T09:15:17.300", - "lastModified": "2025-04-30T09:15:17.300", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo ISP." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4125.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4125.json index 432d3d17019..e74c0a333be 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4125.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4125.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4125", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-30T09:15:17.523", - "lastModified": "2025-04-30T09:15:17.523", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file." + }, + { + "lang": "es", + "value": "La versi\u00f3n 3.20 de Delta Electronics ISPSoft es afectado por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario al analizar un archivo ISP." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4131.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4131.json index acf51e6e152..d18bb10c3d9 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4131.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4131.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4131", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:21.257", - "lastModified": "2025-05-02T03:15:21.257", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4135.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4135.json index adaa2561832..bdbf7b4f86a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4135.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4135.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4135", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T18:15:48.400", - "lastModified": "2025-04-30T18:15:48.400", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad en Netgear WG302v2 hasta la versi\u00f3n 5.2.9, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n ui_get_input_value. La manipulaci\u00f3n del argumento \"host\" provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4136.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4136.json index 960c7188489..209092ccf4a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4136.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4136.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4136", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T20:15:21.787", - "lastModified": "2025-04-30T20:15:21.787", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Weitong Mall 1.0.0. Se ha clasificado como cr\u00edtica. Afecta una parte desconocida del componente Sale Endpoint. La manipulaci\u00f3n del ID del argumento provoca una autorizaci\u00f3n indebida. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4139.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4139.json index a2ee1bdb496..00d3db824c1 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4139.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4139.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4139", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T21:15:55.003", - "lastModified": "2025-04-30T21:15:55.003", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Netgear EX6120 1.0.0.68. Esta vulnerabilidad afecta a la funci\u00f3n fwAcosCgiInbound. La manipulaci\u00f3n del argumento \"host\" provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4140.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4140.json index 1eef26a82de..a5806be4db2 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4140.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4140.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4140", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T22:15:17.097", - "lastModified": "2025-04-30T22:15:17.097", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Netgear EX6120 1.0.3.94. La funci\u00f3n sub_30394 se ve afectada por este problema. La manipulaci\u00f3n del argumento host provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse remotamente. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4141.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4141.json index 5d9af377479..75c9ada2038 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4141.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4141.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4141", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T22:15:17.287", - "lastModified": "2025-04-30T22:15:17.287", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en Netgear EX6200 1.0.3.94. Esta afecta a la funci\u00f3n sub_3C03C. La manipulaci\u00f3n del argumento \"host\" provoca un desbordamiento del b\u00fafer. Es posible iniciar el ataque de forma remota. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4142.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4142.json index 1213fd86df3..8d8e4050b5d 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4142.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4142.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4142", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-30T23:16:02.543", - "lastModified": "2025-04-30T23:16:02.543", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4143.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4143.json index b86cb688c6b..b0d7ed21e68 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4143.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4143.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4143", "sourceIdentifier": "cna@cloudflare.com", "published": "2025-05-01T01:15:54.127", - "lastModified": "2025-05-01T01:15:54.127", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4144.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4144.json index b3ffd741612..206cbf783a8 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4144.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4144.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4144", "sourceIdentifier": "cna@cloudflare.com", "published": "2025-05-01T01:15:54.267", - "lastModified": "2025-05-01T01:15:54.267", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4145.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4145.json index 29f4494b797..2242a68e634 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4145.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4145.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4145", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T01:15:54.393", - "lastModified": "2025-05-01T01:15:54.393", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4146.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4146.json index ce303a26793..3e504d411ca 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4146.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4146.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4146", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T02:15:17.687", - "lastModified": "2025-05-01T02:15:17.687", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4147.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4147.json index efbd8af7912..3505e0dfd78 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4147.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4147.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4147", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T02:15:17.947", - "lastModified": "2025-05-01T02:15:17.947", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4148.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4148.json index 4f52c059a58..edce7e75731 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4148.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4148.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4148", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T04:16:58.113", - "lastModified": "2025-05-01T04:16:58.113", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4149.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4149.json index 2fde649d8f3..395138dbce0 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4149.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4149.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4149", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T04:16:58.323", - "lastModified": "2025-05-01T04:16:58.323", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4150.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4150.json index d76d73fb93d..0050ffeaf8a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4150.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4150.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4150", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T05:15:52.313", - "lastModified": "2025-05-01T05:15:52.313", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4151.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4151.json index 9e74ab84d6f..9cefea930d3 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4151.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4151.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4151", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T06:15:35.130", - "lastModified": "2025-05-01T06:15:35.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4152.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4152.json index 68bda356b13..525405f59f9 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4152.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4152.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4152", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T06:15:35.657", - "lastModified": "2025-05-01T06:15:35.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4153.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4153.json index 27f0fc0b5d4..38924a9c50e 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4153.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4153.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4153", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T07:15:58.847", - "lastModified": "2025-05-01T07:15:58.847", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4154.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4154.json index c4a5c3ed714..fbf79d34ad7 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4154.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4154.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4154", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T07:15:59.153", - "lastModified": "2025-05-01T07:15:59.153", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4155.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4155.json index d2c806b4fee..e03ba72367a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4155.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4155.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4155", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T08:15:18.130", - "lastModified": "2025-05-01T08:15:18.130", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4156.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4156.json index a3879b52319..e8c736a2aa8 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4156.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4156.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4156", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T08:15:18.303", - "lastModified": "2025-05-01T08:15:18.303", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4157.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4157.json index c02e90293dd..f1d529374db 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4157.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4157.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4157", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T09:15:15.513", - "lastModified": "2025-05-01T09:15:15.513", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4158.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4158.json index 269c4702798..dfaff23b5d5 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4158.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4158.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4158", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T09:15:15.720", - "lastModified": "2025-05-01T09:15:15.720", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4159.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4159.json index cd2bfd86c07..ee4370aa38e 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4159.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4159.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4159", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T10:15:15.637", - "lastModified": "2025-05-01T10:15:15.637", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4160.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4160.json index c60e5e8ad0d..0d471ea979a 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4160.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4160.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4160", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T10:15:17.567", - "lastModified": "2025-05-01T10:15:17.567", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4161.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4161.json index e1da2339897..fb3c997d12d 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4161.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4161.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4161", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T11:15:54.740", - "lastModified": "2025-05-01T11:15:54.740", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4162.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4162.json index adf51ff28fa..a71e7aca9cb 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4162.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4162.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4162", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T11:15:54.943", - "lastModified": "2025-05-01T11:15:54.943", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4163.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4163.json index 4b293075643..998078cf955 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4163.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4163.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4163", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T12:15:18.027", - "lastModified": "2025-05-01T12:15:18.027", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4164.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4164.json index 0ce8d0001e4..3d40194ead1 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4164.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4164.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4164", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T12:15:18.410", - "lastModified": "2025-05-01T12:15:18.410", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4173.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4173.json index 8b924e4dda0..7a7be03ddc5 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4173.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4173.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4173", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T17:15:51.257", - "lastModified": "2025-05-01T17:15:51.257", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Online Eyewear Shop 1.0. Esta vulnerabilidad afecta a la funci\u00f3n delete_cart del archivo /oews/classes/Master.php?f=delete_cart. La manipulaci\u00f3n del ID del argumento provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4174.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4174.json index 957eedbca11..c72b53e8ccf 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4174.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4174.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4174", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T19:15:59.333", - "lastModified": "2025-05-01T19:15:59.333", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en PHPGurukul COVID19 Testing Management System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /login.php. La manipulaci\u00f3n del argumento \"Username\" provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { @@ -59,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +144,10 @@ { "url": "https://vuldb.com/?submit.561746", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/FLYFISH567/CVE/issues/1", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4175.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4175.json index 1f27a08ba52..51056c0ea81 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4175.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4175.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4175", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T21:15:54.687", - "lastModified": "2025-05-01T21:15:54.687", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.jav of the component Upload Profile API Endpoint. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en AlanBinu007 Spring-Boot-Advanced-Projects hasta la versi\u00f3n 3.1.3. Esta vulnerabilidad afecta a la funci\u00f3n uploadUserProfileImage del archivo /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.jav del componente Upload Profile API Endpoint. La manipulaci\u00f3n del argumento File provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha divulgado p\u00fablicamente y podr\u00eda utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4176.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4176.json index 9d7c43bc7e4..0276c9f12d5 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4176.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4176.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4176", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T22:15:17.950", - "lastModified": "2025-05-01T22:15:17.950", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4177.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4177.json index 83bd25be8bc..fb1c6a0f6d6 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4177.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4177.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4177", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:21.397", - "lastModified": "2025-05-02T03:15:21.397", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4178.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4178.json index d0a1dcffafd..63b49c336f7 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4178.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4178.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4178", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T22:15:18.140", - "lastModified": "2025-05-01T22:15:18.140", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4179.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4179.json index 05a4c27f42e..044f183c6e0 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4179.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4179.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4179", "sourceIdentifier": "security@wordfence.com", "published": "2025-05-02T03:15:21.540", - "lastModified": "2025-05-02T03:15:21.540", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4180.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4180.json index ba5b10e5661..6ac7ebc78e3 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4180.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4180.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4180", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T22:15:18.313", - "lastModified": "2025-05-01T22:15:18.313", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4181.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4181.json index cbab0bb9be5..22b3c4f0c24 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4181.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4181.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4181", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T23:15:50.833", - "lastModified": "2025-05-01T23:15:50.833", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4182.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4182.json index 2af6798139d..b5694d40dc5 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4182.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4182.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4182", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T23:15:51.023", - "lastModified": "2025-05-01T23:15:51.023", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4183.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4183.json index 41d70b2bd01..289c0dbb403 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4183.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4183.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4183", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-01T23:15:51.197", - "lastModified": "2025-05-01T23:15:51.197", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4184.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4184.json index 2855acbbaf6..43344c001d1 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4184.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4184.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4184", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T00:15:18.877", - "lastModified": "2025-05-02T00:15:18.877", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4185.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4185.json index 1724c2ed39c..94f3825ea63 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4185.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4185.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4185", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T00:15:19.050", - "lastModified": "2025-05-02T00:15:19.050", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4186.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4186.json index eef91507465..e8649353bb2 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4186.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4186.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4186", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T00:15:19.233", - "lastModified": "2025-05-02T00:15:19.233", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json index 71383dbf255..e6f0a92b877 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4191.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4191", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T00:15:19.440", - "lastModified": "2025-05-02T00:15:19.440", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -59,7 +59,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.561816", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ideal-valli/myCVE/issues/3", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4192.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4192.json index a951378ff84..27fa9069d39 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4192.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4192.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4192", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T01:15:54.520", - "lastModified": "2025-05-02T01:15:54.520", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -59,7 +59,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.561838", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/XuepengZhao-insp/vuldb/issues/4", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4193.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4193.json index 06a946ba417..5a910bd5ac4 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4193.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4193.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4193", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T01:15:54.743", - "lastModified": "2025-05-02T01:15:54.743", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -59,7 +59,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.561849", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/XuepengZhao-insp/vuldb/issues/5", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4195.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4195.json index 057c514a532..bdd92bc662b 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4195.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4195.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4195", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T01:15:54.917", - "lastModified": "2025-05-02T01:15:54.917", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -59,7 +59,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", @@ -107,7 +107,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -140,6 +140,10 @@ { "url": "https://vuldb.com/?submit.561876", "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/XuepengZhao-insp/vuldb/issues/6", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4196.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4196.json index ac184429040..300d418be93 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4196.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4196.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4196", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T02:15:17.320", - "lastModified": "2025-05-02T02:15:17.320", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4197.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4197.json index 3f293356dbf..682ed92c428 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4197.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4197.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4197", "sourceIdentifier": "cna@vuldb.com", "published": "2025-05-02T02:15:17.687", - "lastModified": "2025-05-02T02:15:17.687", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-42xx/CVE-2025-4204.json b/CVE-2025/CVE-2025-42xx/CVE-2025-4204.json new file mode 100644 index 00000000000..cb240112f13 --- /dev/null +++ b/CVE-2025/CVE-2025-42xx/CVE-2025-4204.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-4204", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-05-02T13:15:47.423", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://auctionplugin.net/changelog/ultimate-woo-auction-pro/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43595.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43595.json index 71495405497..41fde3a5701 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43595.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43595.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43595", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2025-05-01T22:15:17.800", - "lastModified": "2025-05-02T03:15:21.167", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json b/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json index f16016200de..b02eed900de 100644 --- a/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json +++ b/CVE-2025/CVE-2025-441xx/CVE-2025-44192.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44192", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T18:15:47.597", - "lastModified": "2025-04-30T18:15:47.597", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance." + }, + { + "lang": "es", + "value": "SourceCodester Simple Barangay Management System v1.0 tiene una vulnerabilidad de inyecci\u00f3n SQL en /barangay_management/admin/?page=view_clearance." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-441xx/CVE-2025-44193.json b/CVE-2025/CVE-2025-441xx/CVE-2025-44193.json index af71df6aec9..bcf4338f0d0 100644 --- a/CVE-2025/CVE-2025-441xx/CVE-2025-44193.json +++ b/CVE-2025/CVE-2025-441xx/CVE-2025-44193.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44193", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T18:15:47.707", - "lastModified": "2025-05-01T19:15:58.680", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint." + }, + { + "lang": "es", + "value": "SourceCodester Simple Barangay Management System v1.0 tiene una vulnerabilidad de inyecci\u00f3n SQL en /barangay_management/admin/?page=view_complaint." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-441xx/CVE-2025-44194.json b/CVE-2025/CVE-2025-441xx/CVE-2025-44194.json index c1e511c0def..05940c5451c 100644 --- a/CVE-2025/CVE-2025-441xx/CVE-2025-44194.json +++ b/CVE-2025/CVE-2025-441xx/CVE-2025-44194.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44194", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T18:15:47.823", - "lastModified": "2025-05-01T19:15:58.820", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household." + }, + { + "lang": "es", + "value": "SourceCodester Simple Barangay Management System v1.0 tiene una vulnerabilidad de inyecci\u00f3n SQL en /barangay_management/admin/?page=view_household." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44835.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44835.json index b8190e62bed..fbfc2c97348 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44835.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44835.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44835", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T14:15:45.473", - "lastModified": "2025-05-01T21:15:52.447", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que D-Link DIR-816 A2V1.1.0B05 conten\u00eda una inyecci\u00f3n de comando en iptablesWebsFilterRun, que permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s del shell." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44836.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44836.json index de9a37213ea..5c559560ffd 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44836.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44836.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44836", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T15:16:20.723", - "lastModified": "2025-05-01T21:15:52.607", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CPE CP900 V6.3c.1144_B20190715 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setApRebootScheCfg mediante los par\u00e1metros de hora o minuto. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44837.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44837.json index d68a4dbada4..225f894b3a8 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44837.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44837.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44837", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T15:16:20.837", - "lastModified": "2025-05-01T21:15:52.757", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CPE CP900 V6.3c.1144_B20190715 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante los par\u00e1metros url o magicid. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44838.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44838.json index 1cb3b0b41a7..4c0302e1c5d 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44838.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44838.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44838", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T15:16:20.950", - "lastModified": "2025-05-01T21:15:52.907", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CPE CP900 V6.3c.1144_B20190715 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUploadUserData mediante el par\u00e1metro FileName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json index 547f36d3c34..bcbd229d63b 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44839.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44839", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.127", - "lastModified": "2025-05-01T17:15:50.127", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro magicid. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json index 8b36c22e20b..2894c319580 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44840.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44840", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.253", - "lastModified": "2025-05-01T17:15:50.253", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro svn. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json index 0c9cf857f14..9c0e0b1b675 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44841.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44841", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.360", - "lastModified": "2025-05-01T17:15:50.360", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro de versi\u00f3n. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json index f7dc0b3dd42..a20ae6e29ce 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44842.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44842", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.467", - "lastModified": "2025-05-01T17:15:50.467", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Port. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json index 91e73b0bd10..65bd55ff330 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44843.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44843", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.583", - "lastModified": "2025-05-01T17:15:50.583", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json index 64c17447379..041eb726517 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44844.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44844", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.690", - "lastModified": "2025-05-01T17:15:50.690", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUpgradeFW mediante el par\u00e1metro FileName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json index d816456a77c..8cc537541f0 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44845.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44845", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.807", - "lastModified": "2025-05-01T17:15:50.807", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n NTPSyncWithHost mediante el par\u00e1metro hostTime. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44846.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44846.json index d5158e74eab..cb558d98c0c 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44846.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44846.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44846", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:50.917", - "lastModified": "2025-05-01T21:15:53.053", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n recvUpgradeNewFw mediante el par\u00e1metro fwUrl. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44847.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44847.json index 1c0f8b7e9a9..b3a55d0fd5c 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44847.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44847.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44847", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:51.037", - "lastModified": "2025-05-01T21:15:53.213", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setWebWlanIdx mediante el par\u00e1metro webWlanIdx. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44848.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44848.json index 8166c3d7a06..550d16bc691 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44848.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44848.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44848", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T17:15:51.140", - "lastModified": "2025-05-01T17:15:51.140", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA600-PoE V5.3c.6665_B20180820 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44854.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44854.json index 6f46020e265..e6a1e623aff 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44854.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44854.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44854", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T14:15:45.593", - "lastModified": "2025-05-01T21:15:53.367", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:20.943", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CP900 V6.3c.1144_B20190715 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n setUpgradeUboot mediante el par\u00e1metro FileName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json index 634ca329b06..473d0a01512 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44860.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44860", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.537", - "lastModified": "2025-05-01T18:15:56.537", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Port. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44861.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44861.json index 47571d891b1..2a79cb6dd57 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44861.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44861.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44861", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.647", - "lastModified": "2025-05-01T21:15:53.530", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n CloudSrvUserdataVersionCheck mediante el par\u00e1metro url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44862.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44862.json index 02c72ed1cff..49ef4289bdf 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44862.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44862.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44862", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.753", - "lastModified": "2025-05-01T21:15:53.677", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n recvUpgradeNewFw mediante el par\u00e1metro fwUrl. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json index 97288f52b46..5c1a1480f7f 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44863.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44863", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.873", - "lastModified": "2025-05-01T18:15:56.873", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK CA300-POE V6.2c.884_B20180522 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n msg_process mediante el par\u00e1metro Url. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44864.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44864.json index fedbe954996..15ee7805de7 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44864.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44864.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44864", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:56.987", - "lastModified": "2025-05-01T21:15:53.840", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Tenda W20E V15.11.0.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetDebugCfg mediante el par\u00e1metro module. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44865.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44865.json index 428ae55c523..7d67e48dd81 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44865.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44865.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44865", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:57.100", - "lastModified": "2025-05-01T21:15:54.020", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Tenda W20E V15.11.0.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetDebugCfg mediante el par\u00e1metro enable. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44866.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44866.json index 403e45f36ab..a18b5887188 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44866.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44866.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44866", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:57.200", - "lastModified": "2025-05-01T21:15:54.190", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se detect\u00f3 que Tenda W20E V15.11.0.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetDebugCfg mediante el par\u00e1metro level. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-448xx/CVE-2025-44867.json b/CVE-2025/CVE-2025-448xx/CVE-2025-44867.json index 5b75be5c38d..d0e3e9a7464 100644 --- a/CVE-2025/CVE-2025-448xx/CVE-2025-44867.json +++ b/CVE-2025/CVE-2025-448xx/CVE-2025-44867.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44867", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-01T18:15:57.353", - "lastModified": "2025-05-01T21:15:54.343", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Tenda W20E V15.11.0.6 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetNetCheckTools mediante el par\u00e1metro hostName. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45007.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45007.json index a583ce6e64c..07ffc5f6041 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45007.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45007.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45007", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T13:15:49.310", - "lastModified": "2025-04-30T15:16:02.120", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el archivo profile.php de PHPGurukul Timetable Generator System v1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario mediante el par\u00e1metro de solicitud POST adminname." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45009.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45009.json index 735f3255af0..d8e692faa29 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45009.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45009.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45009", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:28.890", - "lastModified": "2025-04-30T16:15:37.273", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n HTML en el archivo normal-search.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro searchdata." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45010.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45010.json index 9bec2ca918a..ac995024e87 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45010.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45010.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45010", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.080", - "lastModified": "2025-04-30T16:15:37.617", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n HTML en el archivo normal-bwdates-reports-details.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante los par\u00e1metros de solicitud POST fromdate y todate." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45011.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45011.json index ee0fe172e6d..652e8405299 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45011.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45011.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45011", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.193", - "lastModified": "2025-04-30T16:15:39.060", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n HTML en el archivo foreigner-search.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro de solicitud POST searchdata." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45015.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45015.json index 2b9d8657190..39b6f68ffda 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45015.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45015.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45015", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.313", - "lastModified": "2025-04-30T14:15:29.313", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) en el archivo foreigner-bwdates-reports-details.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos inyectar c\u00f3digo JavaScript arbitrario mediante los par\u00e1metros fromdate y todate." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45017.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45017.json index fc03fc26c24..fd43419418e 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45017.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45017.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45017", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.427", - "lastModified": "2025-04-30T14:15:29.427", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en edit-ticket.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro de solicitud POST tprice." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45018.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45018.json index a03ff1dffda..9ec513fdf7b 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45018.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45018.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45018", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.547", - "lastModified": "2025-04-30T14:15:29.547", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo foreigner-bwdates-reports-details.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo SQL arbitrario mediante el par\u00e1metro \"todate\"." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45019.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45019.json index d86712954ee..7c9f0cb4975 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45019.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45019.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45019", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.660", - "lastModified": "2025-04-30T14:15:29.660", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo /add-foreigners-ticket.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el par\u00e1metro de solicitud POST cprice." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45020.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45020.json index 30a32e89cbf..7e3e7834c11 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45020.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45020.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45020", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T13:15:49.480", - "lastModified": "2025-04-30T15:16:02.287", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo normal-bwdates-reports-details.php de PHPGurukul Park Ticketing Management System v2.0. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo SQL arbitrario mediante el par\u00e1metro \"todate\" en una solicitud POST." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-450xx/CVE-2025-45021.json b/CVE-2025/CVE-2025-450xx/CVE-2025-45021.json index eb988724682..5e5bef48076 100644 --- a/CVE-2025/CVE-2025-450xx/CVE-2025-45021.json +++ b/CVE-2025/CVE-2025-450xx/CVE-2025-45021.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45021", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-30T14:15:29.777", - "lastModified": "2025-04-30T16:15:39.277", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo admin/edit-directory.php de PHPGurukul Directory Management System v2.0. Los atacantes pueden explotar esta vulnerabilidad mediante el par\u00e1metro de correo electr\u00f3nico en una solicitud POST para ejecutar comandos SQL arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json b/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json index a3896fe4c9b..40a7efd2201 100644 --- a/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json +++ b/CVE-2025/CVE-2025-459xx/CVE-2025-45956.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45956", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-29T17:15:41.317", - "lastModified": "2025-04-29T17:15:41.317", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the \"id\" parameter" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en manage_damage.php en Sourcecodester Computer Laboratory Management System v1.0 permite que un atacante autenticado ejecute comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"id\"." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46331.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46331.json index c407496ec4c..03d27e7db7e 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46331.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46331.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46331", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T19:15:55.490", - "lastModified": "2025-04-30T19:15:55.490", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. This issue has been patched in version 1.8.11." + }, + { + "lang": "es", + "value": "OpenFGA es un motor de autorizaci\u00f3n y permisos flexible y de alto rendimiento, dise\u00f1ado para desarrolladores e inspirado en Google Zanzibar. Las versiones de OpenFGA v1.8.10 a v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) son vulnerables a la omisi\u00f3n de la autorizaci\u00f3n al ejecutar ciertas llamadas a Check y ListObject. Este problema se ha corregido en la versi\u00f3n 1.8.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46337.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46337.json index f26d927af85..8b5c86b4aab 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46337.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46337.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46337", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-01T18:15:57.510", - "lastModified": "2025-05-01T18:15:57.510", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9." + }, + { + "lang": "es", + "value": "ADOdb es una librer\u00eda de clases de bases de datos PHP que proporciona abstracciones para realizar consultas y administrar bases de datos. Antes de la versi\u00f3n 5.22.9, el escape incorrecto de un par\u00e1metro de consulta pod\u00eda permitir que un atacante ejecutara sentencias SQL arbitrarias cuando el c\u00f3digo que usa ADOdb se conecta a una base de datos PostgreSQL e invoca pg_insert_id() con datos proporcionados por el usuario. Este problema se ha corregido en la versi\u00f3n 5.22.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46342.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46342.json index 1578c389703..3e47bb26524 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46342.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46342.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46342", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-30T15:16:02.440", - "lastModified": "2025-04-30T15:16:02.440", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0." + }, + { + "lang": "es", + "value": "Kyverno es un motor de pol\u00edticas dise\u00f1ado para equipos de ingenier\u00eda de plataformas nativas de la nube. En versiones anteriores a la 1.13.5 y la 1.14.0, pod\u00eda ocurrir que las reglas de pol\u00edticas que usaban selectores de espacios de nombres en sus declaraciones de coincidencia no se aplicaran por error durante el procesamiento de solicitudes de revisi\u00f3n de admisi\u00f3n debido a la falta de propagaci\u00f3n de errores en la funci\u00f3n `GetNamespaceSelectorsFromNamespaceLister` en `pkg/utils/engine/labels.go`. Como consecuencia, se omiten las mutaciones y validaciones cr\u00edticas para la seguridad, lo que podr\u00eda permitir que atacantes con acceso a la API de K8 realicen operaciones maliciosas. Este problema se ha corregido en las versiones 1.13.5 y 1.14.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46344.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46344.json index 79ef85247d3..61383c5fe30 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46344.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46344.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46344", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-29T21:15:51.987", - "lastModified": "2025-04-29T21:15:51.987", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1." + }, + { + "lang": "es", + "value": "El SDK Auth0 Next.js es una librer\u00eda para implementar la autenticaci\u00f3n de usuarios en aplicaciones Next.js. Las versiones a partir de la 4.0.1 y anteriores a la 4.5.1 no invocan `.setExpirationTime` al generar un token JWE para la sesi\u00f3n. Por lo tanto, el JWE no contiene una notificaci\u00f3n de expiraci\u00f3n interna. Aunque la cookie de sesi\u00f3n pueda expirar o borrarse, el JWE sigue siendo v\u00e1lido. Este problema se ha corregido en la versi\u00f3n 4.5.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46345.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46345.json index dee2827c8c7..50230dbf263 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46345.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46345.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46345", "sourceIdentifier": "security-advisories@github.com", "published": "2025-05-01T18:15:57.657", - "lastModified": "2025-05-01T18:15:57.657", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:52:51.693", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user information without proper authorization. This issue has been patched in versions 2.6.7, 2.7.0, and 3.0.0. It is recommended to upgrade to version 3.0.0 or greater." + }, + { + "lang": "es", + "value": "Auth0 Account Link Extension facilita la vinculaci\u00f3n de cuentas. Las versiones 2.3.4 a 2.6.6 no verifican la firma del JWT proporcionado. Esto permite al usuario proporcionar un token falsificado y acceder a la informaci\u00f3n del usuario sin la debida autorizaci\u00f3n. Este problema se ha corregido en las versiones 2.6.7, 2.7.0 y 3.0.0. Se recomienda actualizar a la versi\u00f3n 3.0.0 o superior." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json b/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json index 0a97df4da6f..a059ee92188 100644 --- a/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json +++ b/CVE-2025/CVE-2025-463xx/CVE-2025-46346.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46346", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-29T16:15:36.873", - "lastModified": "2025-04-29T18:15:44.570", - "vulnStatus": "Received", + "lastModified": "2025-05-02T13:53:40.163", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application\u2019s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `