admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-27T04:00:16.834297+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-27 04:03:12 +00:00
parent 944d23d93b
commit f483f5543f
4 changed files with 214 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
CVE-2021/CVE-2021-475xx/CVE-2021-47578.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47578",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:52.320",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T03:18:45.253",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_debug: no llamar a kcalloc() si el tama\u00f1o arg es cero. Si el tama\u00f1o arg de kcalloc() es cero, devuelve ZERO_SIZE_PTR. Por eso, para que una siguiente verificaci\u00f3n de puntero NULL funcione en el puntero devuelto, no se debe llamar a kcalloc() con el tama\u00f1o arg igual a cero. Regrese temprano sin errores antes de la llamada a kcalloc() si el tama\u00f1o arg es cero. ERROR: KASAN: null-ptr-deref en memcpy include/linux/fortify-string.h:191 [en l\u00ednea] ERROR: KASAN: null-ptr-deref en sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974 Escritura de tama\u00f1o 4 en la direcci\u00f3n 0000000000000010 por tarea syz-executor.1/22789 CPU: 1 PID: 22789 Comm: syz-executor.1 No contaminado 5.15.0-syzk #1 Nombre del hardware: Red Hat KVM, BIOS 1.13.0-2 Seguimiento de llamadas : __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 __kasan_report mm/kasan/report.c:446 [en l\u00ednea] kasan_report.cold.14+0x112/0x117 mm/kasan/ report.c:459 check_region_inline mm/kasan/generic.c:183 [en l\u00ednea] kasan_check_range+0x1a3/0x210 mm/kasan/generic.c:189 memcpy+0x3b/0x60 mm/kasan/shadow.c:66 memcpy include/linux /fortify-string.h:191 [en l\u00ednea] sg_copy_buffer+0x138/0x240 lib/scatterlist.c:974 controladores do_dout_fetch/scsi/scsi_debug.c:2954 [en l\u00ednea] controladores do_dout_fetch/scsi/scsi_debug.c:2946 [en l\u00ednea] resp_verify +0x49e/0x930 controladores/scsi/scsi_debug.c:4276 Schedule_resp+0x4d8/0x1a70 controladores/scsi/scsi_debug.c:5478 scsi_debug_queuecommand+0x8c9/0x1ec0 controladores/scsi/scsi_debug.c:7533 controladores scsi_dispatch_cmd/scsi /scsi_lib.c: 1520 [en l\u00ednea] scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699 blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639 __blk_mq_sched_dispatch_requests+0x28f/0x590 lk-mq-sched.c:325 blk_mq_sched_dispatch_requests+ 0x105/0x190 block/blk-mq-sched.c:358 __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761 __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838 cola+0x18d/0x350 bloque/negro -mq.c:1891 blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474 blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62 blk_execute_rq+0xdb/0x360 block/blk-exec.c:102 sg_scsi_ioctl controladores/scsi/scsi_ioctl.c:621 [en l\u00ednea] scsi_ioctl+0x8bb/0x15c0 controladores/scsi/scsi_ioctl.c:930 sg_ioctl_common+0x172d/0x2710 controladores/scsi/sg.c:1112 sg_ioctl+0xa2/0 controladores x180/scsi/ SG.C: 1165 VFS_IOCTL FS/IOCTL.C: 51 [INLINE] __DO_SYS_IOCTL FS/IOCTL.C: 874 [INLINE] __SE_SYS_IOCTL FS/IOCTL.C: 860 [Inline] __X64_SY 60 do_syscall_x64 arch/x86/entry/common.c:50 [en l\u00ednea] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "28749C54-EB4A-4AEC-AB94-5AE114B972ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3344b58b53a76199dae48faa396e9fc37bf86992",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/47d11d35203b0aa13533634e270fe2c3610e531b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2021/CVE-2021-475xx/CVE-2021-47589.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47589",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:53.490",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T03:16:19.000",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igbvf: corrige double free en `igbvf_probe` En `igbvf_probe`, si Register_netdev() falla, el programa ir\u00e1 a la etiqueta err_hw_init y luego a la etiqueta err_ioremap. En free_netdev(), que est\u00e1 justo debajo de la etiqueta err_ioremap, est\u00e1n `list_for_each_entry_safe` y `netif_napi_del` que tienen como objetivo eliminar todas las entradas en `dev->napi_list`. El programa ha agregado una entrada `adapter->rx_ring->napi` que se agrega mediante `netif_napi_add` en igbvf_alloc_queues(). Sin embargo, adaptador->rx_ring se ha liberado debajo de la etiqueta err_hw_init. Entonces esto es una UAF. En t\u00e9rminos de c\u00f3mo solucionar el problema, podemos consultar igbvf_remove() y eliminar la entrada antes de `adapter->rx_ring`. Los registros de KASAN son los siguientes: [35.126075] ERROR: KASAN: use-after-free en free_netdev+0x1fd/0x450 [35.127170] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88810126d990 mediante la tarea modprobe/366 [35.128360] [35.128643] CPU: 1 PID : 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 [ 35.129789] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01 /2014 [35.131749] Seguimiento de llamadas: [35.132199] dump_stack_lvl+0x59/0x7b [35.132865] print_address_description+0x7c/0x3b0 [35.133707] ? free_netdev+0x1fd/0x450 [ 35.134378] __kasan_report+0x160/0x1c0 [ 35.135063] ? free_netdev+0x1fd/0x450 [ 35.135738] kasan_report+0x4b/0x70 [ 35.136367] free_netdev+0x1fd/0x450 [ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] [ 35.137808 ] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] por tarea 366: [35.166414] ____kasan_kmalloc+0xc4/0xf0 [35.167117] foo_kmem_cache_alloc_trace+0x3c/ 0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713 ] [35.179993] Liberado por la tarea 366: [35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_free_info+0x1f/0x40 [ 35.181942] ____kasan_slab_free+0x103/0x140 [ 35.182703] kfree+0xe3/0x250 [ 35.183239] igbvf_probe+0x1173/0x1a10 vf] [35.184040] local_pci_probe+0x13c/0x1f0"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.30",
"versionEndExcluding": "4.4.296",
"matchCriteriaId": "BCDBDCBF-3E2B-4AF7-952D-EB56D077EBF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.294",
"matchCriteriaId": "BEC14782-2EE3-4635-A927-91559E4F451C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.259",
"matchCriteriaId": "390D64FF-1DB7-4DD1-ADEF-CE96BEA2607C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.222",
"matchCriteriaId": "2D0D89BC-6CF8-4BFB-8C91-472348052528"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.168",
"matchCriteriaId": "195EBAA1-4CCE-4898-9351-F4A0DBCAA022"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.88",
"matchCriteriaId": "A657B2D0-5B9D-42BE-A3BF-228DBC1B057C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.11",
"matchCriteriaId": "11274E95-438A-449A-B100-01B2B0046669"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

9
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-27T02:00:17.026690+00:00
2024-08-27T04:00:16.834297+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-27T01:00:02.883000+00:00
2024-08-27T03:18:45.253000+00:00
```
### Last Data Feed Release
@ -44,9 +44,10 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `2`
- [CVE-2024-7971](CVE-2024/CVE-2024-79xx/CVE-2024-7971.json) (`2024-08-27T01:00:02.883`)
- [CVE-2021-47578](CVE-2021/CVE-2021-475xx/CVE-2021-47578.json) (`2024-08-27T03:18:45.253`)
- [CVE-2021-47589](CVE-2021/CVE-2021-475xx/CVE-2021-47589.json) (`2024-08-27T03:16:19.000`)
## Download and Usage

6
_state.csv
View File

@ -187427,7 +187427,7 @@ CVE-2021-47574,0,0,fb510e0de5c16540c28aafbb11dc6447df4650a07171ce8b06dc3ecc0ad86
CVE-2021-47575,0,0,1190580e8b98f1fb3213b57001e63f689d55d9f65670cdf88262d5324141308a,2024-06-20T09:15:10.953000
CVE-2021-47576,0,0,4735162112e291ecd71c3dbd8bb1c99e1303f7754936ce63cc7351326be49a3e,2024-06-20T12:43:25.663000
CVE-2021-47577,0,0,d0face38e2762beb7e28363ee5ff98795dd4f46c8e6afb2c345789d3f1fe5542,2024-06-20T12:43:25.663000
CVE-2021-47578,0,0,c04f6e24c888eb3a049f39107bf5b65b3472db141b049b658566b977baba6491,2024-06-20T12:43:25.663000
CVE-2021-47578,0,1,2b81563df18159ccacdf1d60c9b3e336ea801dd9f67b5d514205223d8fb7aa4e,2024-08-27T03:18:45.253000
CVE-2021-47579,0,0,214fa59c33ed22b9398868c401e997995a9f0f8c8cbab8497c48f31736b1004e,2024-06-20T12:43:25.663000
CVE-2021-47580,0,0,e0ba4a70a306169a72b59c906d22256e1e9ec63a836b279525125573202bd886,2024-06-20T12:43:25.663000
CVE-2021-47581,0,0,8787010fa1b837c9433128d0d20bbbc5cc367d055ada39f1bbe864fed14da829,2024-06-20T09:15:11.057000
@ -187438,7 +187438,7 @@ CVE-2021-47585,0,0,ce01987df681397de7d54893e5efcb2392f1d920c4c52cb4fe8e15c2b35f8
CVE-2021-47586,0,0,43a350738cd92215883dae2d0f75b2537927b72a55c6c8b78e203743018315a0,2024-07-03T01:38:11.913000
CVE-2021-47587,0,0,b30550a10bae30fdaddfdf1118241fdecdb0aac764064035e93107f946fad012,2024-06-20T12:43:25.663000
CVE-2021-47588,0,0,0f7c2ddebf5230cc4da6aa5555c1f5261002923073136fff5e4910d65af55ae8,2024-06-20T12:43:25.663000
CVE-2021-47589,0,0,9606cb8783c6661b600536ce8bb6cde869e76476a5c2d36197e5facb4b969342,2024-06-20T12:43:25.663000
CVE-2021-47589,0,1,90b76d41b40e586a29ff9e2db3957fc07fd2120cba5363d84fdec4e79fc74d37,2024-08-27T03:16:19
CVE-2021-47590,0,0,726cea40316793171537866d837fe3d747c8cb3266d32af4450bad9f997fcfaa,2024-06-20T12:43:25.663000
CVE-2021-47591,0,0,075ff96a49ab3870794068c07184348561582a3968bb161ed2673754442a5134,2024-06-20T12:43:25.663000
CVE-2021-47592,0,0,3e6a900f856612ffa91a686567e21f4c94ed7d6a279efc65d48294ed49768d05,2024-06-20T12:43:25.663000
@ -261180,7 +261180,7 @@ CVE-2024-7966,0,0,c834c0011ca06a1efd266a4239a473434dee53599a1a84163bf0336c2d5b29
CVE-2024-7967,0,0,2f507da42df8ce0bcb7a2acf707f99162286ce219b5ecc55f7b5fab9b564d33a,2024-08-26T15:11:01.917000
CVE-2024-7968,0,0,da660cd047ae7ab70548a94fe3bdc25d42e767c3eac17d765635320e381d048e,2024-08-22T17:41:56.847000
CVE-2024-7969,0,0,8acea45baac76f5e45d05acf8035608f405ec6038c8af4ab71dabd90619c2144,2024-08-22T20:35:26.473000
CVE-2024-7971,0,1,46adb6d7721c1dfcc60ee3fda6e97e01d50ab2f0fa3271375a72069a513c0516,2024-08-27T01:00:02.883000
CVE-2024-7971,0,0,46adb6d7721c1dfcc60ee3fda6e97e01d50ab2f0fa3271375a72069a513c0516,2024-08-27T01:00:02.883000
CVE-2024-7972,0,0,e61aba0cb3afa4d81531ac3dd06c76487abfdcc64e079a47655c169ee1d829d6,2024-08-26T15:11:35.017000
CVE-2024-7973,0,0,57e1fa2533e5bc6ff8715efadca7a59b7db56c81e1c88635dd66a97401e58114,2024-08-26T15:13:04.650000
CVE-2024-7974,0,0,4f1766ede0a46e011fd6362a463054e086647121f22e7cff04b5a03dfc3c746c,2024-08-22T17:40:27.950000

Can't render this file because it is too large.