admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-18T21:00:19.783526+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-18 21:03:50 +00:00
parent 6cf3d6d480
commit f0478725b0
165 changed files with 8135 additions and 814 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2017/CVE-2017-175xx/CVE-2017-17506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-17506",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-12-11T03:29:00.440",
"lastModified": "2024-11-21T03:18:03.183",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:25:10.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
@ -85,8 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "448E192C-0858-4E4B-8D03-B7684C97EFBA"
"criteria": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8.0",
"versionEndIncluding": "1.10.1",
"matchCriteriaId": "D6A139D8-EA25-44A3-9A7B-67CCE650579E"
}
]
}

16
CVE-2018/CVE-2018-138xx/CVE-2018-13873.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-13873",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-07-10T21:29:00.577",
"lastModified": "2024-11-21T03:48:14.007",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:24:50.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,13 +16,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
@ -85,8 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DBACEBD3-409C-4169-BF10-582071D36973"
"criteria": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8.0",
"versionEndIncluding": "1.8.20",
"matchCriteriaId": "5648F864-D078-444B-8378-217F444B53FF"
}
]
}

10
CVE-2018/CVE-2018-140xx/CVE-2018-14015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-14015",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-07-12T20:29:00.180",
"lastModified": "2024-11-21T03:48:27.123",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:25:23.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -85,8 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radare:radare2:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693C6349-1A2D-48F3-A861-9E3F7832D174"
"criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.7.0",
"matchCriteriaId": "B8B8BB50-8502-4546-8D37-942FAE629739"
}
]
}

32
CVE-2019/CVE-2019-166xx/CVE-2019-16638.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-16638",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-16T17:15:10.330",
"lastModified": "2024-11-21T04:30:51.497",
"lastModified": "2025-03-18T20:15:16.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-312"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [

17
CVE-2020/CVE-2020-162xx/CVE-2020-16296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-16296",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-08-13T03:15:13.383",
"lastModified": "2024-11-21T05:07:07.440",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:25:57.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -86,8 +86,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.18",
"versionEndExcluding": "9.52",
"matchCriteriaId": "F5FAC7D9-2E45-4720-833F-EE7E5FA53299"
"matchCriteriaId": "7F3B7B83-FABF-4F34-98C0-ECD5259D9A6F"
}
]
}
@ -151,7 +152,10 @@
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html",
@ -193,7 +197,10 @@
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html",

20
CVE-2020/CVE-2020-175xx/CVE-2020-17538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-17538",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-08-13T03:15:14.493",
"lastModified": "2024-11-21T05:08:19.363",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:26:51.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -85,8 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "089333A5-72AA-4E68-8A8E-81876AAC9DD3"
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.18",
"versionEndExcluding": "9.52",
"matchCriteriaId": "7F3B7B83-FABF-4F34-98C0-ECD5259D9A6F"
}
]
}
@ -150,7 +152,10 @@
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html",
@ -192,7 +197,10 @@
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=9f39ed4a92578a020ae10459643e1fe72573d134",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html",

32
CVE-2021/CVE-2021-321xx/CVE-2021-32163.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-32163",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:10.917",
"lastModified": "2024-11-21T06:06:53.683",
"lastModified": "2025-03-18T20:15:16.247",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-863"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-324xx/CVE-2021-32419.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-32419",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:10.970",
"lastModified": "2024-11-21T06:07:00.247",
"lastModified": "2025-03-18T20:15:16.413",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-332xx/CVE-2021-33226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33226",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:11.083",
"lastModified": "2024-11-21T06:08:33.643",
"lastModified": "2025-03-18T19:15:38.633",
"vulnStatus": "Modified",
"cveTags": [
{
@ -39,6 +39,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -52,6 +72,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-333xx/CVE-2021-33391.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33391",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:11.187",
"lastModified": "2024-11-21T06:08:47.487",
"lastModified": "2025-03-18T19:15:39.667",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-339xx/CVE-2021-33948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33948",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:11.293",
"lastModified": "2024-11-21T06:09:47.800",
"lastModified": "2025-03-18T19:15:39.840",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-339xx/CVE-2021-33949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33949",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:11.347",
"lastModified": "2024-11-21T06:09:47.950",
"lastModified": "2025-03-18T19:15:40.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

32
CVE-2021/CVE-2021-339xx/CVE-2021-33950.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T18:15:11.403",
"lastModified": "2024-11-21T06:09:48.117",
"lastModified": "2025-03-18T19:15:40.160",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-611"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [

10
CVE-2021/CVE-2021-449xx/CVE-2021-44923.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-44923",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-21T21:15:07.717",
"lastModified": "2024-11-21T06:31:42.747",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:27:28.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -85,8 +85,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gpac:gpac:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56FF2AB9-517D-43A7-867E-9FB6B833194F"
"criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.0",
"versionEndIncluding": "1.1.0",
"matchCriteriaId": "09771DAE-BE6D-498E-9DB3-3C3D4AB5BFC7"
}
]
}

190
CVE-2021/CVE-2021-476xx/CVE-2021-47631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47631",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:04.400",
"lastModified": "2025-02-26T06:37:04.400",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:35:26.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,169 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: davinci: da850-evm: Evitar la desreferencia de puntero NULL Con versiones m\u00e1s nuevas de GCC, hay un p\u00e1nico en da850_evm_config_emac() al iniciar multi_v5_defconfig en QEMU bajo la m\u00e1quina palmetto-bmc: No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 00000020 pgd = (ptrval) [00000020] *pgd=00000000 Error interno: Oops: 5 [#1] PREEMPT M\u00f3dulos ARM vinculados: CPU: 0 PID: 1 Comm: swapper No contaminado 5.15.0 #1 Nombre del hardware: Sistema gen\u00e9rico basado en DT La PC est\u00e1 en da850_evm_config_emac+0x1c/0x120 LR est\u00e1 en El puntero emac_pdata en soc_info es NULL porque davinci_soc_info solo se completa en m\u00e1quinas davinci, pero se llama a da850_evm_config_emac() en todas las m\u00e1quinas a trav\u00e9s de device_initcall(). Mueva la asignaci\u00f3n rmii_en debajo de la verificaci\u00f3n de la m\u00e1quina para que solo se desreferencia cuando se ejecuta en un SoC compatible."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0940795c6834fbe7705acc5c3d4b2f7a5f67527a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/0a312ec66a03133d28570f07bc52749ccfef54da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/83a1cde5c74bfb44b49cb2a940d044bb2380f4ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/89931d4762572aaee6edbe5673d41f8082de110f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a12b356d45cbb6e8a1b718d1436b3d6239a862f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c06f476e5b74bcabb8c4a2fba55864a37e62843b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5628533a3ece64235d04fe11ec44d2be99e423d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c64e2ed5cc376e137e572babfd2edc38b2cfb61b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.33",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "69F5BE41-4847-4042-A7A9-B9871DCBCCCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.239",
"matchCriteriaId": "712D9B45-4B53-4563-94B5-F758AFBBFB0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.190",
"matchCriteriaId": "E0ADBA6D-47D8-4518-8D10-9B9196DE680B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.112",
"matchCriteriaId": "0460A5D2-3024-497A-B799-23E025B91972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.35",
"matchCriteriaId": "05ABCC3F-88A9-47F9-9D40-8665747B2E43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.17.4",
"matchCriteriaId": "E22C86CB-06CD-4D16-AB2A-F21EE8199262"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0940795c6834fbe7705acc5c3d4b2f7a5f67527a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0a312ec66a03133d28570f07bc52749ccfef54da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/83a1cde5c74bfb44b49cb2a940d044bb2380f4ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/89931d4762572aaee6edbe5673d41f8082de110f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a12b356d45cbb6e8a1b718d1436b3d6239a862f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c06f476e5b74bcabb8c4a2fba55864a37e62843b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c5628533a3ece64235d04fe11ec44d2be99e423d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c64e2ed5cc376e137e572babfd2edc38b2cfb61b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

107
CVE-2021/CVE-2021-476xx/CVE-2021-47632.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47632",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:04.943",
"lastModified": "2025-02-26T06:37:04.943",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:35:06.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/set_memory: Evitar recursi\u00f3n de spinlock en change_page_attr() La confirmaci\u00f3n 1f9ad21c3b38 (\"powerpc/mm: Implementar rutinas set_memory()\") incluy\u00f3 un spin_lock() en change_page_attr() para realizar de forma segura las operaciones de tres pasos. Pero luego, la confirmaci\u00f3n 9f7853d7609d (\"powerpc/mm: Arreglar set_memory_*() contra accesos concurrentes\") lo modific\u00f3 para usar pte_update() y realizar la operaci\u00f3n de forma segura contra accesos concurrentes. Mientras tanto, Maxime inform\u00f3 de cierta recursi\u00f3n de spinlock. [ 15.351649] ERROR: recursi\u00f3n de spinlock en CPU#0, kworker/0:2/217 [ 15.357540] bloqueo: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0 [ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 No contaminado 5.15.0+ #523 [ 15.373350] Cola de trabajo: events do_free_init [ 15.377615] Call Trace: [ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable) [ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4 [ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310 [ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0 [ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8 [ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94 [ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310 [ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134 [ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8 [ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c [ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8 [ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94 [ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8 [ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8 [ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210 [ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c Elimina la secuencia de lectura/modificaci\u00f3n/escritura para hacer que la operaci\u00f3n sea at\u00f3mica y elimina el spin_lock() en change_page_attr(). Para hacer la operaci\u00f3n de forma at\u00f3mica, ya no podemos usar ayudantes de modificaci\u00f3n de pte. Debido a que todas las plataformas tienen diferentes combinaciones de bits, no es f\u00e1cil usar esos bits directamente. Pero todas tienen el conjunto de indicadores _PAGE_KERNEL_{RO/ROX/RW/RWX}. Todo lo que necesitamos es comparar dos conjuntos para saber qu\u00e9 bits est\u00e1n configurados o borrados. Por ejemplo, al comparar _PAGE_KERNEL_ROX y _PAGE_KERNEL_RO sabes qu\u00e9 bit se borra y qu\u00e9 bit se configura al cambiar el permiso de ejecuci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"matchCriteriaId": "EE872F08-121D-4AE8-82B9-2B5DA905C944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.20",
"matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.3",
"matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

162
CVE-2021/CVE-2021-476xx/CVE-2021-47636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47636",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:05.377",
"lastModified": "2025-02-26T06:37:05.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:29:55.410",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: Se corrige la lectura fuera de los l\u00edmites en la funci\u00f3n ubifs_wbuf_write_nolock() ubifs_wbuf_write_nolock() puede acceder a buf fuera de los l\u00edmites en el siguiente proceso: ubifs_wbuf_write_nolock(): classified_len = ALIGN(len, 8); // Supongamos que len = 4089, classified_len = 4096 if (aligned_len <= wbuf->avail) ... // No satisface if (wbuf->used) { ubifs_leb_write() // Complete algunos datos en avail wbuf len -= wbuf->avail; // len a\u00fan no est\u00e1 alineado a 8 bytes classified_len -= wbuf->avail; } n = classified_len >> c->max_write_shift; if (n) { n <<= c->max_write_shift; err = ubifs_leb_write(c, wbuf->lnum, buf + escrito, wbuf->offs, n); // n > len, lectura fuera de los l\u00edmites menor a 8(n-len) bytes }, lo cual puede ser detectado por KASAN: =========================================================== ERROR: KASAN: slab fuera de los l\u00edmites en ecc_sw_hamming_calculate+0x1dc/0x7d0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888105594ff8 por la tarea kworker/u8:4/128 Cola de trabajo: escritura diferida wb_workfn (flush-ubifs_0_0) Rastreo de llamadas: kasan_report.cold+0x81/0x165 nand_write_page_swecc+0xa9/0x160 ubifs_leb_write+0xf2/0x1b0 [ubifs] ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs] write_head+0xdc/0x1c0 [ubifs] ubifs_jnl_write_inode+0x627/0x960 [ubifs] wb_workfn+0x8af/0xb80 La funci\u00f3n ubifs_wbuf_write_nolock() acepta que el par\u00e1metro 'len' no est\u00e9 alineado con 8 bytes, 'len' representa la longitud verdadera de buf (que est\u00e1 asignada en 'ubifs_jnl_xxx', p. ej. ubifs_jnl_write_inode), por lo que ubifs_wbuf_write_nolock() debe manejar la longitud le\u00edda de 'buf' con cuidado para escribir leb de forma segura. Obtenga un reproductor en [Enlace]."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.27",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "EF5DCB1F-AE17-4717-80C7-5786A2F74C0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

162
CVE-2021/CVE-2021-476xx/CVE-2021-47637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47637",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:05.477",
"lastModified": "2025-02-26T06:37:05.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:30:11.170",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\nubifs: Se corrige interbloqueo en concurrencia de un renombrado con whiteout simult\u00e1neo a la escritura del inodo.\n\nTareas colgadas:\n[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132\n[ 77.028820] Call Trace:\n[ 77.029027] schedule+0x8c/0x1b0\n[ 77.029067] mutex_lock+0x50/0x60\n[ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs]\n[ 77.029117] __writeback_single_inode+0x43c/0x570\n[ 77.029128] writeback_sb_inodes+0x259/0x740\n[ 77.029148] wb_writeback+0x107/0x4d0\n[ 77.029163] wb_workfn+0x162/0x7b0\n\n[ 92.390442] task:aa state:D stack: 0 pid: 1506\n[ 92.390448] Call Trace:\n[ 92.390458] schedule+0x8c/0x1b0\n[ 92.390461] wb_wait_for_completion+0x82/0xd0\n[ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110\n[ 92.390472] writeback_inodes_sb_nr+0x14/0x20\n[ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs]\n[ 92.390503] do_rename.cold+0x7f/0x187 [ubifs]\n[ 92.390549] ubifs_rename+0x8b/0x180 [ubifs]\n[ 92.390571] vfs_rename+0xdb2/0x1170\n[ 92.390580] do_renameat2+0x554/0x770\n\n, ocasionado por procesos simult\u00e1neos de renombrado con whiteout y escritura del inodo:\n\trename_whiteout(Thread 1)\t wb_workfn(Thread2)\nubifs_rename\n do_rename\n lock_4_inodes (Hold ui_mutex)\n ubifs_budget_space\n make_free_space\n shrink_liability\n\t __writeback_inodes_sb_nr\n\t bdi_split_work_to_wbs (Queue new wb work)\n\t\t\t\t\t wb_do_writeback(wb work)\n\t\t\t\t\t\t__writeback_single_inode\n\t\t\t\t\t ubifs_write_inode\n\t\t\t\t\t LOCK(ui_mutex)\n\t\t\t\t\t\t\t ?\n\t wb_wait_for_completion (Wait wb work) <-- \u00a1interbloqueo!\n\nCaso de prueba:\n 1. SYS_renameat2(\"/mp/dir/file\", \"/mp/dir/whiteout\", RENAME_WHITEOUT)\n 2. Consumir todo el espacio antes de que kernel(mdelay) planifique el whiteout\n\nArreglado calculando el espacio de whiteout antes de bloquear los inodos de ubifs.\n\nTambi\u00e9n soluciona etiqueta la etiqueta goto err\u00f3nea 'out_release' en el flujo de errores\nde la planificaci\u00f3n del whiteout (al menos deber\u00eda recuperar el directorio i_size y desbloquear 4 inodos de ubifs).\n"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "4F595F79-E987-432C-B888-4E73F3873ECD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

180
CVE-2021/CVE-2021-476xx/CVE-2021-47638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47638",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:05.580",
"lastModified": "2025-02-26T06:37:05.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:08:37.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: rename_whiteout: Se corrige la doble liberaci\u00f3n para whiteout_ui->data 'whiteout_ui->data' se liberar\u00e1 dos veces si el presupuesto de espacio falla para la operaci\u00f3n de cambio de nombre de whiteout como el siguiente proceso: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Libera la primera vez iput(whiteout) ubifs_free_inode kfree(ui->data) // \u00a1Doble liberaci\u00f3n! KASAN informa: ==================================================================== ERROR: KASAN: liberaci\u00f3n doble o liberaci\u00f3n no v\u00e1lida en ubifs_free_inode+0x4f/0x70 Seguimiento de llamadas: kfree+0x117/0x490 ubifs_free_inode+0x4f/0x70 [ubifs] i_callback+0x30/0x60 rcu_do_batch+0x366/0xac0 __do_softirq+0x133/0x57f Asignado por la tarea 1506: kmem_cache_alloc_trace+0x3c2/0x7a0 do_rename+0x9b7/0x1150 [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 Liberado por la tarea 1506: kfree+0x117/0x490 do_rename.cold+0x53/0x8a [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 La direcci\u00f3n con errores pertenece al objeto en ffff88810238bed8 que pertenece al cach\u00e9 kmalloc-8 de tama\u00f1o 8 ===================================================================== Deje que ubifs_free_inode() libere 'whiteout_ui->data'. Por cierto, elimine la asignaci\u00f3n no utilizada 'whiteout_ui->data_len = 0', el proceso 'ubifs_evict_inode() -> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' no lo necesita (porque 'inc_nlink(whiteout)' no ser\u00e1 ejecutado por 'goto out_release', y el nlink del inodo whiteout es 0)."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "EA8D1234-835A-47E7-8014-55948757E778"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

144
CVE-2021/CVE-2021-476xx/CVE-2021-47640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47640",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:05.780",
"lastModified": "2025-02-26T06:37:05.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:09:21.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/kasan: Se solucion\u00f3 que la regi\u00f3n temprana no se actualizara correctamente La tabla de p\u00e1ginas de shadow no se actualiza cuando PTE_RPN_SHIFT es 24 y PAGE_SHIFT es 12. No solo causa falsos positivos sino tambi\u00e9n falsos negativos como se muestra en el siguiente texto. Arr\u00e9glelo trayendo la l\u00f3gica de kasan_early_shadow_page_entry aqu\u00ed. 1. Falso positivo: ==================================================================== ERROR: KASAN: vmalloc fuera de los l\u00edmites en pcpu_alloc+0x508/0xa50 Escritura de tama\u00f1o 16 en la direcci\u00f3n f57f3be0 por la tarea swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 No contaminado 5.15.0-12267-gdebe436e77c7 #1 Seguimiento de llamadas: [c80d1c20] [c07fe7b8] dump_stack_lvl+0x4c/0x6c (no confiable) [c80d1c40] [c02ff668] print_address_description.constprop.0+0x88/0x300 [c80d1c70] [c02ff45c] kasan_report+0x1ec/0x200 [c80d1cb0] [c0300b20] kasan_check_range+0x160/0x2f0 [c80d1cc0] [c03018a4] memset+0x34/0x90 [c80d1ce0] [c0280108] pcpu_alloc+0x508/0xa50 [c80d1d40] [c02fd7bc] __kmem_cache_create+0xfc/0x570 [c80d1d70] [c0283d64] kmem_cache_create_usercopy+0x274/0x3e0 [c80d1db0] [c2036580] init_sd+0xc4/0x1d0 [c80d1de0] [c00044a0] do_one_initcall+0xc0/0x33c [c80d1eb0] [c2001624] kernel_init_freeable+0x2c8/0x384 [c80d1ef0] [c0004b14] kernel_init+0x24/0x170 [c80d1f10] [c001b26c] ret_from_kernel_thread+0x5c/0x64 Estado de la memoria alrededor de la direcci\u00f3n con errores: f57f3a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f57f3b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >f57f3b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ f57f3c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ===================================================================== 2. Falso negativo (con pruebas KASAN): ==================================================================== Antes de la correcci\u00f3n: ok 45 - kmalloc_double_kzfree # vmalloc_oob: EXPECTATIVA FALL\u00d3 en lib/test_kasan.c:1039 Se esperaba una falla de KASAN en \"((volatile char *)area)[3100]\", pero no ocurri\u00f3 ninguna no ok 46 - vmalloc_oob no ok 1 - kasan ======================================================================== Despu\u00e9s de la correcci\u00f3n: ok 1 - kasan"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/5a3d8f3192a409893c57808cc935e16484df1068",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/7f19245c3647afea8c7c41f795506ef70f64b9f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/dd75080aa8409ce10d50fb58981c6b59bf8707d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/de56beace6648065d404cd9835aa7d30e3df519d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3d157a4b4f4e0268c98be5b7013bf4b31234bb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f39a3309393a4a484532f6ba745c6acbcfe06115",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "80DDFBB5-E7D8-4F00-9608-47CCB8D46CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5a3d8f3192a409893c57808cc935e16484df1068",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7f19245c3647afea8c7c41f795506ef70f64b9f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dd75080aa8409ce10d50fb58981c6b59bf8707d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de56beace6648065d404cd9835aa7d30e3df519d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3d157a4b4f4e0268c98be5b7013bf4b31234bb6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f39a3309393a4a484532f6ba745c6acbcfe06115",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

197
CVE-2021/CVE-2021-476xx/CVE-2021-47641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47641",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:05.883",
"lastModified": "2025-02-26T06:37:05.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:09:26.503",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,172 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: cirrusfb: comprobar pixclock para evitar la divisi\u00f3n por cero Realice una comprobaci\u00f3n de la depuraci\u00f3n del valor de pixclock para evitar la divisi\u00f3n por cero. Si el valor de pixclock es cero, el controlador cirrusfb redondear\u00e1 el valor de pixclock para obtener la frecuencia derivada lo m\u00e1s cercana posible a maxclock. Syzkaller inform\u00f3 un error de divisi\u00f3n en cirrusfb_check_pixclock. Error de divisi\u00f3n: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test No contaminado 5.15.0-rc6 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.11.0-2 RIP: 0010:cirrusfb_check_var+0x6f1/0x1260 Seguimiento de llamadas: fb_set_var+0x398/0xf90 do_fb_ioctl+0x4b8/0x6f0 fb_ioctl+0xeb/0x130 __x64_sys_ioctl+0x19d/0x220 do_syscall_64+0x3a/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-369"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "C86EFD13-93D4-4385-83E8-C665BE8F570F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

125
CVE-2021/CVE-2021-476xx/CVE-2021-47644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47644",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:06.197",
"lastModified": "2025-02-26T06:37:06.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:09:34.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,116 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: staging: media: zoran: move videodev alloc Mueva parte del c\u00f3digo de zr36057_init() y cree nuevas funciones para manejar zr->video_dev. Esto permite facilitar la lectura del c\u00f3digo y reparar una p\u00e9rdida de memoria en zr->video_dev."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1e501ec38796f43e995731d1bcd4173cb1ccfce0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/82e3a496eb56da0b9f29fdc5b63cedb3289e91de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/c1ba65100a359fe28cfe37e09e10c99f247cbf1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff3357bffd9fb78f59762d8955afc7382a279079",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "B9CDD38D-425B-44B2-A60F-7E0DB2E4A472"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1e501ec38796f43e995731d1bcd4173cb1ccfce0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82e3a496eb56da0b9f29fdc5b63cedb3289e91de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c1ba65100a359fe28cfe37e09e10c99f247cbf1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ff3357bffd9fb78f59762d8955afc7382a279079",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

125
CVE-2021/CVE-2021-476xx/CVE-2021-47645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47645",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:06.293",
"lastModified": "2025-02-26T06:37:06.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:09:58.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,116 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: staging: media: zoran: calcula el n\u00famero de b\u00fafer correcto para zoran_reap_stat_com En el caso tmp_dcim=1, el \u00edndice del b\u00fafer se calcula mal. Esto genera una desreferencia de puntero NULL m\u00e1s adelante. Por lo tanto, arreglemos el c\u00e1lculo y agreguemos una verificaci\u00f3n para evitar que esto vuelva a aparecer."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/20811bbe685ca3eddd34b0c750860427d7030910",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/20db2ed1e2f9fcd417fa67853e5154f0c2537d6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/7e76f3ed7ab2ae026c6ef9cc23096a7554af8c52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3b86f4e558cea9eed71d894df2f19b10d60a207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "B9CDD38D-425B-44B2-A60F-7E0DB2E4A472"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/20811bbe685ca3eddd34b0c750860427d7030910",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/20db2ed1e2f9fcd417fa67853e5154f0c2537d6c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7e76f3ed7ab2ae026c6ef9cc23096a7554af8c52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3b86f4e558cea9eed71d894df2f19b10d60a207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2021/CVE-2021-476xx/CVE-2021-47648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47648",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:06.597",
"lastModified": "2025-02-26T06:37:06.597",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:10:10.993",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpu: host1x: Se corrige una p\u00e9rdida de memoria en 'host1x_remove()'. Se agrega una llamada 'host1x_channel_list_free()' faltante en la funci\u00f3n de eliminaci\u00f3n, como ya se hizo en la ruta de manejo de errores de la funci\u00f3n de sonda."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/025c6643a81564f066d8381b9e2f4603e0f8438f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/5124a344983e1b9670dae7add0e4d00d589aabcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/6bb107332db28a0e9256c2d36a0902b85307612c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/c06577a80485511b894cb688e881ef0bc2d1d296",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe1ce680560d4f0049ffa0c687de17567421c1ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.13",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "C0C1DAF0-5D08-4F6F-83CD-0DFD7D00948D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/025c6643a81564f066d8381b9e2f4603e0f8438f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5124a344983e1b9670dae7add0e4d00d589aabcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6bb107332db28a0e9256c2d36a0902b85307612c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c06577a80485511b894cb688e881ef0bc2d1d296",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe1ce680560d4f0049ffa0c687de17567421c1ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

144
CVE-2021/CVE-2021-476xx/CVE-2021-47651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47651",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:06.880",
"lastModified": "2025-02-26T06:37:06.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:10:27.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: qcom: rpmpd: Verificar el retorno nulo de devm_kcalloc Debido al posible fallo de la asignaci\u00f3n, data->domains podr\u00eda ser un puntero NULL y provocar\u00e1 la desreferencia del puntero NULL m\u00e1s adelante. Por lo tanto, podr\u00eda ser mejor verificarlo y devolver directamente -ENOMEM sin liberar los datos manualmente si falla, porque el comentario de devm_kmalloc() dice \"La memoria asignada con esta funci\u00f3n se libera autom\u00e1ticamente al desconectar el controlador\"."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/31b5124d742969ea8bf7a1360596f548ca23e770",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/5a811126d38f9767a20cc271b34db7c8efc5a46c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/724376c30af5a57686b223dbcd6188e07d2a1de2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/755dbc3d73789ac9f0017c729abf5e4b153bf799",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84b89fa877ad576e9ee8130f412cfd592f274508",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b5d6eba71997b6d661935d2b15094ac7f9f6132d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "20548D34-DDDF-49E1-9708-FE7FA4FB8C21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/31b5124d742969ea8bf7a1360596f548ca23e770",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a811126d38f9767a20cc271b34db7c8efc5a46c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/724376c30af5a57686b223dbcd6188e07d2a1de2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/755dbc3d73789ac9f0017c729abf5e4b153bf799",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/84b89fa877ad576e9ee8130f412cfd592f274508",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5d6eba71997b6d661935d2b15094ac7f9f6132d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

198
CVE-2021/CVE-2021-476xx/CVE-2021-47652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47652",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T06:37:06.973",
"lastModified": "2025-02-26T06:37:06.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:10:43.653",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: video: fbdev: smscufx: Corregir null-ptr-deref en ufx_usb_probe() Recib\u00ed un informe de null-ptr-deref: ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Seguimiento de llamadas: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 Si fb_alloc_cmap() falla en ufx_usb_probe(), fb_destroy_modelist() Se llamar\u00e1 a modelist para destruirlo en la ruta de manejo de errores. Pero modelist a\u00fan no se ha inicializado, por lo que dar\u00e1 como resultado null-ptr-deref. Inicialice modelist antes de llamar a fb_alloc_cmap() para corregir este error."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0fd28daec73525382e5c992db8743bf76e42cd5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/1791f487f877a9e83d81c8677bd3e7b259e7cb27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/64ec3e678d76419f207b9cdd338dda438ca10b1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/9280ef235b05e8f19f8bc6d547b992f0a0ef398d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c420b540db4b5d69de0a36d8b9d9a6a79a04f05a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1b6a1f0c23b7164250479bf92e2893291dca539",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d396c651e2b508b6179bb678cc029f3becbf5170",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da8b269cc0a2526ebeaccbe2484c999eb0f822cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "91A60DD7-6C23-4025-B18F-3CE419A63086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0fd28daec73525382e5c992db8743bf76e42cd5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1791f487f877a9e83d81c8677bd3e7b259e7cb27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64ec3e678d76419f207b9cdd338dda438ca10b1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9280ef235b05e8f19f8bc6d547b992f0a0ef398d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c420b540db4b5d69de0a36d8b9d9a6a79a04f05a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1b6a1f0c23b7164250479bf92e2893291dca539",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d396c651e2b508b6179bb678cc029f3becbf5170",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/da8b269cc0a2526ebeaccbe2484c999eb0f822cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

12
CVE-2022/CVE-2022-387xx/CVE-2022-38714.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38714",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-12T18:15:08.057",
"lastModified": "2024-11-21T07:16:58.977",
"lastModified": "2025-03-18T20:15:16.603",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-522"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-388xx/CVE-2022-38867.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38867",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T22:15:11.650",
"lastModified": "2024-11-21T07:17:12.370",
"lastModified": "2025-03-18T19:15:40.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

72
CVE-2022/CVE-2022-46xx/CVE-2022-4645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-4645",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-03-03T16:15:09.777",
"lastModified": "2024-11-21T07:35:39.713",
"vulnStatus": "Modified",
"lastModified": "2025-03-18T20:27:08.320",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -68,6 +68,31 @@
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
@ -77,8 +102,9 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.1",
"versionEndIncluding": "4.4.0",
"matchCriteriaId": "6E0B7DC1-7265-4D0F-9400-1559C3378D18"
"matchCriteriaId": "E05D8B0C-6AE1-497D-96BF-374E0D63321A"
}
]
}
@ -111,19 +137,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0001/",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json",
@ -150,19 +188,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0001/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
],
"evaluatorComment": "n"

32
CVE-2022/CVE-2022-483xx/CVE-2022-48327.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48327",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-16T21:15:14.183",
"lastModified": "2024-11-21T07:33:10.457",
"lastModified": "2025-03-18T19:15:40.513",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

184
CVE-2022/CVE-2022-490xx/CVE-2022-49055.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:42.760",
"lastModified": "2025-02-26T07:00:42.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:02:42.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,163 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: comprobar si kmalloc_array() puede devolver un valor nulo. Como kmalloc_array() puede devolver un valor nulo, 'event_waiters[i].wait' provocar\u00eda una desreferencia de puntero nulo. Por lo tanto, es mejor comprobar el valor de retorno de kmalloc_array() para evitar esta confusi\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0a692c625e373fef692ffbc7fc41f8a025f01cb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/1d7a5aae884ca727d41c7ed15d4c82fdb67c040c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/40bf32dbfef866c83a3e74800b81d79e52b6d20b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94869bb0de69a812f70231b0eb480bb2f7ae73a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7a268b33882d5feaafd29c1734456f41ba41396",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ebbb7bb9e80305820dc2328a371c1b35679f2667",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2658d5966bcee8c3eb487875f459756d4f7cdfc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "C86EFD13-93D4-4385-83E8-C665BE8F570F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.239",
"matchCriteriaId": "712D9B45-4B53-4563-94B5-F758AFBBFB0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.190",
"matchCriteriaId": "E0ADBA6D-47D8-4518-8D10-9B9196DE680B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.112",
"matchCriteriaId": "0460A5D2-3024-497A-B799-23E025B91972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.35",
"matchCriteriaId": "05ABCC3F-88A9-47F9-9D40-8665747B2E43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.17.4",
"matchCriteriaId": "E22C86CB-06CD-4D16-AB2A-F21EE8199262"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0a692c625e373fef692ffbc7fc41f8a025f01cb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1d7a5aae884ca727d41c7ed15d4c82fdb67c040c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/40bf32dbfef866c83a3e74800b81d79e52b6d20b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/94869bb0de69a812f70231b0eb480bb2f7ae73a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7a268b33882d5feaafd29c1734456f41ba41396",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ebbb7bb9e80305820dc2328a371c1b35679f2667",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f2658d5966bcee8c3eb487875f459756d4f7cdfc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

190
CVE-2022/CVE-2022-490xx/CVE-2022-49058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:43.047",
"lastModified": "2025-02-26T07:00:43.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:08:08.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,169 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: desbordamiento de b\u00fafer potencial al manejar enlaces simb\u00f3licos Smatch imprimi\u00f3 una advertencia: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' demasiado peque\u00f1o (16 vs u32max) Esto se debe a que Smatch marca 'link_len' como no confiable ya que proviene de sscanf(). Agregue una verificaci\u00f3n para asegurarse de que 'link_len' no sea m\u00e1s grande que el tama\u00f1o del b\u00fafer 'link_str'."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.37",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "4ECFAA1B-4193-4D30-B7CA-C57E2AFD1132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.239",
"matchCriteriaId": "712D9B45-4B53-4563-94B5-F758AFBBFB0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.190",
"matchCriteriaId": "E0ADBA6D-47D8-4518-8D10-9B9196DE680B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.112",
"matchCriteriaId": "0460A5D2-3024-497A-B799-23E025B91972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.35",
"matchCriteriaId": "05ABCC3F-88A9-47F9-9D40-8665747B2E43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.17.4",
"matchCriteriaId": "E22C86CB-06CD-4D16-AB2A-F21EE8199262"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

108
CVE-2022/CVE-2022-491xx/CVE-2022-49190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49190",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:56.090",
"lastModified": "2025-02-26T07:00:56.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:12:35.920",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kernel/resource: fix kfree() of bootmem memory again Desde el commit ebff7d8f270d (\"mem hotunplug: fix kfree() of bootmem memory\"), podr\u00edamos obtener un recurso asignado durante el arranque a trav\u00e9s de alloc_resource(). Y es necesario liberar el recurso utilizando free_resource(). Sin embargo, muchas personas utilizan kfree directamente, lo que dar\u00e1 como resultado un ERROR del kernel. Para solucionar esto sin reparar cada sitio de llamada, simplemente filtre un par de bytes en ese caso especial."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "F1BE9A95-C2D3-4ED4-B570-6DACA61136E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0cbcc92917c5de80f15c24d033566539ad696892",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a9e88c2618d228d7a4e7e515cf30dc0d0d813f27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ab86020070999e758ce2e60c4348f20bf7ddba56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d7faa04a44a0c37ac3d222fa8e0bdcbfcee9c0c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

116
CVE-2022/CVE-2022-492xx/CVE-2022-49201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49201",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:57.160",
"lastModified": "2025-02-26T07:00:57.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T20:12:27.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,107 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ibmvnic: se corrige la ejecuci\u00f3n entre xmit y reset Existe una ejecuci\u00f3n entre reset y las rutas de transmisi\u00f3n que puede provocar que ibmvnic_xmit() acceda a un scrq despu\u00e9s de que se haya liberado en la ruta de reset. Puede provocar un bloqueo como: El kernel intent\u00f3 leer la p\u00e1gina del usuario (0): \u00bfintento de explotaci\u00f3n? (uid: 0) ERROR: Desreferencia de puntero NULL del kernel en lectura en 0x00000000 Direcci\u00f3n de instrucci\u00f3n con error: 0xc0080000016189f8 Oops: Acceso del kernel al \u00e1rea defectuosa, sig: 11 [#1] ... NIP [c0080000016189f8] ibmvnic_xmit+0x60/0xb60 [ibmvnic] LR [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280 Rastreo de llamadas: [c008000001618f08] ibmvnic_xmit+0x570/0xb60 [ibmvnic] (no confiable) [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280 [c000000000c9cfcc] sch_direct_xmit+0xec/0x330 [c000000000bfe640] __dev_xmit_skb+0x3a0/0x9d0 [c000000000c00ad4] __dev_queue_xmit+0x394/0x730 [c008000002db813c] __bond_start_xmit+0x254/0x450 [enlace] [c008000002db8378] bond_start_xmit+0x40/0xc0 [enlace] [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280 [c000000000c00ca4] __dev_queue_xmit+0x564/0x730 [c000000000cf97e0] neigh_hh_output+0xd0/0x180 [c000000000cfa69c] ip_finish_output2+0x31c/0x5c0 [c000000000cfd244] __ip_queue_xmit+0x194/0x4f0 [c000000000d2a3c4] __tcp_transmit_skb+0x434/0x9b0 [c000000000d2d1e0] __tcp_retransmit_skb+0x1d0/0x6a0 [c000000000d2d984] tcp_retransmit_skb+0x34/0x130 [c000000000d310e8] tcp_retransmit_timer+0x388/0x6d0 [c000000000d315ec] tcp_write_timer_handler+0x1bc/0x330 [c000000000d317bc] tcp_write_timer+0x5c/0x200 [c000000000243270] call_timer_fn+0x50/0x1c0 [c000000000243704] __run_timers.part.0+0x324/0x460 [c000000000243894] run_timer_softirq+0x54/0xa0 [c000000000ea713c] __do_softirq+0x15c/0x3e0 [c000000000166258] __irq_exit_rcu+0x158/0x190 [c000000000166420] irq_exit+0x20/0x40 [c00000000002853c] timer_interrupt+0x14c/0x2b0 [c000000000009a00] decrementer_common_virt+0x210/0x220 --- interrupci\u00f3n: 900 La causa inmediata del bloqueo es el acceso a tx_scrq en el siguiente fragmento durante un reinicio, donde tx_scrq puede ser NULL o una direcci\u00f3n que pronto ser\u00e1 inv\u00e1lida: ibmvnic_xmit() { ... tx_scrq = adaptador->tx_scrq[queue_num]; txq = netdev_get_tx_queue(netdev, queue_num); ind_bufp = &tx_scrq->ind_buf; if (test_bit(0, &adapter->resetting)) { ... } Pero m\u00e1s all\u00e1 de eso, la llamada a ibmvnic_xmit() en s\u00ed no es segura durante un reinicio y la ruta de reinicio intenta evitar esto deteniendo la cola en ibmvnic_cleanup(). Sin embargo, justo despu\u00e9s de que se detuviera la cola, una ibmvnic_complete_tx() en curso podr\u00eda haber reiniciado la cola incluso mientras el reinicio estaba en progreso. Dado que la cola se reinici\u00f3, podr\u00edamos recibir una llamada a ibmvnic_xmit() que luego puede acceder al tx_scrq incorrecto (u otros campos). Sin embargo, no podemos simplemente hacer que ibmvnic_complete_tx() verifique el bit ->resetting y omita el inicio de la cola. Esto puede funcionar en el \"back-end\" de un reinicio correcto que simplemente reinici\u00f3 la cola pero a\u00fan no borr\u00f3 el bit ->resetting. Si omitimos el reinicio de la cola debido a que ->resetting es verdadero, la cola permanecer\u00eda detenida indefinidamente, lo que podr\u00eda provocar tiempos de espera de transmisi\u00f3n. IOW ->resetting es demasiado amplio para este prop\u00f3sito. En su lugar, use un nuevo indicador que indique si las colas est\u00e1n activas o no. Solo las rutas de apertura/reinicio controlan cu\u00e1ndo est\u00e1n activas las colas. ibmvnic_complete_tx() y otros activan la cola solo si la cola est\u00e1 marcada como activa. Por lo tanto, tendremos: A. restablecer/abrir subproceso en ibmvnic_cleanup() y __ibmvnic_open() ->resetting = true ->tx_queues_active = false deshabilitar colas de transmisi\u00f3n ... ->tx_queues_active = true iniciar colas de transmisi\u00f3n B. Interrupci\u00f3n de transmisi\u00f3n en ibmvnic_complete_tx(): if (->tx_queues_active) netif_wake_subqueue(); Para garantizar que ->tx_queues_active y el estado de las colas sean cons ---truncado---"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1bd58abf595b6cf1ba6dd47ec887c4c009155fc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"url": "https://git.kernel.org/stable/c/4219196d1f662cb10a462eb9e076633a3fc31a15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/475f9cce98b63bc145b4efa66fa51175d4cb345f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8507c6ade73cdbbbda5c3d31d67f52f2e1cf03fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "6B796901-86B9-450D-BE47-916285FBDF61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1bd58abf595b6cf1ba6dd47ec887c4c009155fc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4219196d1f662cb10a462eb9e076633a3fc31a15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/475f9cce98b63bc145b4efa66fa51175d4cb345f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8507c6ade73cdbbbda5c3d31d67f52f2e1cf03fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49203",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:57.357",
"lastModified": "2025-02-26T07:00:57.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T20:12:03.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Arreglar doble liberaci\u00f3n durante el reinicio de la GPU en flujos de DC [Por qu\u00e9] El problema solo ocurre durante la ruta del c\u00f3digo de reinicio de la GPU. Primero hacemos una copia de seguridad del estado actual antes de confirmar 0 flujos internamente desde DM a DC. Esta copia de seguridad del estado contiene asignaciones de codificador de enlace v\u00e1lidas. DC borrar\u00e1 las asignaciones de codificador de enlace como parte del estado actual (pero no la copia de seguridad, ya que se copi\u00f3 antes de el commit) y liberar\u00e1 la referencia de flujo adicional que ten\u00eda. DC requiere que las asignaciones de codificador de enlace permanezcan borradas/inv\u00e1lidas antes de el commit. Dado que la copia de seguridad a\u00fan tiene asignaciones v\u00e1lidas, llamamos a la interfaz post reset para borrarlas. Esta rutina tambi\u00e9n libera la referencia adicional que ten\u00eda la interfaz de codificador de enlace, lo que da como resultado una doble liberaci\u00f3n (y eventualmente una desreferencia de puntero NULL). [C\u00f3mo] Tendremos que hacer una confirmaci\u00f3n de DC completa de todos modos despu\u00e9s de reiniciar la GPU porque el conteo de transmisiones anteriormente lleg\u00f3 a 0. No necesitamos conservar la asignaci\u00f3n que hab\u00edamos respaldado, as\u00ed que simplemente copiamos la asignaci\u00f3n del estado actual ahora limpio despu\u00e9s de que se haya producido el reinicio con la nueva interfaz link_enc_cfg_copy()."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/32685b32d825ca08c5dec826477332df886c4743",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/32685b32d825ca08c5dec826477332df886c4743",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

144
CVE-2022/CVE-2022-492xx/CVE-2022-49206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49206",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:57.723",
"lastModified": "2025-02-26T07:00:57.723",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:11:49.133",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/mlx5: Se corrige la p\u00e9rdida de memoria en el flujo de error para la rutina de evento de suscripci\u00f3n. En caso de que falle el segundo xa_insert(), no se libera el obj_event. Corrija el flujo de desenrollado de error para liberar esa memoria y evitar una p\u00e9rdida de memoria."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0174a89663a5ef83617da15bf24c0af2f62b6c7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/087f9c3f2309ed183f7e4b85ae57121d8663224d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/414b4e8738484379f18d6c4e780787c80dbf8a2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/8dd392e352d3269938fea32061a74655a613f929",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c98d903ff9e79c210beddea4e6bc15ac38e25aa5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d66498507801fd9a20307a15a0814a0a016c3cde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "464BC777-8489-4690-B4AE-BD7E95E9A4C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0174a89663a5ef83617da15bf24c0af2f62b6c7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/087f9c3f2309ed183f7e4b85ae57121d8663224d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/414b4e8738484379f18d6c4e780787c80dbf8a2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8dd392e352d3269938fea32061a74655a613f929",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c98d903ff9e79c210beddea4e6bc15ac38e25aa5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d66498507801fd9a20307a15a0814a0a016c3cde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

108
CVE-2022/CVE-2022-492xx/CVE-2022-49207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49207",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:57.817",
"lastModified": "2025-02-26T07:00:57.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:11:31.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Corregir p\u00e9rdida de memoria en sk_psock_queue_msg Si tcp_bpf_sendmsg se est\u00e1 ejecutando durante una operaci\u00f3n de desmontaje, podemos poner en cola datos en la cola de mensajes de entrada mientras el desmontaje intenta liberarlos. sk1 (redireccionar sk2) sk2 ------------------- --------------- tcp_bpf_sendmsg() tcp_bpf_send_verdict() tcp_bpf_sendmsg_redir() bpf_tcp_ingress() sock_map_close() lock_sock() lock_sock() ... bloqueando sk_psock_stop sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED); release_sock(sk); lock_sock() sk_mem_charge() get_page() sk_psock_queue_msg() sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED); drop_sk_msg() release_sock() Mientras se usa drop_sk_msg(), el mensaje ha cargado la memoria del formulario sk mediante sk_mem_charge y tiene p\u00e1ginas sg que se deben colocar. Para solucionarlo, usamos sk_msg_free() y luego kfee() msg. Este problema puede causar la siguiente informaci\u00f3n: ADVERTENCIA: CPU: 0 PID: 9202 en net/core/stream.c:205 sk_stream_kill_queues+0xc8/0xe0 Rastreo de llamadas: inet_csk_destroy_sock+0x55/0x110 tcp_rcv_state_process+0xe5f/0xe90 ? sk_filter_trim_cap+0x10d/0x230 ? tcp_v4_do_rcv+0x161/0x250 tcp_v4_do_rcv+0x161/0x250 tcp_v4_rcv+0xc3a/0xce0 ip_protocol_deliver_rcu+0x3d/0x230 ip_local_deliver_finish+0x54/0x60 ip_local_deliver+0xfd/0x110 ? ip_protocol_deliver_rcu+0x230/0x230 ip_rcv+0xd6/0x100 ? ip_local_deliver+0x110/0x110 __netif_receive_skb_one_core+0x85/0xa0 process_backlog+0xa4/0x160 __napi_poll+0x29/0x1b0 net_rx_action+0x287/0x300 __do_softirq+0xff/0x2fc do_softirq+0x79/0x90 WARNING: CPU: 0 PID: 531 at net/ipv4/af_inet.c:154 inet_sock_destruct+0x175/0x1b0 Call Trace: __sk_destruct+0x24/0x1f0 sk_psock_destroy+0x19b/0x1c0 process_one_work+0x1b3/0x3c0 ? process_one_work+0x3c0/0x3c0 worker_thread+0x30/0x350 ? process_one_work+0x3c0/0x3c0 kthread+0xe6/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 "
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/03948ed6553960db62f1c33bec29e64d7c191a3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/4dd2e947d3be13a4de3b3028859b9a6497266bcf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/938d3480b92fa5e454b7734294f12a7b75126f09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/ef9785f429794567792561a584901faa9291d3ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "FB1C7FD1-C89E-4955-B265-456A9F757302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/03948ed6553960db62f1c33bec29e64d7c191a3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4dd2e947d3be13a4de3b3028859b9a6497266bcf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/938d3480b92fa5e454b7734294f12a7b75126f09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef9785f429794567792561a584901faa9291d3ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

108
CVE-2022/CVE-2022-492xx/CVE-2022-49208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49208",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:57.910",
"lastModified": "2025-02-26T07:00:57.910",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:11:17.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/irdma: Evitar algunos desbordamientos de enteros Mi verificador est\u00e1tico se queja de que: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? Parece que \"info->dev->hmc_fpm_misc.max_ceqs\" proviene del firmware en irdma_sc_parse_fpm_query_buf() as\u00ed que, s\u00ed, existe la posibilidad de que sea cero. Incluso si confiamos en el firmware, es bastante f\u00e1cil cambiar la condici\u00f3n como una medida de endurecimiento."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/6f6dbb819dfc1a35bcb8b709b5c83a3ea8beff75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/7340c3675d7ac946f4019b84cd7c64ed542dfe4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/d52dab6e03550f9c97121b0c11c0a3ed78ee76a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/f21056f15bbeacab7b4b87af232f5599d1f2bff1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-191"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "FB1C7FD1-C89E-4955-B265-456A9F757302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6f6dbb819dfc1a35bcb8b709b5c83a3ea8beff75",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7340c3675d7ac946f4019b84cd7c64ed542dfe4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d52dab6e03550f9c97121b0c11c0a3ed78ee76a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f21056f15bbeacab7b4b87af232f5599d1f2bff1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

144
CVE-2022/CVE-2022-492xx/CVE-2022-49209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49209",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.007",
"lastModified": "2025-02-26T07:00:58.007",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:10:46.370",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Se corrige la p\u00e9rdida de memoria en tcp_bpf_sendmsg mientras sk msg est\u00e1 lleno Si tcp_bpf_sendmsg() se est\u00e1 ejecutando mientras sk msg est\u00e1 lleno. Cuando sk_msg_alloc() devuelve el error -ENOMEM, tcp_bpf_sendmsg() va a wait_for_memory. Si sk_msg_alloc() ha asignado memoria parcial, es decir, msg_tx->sg.size es mayor que osize despu\u00e9s de sk_msg_alloc(), se produce una p\u00e9rdida de memoria. Para solucionarlo, utilizamos sk_msg_trim() para liberar la memoria asignada y luego vamos a esperar memoria. Otras rutas de llamada de sk_msg_alloc() tienen un problema similar, como tls_sw_sendmsg(), as\u00ed que maneje la l\u00f3gica de sk_msg_trim dentro de sk_msg_alloc(), como sugiri\u00f3 Cong Wang. Este problema puede generar la siguiente informaci\u00f3n: ADVERTENCIA: CPU: 3 PID: 7950 en net/core/stream.c:208 sk_stream_kill_queues+0xd4/0x1a0 Seguimiento de llamadas: inet_csk_destroy_sock+0x55/0x110 __tcp_close+0x279/0x470 tcp_close+0x1f/0x60 inet_release+0x3f/0x80 __sock_release+0x3d/0xb0 sock_close+0x11/0x20 __fput+0x92/0x250 task_work_run+0x6a/0xa0 do_exit+0x33b/0xb60 do_group_exit+0x2f/0xa0 get_signal+0xb6/0x950 arch_do_signal_or_restart+0xac/0x2a0 exit_to_user_mode_prepare+0xa9/0x200 syscall_exit_to_user_mode+0x12/0x30 do_syscall_64+0x46/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae ADVERTENCIA: CPU: 3 PID: 2094 en net/ipv4/af_inet.c:155 inet_sock_destruct+0x13c/0x260 Rastreo de llamadas: __sk_destruct+0x24/0x1f0 sk_psock_destroy+0x19b/0x1c0 process_one_work+0x1b3/0x3c0 kthread+0xe6/0x110 ret_from_fork+0x22/0x30 "
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/6d03722c34d9603df325f67c6d30dc1b7b3c6067",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/9c34e38c4a870eb30b13f42f5b44f42e9d19ccb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/bec34a91eba3483e1830c02bdd36f8f968642047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/d0b85dfc6f01d26808e2576c6537c131b590e270",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de3a8d8fab0710186f7864ec812836d8d70da3c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f677328f05f52d535cbdc15cb04476db49477eb4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6d03722c34d9603df325f67c6d30dc1b7b3c6067",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9c34e38c4a870eb30b13f42f5b44f42e9d19ccb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bec34a91eba3483e1830c02bdd36f8f968642047",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d0b85dfc6f01d26808e2576c6537c131b590e270",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de3a8d8fab0710186f7864ec812836d8d70da3c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f677328f05f52d535cbdc15cb04476db49477eb4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2022/CVE-2022-492xx/CVE-2022-49210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49210",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.107",
"lastModified": "2025-02-26T07:00:58.107",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:10:37.433",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: MIPS: pgalloc: reparar p\u00e9rdida de memoria causada por pgd_free() La p\u00e1gina pgd es liberada por la implementaci\u00f3n gen\u00e9rica pgd_free() desde el commit f9cb654cb550 (\"asm-generic: pgalloc: proporcionar pgd_free() gen\u00e9rico\"), sin embargo, hay escenarios en los que el sistema usa m\u00e1s de una p\u00e1gina como la tabla pgd, en tales casos la implementaci\u00f3n gen\u00e9rica pgd_free() ya no ser\u00e1 aplicable. Por ejemplo, cuando PAGE_SIZE_4KB est\u00e1 habilitado y MIPS_VA_BITS_48 no est\u00e1 habilitado en un sistema de 64 bits, la macro \"PGD_ORDER\" se establecer\u00e1 como \"1\", lo que provocar\u00e1 la asignaci\u00f3n de dos p\u00e1ginas como la tabla pgd. Bueno, al mismo tiempo, la implementaci\u00f3n gen\u00e9rica pgd_free() solo libera una p\u00e1gina pgd, lo que provocar\u00e1 la p\u00e9rdida de memoria. La p\u00e9rdida de memoria se puede detectar f\u00e1cilmente ejecutando el comando de shell: \"while true; do ls > /dev/null; grep MemFree /proc/meminfo; done\""
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "2F97CB26-001B-4811-8A9D-40FE3DB060DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2022/CVE-2022-492xx/CVE-2022-49211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49211",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.200",
"lastModified": "2025-02-26T07:00:58.200",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T20:10:12.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mips: cdmm: Se corrige la p\u00e9rdida de recuento de referencias en mips_cdmm_phys_base La funci\u00f3n of_find_compatible_node() devuelve un puntero de nodo con el recuento de referencias incrementado. Deber\u00edamos usar of_node_put() en \u00e9l cuando termine. Agregue el of_node_put() faltante para liberar el recuento de referencias."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/4528668ca331f7ce5999b7746657b46db5b3b785",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/4680c2ac9aabda82acd23ebbd1f900fb6a889cd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/69155dc2e04777aa94207a73a8b10f12b8428a68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/721ab4be20d4448dd04c2cc8ed99cd4f3e45f765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef1728e3cb9e43f38ed10cde705a7ba2b4ad2d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "2F97CB26-001B-4811-8A9D-40FE3DB060DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4528668ca331f7ce5999b7746657b46db5b3b785",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4680c2ac9aabda82acd23ebbd1f900fb6a889cd3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69155dc2e04777aa94207a73a8b10f12b8428a68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/721ab4be20d4448dd04c2cc8ed99cd4f3e45f765",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ef1728e3cb9e43f38ed10cde705a7ba2b4ad2d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

180
CVE-2022/CVE-2022-492xx/CVE-2022-49212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49212",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.293",
"lastModified": "2025-02-26T07:00:58.293",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T19:31:39.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: rawnand: atmel: soluciona el problema de recuento de referencias en atmel_nand_controller_init El problema de recuento de referencias ocurre en varias rutas de manejo de errores en un objeto con recuento de referencias \"nc->dmac\". En estas rutas, la funci\u00f3n simplemente devuelve el c\u00f3digo de error, olvidando equilibrar el recuento de referencias de \"nc->dmac\", aumentado anteriormente por dma_request_channel(), lo que puede causar fugas de recuento de referencias. Arr\u00e9glelo disminuyendo el recuento de referencias de un objeto espec\u00edfico en esas rutas de error."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0856bf27057561f42b37df111603cf5a0d040294",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/8baea2b96fa90af8d0f937caf4cf2105ee094d93",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/9843c9c98f26c6ad843260b19bfdaa2598f2ae1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/9b08d211db4c447eb1a07df65e45e0aa772e0fa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a3587259ae553e41d1ce8c7435351a5d6b299a11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f1694169f3674cdf7553aed06864254635679878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe0e2ce5c87e9c0b9485ff566362030aa55972cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fecbd4a317c95d73c849648c406bcf1b6a0ec1cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.12",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "76EDAF8B-A61C-4220-A866-7A0A933212D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0856bf27057561f42b37df111603cf5a0d040294",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8baea2b96fa90af8d0f937caf4cf2105ee094d93",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9843c9c98f26c6ad843260b19bfdaa2598f2ae1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b08d211db4c447eb1a07df65e45e0aa772e0fa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a3587259ae553e41d1ce8c7435351a5d6b299a11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f1694169f3674cdf7553aed06864254635679878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe0e2ce5c87e9c0b9485ff566362030aa55972cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fecbd4a317c95d73c849648c406bcf1b6a0ec1cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2022/CVE-2022-492xx/CVE-2022-49213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49213",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.397",
"lastModified": "2025-02-26T07:00:58.397",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-18T19:32:04.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath10k: Se ha corregido la gesti\u00f3n de errores en ath10k_setup_msa_resources El puntero device_node es devuelto por of_parse_phandle() con refcount incrementado. Deber\u00edamos usar of_node_put() en \u00e9l cuando haya terminado. Esta funci\u00f3n solo llama a of_node_put() en la ruta normal. Y provocar\u00e1 una fuga de refcount en la ruta de error."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/315772133a4b960859e4f5efe0e738e347188cdc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/32939187f254171a5666badc058bc3787fe454af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/4ed37d611ea5d222c3ecb3549e4c2d34b8f3c335",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/74b1d41e1b6410eed5c76d00eedb262036e9eff5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9747a78d5f758a5284751a10aee13c30d02bd5f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "552AD555-63DB-4D57-BBAA-86EA26658508"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/315772133a4b960859e4f5efe0e738e347188cdc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32939187f254171a5666badc058bc3787fe454af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4ed37d611ea5d222c3ecb3549e4c2d34b8f3c335",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74b1d41e1b6410eed5c76d00eedb262036e9eff5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9747a78d5f758a5284751a10aee13c30d02bd5f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

116
CVE-2022/CVE-2022-492xx/CVE-2022-49215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49215",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.590",
"lastModified": "2025-02-26T07:00:58.590",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:32:25.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,107 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: Corregir ejecuci\u00f3n en el desmontaje del socket Corrige una ejecuci\u00f3n en el c\u00f3digo de desmontaje del socket xsk que puede provocar un splat de desreferencia de puntero NULL. El c\u00f3digo de desvinculaci\u00f3n xsk actual en xsk_unbind_dev() comienza estableciendo xs->state en XSK_UNBOUND, establece xs->dev en NULL y luego espera a que finalice cualquier procesamiento NAPI utilizandosynchronous_net(). Despu\u00e9s de eso, el c\u00f3digo de lanzamiento comienza a desmantelar el estado del socket y a liberar la memoria asignada. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 00000000000000c0 PGD 8000000932469067 P4D 8000000932469067 PUD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 25 PID: 69132 Comm: grpcpp_sync_ser Contaminado: GI 5.16.0+ #2 Nombre del hardware: Dell Inc. PowerEdge R730/0599V5, BIOS 1.2.10 09/03/2015 RIP: 0010:__xsk_sendmsg+0x2c/0x690 [...] RSP: 0018:ffffa2348bd13d50 EFLAGS: 00010246 RAX: 00000000000000000 RBX: 00000000000000040 RCX: ffff8d5fc632d258 RDX: 0000000000400000 RSI: ffffa2348bd13e10 RDI: ffff8d5fc5489800 RBP: ffffa2348bd13db0 R08: 000000000000000 R09: 00007ffffffff000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d5fc5489800 R13: ffff8d5fcb0f5140 R14: ffff8d5fcb0f5140 R15: 0000000000000000 FS: 00007f991cff9400(0000) GS:ffff8d6f1f700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000c0 CR3: 0000000114888005 CR4: 00000000001706e0 Seguimiento de llamadas: ? aa_sk_perm+0x43/0x1b0 xsk_sendmsg+0xf0/0x110 sock_sendmsg+0x65/0x70 __sys_sendto+0x113/0x190 ? debug_smp_processor_id+0x17/0x20 ? fpregs_assert_state_consistent+0x23/0x50 ? exit_to_user_mode_prepare+0xa5/0x1d0 __x64_sys_sendto+0x29/0x30 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Hay dos problemas con el c\u00f3digo actual. Primero, establecer xs->dev en NULL antes de esperar a que todos los usuarios dejen de usar el socket no es correcto. La entrada a las funciones del plano de datos xsk_poll(), xsk_sendmsg() y xsk_recvmsg() est\u00e1n todas protegidas por una prueba de que xs->state est\u00e1 en el estado XSK_BOUND y, si no, regresa de inmediato. Pero un proceso podr\u00eda haber pasado esta prueba pero a\u00fan no haber llegado al punto en el que usa xs->dev en el c\u00f3digo. Mientras tanto, un segundo proceso que ejecuta xsk_unbind_dev() podr\u00eda haber establecido xs->dev en NULL, lo que provocar\u00e1 un bloqueo para el primer proceso. La soluci\u00f3n aqu\u00ed es simplemente deshacerse de esta asignaci\u00f3n NULL ya que ya no se usa. Antes de el commit 42fddcc7c64b (\"xsk: usar miembro de estado para sincronizaci\u00f3n de socket\"), xs->dev era el guardi\u00e1n para admitir procesos en las funciones del plano de datos, pero fue reemplazado por la variable de estado xs->state en el commit mencionada anteriormente. El segundo problema es quesynchronous_net() no espera a que se complete ning\u00fan proceso en xsk_poll(), xsk_sendmsg() o xsk_recvmsg(), lo que significa que el estado en el que se basan podr\u00eda limpiarse prematuramente. Esto puede suceder cuando se llama al notificador (por ejemplo, al descargar el controlador) ya que utiliza xsk_unbind_dev(). Resuelva esto extendiendo la regi\u00f3n cr\u00edtica de RCU desde solo ndo_xsk_wakeup a todas las funciones mencionadas anteriormente, de modo que tanto la prueba de xs->state == XSK_BOUND como el \u00faltimo uso de cualquier miembro de xs est\u00e9n cubiertos por la secci\u00f3n cr\u00edtica de RCU. Esto garantizar\u00e1 que cuando se completesynchronous_net(), no habr\u00e1 procesos restantes ejecutando xsk_poll(), xsk_sendmsg() o xsk_recvmsg() y el estado se puede limpiar de forma segura. Tenga en cuenta que debemos eliminar el bloqueo de RCU para la ruta de transmisi\u00f3n de skb, ya que utiliza funciones que podr\u00edan estar inactivas. Debido a esto, tenemos que volver a probar xs->state despu\u00e9s de obtener el mutex que protege el c\u00f3digo xmit de skb de, entre varias cosas, un xsk_unbind_dev() que se ejecuta desde el notificador al mismo tiempo."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/18b1ab7aa76bde181bdb1ab19a87fa9523c32f21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"url": "https://git.kernel.org/stable/c/8a2dea162b92c322f3e42eae0c4a74b8d20aa7a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad7219cd8751bd258b9d1e69ae0654ec00f71875",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1579253ffce39986e7a6ab757ac93b2680a665f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "6B796901-86B9-450D-BE47-916285FBDF61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/18b1ab7aa76bde181bdb1ab19a87fa9523c32f21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8a2dea162b92c322f3e42eae0c4a74b8d20aa7a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad7219cd8751bd258b9d1e69ae0654ec00f71875",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1579253ffce39986e7a6ab757ac93b2680a665f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

198
CVE-2022/CVE-2022-492xx/CVE-2022-49216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49216",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.687",
"lastModified": "2025-02-26T07:00:58.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:32:55.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/tegra: Se corrige la p\u00e9rdida de referencia en tegra_dsi_ganged_probe La referencia tomada por 'of_find_device_by_node()' debe liberarse cuando ya no se necesita. Agregue la llamada put_device() para corregir esto."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0e2f4e434e71dffd1085c3dccd676514bd71d316",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/1e06710c43a090f14bb67714265a01cd1d7a37c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/221e3638feb8bc42143833c9a704fa89b6c366bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/2d6ae8b747fe55f54de4a4441d636974aa53f56a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5e8fdb6392d945d33fef959eab73f8c34bc0a63b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/852c1f5f3119a38ee68e319bab10277fc1ab06b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a725070701883fe62266ee6d2f31d67e6cdd31df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd78b74031cbc94133965f1017deb822657fc1a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3c99c686e098300c246e5e8a1474133e3dacb05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "FA5195CC-9137-4570-812F-16F11DEA3646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e2f4e434e71dffd1085c3dccd676514bd71d316",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1e06710c43a090f14bb67714265a01cd1d7a37c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/221e3638feb8bc42143833c9a704fa89b6c366bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2d6ae8b747fe55f54de4a4441d636974aa53f56a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5e8fdb6392d945d33fef959eab73f8c34bc0a63b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/852c1f5f3119a38ee68e319bab10277fc1ab06b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a725070701883fe62266ee6d2f31d67e6cdd31df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cd78b74031cbc94133965f1017deb822657fc1a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f3c99c686e098300c246e5e8a1474133e3dacb05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49218",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.890",
"lastModified": "2025-02-26T07:00:58.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:33:07.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/dp: Se corrige la lectura OOB al manejar el registro Post Cursor2 La matriz link_status no era lo suficientemente grande para leer el registro Post Cursor2 de solicitud de ajuste, por lo que se debe eliminar la funci\u00f3n auxiliar com\u00fan para evitar una lectura OOB, que se encontr\u00f3 con una compilaci\u00f3n -Warray-bounds: drivers/gpu/drm/drm_dp_helper.c: En la funci\u00f3n 'drm_dp_get_adjust_request_post_cursor': drivers/gpu/drm/drm_dp_helper.c:59:27: error: el sub\u00edndice 10 de la matriz est\u00e1 fuera de los l\u00edmites de la matriz 'const u8[6]' {tambi\u00e9n conocido como 'const unsigned char[6]'} [-Werror=array-bounds] 59 | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drm_dp_helper.c:147:51: nota: al hacer referencia a 'link_status' 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reemplace el \u00fanico usuario del ayudante con una b\u00fasqueda y decodificaci\u00f3n de c\u00f3digo abierto, similar a drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/a2151490cc6c57b368d7974ffd447a8b36ade639",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "88FA4E2D-4337-4268-BDC0-75FB6658B219"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a2151490cc6c57b368d7974ffd447a8b36ade639",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

108
CVE-2022/CVE-2022-492xx/CVE-2022-49219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49219",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:58.977",
"lastModified": "2025-02-26T07:00:58.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:33:24.627",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vfio/pci: se corrige la p\u00e9rdida de memoria durante la transici\u00f3n de D3hot a D0 Si se establece 'vfio_pci_core_device::needs_pm_restore' (el dispositivo PCI no tiene el bit No_Soft_Reset establecido en su registro de configuraci\u00f3n PMCSR), entonces el estado PCI actual se guardar\u00e1 localmente en 'vfio_pci_core_device::pm_save' durante la transici\u00f3n de D0 a D3hot y el mismo se restaurar\u00e1 durante la transici\u00f3n de D3hot a D0. Para guardar el estado PCI localmente, se utiliza pci_store_saved_state() y pci_load_and_free_saved_state() liberar\u00e1 la memoria asignada. Pero para los IOCTL relacionados con el reinicio, el controlador vfio llama a las API relacionadas con el reinicio de PCI que cambiar\u00e1n internamente el estado de energ\u00eda de PCI a D0. Por lo tanto, cuando el invitado se reanude, obtendr\u00e1 el estado actual como D0 y omitir\u00e1 la llamada a vfio_pci_set_power_state() para cambiar el estado de energ\u00eda a D0 expl\u00edcitamente. En este caso, la memoria apuntada por 'pm_save' nunca se liberar\u00e1. En una secuencia maliciosa, el cambio de estado a D3hot seguido de VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET se puede ejecutar en un bucle y puede causar una situaci\u00f3n de OOM. Este parche libera primero la memoria asignada anteriormente antes de sobrescribir 'pm_save' para evitar la p\u00e9rdida de memoria mencionada."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/26ddd196e9eb264da8e1bdc4df8a94d62581c8b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/4319f17fb8264ba39352b611dfa913a4d8c1d1a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/c8a1f8bd586ee31020614b8d48b702ece3e2ae44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "C5B0B00D-6DCA-4714-B384-1EB7C214ABBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/26ddd196e9eb264da8e1bdc4df8a94d62581c8b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4319f17fb8264ba39352b611dfa913a4d8c1d1a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c8a1f8bd586ee31020614b8d48b702ece3e2ae44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

133
CVE-2022/CVE-2022-492xx/CVE-2022-49221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49221",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:59.167",
"lastModified": "2025-02-26T07:00:59.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:33:38.933",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,124 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/dp: rellenar el conector de struct dp_panel DP CTS caso de prueba 4.2.2.6 tiene un edid v\u00e1lido con suma de comprobaci\u00f3n incorrecta a prop\u00f3sito y espera que la fuente DP devuelva la suma de comprobaci\u00f3n correcta. Durante la lectura del edid de drm, se calcula la suma de comprobaci\u00f3n del edid correcta y se almacena en connector::real_edid_checksum. El problema es que struct dp_panel::connector nunca se asigna, en su lugar el conector se almacena en struct msm_dp::connector. Cuando ejecutamos el caso de prueba de prueba de cumplimiento 4.2.2.6 dp_panel_handle_sink_request() no tendr\u00e1 un edid v\u00e1lido establecido en struct dp_panel::edid, por lo que intentaremos usar el conector real_edid_checksum y nos encontraremos con un error de desreferencia de puntero NULL porque el puntero del conector nunca se asigna. Cambios en V2: -- rellenar el conector del panel en msm_dp_modeset_init() en lugar de en dp_panel_read_sink_caps() Cambios en V3: -- eliminar el texto de confirmaci\u00f3n de seguimiento de fallos del n\u00facleo que no es de ayuda -- eliminar el cambio de nombre del par\u00e1metro dp_display a dp Cambios en V4: -- a\u00f1adir m\u00e1s detalles al texto de confirmaci\u00f3n Cambios en v10: -- agrupar en una serie Cambios en v11: -- eliminar drm/msm/dp: dp_link_parse_sink_count() retorna inmediatamente si se lee aux. Firmado por: Kuogee Hsieh "
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/413c62697b61226a236c8b1f5cd64dcf42bcc12f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/5e602f5156910c7b19661699896cb6e3fb94fab9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/9525b8bcae8b99188990b56484799cf4b1b43786",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbba600f432a360b42452fee79d1fb35d3aa8aeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.67",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "E35E629A-08A5-4AA5-AAD3-0327AB394504"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19",
"versionEndExcluding": "5.14",
"matchCriteriaId": "097A0850-FAA6-4FFF-88C2-F5B49B5CE740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.6",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "44ED6312-668B-40E9-985A-5399C9E479F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/413c62697b61226a236c8b1f5cd64dcf42bcc12f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5e602f5156910c7b19661699896cb6e3fb94fab9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9525b8bcae8b99188990b56484799cf4b1b43786",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fbba600f432a360b42452fee79d1fb35d3aa8aeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

198
CVE-2022/CVE-2022-492xx/CVE-2022-49224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49224",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:59.457",
"lastModified": "2025-02-26T07:00:59.457",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:33:58.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: power: supply: ab8500: Se corrige la p\u00e9rdida de memoria en ab8500_fg_sysfs_init kobject_init_and_add() toma la referencia incluso cuando falla. Seg\u00fan la documentaci\u00f3n de kobject_init_and_add(): Si esta funci\u00f3n devuelve un error, se debe llamar a kobject_put() para limpiar correctamente la memoria asociada con el objeto. Corrija la p\u00e9rdida de memoria llamando a kobject_put()."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "66BCE8B6-D07A-4643-9325-D11035393721"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49225.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49225",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:00:59.563",
"lastModified": "2025-02-26T07:00:59.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:26:19.173",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: mt7921s: corrige una posible p\u00e9rdida de memoria en mt7921_load_patch. Siempre libera datos de firmware al final de la rutina mt7921_load_patch."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/11005b18f453aa192d035d410c11d07edcba5a45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/b301043384c5c2447357952be9a536c2026d8ad0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11005b18f453aa192d035d410c11d07edcba5a45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b301043384c5c2447357952be9a536c2026d8ad0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

92
CVE-2022/CVE-2022-492xx/CVE-2022-49230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49230",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.037",
"lastModified": "2025-02-26T07:01:00.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:26:28.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: mt7915: corrige una posible p\u00e9rdida de memoria en mt7915_mcu_add_sta. Libera skb asignado en la rutina mt7915_mcu_add_sta en caso de fallo."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/a43736cd12d82913102eb49cb56787a5553e028f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/b334a245ff1d76b1e97af8cea648ea6798b9eb87",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/daf02c7e3c3dc82ffa925999597bd455cf799551",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a43736cd12d82913102eb49cb56787a5553e028f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b334a245ff1d76b1e97af8cea648ea6798b9eb87",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/daf02c7e3c3dc82ffa925999597bd455cf799551",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49231",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.130",
"lastModified": "2025-02-26T07:01:00.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:26:40.123",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtw88: se corrige el desbordamiento de memoria y la p\u00e9rdida de memoria durante hw_scan Anteriormente, asign\u00e1bamos menos memoria de la que realmente se requer\u00eda, la sobrescritura en el b\u00fafer hace que el m\u00f3dulo mm se queje y genere fallos de violaci\u00f3n de acceso. Junto con posibles p\u00e9rdidas de memoria cuando se devuelve antes. Solucione estos problemas pasando el tama\u00f1o correcto y el flujo de deinit adecuado."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/d95984b5580dcb8b1c0036577c52b609990a1dab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ec5da191bfcd5fd22b95459b623694f66c1cc10b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

162
CVE-2022/CVE-2022-492xx/CVE-2022-49232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49232",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.217",
"lastModified": "2025-02-26T07:01:00.217",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:26:49.880",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrige una desreferencia de puntero NULL en amdgpu_dm_connector_add_common_modes() En amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() se asigna a mode y se pasa a drm_mode_probed_add() directamente despu\u00e9s de eso. drm_mode_probed_add() pasa &mode->head a list_add_tail(), y hay una desreferencia de este en list_add_tail() sin recuperaciones, lo que podr\u00eda provocar una desreferencia de puntero NULL en caso de fallo de amdgpu_dm_create_common_mode(). Corrige esto agregando una comprobaci\u00f3n NULL de mode. Este error fue encontrado por un analizador est\u00e1tico. Las compilaciones con 'make allyesconfig' no muestran nuevas advertencias y nuestro analizador est\u00e1tico ya no advierte sobre este c\u00f3digo."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49233",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.317",
"lastModified": "2025-02-26T07:01:00.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:27:09.697",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Llamar a dc_stream_release para eliminar la asignaci\u00f3n de enc de enlace [Por qu\u00e9] Un error de portabilidad provoc\u00f3 que la asignaci\u00f3n de flujo para el enlace se mantuviera sin liberarse: una p\u00e9rdida de memoria. [C\u00f3mo] Corrija el error de portabilidad agregando nuevamente dc_stream_release() previsto como parte del parche original."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/a28b7b6a0c827ce672edcdb5b2b5916b0beebe03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/f2bde8349c35d01d7c50456ea06a5c7d5e0e5ed0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a28b7b6a0c827ce672edcdb5b2b5916b0beebe03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f2bde8349c35d01d7c50456ea06a5c7d5e0e5ed0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

198
CVE-2022/CVE-2022-492xx/CVE-2022-49235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49235",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.500",
"lastModified": "2025-02-26T07:01:00.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:27:57.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath9k_htc: corregir errores de valores no inicializados Syzbot inform\u00f3 de 2 errores de KMSAN en ath9k. Todos ellos son causados por la falta de inicializaci\u00f3n de campos. En htc_connect_service(), svc_meta_len y pad no se inicializan. Seg\u00fan el c\u00f3digo, parece que en el skb actual no hay datos de servicio, por lo que simplemente inicialice svc_meta_len a 0. htc_issue_send() no inicializa la matriz htc_frame_hdr::control. Basado en el c\u00f3digo del firmware, lo inicializar\u00e1 por s\u00ed mismo, as\u00ed que simplemente ponga a cero toda la matriz para que KMSAN est\u00e9 contento Registros de errores: ERROR: KMSAN: kernel-usb-infoleak en usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [en l\u00ednea] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [en l\u00ednea] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ... Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slab.h:524 [en l\u00ednea] slab_alloc_node mm/slub.c:3251 [en l\u00ednea] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [en l\u00ednea] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [en l\u00ednea] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ... Los bytes 4-7 de 18 no est\u00e1n inicializados El acceso a la memoria de tama\u00f1o 18 comienza en ffff888027377e00 ERROR: KMSAN: kernel-usb-infoleak en usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [en l\u00ednea] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [en l\u00ednea] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ... Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slab.h:524 [en l\u00ednea] slab_alloc_node mm/slub.c:3251 [en l\u00ednea] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [en l\u00ednea] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [en l\u00ednea] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ... Los bytes 16-17 de 18 no est\u00e1n inicializados. El acceso a la memoria de tama\u00f1o 18 comienza en ffff888027377e00"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/0b700f7d06492de34964b6f414120043364f8191",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/11f11ac281f0c0b363d2940204f28bae0422ed71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/4d244b731188e0b63fc40a9d2dec72e9181fb37c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/5abf2b761b998063f5e2bae93fd4ab10e2a80f10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c2a6a8daa17a3f65b38b9a5574bb362c13fa1d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7da6169b6ebb75816b57be3beb829afa74f3b4b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1e0df1c57bd30871dd1c855742a7c346dbca853",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e352acdd378e9263cc4c6018e588f2dac7161d07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee4222052a76559c20e821bc3519cefb58b6d3e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.35",
"versionEndExcluding": "4.9.311",
"matchCriteriaId": "AF88BCDF-8B1F-4DB2-A7C2-8831EFD200E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.276",
"matchCriteriaId": "6D9B028C-6313-47F9-94B7-5F8122345E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.238",
"matchCriteriaId": "FA28527A-11D3-41D2-9C4C-ECAC0D6A4A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.189",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "91D3BFD0-D3F3-4018-957C-96CCBF357D79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0b700f7d06492de34964b6f414120043364f8191",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/11f11ac281f0c0b363d2940204f28bae0422ed71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4d244b731188e0b63fc40a9d2dec72e9181fb37c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5abf2b761b998063f5e2bae93fd4ab10e2a80f10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5c2a6a8daa17a3f65b38b9a5574bb362c13fa1d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7da6169b6ebb75816b57be3beb829afa74f3b4b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1e0df1c57bd30871dd1c855742a7c346dbca853",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e352acdd378e9263cc4c6018e588f2dac7161d07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee4222052a76559c20e821bc3519cefb58b6d3e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

76
CVE-2022/CVE-2022-492xx/CVE-2022-49237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49237",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.700",
"lastModified": "2025-02-26T07:01:00.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:28:13.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: agregar la funci\u00f3n of_node_put() faltante para evitar fugas El puntero de nodo es devuelto por of_find_node_by_type() o por of_parse_phandle() con refcount incrementado. Llamar a of_node_put() para evitar la fuga de refcount."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/3d38faef0de1756994b3d95e47b2302842f729e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/7d51cb010b20d70b16dc6e4341bf29d6c5b32564",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3d38faef0de1756994b3d95e47b2302842f729e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7d51cb010b20d70b16dc6e4341bf29d6c5b32564",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

126
CVE-2022/CVE-2022-492xx/CVE-2022-49239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49239",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.887",
"lastModified": "2025-02-26T07:01:00.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T19:28:26.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: codecs: wcd934x: Agregar la falta de of_node_put() en wcd934x_codec_parse_data El puntero device_node es devuelto por of_parse_phandle() con refcount incrementado. Deber\u00edamos usar of_node_put() en \u00e9l cuando haya terminado. Esto es similar a el commit 64b92de9603f (\"ASoC: wcd9335: corregir una referencia filtrada agregando la falta de of_node_put\")"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1f24716e38220fc9e52e208d20591d2bc9b7f020",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/2f44eca78cc6d4e1779eb95765ec79e433accab4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/9531a631379169d57756b2411178c6238655df88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/f3793eeb7b94a5eeed6f5c7a44bce403c6681a12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8e89d84ea83c51ba3ba97ff154f7aa679326760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.10.110",
"matchCriteriaId": "05F0A158-8722-4B5A-BEC5-245BC5E3EA9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.33",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.19",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "5.17.2",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1f24716e38220fc9e52e208d20591d2bc9b7f020",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2f44eca78cc6d4e1779eb95765ec79e433accab4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9531a631379169d57756b2411178c6238655df88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f3793eeb7b94a5eeed6f5c7a44bce403c6681a12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f8e89d84ea83c51ba3ba97ff154f7aa679326760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

22
CVE-2023/CVE-2023-11xx/CVE-2023-1195.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1195",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-18T22:15:09.373",
"lastModified": "2024-11-21T07:38:39.007",
"lastModified": "2025-03-18T19:15:40.697",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

22
CVE-2023/CVE-2023-18xx/CVE-2023-1859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1859",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-17T23:15:09.100",
"lastModified": "2024-11-21T07:40:02.217",
"lastModified": "2025-03-18T19:15:40.903",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},

14
CVE-2023/CVE-2023-205xx/CVE-2023-20578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20578",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-08-13T17:15:19.510",
"lastModified": "2024-10-02T17:35:44.117",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T20:15:17.357",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-20xx/CVE-2023-2019.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2019",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T21:15:09.347",
"lastModified": "2024-11-21T07:57:46.253",
"lastModified": "2025-03-18T20:15:19.093",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},

22
CVE-2023/CVE-2023-21xx/CVE-2023-2177.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2177",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-20T21:15:08.997",
"lastModified": "2024-11-21T07:58:05.267",
"lastModified": "2025-03-18T20:15:19.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

32
CVE-2023/CVE-2023-230xx/CVE-2023-23064.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23064",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-17T22:15:14.353",
"lastModified": "2024-11-21T07:45:49.720",
"lastModified": "2025-03-18T20:15:17.623",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-863"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-238xx/CVE-2023-23848.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23848",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2023-02-15T19:15:13.150",
"lastModified": "2024-11-21T07:46:57.003",
"lastModified": "2025-03-18T20:15:17.810",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -55,6 +75,16 @@
"value": "CWE-276"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-238xx/CVE-2023-23850.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23850",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2023-02-15T19:15:13.217",
"lastModified": "2024-11-21T07:46:57.227",
"lastModified": "2025-03-18T20:15:17.997",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -55,6 +75,16 @@
"value": "CWE-276"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-240xx/CVE-2023-24062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24062",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-08T18:15:09.317",
"lastModified": "2024-08-19T19:05:06.027",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T19:15:41.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-242xx/CVE-2023-24236.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24236",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-16T15:15:18.980",
"lastModified": "2024-11-21T07:47:37.187",
"lastModified": "2025-03-18T20:15:18.160",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-242xx/CVE-2023-24238.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-16T15:15:19.193",
"lastModified": "2024-11-21T07:47:37.340",
"lastModified": "2025-03-18T20:15:18.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-244xx/CVE-2023-24483.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24483",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-02-16T18:15:11.613",
"lastModified": "2024-11-21T07:47:57.073",
"lastModified": "2025-03-18T20:15:18.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -55,6 +75,16 @@
"value": "CWE-269"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-244xx/CVE-2023-24484.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24484",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-02-16T18:15:11.900",
"lastModified": "2024-11-21T07:47:57.203",
"lastModified": "2025-03-18T20:15:18.673",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

32
CVE-2023/CVE-2023-245xx/CVE-2023-24580.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24580",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T01:15:10.687",
"lastModified": "2024-11-21T07:48:10.217",
"lastModified": "2025-03-18T20:15:18.837",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-400"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-29xx/CVE-2023-2938.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2938",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-30T22:15:10.433",
"lastModified": "2024-11-21T07:59:36.437",
"lastModified": "2025-03-18T19:15:41.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-451"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-310xx/CVE-2023-31084.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T06:15:07.997",
"lastModified": "2024-11-21T08:01:22.970",
"lastModified": "2025-03-18T20:15:19.503",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-833"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-21T21:15:08.737",
"lastModified": "2024-11-21T08:05:15.727",
"lastModified": "2025-03-18T19:15:41.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-332xx/CVE-2023-33288.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33288",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-22T03:15:09.797",
"lastModified": "2024-11-21T08:05:20.497",
"lastModified": "2025-03-18T19:15:41.793",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-344xx/CVE-2023-34400.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34400",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T22:15:10.847",
"lastModified": "2025-02-18T18:15:15.043",
"lastModified": "2025-03-18T20:15:19.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La unidad principal Mercedes-Benz NTG6 contiene funciones para importar o exportar configuraciones de perfil a trav\u00e9s de USB. En caso de analizar un archivo, el servicio intenta definir el encabezado dentro del archivo y lo convierte en una cadena con terminaci\u00f3n nula. Si falta alg\u00fan car\u00e1cter, devolver\u00e1 un puntero nulo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://securelist.com/mercedes-benz-head-unit-security-research/115218/",

39
CVE-2023/CVE-2023-370xx/CVE-2023-37022.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37022",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-22T15:15:11.817",
"lastModified": "2025-02-18T20:15:17.057",
"lastModified": "2025-03-18T19:15:42.000",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Las versiones de Open5GS MME anteriores a la 2.6.4 contienen una aserci\u00f3n alcanzable en el controlador de paquetes `UE Context Release Request`. Un paquete que contiene un campo `MME_UE_S1AP_ID` ??no v\u00e1lido hace que Open5gs se bloquee; un atacante puede enviar repetidamente dichos paquetes para provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://cellularsecurity.org/ransacked",

34
CVE-2023/CVE-2023-370xx/CVE-2023-37027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37027",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T23:15:09.880",
"lastModified": "2025-03-03T15:31:04.120",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T20:15:20.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-370xx/CVE-2023-37058.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-37058",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-17T21:15:50.503",
"lastModified": "2024-11-21T08:11:01.153",
"lastModified": "2025-03-18T20:15:20.283",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-407xx/CVE-2023-40747.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40747",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-18T01:15:48.440",
"lastModified": "2024-11-21T08:20:03.600",
"lastModified": "2025-03-18T20:15:20.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://akisoftware.com/Vulnerability202301.html",

27
CVE-2023/CVE-2023-438xx/CVE-2023-43850.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43850",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T19:15:09.713",
"lastModified": "2025-02-10T23:15:11.437",
"lastModified": "2025-03-18T19:15:42.163",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La validaci\u00f3n de entrada incorrecta en la funci\u00f3n de administraci\u00f3n de usuarios de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente provocar una DoS parcial de la interfaz web a trav\u00e9s de una solicitud HTTP POST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

12
CVE-2023/CVE-2023-508xx/CVE-2023-50804.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-05T19:15:11.900",
"lastModified": "2024-11-21T08:37:19.220",
"lastModified": "2025-03-18T20:15:20.650",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-287"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-125xx/CVE-2024-12577.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12577",
"sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"published": "2025-02-22T15:15:10.227",
"lastModified": "2025-02-22T15:15:10.227",
"lastModified": "2025-03-18T20:15:20.827",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El software del kernel instalado y ejecut\u00e1ndose dentro de una m\u00e1quina virtual invitada puede explotar la memoria compartida con el firmware de la GPU para escribir datos fuera de la memoria de la GPU virtualizada del invitado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce",

14
CVE-2024/CVE-2024-211xx/CVE-2024-21164.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21164",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:19.490",
"lastModified": "2024-11-21T08:53:54.513",
"lastModified": "2025-03-18T19:15:42.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-221xx/CVE-2024-22102.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22102",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T15:15:11.070",
"lastModified": "2024-11-21T08:55:35.143",
"lastModified": "2025-03-18T20:15:21.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-230xx/CVE-2024-23091.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23091",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-30T14:15:02.730",
"lastModified": "2024-11-21T08:56:56.073",
"lastModified": "2025-03-18T20:15:21.267",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-916"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-234xx/CVE-2024-23486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23486",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-15T11:15:07.820",
"lastModified": "2024-11-21T08:57:48.630",
"lastModified": "2025-03-18T20:15:21.460",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN58236836/",

32
CVE-2024/CVE-2024-237xx/CVE-2024-23762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.307",
"lastModified": "2024-11-21T08:58:20.780",
"lastModified": "2025-03-18T20:15:21.623",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-239xx/CVE-2024-23929.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23929",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T01:15:09.697",
"lastModified": "2025-02-18T19:15:14.883",
"lastModified": "2025-03-18T20:15:21.787",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Esta vulnerabilidad permite a los atacantes adyacentes a la red crear archivos arbitrarios en las instalaciones afectadas de los dispositivos Pioneer DMH-WT7600NEX. Aunque se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, se puede eludir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe dentro de la funcionalidad telem\u00e1tica. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1044/",

32
CVE-2024/CVE-2024-244xx/CVE-2024-24423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24423",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T23:15:12.407",
"lastModified": "2025-02-18T21:15:21.310",
"lastModified": "2025-03-18T19:15:42.503",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

41
CVE-2024/CVE-2024-264xx/CVE-2024-26495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26495",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T03:15:09.533",
"lastModified": "2024-11-21T09:02:30.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-18T20:15:21.933",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en las versiones de Friendica posteriores a la v.2023.12 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de las etiquetas BBCode en el contenido de la publicaci\u00f3n y en la funci\u00f3n de comentarios de la publicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/friendica/friendica/issues/13884",

14
CVE-2024/CVE-2024-273xx/CVE-2024-27383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27383",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-09T20:15:04.570",
"lastModified": "2024-09-11T15:25:24.303",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T20:15:22.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

24
CVE-2024/CVE-2024-384xx/CVE-2024-38477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38477",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-01T19:15:05.083",
"lastModified": "2024-11-21T09:26:03.687",
"lastModified": "2025-03-18T19:15:42.683",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,13 +36,33 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

32
CVE-2024/CVE-2024-392xx/CVE-2024-39241.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39241",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.447",
"lastModified": "2024-11-21T09:27:21.467",
"lastModified": "2025-03-18T19:15:42.903",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-399xx/CVE-2024-39924.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39924",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T18:15:03.810",
"lastModified": "2025-01-09T18:15:27.987",
"lastModified": "2025-03-18T20:15:22.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se identific\u00f3 una vulnerabilidad en el proceso de autenticaci\u00f3n y autorizaci\u00f3n del endpoint responsable de alterar los metadatos de un acceso de emergencia. Permite que un atacante con acceso de emergencia concedido escale sus privilegios cambiando el nivel de acceso y modificando el tiempo de espera. En consecuencia, el atacante puede obtener control total sobre la b\u00f3veda (cuando solo se pretende que tenga acceso de lectura) mientras se salta el per\u00edodo de espera necesario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148",

39
CVE-2024/CVE-2024-399xx/CVE-2024-39926.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39926",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T18:15:04.013",
"lastModified": "2025-01-09T18:15:28.220",
"lastModified": "2025-03-18T19:15:43.093",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n de HTML o de Cross-site Scripting (XSS) almacenado, debido a la CSP predeterminada, en el panel de control del administrador. Esto potencialmente permite que un atacante autenticado inyecte c\u00f3digo malicioso en el panel de control, que luego se ejecuta o se muestra en el contexto del navegador de un administrador al visualizar el contenido inyectado. Sin embargo, es importante tener en cuenta que la Pol\u00edtica de seguridad de contenido (CSP) predeterminada de la aplicaci\u00f3n bloquea la mayor\u00eda de las rutas de explotaci\u00f3n, lo que mitiga significativamente el impacto potencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201",

32
CVE-2024/CVE-2024-403xx/CVE-2024-40393.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40393",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-16T19:15:12.873",
"lastModified": "2024-11-21T09:31:02.303",
"lastModified": "2025-03-18T20:15:22.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-406xx/CVE-2024-40604.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40604",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-07T00:15:10.690",
"lastModified": "2024-11-21T09:31:22.187",
"lastModified": "2025-03-18T19:15:43.277",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-408xx/CVE-2024-40842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40842",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.013",
"lastModified": "2024-09-24T14:56:30.320",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T20:15:22.593",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-408xx/CVE-2024-40857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40857",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.537",
"lastModified": "2024-09-25T13:41:41.843",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-18T19:15:43.453",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

Some files were not shown because too many files have changed in this diff Show More