admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-17T16:00:40.407829+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-17 16:03:32 +00:00
parent ffbd5c0078
commit fe2f2da9ff
114 changed files with 4685 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2023/CVE-2023-526xx/CVE-2023-52661.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52661",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.163",
"lastModified": "2024-05-17T14:15:08.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()\n\nIf clk_get_sys(..., \"pll_d2_out0\") fails, the clk_get_sys() call must be\nundone.\n\nAdd the missing clk_put and a new 'put_pll_d_out0' label in the error\nhandling path, and use it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2388c36e028fff7f8ffd515681a14c6c2c07fea7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/45c8034db47842b25a3ab6139d71e13b4e67b9b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c8dc26e31b8b410ad1895e0d314def50c76eed0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/845322a9c06dd1dcf35b6c4e3af89684297c23cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3f407ccbe84a34de9be3195d22cdd5969f3fd9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa74e4f5d0821829545b9f7034a0e577c205c101",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2023/CVE-2023-526xx/CVE-2023-52662.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52662",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.373",
"lastModified": "2024-05-17T14:15:08.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node\n\nWhen ida_alloc_max fails, resources allocated before should be freed,\nincluding *res allocated by kmalloc and ttm_resource_init."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52663.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52663",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.577",
"lastModified": "2024-05-17T14:15:08.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()\n\nDriver uses kasprintf() to initialize fw_{code,data}_bin members of\nstruct acp_dev_data, but kfree() is never called to deallocate the\nmemory, which results in a memory leak.\n\nFix the issue by switching to devm_kasprintf(). Additionally, ensure the\nallocation was successful by checking the pointer validity."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52664.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52664",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:08.807",
"lastModified": "2024-05-17T14:15:08.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: eliminate double free in error handling logic\n\nDriver has a logic leak in ring data allocation/free,\nwhere aq_ring_free could be called multiple times on same ring,\nif system is under stress and got memory allocation error.\n\nRing pointer was used as an indicator of failure, but this is\nnot correct since only ring data is allocated/deallocated.\nRing itself is an array member.\n\nChanging ring allocation functions to return error code directly.\nThis simplifies error handling and eliminates aq_ring_free\non higher layer."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-526xx/CVE-2023-52665.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52665",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:09.043",
"lastModified": "2024-05-17T14:15:09.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2\n\nCommit 8c5fa3b5c4df (\"powerpc/64: Make ELFv2 the default for big-endian\nbuilds\"), merged in Linux-6.5-rc1 changes the calling ABI in a way\nthat is incompatible with the current code for the PS3's LV1 hypervisor\ncalls.\n\nThis change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'\nto the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.\n\nFixes run time errors like these:\n\n BUG: Kernel NULL pointer dereference at 0x00000000\n Faulting instruction address: 0xc000000000047cf0\n Oops: Kernel access of bad area, sig: 11 [#1]\n Call Trace:\n [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)\n [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4\n [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/482b718a84f08b6fc84879c3e90cc57dba11c115",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0f0780f03df54d08ced118d27834ee5008724e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f70557d48215b14a9284ac3a6ae7e4ee1d039f10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52666.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52666",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:09.260",
"lastModified": "2024-05-17T14:15:09.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potential circular locking issue in smb2_set_ea()\n\nsmb2_set_ea() can be called in parent inode lock range.\nSo add get_write argument to smb2_set_ea() not to call nested\nmnt_want_write()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5349fd419e4f685d609c85b781f2b70f0fb14848",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fc0a265e1b932e5e97a038f99e29400a93baad0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e61fc656ceeaec65f19a92f0ffbeb562b7941e8d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e9ec6665de8f706b4f4133b87b2bd02a159ec57b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecfd93955994ecc2a1308f5ee4bd90c7fca9a8c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52667.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52667",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:09.457",
"lastModified": "2024-05-17T14:15:09.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a potential double-free in fs_any_create_groups\n\nWhen kcalloc() for ft->g succeeds but kvzalloc() for in fails,\nfs_any_create_groups() will free ft->g. However, its caller\nfs_any_create_table() will free ft->g again through calling\nmlx5e_destroy_flow_table(), which will lead to a double-free.\nFix this by setting ft->g to NULL in fs_any_create_groups()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-526xx/CVE-2023-52668.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52668",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:09.640",
"lastModified": "2024-05-17T14:15:09.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix lock ordering in btrfs_zone_activate()\n\nThe btrfs CI reported a lockdep warning as follows by running generic\ngeneric/129.\n\n WARNING: possible circular locking dependency detected\n 6.7.0-rc5+ #1 Not tainted\n ------------------------------------------------------\n kworker/u5:5/793427 is trying to acquire lock:\n ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130\n but task is already holding lock:\n ffff88810a23a318 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n -> #1 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}:\n ...\n -> #0 (&cache->lock){+.+.}-{2:2}:\n ...\n\nThis is because we take fs_info->zone_active_bgs_lock after a block_group's\nlock in btrfs_zone_activate() while doing the opposite in other places.\n\nFix the issue by expanding the fs_info->zone_active_bgs_lock's critical\nsection and taking it before a block_group's lock."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1908e9d01e5395adff68d9d308a0fb15337e6272",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f74989f5909cdec9b1274641f0fa306b15bb476",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b18f3b60b35a8c01c9a2a0f0d6424c6d73971dc3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2023/CVE-2023-526xx/CVE-2023-52669.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52669",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:09.827",
"lastModified": "2024-05-17T14:15:09.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: s390/aes - Fix buffer overread in CTR mode\n\nWhen processing the last block, the s390 ctr code will always read\na whole block, even if there isn't a whole block of data left. Fix\nthis by using the actual length left and copy it into a buffer first\nfor processing."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52670.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52670",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:10.057",
"lastModified": "2024-05-17T14:15:10.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: virtio: Free driver_override when rpmsg_remove()\n\nFree driver_override when rpmsg_remove(), otherwise\nthe following memory leak will occur:\n\nunreferenced object 0xffff0000d55d7080 (size 128):\n comm \"kworker/u8:2\", pid 56, jiffies 4294893188 (age 214.272s)\n hex dump (first 32 bytes):\n 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320\n [<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70\n [<00000000228a60c3>] kstrndup+0x4c/0x90\n [<0000000077158695>] driver_set_override+0xd0/0x164\n [<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170\n [<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30\n [<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec\n [<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280\n [<00000000443331cc>] really_probe+0xbc/0x2dc\n [<00000000391064b1>] __driver_probe_device+0x78/0xe0\n [<00000000a41c9a5b>] driver_probe_device+0xd8/0x160\n [<000000009c3bd5df>] __device_attach_driver+0xb8/0x140\n [<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4\n [<000000003b929a36>] __device_attach+0x9c/0x19c\n [<00000000a94e0ba8>] device_initial_probe+0x14/0x20\n [<000000003c999637>] bus_probe_device+0xa0/0xac"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-526xx/CVE-2023-52671.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52671",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:10.290",
"lastModified": "2024-05-17T14:15:10.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix hang/underflow when transitioning to ODM4:1\n\n[Why]\nUnder some circumstances, disabling an OPTC and attempting to reclaim\nits OPP(s) for a different OPTC could cause a hang/underflow due to OPPs\nnot being properly disconnected from the disabled OPTC.\n\n[How]\nEnsure that all OPPs are unassigned from an OPTC when it gets disabled."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2023/CVE-2023-526xx/CVE-2023-52672.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52672",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:10.527",
"lastModified": "2024-05-17T14:15:10.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe->wr_wait before actually\nraising pipe->max_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn't a\nwatch queue.\n\n[Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-526xx/CVE-2023-52673.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52673",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:10.773",
"lastModified": "2024-05-17T14:15:10.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a debugfs null pointer error\n\n[WHY & HOW]\nCheck whether get_subvp_en() callback exists before calling it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52674.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52674",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:18.187",
"lastModified": "2024-05-17T15:15:18.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()\n\nEnsure the value passed to scarlett2_mixer_ctl_put() is between 0 and\nSCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside\nscarlett2_mixer_values[]."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03035872e17897ba89866940bbc9cefca601e572",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/04f8f053252b86c7583895c962d66747ecdc61b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad945ea8d47dd4454c271510bea24850119847c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8d8897d65061cbe36bf2909057338303a904810",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e517645ead5ea22c69d2a44694baa23fe1ce7c2b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52675.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52675",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:18.413",
"lastModified": "2024-05-17T15:15:18.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/imc-pmu: Add a null pointer check in update_events_in_group()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/024352f7928b28f53609660663329d8c0f4ad032",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0a233867a39078ebb0f575e2948593bbff5826b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1e80aa25d186a7aa212df5acd8c75f55ac8dae34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a669f3511d273c8c1ab1c1d268fbcdf53fc7a05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/75fc599bcdcb1de093c9ced2e3cccc832f3787f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2da3f9b1a1019c887ee1d164475a8fcdb0a3fec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7d828e12b326ea50fb80c369d7aa87519ed14c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f105c263009839d80fad6998324a4e1b3511cba0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-526xx/CVE-2023-52676.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52676",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:18.633",
"lastModified": "2024-05-17T15:15:18.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Guard stack limits against 32bit overflow\n\nThis patch promotes the arithmetic around checking stack bounds to be\ndone in the 64-bit domain, instead of the current 32bit. The arithmetic\nimplies adding together a 64-bit register with a int offset. The\nregister was checked to be below 1<<29 when it was variable, but not\nwhen it was fixed. The offset either comes from an instruction (in which\ncase it is 16 bit), from another register (in which case the caller\nchecked it to be below 1<<29 [1]), or from the size of an argument to a\nkfunc (in which case it can be a u32 [2]). Between the register being\ninconsistently checked to be below 1<<29, and the offset being up to an\nu32, it appears that we were open to overflowing the `int`s which were\ncurrently used for arithmetic.\n\n[1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498\n[2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52677.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52677",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:18.823",
"lastModified": "2024-05-17T15:15:18.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Check if the code to patch lies in the exit section\n\nOtherwise we fall through to vmalloc_to_page() which panics since the\naddress does not lie in the vmalloc region."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52678.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52678",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.057",
"lastModified": "2024-05-17T15:15:19.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c\n\nBefore using list_first_entry, make sure to check that list is not\nempty, if list is empty return -ENODATA.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1347 kfd_create_indirect_link_prop() warn: can 'gpu_link' even be NULL?\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1428 kfd_add_peer_prop() warn: can 'iolink1' even be NULL?\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1433 kfd_add_peer_prop() warn: can 'iolink2' even be NULL?"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4525525cb7161d08f95d0e47025323dd10214313",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/499839eca34ad62d43025ec0b46b80e77065f6d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ac4e023ed7ab1c7c67d2d12b7b6198fcd099e5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5024cce888e11e5688f77df81db9e14828495d64",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52679.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52679",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.207",
"lastModified": "2024-05-17T15:15:19.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52680.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52680",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.280",
"lastModified": "2024-05-17T15:15:19.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add missing error checks to *_ctl_get()\n\nThe *_ctl_get() functions which call scarlett2_update_*() were not\nchecking the return value. Fix to check the return value and pass to\nthe caller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52681.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52681",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.360",
"lastModified": "2024-05-17T15:15:19.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Free s_fs_info on unmount\n\nNow that we allocate a s_fs_info struct on fs context creation, we\nshould ensure that we free it again when the superblock goes away."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/48be1364dd387e375e1274b76af986cb8747be2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/547713d502f7b4b8efccd409cff84d731a23853b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92be3095c6ca1cdc46237839c6087555be9160e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea6b597fcaca99562fa56a473bcbbbd79b40af03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52682.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52682",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.427",
"lastModified": "2024-05-17T15:15:19.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t - gc_data_segment\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t migrate normal cluster's block via\n\t\t\t\t\t meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52683.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52683",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.503",
"lastModified": "2024-05-17T15:15:19.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: LPIT: Avoid u32 multiplication overflow\n\nIn lpit_update_residency() there is a possibility of overflow\nin multiplication, if tsc_khz is large enough (> UINT_MAX/1000).\n\nChange multiplication to mul_u32_u32().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/56d2eeda87995245300836ee4dbd13b002311782",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec49b6dae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-526xx/CVE-2023-52684.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52684",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.583",
"lastModified": "2024-05-17T15:15:19.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: qseecom: fix memory leaks in error paths\n\nFix instances of returning error codes directly instead of jumping to\nthe relevant labels where memory allocated for the SCM calls would be\nfreed."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52685.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52685",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.653",
"lastModified": "2024-05-17T15:15:19.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: ram_core: fix possible overflow in persistent_ram_init_ecc()\n\nIn persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return\n64-bit value since persistent_ram_zone::buffer_size has type size_t which\nis derived from the 64-bit *unsigned long*, while the ecc_blocks variable\nthis value gets assigned to has (always 32-bit) *int* type. Even if that\nvalue fits into *int* type, an overflow is still possible when calculating\nthe size_t typed ecc_total variable further below since there's no cast to\nany 64-bit type before multiplication. Declaring the ecc_blocks variable\nas *size_t* should fix this mess...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3b333cded94fbe5ce30d699b316c4715151268ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/48dcfc42ce705b652c0619cb99846afc43029de9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86222a8fc16ec517de8da2604d904c9df3a08e5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8fb12524c86bdd542a54857d5d076b1b6778c78c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a34946ec3de88a16cc3a87fdab50aad06255a22b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/acd413da3e1f37582207cd6078a41d57c9011918",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1fe1aede684bd014714dacfdc75586a9ad38657",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9b891a7e8fcf83901f8507241e23e7420103b61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52686.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52686",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.733",
"lastModified": "2024-05-17T15:15:19.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check in opal_event_init()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8649829a1dd25199bbf557b2621cedb4bf9b3050",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997722ee42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2023/CVE-2023-526xx/CVE-2023-52687.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-52687",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.810",
"lastModified": "2024-05-17T15:15:19.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: safexcel - Add error handling for dma_map_sg() calls\n\nMacro dma_map_sg() may return 0 on error. This patch enables\nchecks in case of the macro failure and ensures unmapping of\npreviously mapped buffers with dma_unmap_sg().\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8084b788c2fb1260f7d44c032d5124680b20d2b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87e02063d07708cac5bfe9fd3a6a242898758ac8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc0b785802b856566df3ac943e38a072557001c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-526xx/CVE-2023-52688.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52688",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.883",
"lastModified": "2024-05-17T15:15:19.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix the error handler of rfkill config\n\nWhen the core rfkill config throws error, it should free the\nallocated resources. Currently it is not freeing the core pdev\ncreate resources. Avoid this issue by calling the core pdev\ndestroy in the error handler of core rfkill config.\n\nFound this issue in the code review and it is compile tested only."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-526xx/CVE-2023-52689.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52689",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:19.950",
"lastModified": "2024-05-17T15:15:19.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add missing mutex lock around get meter levels\n\nAs scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex\nshould be locked while accessing it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/74e3de7cdcc31ce75ab42350ae0946eff62a2da2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/993f7b42fa066b055e3a19b7f76ad8157c0927a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2023/CVE-2023-526xx/CVE-2023-52690.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-52690",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.020",
"lastModified": "2024-05-17T15:15:20.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check to scom_debug_init_one()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure.\nAdd a null pointer check, and release 'ent' to avoid memory leaks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1eefa93faf69188540b08b024794fa90b1d82e8b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2a82c4439b903639e0a1f21990cd399fb0a49c19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a260f2dd827bbc82cc60eb4f4d8c22707d80742",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9c05cbb6644a2103c75b6906e9dafb9981ebd13",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd8422ff271c22058560832fc3006324ded895a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed8d023cfa97b559db58c0e1afdd2eec7a83d8f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f84c1446daa552e9699da8d1f8375eac0f65edc7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52691.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52691",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.120",
"lastModified": "2024-05-17T15:15:20.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a double-free in si_dpm_init\n\nWhen the allocation of\nadev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,\namdgpu_free_extended_power_table is called to free some fields of adev.\nHowever, when the control flow returns to si_dpm_sw_init, it goes to\nlabel dpm_failed and calls si_dpm_fini, which calls\namdgpu_free_extended_power_table again and free those fields again. Thus\na double-free is triggered."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2023/CVE-2023-526xx/CVE-2023-52692.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-52692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.200",
"lastModified": "2024-05-17T15:15:20.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()\n\nscarlett2_usb_set_config() calls scarlett2_usb_get() but was not\nchecking the result. Return the error if it fails rather than\ncontinuing with an invalid value."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/145c5aa51486171025ab47f35cff34bff8d0cea3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51d5697e1c0380d482c3eab002bfc8d0be177e99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/996fde492ad9b9563ee483b363af40d7696a8467",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be96acd3eaa790d10a5b33e65267f52d02f6ad88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca459dfa7d4ed9098fcf13e410963be6ae9b6bf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52693.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52693",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.273",
"lastModified": "2024-05-17T15:15:20.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: check for error while searching for backlight device parent\n\nIf acpi_get_parent() called in acpi_video_dev_register_backlight()\nfails, for example, because acpi_ut_acquire_mutex() fails inside\nacpi_get_parent), this can lead to incorrect (uninitialized)\nacpi_parent handle being passed to acpi_get_pci_dev() for detecting\nthe parent pci device.\n\nCheck acpi_get_parent() result and set parent device only in case of success.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e3a2b9b4039bb4d136dca59fb31e06465e056f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2124c5bc22948fc4d09a23db4a8acdccc7d21e95",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/39af144b6d01d9b40f52e5d773e653957e6c379c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a370502a5681986f9828e43be75ce26c6ab24af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/556f02699d33c1f40b1b31bd25828ce08fa165d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72884ce4e10417b1233b614bf134da852df0f15f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c4e1a0ef0b4782854c9b77a333ca912b392bed2f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ccd45faf4973746c4f30ea41eec864e5cf191099",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2023/CVE-2023-526xx/CVE-2023-52694.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52694",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.353",
"lastModified": "2024-05-17T15:15:20.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: tpd12s015: Drop buggy __exit annotation for remove function\n\nWith tpd12s015_remove() marked with __exit this function is discarded\nwhen the driver is compiled as a built-in. The result is that when the\ndriver unbinds there is no cleanup done which results in resource\nleakage or worse."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/08ccff6ece35f08e8107e975903c370d849089e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53926e2a39629702f7f809d614b3ca89c2478205",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81f1bd85960b7a089a91e679ff7cd2524390bbf1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a8657406e12aa10412134622c58977ac657f16d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce3e112e7ae854249d8755906acc5f27e1542114",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e00ec5901954d85b39b5f10f94e60ab9af463eb1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2023/CVE-2023-526xx/CVE-2023-52695.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52695",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.430",
"lastModified": "2024-05-17T15:15:20.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check writeback connectors in create_validate_stream_for_sink\n\n[WHY & HOW]\nThis is to check connector type to avoid\nunhandled null pointer for writeback connectors."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0fe85301b95077ac4fa4a91909d38b7341e81187",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dbf5d3d02987faa0eec3710dd687cd912362d7b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2023/CVE-2023-526xx/CVE-2023-52696.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2023-52696",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.507",
"lastModified": "2024-05-17T15:15:20.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv: Add a null pointer check in opal_powercap_init()\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/69f95c5e9220f77ce7c540686b056c2b49e9a664",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b58d16037217d0c64a2a09b655f370403ec7219",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9da4a56dd3772570512ca58aa8832b052ae910dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a67a04ad05acb56640798625e73fa54d6d41cce1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b02ecc35d01a76b4235e008d2dd292895b28ecab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e123015c0ba859cf48aa7f89c5016cc6e98e018d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f152a6bfd187f67afeffc9fd68cbe46f51439be0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2023/CVE-2023-526xx/CVE-2023-52697.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52697",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.610",
"lastModified": "2024-05-17T15:15:20.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL\n\nsof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of\nthem use the same dai name.\nFor example, rt712 and rt713 both use \"rt712-sdca-aif1\" and\nsof_sdw_rt_sdca_jack_exit().\nAs a result, sof_sdw_rt_sdca_jack_exit() will be called twice by\nmc_dailink_exit_loop(). Set ctx->headset_codec_dev = NULL; after\nput_device(ctx->headset_codec_dev); to avoid ctx->headset_codec_dev\nbeing put twice."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/582231a8c4f73ac153493687ecc1bed853e9c9ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a410d58117d6da4b7d41f3c91365f191d006bc3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e38e252dbceeef7d2f848017132efd68e9ae1416",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2023/CVE-2023-526xx/CVE-2023-52698.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:20.693",
"lastModified": "2024-05-17T15:15:20.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: fix memory leak in netlbl_calipso_add_pass()\n\nIf IPv6 support is disabled at boot (ipv6.disable=1),\nthe calipso_init() -> netlbl_calipso_ops_register() function isn't called,\nand the netlbl_calipso_ops_get() function always returns NULL.\nIn this case, the netlbl_calipso_add_pass() function allocates memory\nfor the doi_def variable but doesn't free it with the calipso_doi_free().\n\nBUG: memory leak\nunreferenced object 0xffff888011d68180 (size 64):\n comm \"syz-executor.1\", pid 10746, jiffies 4295410986 (age 17.928s)\n hex dump (first 32 bytes):\n 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<...>] kmalloc include/linux/slab.h:552 [inline]\n [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]\n [<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111\n [<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n [<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n [<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n [<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515\n [<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n [<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n [<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339\n [<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934\n [<...>] sock_sendmsg_nosec net/socket.c:651 [inline]\n [<...>] sock_sendmsg+0x157/0x190 net/socket.c:671\n [<...>] ____sys_sendmsg+0x712/0x870 net/socket.c:2342\n [<...>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396\n [<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429\n [<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n [<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller\n\n[PM: merged via the LSM tree at Jakub Kicinski request]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/321b3a5592c8a9d6b654c7c64833ea67dbb33149",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/36e19f84634aaa94f543fedc0a07588949638d53",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/408bbd1e1746fe33e51f4c81c2febd7d3841d031",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/44a88650ba55e6a7f2ec485d2c2413ba7e216f01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a8f811a146aa2a0230f8edb2e9f4b6609aab8da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a4529a08d3704c17ea9c7277d180e46b99250ded",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec4e9d630a64df500641892f4e259e8149594a99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f14d36e6e97fe935a20e0ceb159c100f90b6627c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2023/CVE-2023-65xx/CVE-2023-6531.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6531",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-21T10:15:07.967",
"lastModified": "2024-04-30T14:15:12.420",
"lastModified": "2024-05-17T15:15:20.783",
"vulnStatus": "Modified",
"descriptions": [
{
@ -60,17 +60,17 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

20
CVE-2024/CVE-2024-349xx/CVE-2024-34919.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-34919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-17T14:15:10.963",
"lastModified": "2024-05-17T14:15:10.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component \\modstudent\\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/CveSecLook/cve/issues/20",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-349xx/CVE-2024-34982.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-34982",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-17T14:15:11.200",
"lastModified": "2024-05-17T14:15:11.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md",
"source": "cve@mitre.org"
}
]
}

32
CVE-2024/CVE-2024-357xx/CVE-2024-35795.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35795",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:11.440",
"lastModified": "2024-05-17T14:15:11.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix deadlock while reading mqd from debugfs\n\nAn errant disk backup on my desktop got into debugfs and triggered the\nfollowing deadlock scenario in the amdgpu debugfs files. The machine\nalso hard-resets immediately after those lines are printed (although I\nwasn't able to reproduce that part when reading by hand):\n\n[ 1318.016074][ T1082] ======================================================\n[ 1318.016607][ T1082] WARNING: possible circular locking dependency detected\n[ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted\n[ 1318.017598][ T1082] ------------------------------------------------------\n[ 1318.018096][ T1082] tar/1082 is trying to acquire lock:\n[ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80\n[ 1318.019084][ T1082]\n[ 1318.019084][ T1082] but task is already holding lock:\n[ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.020607][ T1082]\n[ 1318.020607][ T1082] which lock already depends on the new lock.\n[ 1318.020607][ T1082]\n[ 1318.022081][ T1082]\n[ 1318.022081][ T1082] the existing dependency chain (in reverse order) is:\n[ 1318.023083][ T1082]\n[ 1318.023083][ T1082] -> #2 (reservation_ww_class_mutex){+.+.}-{3:3}:\n[ 1318.024114][ T1082] __ww_mutex_lock.constprop.0+0xe0/0x12f0\n[ 1318.024639][ T1082] ww_mutex_lock+0x32/0x90\n[ 1318.025161][ T1082] dma_resv_lockdep+0x18a/0x330\n[ 1318.025683][ T1082] do_one_initcall+0x6a/0x350\n[ 1318.026210][ T1082] kernel_init_freeable+0x1a3/0x310\n[ 1318.026728][ T1082] kernel_init+0x15/0x1a0\n[ 1318.027242][ T1082] ret_from_fork+0x2c/0x40\n[ 1318.027759][ T1082] ret_from_fork_asm+0x11/0x20\n[ 1318.028281][ T1082]\n[ 1318.028281][ T1082] -> #1 (reservation_ww_class_acquire){+.+.}-{0:0}:\n[ 1318.029297][ T1082] dma_resv_lockdep+0x16c/0x330\n[ 1318.029790][ T1082] do_one_initcall+0x6a/0x350\n[ 1318.030263][ T1082] kernel_init_freeable+0x1a3/0x310\n[ 1318.030722][ T1082] kernel_init+0x15/0x1a0\n[ 1318.031168][ T1082] ret_from_fork+0x2c/0x40\n[ 1318.031598][ T1082] ret_from_fork_asm+0x11/0x20\n[ 1318.032011][ T1082]\n[ 1318.032011][ T1082] -> #0 (&mm->mmap_lock){++++}-{3:3}:\n[ 1318.032778][ T1082] __lock_acquire+0x14bf/0x2680\n[ 1318.033141][ T1082] lock_acquire+0xcd/0x2c0\n[ 1318.033487][ T1082] __might_fault+0x58/0x80\n[ 1318.033814][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu]\n[ 1318.034181][ T1082] full_proxy_read+0x55/0x80\n[ 1318.034487][ T1082] vfs_read+0xa7/0x360\n[ 1318.034788][ T1082] ksys_read+0x70/0xf0\n[ 1318.035085][ T1082] do_syscall_64+0x94/0x180\n[ 1318.035375][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[ 1318.035664][ T1082]\n[ 1318.035664][ T1082] other info that might help us debug this:\n[ 1318.035664][ T1082]\n[ 1318.036487][ T1082] Chain exists of:\n[ 1318.036487][ T1082] &mm->mmap_lock --> reservation_ww_class_acquire --> reservation_ww_class_mutex\n[ 1318.036487][ T1082]\n[ 1318.037310][ T1082] Possible unsafe locking scenario:\n[ 1318.037310][ T1082]\n[ 1318.037838][ T1082] CPU0 CPU1\n[ 1318.038101][ T1082] ---- ----\n[ 1318.038350][ T1082] lock(reservation_ww_class_mutex);\n[ 1318.038590][ T1082] lock(reservation_ww_class_acquire);\n[ 1318.038839][ T1082] lock(reservation_ww_class_mutex);\n[ 1318.039083][ T1082] rlock(&mm->mmap_lock);\n[ 1318.039328][ T1082]\n[ 1318.039328][ T1082] *** DEADLOCK ***\n[ 1318.039328][ T1082]\n[ 1318.040029][ T1082] 1 lock held by tar/1082:\n[ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]\n[ 1318.040560][ T1082]\n[ 1318.040560][ T1082] stack backtrace:\n[\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/197f6d6987c55860f6eea1c93e4f800c59078874",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4687e3c6ee877ee25e57b984eca00be53b9a8db5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8678b1060ae2b75feb60b87e5b75e17374e3c1c5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8b03556da6e576c62664b6cd01809e4a09d53b5b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-357xx/CVE-2024-35796.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35796",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:11.673",
"lastModified": "2024-05-17T14:15:11.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ll_temac: platform_get_resource replaced by wrong function\n\nThe function platform_get_resource was replaced with\ndevm_platform_ioremap_resource_byname and is called using 0 as name.\n\nThis eventually ends up in platform_get_resource_byname in the call\nstack, where it causes a null pointer in strcmp.\n\n\tif (type == resource_type(r) && !strcmp(r->name, name))\n\nIt should have been replaced with devm_platform_ioremap_resource."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-357xx/CVE-2024-35797.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35797",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:11.937",
"lastModified": "2024-05-17T14:15:11.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: cachestat: fix two shmem bugs\n\nWhen cachestat on shmem races with swapping and invalidation, there\nare two possible bugs:\n\n1) A swapin error can have resulted in a poisoned swap entry in the\n shmem inode's xarray. Calling get_shadow_from_swap_cache() on it\n will result in an out-of-bounds access to swapper_spaces[].\n\n Validate the entry with non_swap_entry() before going further.\n\n2) When we find a valid swap entry in the shmem's inode, the shadow\n entry in the swapcache might not exist yet: swap IO is still in\n progress and we're before __remove_mapping; swapin, invalidation,\n or swapoff have removed the shadow from swapcache after we saw the\n shmem swap entry.\n\n This will send a NULL to workingset_test_recent(). The latter\n purely operates on pointer bits, so it won't crash - node 0, memcg\n ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a\n bogus test. In theory that could result in a false \"recently\n evicted\" count.\n\n Such a false positive wouldn't be the end of the world. But for\n code clarity and (future) robustness, be explicit about this case.\n\n Bail on get_shadow_from_swap_cache() returning NULL."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b79f9e1ff27c994a4c452235ba09e672ec698e23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d5d39c707a4cf0bcc84680178677b97aa2cb2627",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d962f6c583458037dc7e529659b2b02b9dd3d94b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-357xx/CVE-2024-35798.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35798",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:12.170",
"lastModified": "2024-05-17T14:15:12.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race in read_extent_buffer_pages()\n\nThere are reports from tree-checker that detects corrupted nodes,\nwithout any obvious pattern so possibly an overwrite in memory.\nAfter some debugging it turns out there's a race when reading an extent\nbuffer the uptodate status can be missed.\n\nTo prevent concurrent reads for the same extent buffer,\nread_extent_buffer_pages() performs these checks:\n\n /* (1) */\n if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))\n return 0;\n\n /* (2) */\n if (test_and_set_bit(EXTENT_BUFFER_READING, &eb->bflags))\n goto done;\n\nAt this point, it seems safe to start the actual read operation. Once\nthat completes, end_bbio_meta_read() does\n\n /* (3) */\n set_extent_buffer_uptodate(eb);\n\n /* (4) */\n clear_bit(EXTENT_BUFFER_READING, &eb->bflags);\n\nNormally, this is enough to ensure only one read happens, and all other\ncallers wait for it to finish before returning. Unfortunately, there is\na racey interleaving:\n\n Thread A | Thread B | Thread C\n ---------+----------+---------\n (1) | |\n | (1) |\n (2) | |\n (3) | |\n (4) | |\n | (2) |\n | | (1)\n\nWhen this happens, thread B kicks of an unnecessary read. Worse, thread\nC will see UPTODATE set and return immediately, while the read from\nthread B is still in progress. This race could result in tree-checker\nerrors like this as the extent buffer is concurrently modified:\n\n BTRFS critical (device dm-0): corrupted node, root=256\n block=8550954455682405139 owner mismatch, have 11858205567642294356\n expect [256, 18446744073709551360]\n\nFix it by testing UPTODATE again after setting the READING bit, and if\nit's been set, skip the unnecessary read.\n\n[ minor update of changelog ]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0427c8ef8bbb7f304de42ef51d69c960e165e052",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2885d54af2c2e1d910e20d5c8045bae40e02fbc1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a25878a3378adce5d846300c9570f15aa7f7a80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef1e68236b9153c27cb7cf29ead0c532870d4215",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-357xx/CVE-2024-35799.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35799",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:12.420",
"lastModified": "2024-05-17T14:15:12.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent crash when disable stream\n\n[Why]\nDisabling stream encoder invokes a function that no longer exists.\n\n[How]\nCheck if the function declaration is NULL in disable stream encoder."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35800.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35800",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:12.623",
"lastModified": "2024-05-17T14:15:12.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix panic in kdump kernel\n\nCheck if get_next_variable() is actually valid pointer before\ncalling it. In kdump kernel this method is set to NULL that causes\npanic during the kexec-ed kernel boot.\n\nTested with QEMU and OVMF firmware."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/090d2b4515ade379cd592fbc8931344945978210",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62b71cd73d41ddac6b1760402bbe8c4932e23531",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7784135f134c13af17d9ffb39a57db8500bc60ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9114ba9987506bcfbb454f6e68558d68cb1abbde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9d103aca85f082a343b222493f3cab1219aaaf4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35801.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35801",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:12.827",
"lastModified": "2024-05-17T14:15:12.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 (\"x86/fpu: Update XFD state where required\") and\ncommit 8bf26758ca96 (\"x86/fpu: Add XFD state to fpstate\") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35802.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35802",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:13.067",
"lastModified": "2024-05-17T14:15:13.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Fix position dependent variable references in startup code\n\nThe early startup code executes from a 1:1 mapping of memory, which\ndiffers from the mapping that the code was linked and/or relocated to\nrun at. The latter mapping is not active yet at this point, and so\nsymbol references that rely on it will fault.\n\nGiven that the core kernel is built without -fPIC, symbol references are\ntypically emitted as absolute, and so any such references occuring in\nthe early startup code will therefore crash the kernel.\n\nWhile an attempt was made to work around this for the early SEV/SME\nstartup code, by forcing RIP-relative addressing for certain global\nSEV/SME variables via inline assembly (see snp_cpuid_get_table() for\nexample), RIP-relative addressing must be pervasively enforced for\nSEV/SME global variables when accessed prior to page table fixups.\n\n__startup_64() already handles this issue for select non-SEV/SME global\nvariables using fixup_pointer(), which adjusts the pointer relative to a\n`physaddr` argument. To avoid having to pass around this `physaddr`\nargument across all functions needing to apply pointer fixups, introduce\na macro RIP_RELATIVE_REF() which generates a RIP-relative reference to\na given global variable. It is used where necessary to force\nRIP-relative accesses to global variables.\n\nFor backporting purposes, this patch makes no attempt at cleaning up\nother occurrences of this pattern, involving either inline asm or\nfixup_pointer(). Those will be addressed later.\n\n [ bp: Call it \"rip_rel_ref\" everywhere like other code shortens\n \"rIP-relative reference\" and make the asm wrapper __always_inline. ]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0982fd6bf0b822876f2e93ec782c4c28a3f85535",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c811d403afd73f04bde82b83b24c754011bd0e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66fa3fcb474b2b892fe42d455a6f7ec5aaa98fb9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/954a4a87814465ad61cc97c1cd3de1525baaaf07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe272b61506bb1534922ef07aa165fd3c37a6a90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35803.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35803",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:13.337",
"lastModified": "2024-05-17T14:15:13.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efistub: Call mixed mode boot services on the firmware's stack\n\nNormally, the EFI stub calls into the EFI boot services using the stack\nthat was live when the stub was entered. According to the UEFI spec,\nthis stack needs to be at least 128k in size - this might seem large but\nall asynchronous processing and event handling in EFI runs from the same\nstack and so quite a lot of space may be used in practice.\n\nIn mixed mode, the situation is a bit different: the bootloader calls\nthe 32-bit EFI stub entry point, which calls the decompressor's 32-bit\nentry point, where the boot stack is set up, using a fixed allocation\nof 16k. This stack is still in use when the EFI stub is started in\n64-bit mode, and so all calls back into the EFI firmware will be using\nthe decompressor's limited boot stack.\n\nDue to the placement of the boot stack right after the boot heap, any\nstack overruns have gone unnoticed. However, commit\n\n 5c4feadb0011983b (\"x86/decompressor: Move global symbol references to C code\")\n\nmoved the definition of the boot heap into C code, and now the boot\nstack is placed right at the base of BSS, where any overruns will\ncorrupt the end of the .data section.\n\nWhile it would be possible to work around this by increasing the size of\nthe boot stack, doing so would affect all x86 systems, and mixed mode\nsystems are a tiny (and shrinking) fraction of the x86 installed base.\n\nSo instead, record the firmware stack pointer value when entering from\nthe 32-bit firmware, and switch to this stack every time a EFI boot\nservice call is made."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35804.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35804",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:13.550",
"lastModified": "2024-05-17T14:15:13.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Mark target gfn of emulated atomic instruction as dirty\n\nWhen emulating an atomic access on behalf of the guest, mark the target\ngfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This\nfixes a bug where KVM effectively corrupts guest memory during live\nmigration by writing to guest memory without informing userspace that the\npage is dirty.\n\nMarking the page dirty got unintentionally dropped when KVM's emulated\nCMPXCHG was converted to do a user access. Before that, KVM explicitly\nmapped the guest page into kernel memory, and marked the page dirty during\nthe unmap phase.\n\nMark the page dirty even if the CMPXCHG fails, as the old data is written\nback on failure, i.e. the page is still written. The value written is\nguaranteed to be the same because the operation is atomic, but KVM's ABI\nis that all writes are dirty logged regardless of the value written. And\nmore importantly, that's what KVM did before the buggy commit.\n\nHuge kudos to the folks on the Cc list (and many others), who did all the\nactual work of triaging and debugging.\n\nbase-commit: 6769ea8da8a93ed4630f1ce64df6aafcaabfce64"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/225d587a073584946c05c9b7651d637bd45c0c71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/726374dde5d608b15b9756bd52b6fc283fda7a06",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/910c57dfa4d113aae6571c2a8b9ae8c430975902",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d1b22e573a3789ed1f32033ee709106993ba551",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a9bd6bb6f02bf7132c1ab192ba62bbfa52df7d66",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35805.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35805",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:13.793",
"lastModified": "2024-05-17T14:15:13.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35806.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35806",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.003",
"lastModified": "2024-05-17T14:15:14.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Always disable interrupts when taking cgr_lock\n\nsmp_call_function_single disables IRQs when executing the callback. To\nprevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.\nThis is already done by qman_update_cgr and qman_delete_cgr; fix the\nother lockers."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e6521b0f93ff350434ed4ae61a250907e65d397",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/276af8efb05c8e47acf2738a5609dd72acfc703f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/584c2a9184a33a40fceee838f856de3cffa19be3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/62c3ecd2833cff0eff4a82af4082c44ca8d2518a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a62168653774c36398d65846a98034436ee66d03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af25c5180b2b1796342798f6c56fcfd12f5035bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b56a793f267679945d1fdb9a280013bd2d0ed7f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd199e5b759ffe349622a4b8fbcafc51fc51b1ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6378314bb920acb39013051fa65d8f9f8030430",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35807.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35807",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.213",
"lastModified": "2024-05-17T14:15:14.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n dev=/dev/<some_dev> # should be >= 16 GiB\n mkdir -p /corruption\n /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n mount -t ext4 $dev /corruption\n\n dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n sha1sum /corruption/test\n # 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test\n\n /sbin/resize2fs $dev $((2*2**21))\n # drop page cache to force reload the block from disk\n echo 1 > /proc/sys/vm/drop_caches\n\n sha1sum /corruption/test\n # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group's block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35808.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35808",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.503",
"lastModified": "2024-05-17T14:15:14.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35809.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35809",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.730",
"lastModified": "2024-05-17T14:15:14.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/PM: Drain runtime-idle callbacks before driver removal\n\nA race condition between the .runtime_idle() callback and the .remove()\ncallback in the rtsx_pcr PCI driver leads to a kernel crash due to an\nunhandled page fault [1].\n\nThe problem is that rtsx_pci_runtime_idle() is not expected to be running\nafter pm_runtime_get_sync() has been called, but the latter doesn't really\nguarantee that. It only guarantees that the suspend and resume callbacks\nwill not be running when it returns.\n\nHowever, if a .runtime_idle() callback is already running when\npm_runtime_get_sync() is called, the latter will notice that the runtime PM\nstatus of the device is RPM_ACTIVE and it will return right away without\nwaiting for the former to complete. In fact, it cannot wait for\n.runtime_idle() to complete because it may be called from that callback (it\narguably does not make much sense to do that, but it is not strictly\nprohibited).\n\nThus in general, whoever is providing a .runtime_idle() callback needs\nto protect it from running in parallel with whatever code runs after\npm_runtime_get_sync(). [Note that .runtime_idle() will not start after\npm_runtime_get_sync() has returned, but it may continue running then if it\nhas started earlier.]\n\nOne way to address that race condition is to call pm_runtime_barrier()\nafter pm_runtime_get_sync() (not before it, because a nonzero value of the\nruntime PM usage counter is necessary to prevent runtime PM callbacks from\nbeing invoked) to wait for the .runtime_idle() callback to complete should\nit be running at that point. A suitable place for doing that is in\npci_device_remove() which calls pm_runtime_get_sync() before removing the\ndriver, so it may as well call pm_runtime_barrier() subsequently, which\nwill prevent the race in question from occurring, not just in the rtsx_pcr\ndriver, but in any PCI drivers providing .runtime_idle() callbacks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35810.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35810",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.970",
"lastModified": "2024-05-17T14:15:14.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35811.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35811",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:15.177",
"lastModified": "2024-05-17T14:15:15.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n->brcmf_usb_probe\n ->brcmf_usb_probe_cb\n ->brcmf_attach\n ->brcmf_bus_started\n ->brcmf_cfg80211_attach\n ->wl_init_priv\n ->brcmf_init_escan\n ->INIT_WORK(&cfg->escan_timeout_work,\n\t\t brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n ->brcmf_usb_disconnect_cb\n ->brcmf_detach\n ->brcmf_cfg80211_detach\n ->kfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

80
CVE-2024/CVE-2024-358xx/CVE-2024-35812.json Normal file
View File

@ -0,0 +1,80 @@
{
"id": "CVE-2024-35812",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:15.360",
"lastModified": "2024-05-17T14:15:15.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-wdm: close race between read and workqueue\n\nwdm_read() cannot race with itself. However, in\nservice_outstanding_interrupt() it can race with the\nworkqueue, which can be triggered by error handling.\n\nHence we need to make sure that the WDM_RESPONDING\nflag is not just only set but tested."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/164be0a824387301312689bb29b2be92ab2cd39d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/19f955ad9437a6859a529af34e2eafd903d5e7c1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ff436b6399859e06539a2b9c667897d3cc85ad5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/339f83612f3a569b194680768b22bf113c26a29d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/347cca11bb78b9f3c29b45a9c52e70258bd008bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3afdcc4e1a00facad210f5c5891bb2fbc026067f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5904411219601127ffdbd2d622bb5d67f9d8d16c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7182175f565ffffa2ba1911726c5656bfc7a1bae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8672ad663a22d0e4a325bb7d817b36ec412b967c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/916cd2fcbc1e344bcabf4b2a834cdf5a0417d30c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9723602387217caa71d623ffcce314dc39e84a09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9b319f4a88094b2e020e6db6e819c808d890098d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a86e54a345139f1a7668c9f83bdc7ac6f91b6f78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab92e11b73b48b79f144421430891f3aa6242656",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da3b75931bb737be74d6b4341e0080f233ed1409",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4e47e406d74cab601b2ab21ba5e3add811e05ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35813.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35813",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:15.617",
"lastModified": "2024-05-17T14:15:15.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/064db53f9023a2d5877a2d12de6bc27995f6ca56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b539c88940e22494da80a93ee1c5a28bbad10f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4466677dcabe2d70de6aa3d4bd4a4fafa94a71f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d0e8a6147550aa058fa6ade8583ad252aa61304",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81b8645feca08a54c7c4bf36e7b176f4983b2f28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad9cc5e9e53ab94aa0c7ac65d43be7eb208dcb55",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9a7339ae403035ffe7fc37cb034b36947910f68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf55a7acd1ed38afe43bba1c8a0935b51d1dc014",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35814.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35814",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:15.853",
"lastModified": "2024-05-17T14:15:15.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: Fix double-allocation of slots due to broken alignment handling\n\nCommit bbb73a103fbb (\"swiotlb: fix a braino in the alignment check fix\"),\nwhich was a fix for commit 0eee5ae10256 (\"swiotlb: fix slot alignment\nchecks\"), causes a functional regression with vsock in a virtual machine\nusing bouncing via a restricted DMA SWIOTLB pool.\n\nWhen virtio allocates the virtqueues for the vsock device using\ndma_alloc_coherent(), the SWIOTLB search can return page-unaligned\nallocations if 'area->index' was left unaligned by a previous allocation\nfrom the buffer:\n\n # Final address in brackets is the SWIOTLB address returned to the caller\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1645-1649/7168 (0x98326800)\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1649-1653/7168 (0x98328800)\n | virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1653-1657/7168 (0x9832a800)\n\nThis ends badly (typically buffer corruption and/or a hang) because\nswiotlb_alloc() is expecting a page-aligned allocation and so blindly\nreturns a pointer to the 'struct page' corresponding to the allocation,\ntherefore double-allocating the first half (2KiB slot) of the 4KiB page.\n\nFix the problem by treating the allocation alignment separately to any\nadditional alignment requirements from the device, using the maximum\nof the two as the stride to search the buffer slots and taking care\nto ensure a minimum of page-alignment for buffers larger than a page.\n\nThis also resolves swiotlb allocation failures occuring due to the\ninclusion of ~PAGE_MASK in 'iotlb_align_mask' for large allocations and\nresulting in alignment requirements exceeding swiotlb_max_mapping_size()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e7acd6e25ba77dde48c3b721c54c89cd6a10534",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/777391743771040e12cc40d3d0d178f70c616491",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c88668aa6c1da240ea3eb4d128b7906e740d3cb8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35815.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35815",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:16.077",
"lastModified": "2024-05-17T14:15:16.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\n\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\nthat is not embedded inside struct aio_kiocb. With the current code,\ndepending on the compiler, the req->ki_ctx read happens either before\nthe IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such\nthat it is guaranteed that the IOCB_AIO_RW test happens first."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35816.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35816",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:16.283",
"lastModified": "2024-05-17T14:15:16.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: prevent leak of left-over IRQ on unbind\n\nCommit 5a95f1ded28691e6 (\"firewire: ohci: use devres for requested IRQ\")\nalso removed the call to free_irq() in pci_remove(), leading to a\nleftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()\nwhen unbinding the driver from the device\n\nremove_proc_entry: removing non-empty directory 'irq/136', leaking at\nleast 'firewire_ohci'\nCall Trace:\n ? remove_proc_entry+0x19c/0x1c0\n ? __warn+0x81/0x130\n ? remove_proc_entry+0x19c/0x1c0\n ? report_bug+0x171/0x1a0\n ? console_unlock+0x78/0x120\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? remove_proc_entry+0x19c/0x1c0\n unregister_irq_proc+0xf4/0x120\n free_desc+0x3d/0xe0\n ? kfree+0x29f/0x2f0\n irq_free_descs+0x47/0x70\n msi_domain_free_locked.part.0+0x19d/0x1d0\n msi_domain_free_irqs_all_locked+0x81/0xc0\n pci_free_msi_irqs+0x12/0x40\n pci_disable_msi+0x4c/0x60\n pci_remove+0x9d/0xc0 [firewire_ohci\n 01b483699bebf9cb07a3d69df0aa2bee71db1b26]\n pci_device_remove+0x37/0xa0\n device_release_driver_internal+0x19f/0x200\n unbind_store+0xa1/0xb0\n\nremove irq with devm_free_irq() before pci_disable_msi()\nalso remove it in fail_msi: of pci_probe() as this would lead to\nan identical leak"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-358xx/CVE-2024-35817.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-35817",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:16.500",
"lastModified": "2024-05-17T14:15:16.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag\n\nOtherwise after the GTT bo is released, the GTT and gart space is freed\nbut amdgpu_ttm_backend_unbind will not clear the gart page table entry\nand leave valid mapping entry pointing to the stale system page. Then\nif GPU access the gart address mistakely, it will read undefined value\ninstead page fault, harder to debug and reproduce the real issue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35818.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35818",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:16.710",
"lastModified": "2024-05-17T14:15:16.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Define the __io_aw() hook as mmiowb()\n\nCommit fb24ea52f78e0d595852e (\"drivers: Remove explicit invocations of\nmmiowb()\") remove all mmiowb() in drivers, but it says:\n\n\"NOTE: mmiowb() has only ever guaranteed ordering in conjunction with\nspin_unlock(). However, pairing each mmiowb() removal in this patch with\nthe corresponding call to spin_unlock() is not at all trivial, so there\nis a small chance that this change may regress any drivers incorrectly\nrelying on mmiowb() to order MMIO writes between CPUs using lock-free\nsynchronisation.\"\n\nThe mmio in radeon_ring_commit() is protected by a mutex rather than a\nspinlock, but in the mutex fastpath it behaves similar to spinlock. We\ncan add mmiowb() calls in the radeon driver but the maintainer says he\ndoesn't like such a workaround, and radeon is not the only example of\nmutex protected mmio.\n\nSo we should extend the mmiowb tracking system from spinlock to mutex,\nand maybe other locking primitives. This is not easy and error prone, so\nwe solve it in the architectural code, by simply defining the __io_aw()\nhook as mmiowb(). And we no longer need to override queued_spin_unlock()\nso use the generic definition.\n\nWithout this, we get such an error when run 'glxgears' on weak ordering\narchitectures such as LoongArch:\n\nradeon 0000:04:00.0: ring 0 stalled for more than 10324msec\nradeon 0000:04:00.0: ring 3 stalled for more than 10240msec\nradeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3)\nradeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)\nradeon 0000:04:00.0: scheduling IB failed (-35).\n[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b61a7dc6712b78799b3949997e8a5e94db5c4b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97cd43ba824aec764f5ea2790d0c0a318f885167",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9adec248bba33b1503252caf8e59d81febfc5ceb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c68ece8b2a5c5ff9b2fcaea923dd73efeb174cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d7d7c6cdea875be3b241d7d39873bb431db7154d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35819.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35819",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:16.907",
"lastModified": "2024-05-17T14:15:16.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: fsl: qbman: Use raw spinlock for cgr_lock\n\nsmp_call_function always runs its callback in hard IRQ context, even on\nPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock\nfor cgr_lock to ensure we aren't waiting on a sleeping task.\n\nAlthough this bug has existed for a while, it was not apparent until\ncommit ef2a8d5478b9 (\"net: dpaa: Adjust queue depth on rate change\")\nwhich invokes smp_call_function_single via qman_update_cgr_safe every\ntime a link goes up or down."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35820.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35820",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:17.137",
"lastModified": "2024-05-17T14:15:17.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix io_queue_proc modifying req->flags\n\nWith multiple poll entries __io_queue_proc() might be running in\nparallel with poll handlers and possibly task_work, we should not be\ncarelessly modifying req->flags there. io_poll_double_prepare() handles\na similar case with locking but it's much easier to move it into\n__io_arm_poll_handler()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ecb8919469e6d5c74eea24086b34ce1bda5aef7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1a8ec63b2b6c91caec87d4e132b1f71b5df342be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51a490a7f63cae0754120e7c04f4f47920bd48db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35821.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35821",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:17.373",
"lastModified": "2024-05-17T14:15:17.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Set page uptodate in the correct place\n\nPage cache reads are lockless, so setting the freshly allocated page\nuptodate before we've overwritten it with the data it's supposed to have\nin it will allow a simultaneous reader to see old data. Move the call\nto SetPageUptodate into ubifs_write_end(), which is after we copied the\nnew data into the page."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35822.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35822",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:17.590",
"lastModified": "2024-05-17T14:15:17.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: udc: remove warning when queue disabled ep\n\nIt is possible trigger below warning message from mass storage function,\n\nWARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104\npc : usb_ep_queue+0x7c/0x104\nlr : fsg_main_thread+0x494/0x1b3c\n\nRoot cause is mass storage function try to queue request from main thread,\nbut other thread may already disable ep when function disable.\n\nAs there is no function failure in the driver, in order to avoid effort\nto fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35823.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35823",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:17.820",
"lastModified": "2024-05-17T14:15:17.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix unicode buffer corruption when deleting characters\n\nThis is the same issue that was fixed for the VGA text buffer in commit\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\ndue to the overlaping buffers."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0190d19d7651c08abc187dac3819c61b726e7e3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1581dafaf0d34bc9c428a794a22110d7046d186d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1ce408f75ccf1e25b3fddef75cca878b55f2ac90",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2933b1e4757a0a5c689cf48d80b1a2a85f237ff1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7529cbd8b5f6697b369803fe1533612c039cabda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/994a1e583c0c206c8ca7d03334a65b79f4d8bc51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc7dfe3d123f00e720be80b920da287810a1f37d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ff7342090c1e8c5a37015c89822a68b275b46f8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35824.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35824",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:18.033",
"lastModified": "2024-05-17T14:15:18.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\n\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\n\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\n\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\n\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\n\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\n\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\n\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\n\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35825.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35825",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:18.227",
"lastModified": "2024-05-17T14:15:18.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Fix handling of zero block length packets\n\nWhile connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX\nset to 65536, it has been observed that we receive short packets,\nwhich come at interval of 5-10 seconds sometimes and have block\nlength zero but still contain 1-2 valid datagrams present.\n\nAccording to the NCM spec:\n\n\"If wBlockLength = 0x0000, the block is terminated by a\nshort packet. In this case, the USB transfer must still\nbe shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If\nexactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,\nand the size is a multiple of wMaxPacketSize for the\ngiven pipe, then no ZLP shall be sent.\n\nwBlockLength= 0x0000 must be used with extreme care, because\nof the possibility that the host and device may get out of\nsync, and because of test issues.\n\nwBlockLength = 0x0000 allows the sender to reduce latency by\nstarting to send a very large NTB, and then shortening it when\nthe sender discovers that there\u2019s not sufficient data to justify\nsending a large NTB\"\n\nHowever, there is a potential issue with the current implementation,\nas it checks for the occurrence of multiple NTBs in a single\ngiveback by verifying if the leftover bytes to be processed is zero\nor not. If the block length reads zero, we would process the same\nNTB infintely because the leftover bytes is never zero and it leads\nto a crash. Fix this by bailing out if block length reads zero."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b2c73111a252263807b7598682663dc33aa4b4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7664ee8bd80309b90d53488b619764f0a057f2b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92b051b87658df7649ffcdef522593f21a2b296b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0f77b5d6067285b8eca0ee3bd1e448a6258026f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a766761d206e7c36d7526e0ae749949d17ca582c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2dbfea520e60d58e0c498ba41bde10452257779",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35826.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35826",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:18.450",
"lastModified": "2024-05-17T14:15:18.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/242006996d15f5ca62e22f8c7de077d9c4a8f367",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38b43539d64b2fa020b3b9a752a986769f87f7a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7d3765550374f71248c55e6206ea1d6fd4537e65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9d3d2fbde9b8197bce88abcbe8ee8e713ffe7c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ecbd9ced84dd655a8f4cd49d2aad0e80dbf6bf35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35827.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35827",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:18.670",
"lastModified": "2024-05-17T14:15:18.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix overflow check in io_recvmsg_mshot_prep()\n\nThe \"controllen\" variable is type size_t (unsigned long). Casting it\nto int could lead to an integer underflow.\n\nThe check_add_overflow() function considers the type of the destination\nwhich is type int. If we add two positive values and the result cannot\nfit in an integer then that's counted as an overflow.\n\nHowever, if we cast \"controllen\" to an int and it turns negative, then\nnegative values *can* fit into an int type so there is no overflow.\n\nGood: 100 + (unsigned long)-4 = 96 <-- overflow\n Bad: 100 + (int)-4 = 96 <-- no overflow\n\nI deleted the cast of the sizeof() as well. That's not a bug but the\ncast is unnecessary."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0c8c74bb59e7d77554016efc34c2d10376985e5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/59a534690ecc3af72c6ab121aeac1237a4adae66",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/868ec868616438df487b9e2baa5a99f8662cc47c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ede3db5061bb1fe28e2c9683329aafa89d2b1b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6563ad0d599110bd5cf8f56c47d279c3ed796fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35828.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35828",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:18.887",
"lastModified": "2024-05-17T14:15:18.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()\n\nIn the for statement of lbs_allocate_cmd_buffer(), if the allocation of\ncmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to\nbe freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-358xx/CVE-2024-35829.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35829",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.113",
"lastModified": "2024-05-17T14:15:19.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/lima: fix a memleak in lima_heap_alloc\n\nWhen lima_vm_map_bo fails, the resources need to be deallocated, or\nthere will be memleaks."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195e4dcbea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

52
CVE-2024/CVE-2024-358xx/CVE-2024-35830.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-35830",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.330",
"lastModified": "2024-05-17T14:15:19.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tc358743: register v4l2 async device only after successful setup\n\nEnsure the device has been setup correctly before registering the v4l2\nasync device, thus allowing userspace to access."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35831.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35831",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.517",
"lastModified": "2024-05-17T14:15:19.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: Fix release of pinned pages when __io_uaddr_map fails\n\nLooking at the error path of __io_uaddr_map, if we fail after pinning\nthe pages for any reasons, ret will be set to -EINVAL and the error\nhandler won't properly release the pinned pages.\n\nI didn't manage to trigger it without forcing a failure, but it can\nhappen in real life when memory is heavily fragmented."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/67d1189d1095d471ed7fa426c7e384a7140a5dd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/712e2c8415f55a4a4ddaa98a430b87f624109f69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-358xx/CVE-2024-35832.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-35832",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.710",
"lastModified": "2024-05-17T14:15:19.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit\n\nbch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.\nIt should be freed by kvfree not kfree.\nOr umount will triger:\n\n[ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008\n[ 406.830676 ] #PF: supervisor read access in kernel mode\n[ 406.831643 ] #PF: error_code(0x0000) - not-present page\n[ 406.832487 ] PGD 0 P4D 0\n[ 406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G OE 6.7.0-rc7-custom+ #90\n[ 406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 406.835796 ] RIP: 0010:kfree+0x62/0x140\n[ 406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 <48> 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6\n[ 406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286\n[ 406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4\n[ 406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000\n[ 406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001\n[ 406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80\n[ 406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000\n[ 406.840451 ] FS: 00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000\n[ 406.840851 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0\n[ 406.841464 ] Call Trace:\n[ 406.841583 ] <TASK>\n[ 406.841682 ] ? __die+0x1f/0x70\n[ 406.841828 ] ? page_fault_oops+0x159/0x470\n[ 406.842014 ] ? fixup_exception+0x22/0x310\n[ 406.842198 ] ? exc_page_fault+0x1ed/0x200\n[ 406.842382 ] ? asm_exc_page_fault+0x22/0x30\n[ 406.842574 ] ? bch2_fs_release+0x54/0x280 [bcachefs]\n[ 406.842842 ] ? kfree+0x62/0x140\n[ 406.842988 ] ? kfree+0x104/0x140\n[ 406.843138 ] bch2_fs_release+0x54/0x280 [bcachefs]\n[ 406.843390 ] kobject_put+0xb7/0x170\n[ 406.843552 ] deactivate_locked_super+0x2f/0xa0\n[ 406.843756 ] cleanup_mnt+0xba/0x150\n[ 406.843917 ] task_work_run+0x59/0xa0\n[ 406.844083 ] exit_to_user_mode_prepare+0x197/0x1a0\n[ 406.844302 ] syscall_exit_to_user_mode+0x16/0x40\n[ 406.844510 ] do_syscall_64+0x4e/0xf0\n[ 406.844675 ] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 406.844907 ] RIP: 0033:0x7f0a2664e4fb"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/369acf97d6fd5da620d053d0f1878ffe32eff555",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/56590678791119b9a655202e49898edfb9307271",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-358xx/CVE-2024-35833.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35833",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.930",
"lastModified": "2024-05-17T14:15:19.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA\n\nThis dma_alloc_coherent() is undone neither in the remove function, nor in\nthe error handling path of fsl_qdma_probe().\n\nSwitch to the managed version to fix both issues."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35834.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35834",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:20.160",
"lastModified": "2024-05-17T14:15:20.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: recycle buffer in case Rx queue was full\n\nAdd missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce\ndescriptor to XSK Rx queue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/269009893146c495f41e9572dd9319e787c2eba9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b4d93d31aade99210d41cd9d4cbd2957c98bc8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cce713664548284daf977739e7ff1cd59e84189c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35835.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35835",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:20.387",
"lastModified": "2024-05-17T14:15:20.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a double-free in arfs_create_groups\n\nWhen `in` allocated by kvzalloc fails, arfs_create_groups will free\nft->g and return an error. However, arfs_create_table, the only caller of\narfs_create_groups, will hold this error and call to\nmlx5e_destroy_flow_table, in which the ft->g will be freed again."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-358xx/CVE-2024-35836.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-35836",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:20.607",
"lastModified": "2024-05-17T14:15:20.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix pin dump crash for rebound module\n\nWhen a kernel module is unbound but the pin resources were not entirely\nfreed (other kernel module instance of the same PCI device have had kept\nthe reference to that pin), and kernel module is again bound, the pin\nproperties would not be updated (the properties are only assigned when\nmemory for the pin is allocated), prop pointer still points to the\nkernel module memory of the kernel module which was deallocated on the\nunbind.\n\nIf the pin dump is invoked in this state, the result is a kernel crash.\nPrevent the crash by storing persistent pin properties in dpll subsystem,\ncopy the content from the kernel module when pin is allocated, instead of\nusing memory of the kernel module."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-358xx/CVE-2024-35837.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-35837",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:20.707",
"lastModified": "2024-05-17T14:15:20.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: clear BM pool before initialization\n\nRegister value persist after booting the kernel using\nkexec which results in kernel panic. Thus clear the\nBM pool registers before initialisation to fix the issue."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35838.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35838",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:20.940",
"lastModified": "2024-05-17T14:15:20.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential sta-link leak\n\nWhen a station is allocated, links are added but not\nset to valid yet (e.g. during connection to an AP MLD),\nwe might remove the station without ever marking links\nvalid, and leak them. Fix that."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/49aaeb8c539b1633b3bd7c2df131ec578aa1eae1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/587c5892976108674bbe61a8ff659de279318034",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e04bf59bdba0fa45d52160be676114e16be855a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35839.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35839",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.017",
"lastModified": "2024-05-17T15:15:21.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh->arp_queue while waiting for an arp\nreply. Where original skb's skb->dev can be different to neigh's\nneigh->dev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh->arp_queue of the bridge.\n\nAs skb->dev can be reset back to nf_bridge->physindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn't cleanup skbs from\ndifferent device's neigh queue) we can crash on e.g. this stack:\n\narp_process\n neigh_update\n skb = __skb_dequeue(&neigh->arp_queue)\n neigh_resolve_output(..., skb)\n ...\n br_nf_dev_xmit\n br_nf_pre_routing_finish_bridge_slow\n skb->dev = nf_bridge->physindev\n br_handle_frame_finish\n\nLet's use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don't get it and drop skb."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35840.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35840",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.090",
"lastModified": "2024-05-17T15:15:21.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35841.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35841",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.160",
"lastModified": "2024-05-17T15:15:21.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls, fix WARNIING in __sk_msg_free\n\nA splice with MSG_SPLICE_PAGES will cause tls code to use the\ntls_sw_sendmsg_splice path in the TLS sendmsg code to move the user\nprovided pages from the msg into the msg_pl. This will loop over the\nmsg until msg_pl is full, checked by sk_msg_full(msg_pl). The user\ncan also set the MORE flag to hint stack to delay sending until receiving\nmore pages and ideally a full buffer.\n\nIf the user adds more pages to the msg than can fit in the msg_pl\nscatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and send\nthe buffer anyways.\n\nWhat actually happens though is we abort the msg to msg_pl scatterlist\nsetup and then because we forget to set 'full record' indicating we\ncan no longer consume data without a send we fallthrough to the 'continue'\npath which will check if msg_data_left(msg) has more bytes to send and\nthen attempts to fit them in the already full msg_pl. Then next\niteration of sender doing send will encounter a full msg_pl and throw\nthe warning in the syzbot report.\n\nTo fix simply check if we have a full_record in splice code path and\nif not send the msg regardless of MORE flag."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/02e368eb1444a4af649b73cbe2edd51780511d86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/294e7ea85f34748f04e5f3f9dba6f6b911d31aa8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc9dfc8dc629e42f2234e3327b75324ffc752bc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-358xx/CVE-2024-35842.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-35842",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.237",
"lastModified": "2024-05-17T15:15:21.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: sof-common: Add NULL check for normal_link string\n\nIt's not granted that all entries of struct sof_conn_stream declare\na `normal_link` (a non-SOF, direct link) string, and this is the case\nfor SoCs that support only SOF paths (hence do not support both direct\nand SOF usecases).\n\nFor example, in the case of MT8188 there is no normal_link string in\nany of the sof_conn_stream entries and there will be more drivers\ndoing that in the future.\n\nTo avoid possible NULL pointer KPs, add a NULL check for `normal_link`."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-358xx/CVE-2024-35843.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-35843",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.313",
"lastModified": "2024-05-17T15:15:21.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Use device rbtree in iopf reporting path\n\nThe existing I/O page fault handler currently locates the PCI device by\ncalling pci_get_domain_bus_and_slot(). This function searches the list\nof all PCI devices until the desired device is found. To improve lookup\nefficiency, replace it with device_rbtree_find() to search the device\nwithin the probed device rbtree.\n\nThe I/O page fault is initiated by the device, which does not have any\nsynchronization mechanism with the software to ensure that the device\nstays in the probed device tree. Theoretically, a device could be released\nby the IOMMU subsystem after device_rbtree_find() and before\niopf_get_dev_fault_param(), which would cause a use-after-free problem.\n\nAdd a mutex to synchronize the I/O page fault reporting path and the IOMMU\nrelease device path. This lock doesn't introduce any performance overhead,\nas the conflict between I/O page fault reporting and device releasing is\nvery rare."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-358xx/CVE-2024-35844.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-35844",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.390",
"lastModified": "2024-05-17T15:15:21.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix reserve_cblocks counting error when out of space\n\nWhen a file only needs one direct_node, performing the following\noperations will cause the file to be unrepairable:\n\nunisoc # ./f2fs_io compress test.apk\nunisoc #df -h | grep dm-48\n/dev/block/dm-48 112G 112G 1.2M 100% /data\n\nunisoc # ./f2fs_io release_cblocks test.apk\n924\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 4.8M 100% /data\n\nunisoc # dd if=/dev/random of=file4 bs=1M count=3\n3145728 bytes (3.0 M) copied, 0.025 s, 120 M/s\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 1.8M 100% /data\n\nunisoc # ./f2fs_io reserve_cblocks test.apk\nF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device\n\nadb reboot\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 11M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\n0\n\nThis is because the file has only one direct_node. After returning\nto -ENOSPC, reserved_blocks += ret will not be executed. As a result,\nthe reserved_blocks at this time is still 0, which is not the real\nnumber of reserved blocks. Therefore, fsck cannot be set to repair\nthe file.\n\nAfter this patch, the fsck flag will be set to fix this problem.\n\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 1.8M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\nF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on device\n\nadb reboot then fsck will be executed\nunisoc # df -h | grep dm-48\n/dev/block/dm-48 112G 112G 11M 100% /data\nunisoc # ./f2fs_io reserve_cblocks test.apk\n924"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-358xx/CVE-2024-35845.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35845",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.470",
"lastModified": "2024-05-17T15:15:21.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-358xx/CVE-2024-35846.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-35846",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.547",
"lastModified": "2024-05-17T15:15:21.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix shrinker NULL crash with cgroup_disable=memory\n\nChristian reports a NULL deref in zswap that he bisected down to the zswap\nshrinker. The issue also cropped up in the bug trackers of libguestfs [1]\nand the Red Hat bugzilla [2].\n\nThe problem is that when memcg is disabled with the boot time flag, the\nzswap shrinker might get called with sc->memcg == NULL. This is okay in\nmany places, like the lruvec operations. But it crashes in\nmemcg_page_state() - which is only used due to the non-node accounting of\ncgroup's the zswap memory to begin with.\n\nNhat spotted that the memcg can be NULL in the memcg-disabled case, and I\nwas then able to reproduce the crash locally as well.\n\n[1] https://github.com/libguestfs/libguestfs/issues/139\n[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35847.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35847",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.620",
"lastModified": "2024-05-17T15:15:21.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Prevent double free on error\n\nThe error handling path in its_vpe_irq_domain_alloc() causes a double free\nwhen its_vpe_init() fails after successfully allocating at least one\ninterrupt. This happens because its_vpe_irq_domain_free() frees the\ninterrupts along with the area bitmap and the vprop_page and\nits_vpe_irq_domain_alloc() subsequently frees the area bitmap and the\nvprop_page again.\n\nFix this by unconditionally invoking its_vpe_irq_domain_free() which\nhandles all cases correctly and by removing the bitmap/vprop_page freeing\nfrom its_vpe_irq_domain_alloc().\n\n[ tglx: Massaged change log ]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2024/CVE-2024-358xx/CVE-2024-35848.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2024-35848",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.693",
"lastModified": "2024-05-17T15:15:21.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\neeprom: at24: fix memory corruption race condition\n\nIf the eeprom is not accessible, an nvmem device will be registered, the\nread will fail, and the device will be torn down. If another driver\naccesses the nvmem device after the teardown, it will reference\ninvalid memory.\n\nMove the failure point before registering the nvmem device."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/26d32bec4c6d255a03762f33c637bfa3718be15a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2af84c46b9b8f2d6c0f88d09ee5c849ae1734676",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d8b56ec0c8f30d5657382f47344a32569f7a9bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c43e5028f5a35331eb25017f5ff6cc21735005c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c850f71fca09ea41800ed55905980063d17e01da",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f42c97027fb75776e2e9358d16bf4a99aeb04cf2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-358xx/CVE-2024-35849.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-35849",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.777",
"lastModified": "2024-05-17T15:15:21.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Uninit was created at:\n __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n __do_kmalloc_node mm/slub.c:3954 [inline]\n __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n kmalloc_node include/linux/slab.h:648 [inline]\n kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n kvmalloc include/linux/slab.h:766 [inline]\n init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Bytes 40-65535 of 65536 are uninitialized\n Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we're copying a 'struct btrfs_data_container' back\nto user-space. This btrfs_data_container is allocated in\n'init_data_container()' via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-358xx/CVE-2024-35850.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-35850",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.860",
"lastModified": "2024-05-17T15:15:21.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev setup\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

36
CVE-2024/CVE-2024-358xx/CVE-2024-35851.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-35851",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:21.963",
"lastModified": "2024-05-17T15:15:21.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev suspend\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nwakeup() is called for a non-serdev controller during suspend.\n\nJust return true for now to restore the original behaviour and address\nthe crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657\n(\"Bluetooth: hci_qca: only assign wakeup with serial port support\") that\ncauses the crash to happen already at setup() time."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-358xx/CVE-2024-35852.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35852",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:22.073",
"lastModified": "2024-05-17T15:15:22.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work\n\nThe rehash delayed work is rescheduled with a delay if the number of\ncredits at end of the work is not negative as supposedly it means that\nthe migration ended. Otherwise, it is rescheduled immediately.\n\nAfter \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free during\nrehash\" the above is no longer accurate as a non-negative number of\ncredits is no longer indicative of the migration being done. It can also\nhappen if the work encountered an error in which case the migration will\nresume the next time the work is scheduled.\n\nThe significance of the above is that it is possible for the work to be\npending and associated with hints that were allocated when the migration\nstarted. This leads to the hints being leaked [1] when the work is\ncanceled while pending as part of ACL region dismantle.\n\nFix by freeing the hints if hints are associated with a work that was\ncanceled while pending.\n\nBlame the original commit since the reliance on not having a pending\nwork associated with hints is fragile.\n\n[1]\nunreferenced object 0xffff88810e7c3000 (size 256):\n comm \"kworker/0:16\", pid 176, jiffies 4295460353\n hex dump (first 32 bytes):\n 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a.......\n 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@...........\n backtrace (crc 2544ddb9):\n [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0\n [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390\n [<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400\n [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160\n [<00000000e81fd734>] process_one_work+0x59c/0xf20\n [<00000000ceee9e81>] worker_thread+0x799/0x12c0\n [<00000000bda6fe39>] kthread+0x246/0x300\n [<0000000070056d23>] ret_from_fork+0x34/0x70\n [<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
CVE-2024/CVE-2024-358xx/CVE-2024-35853.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-35853",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:22.220",
"lastModified": "2024-05-17T15:15:22.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix memory leak during rehash\n\nThe rehash delayed work migrates filters from one region to another.\nThis is done by iterating over all chunks (all the filters with the same\npriority) in the region and in each chunk iterating over all the\nfilters.\n\nIf the migration fails, the code tries to migrate the filters back to\nthe old region. However, the rollback itself can also fail in which case\nanother migration will be erroneously performed. Besides the fact that\nthis ping pong is not a very good idea, it also creates a problem.\n\nEach virtual chunk references two chunks: The currently used one\n('vchunk->chunk') and a backup ('vchunk->chunk2'). During migration the\nfirst holds the chunk we want to migrate filters to and the second holds\nthe chunk we are migrating filters from.\n\nThe code currently assumes - but does not verify - that the backup chunk\ndoes not exist (NULL) if the currently used chunk does not reference the\ntarget region. This assumption breaks when we are trying to rollback a\nrollback, resulting in the backup chunk being overwritten and leaked\n[1].\n\nFix by not rolling back a failed rollback and add a warning to avoid\nfuture cases.\n\n[1]\nWARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20\nModules linked in:\nCPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:parman_destroy+0x17/0x20\n[...]\nCall Trace:\n <TASK>\n mlxsw_sp_acl_atcam_region_fini+0x19/0x60\n mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n </TASK>"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0ae8ff7b6d42e33943af462910bdcfa2ec0cb8cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/413a01886c3958d4b8aac23a3bff3d430b92093e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/617e98ba4c50f4547c9eb0946b1cfc26937d70d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ca3f7a7b61393804c46f170743c3b839df13977",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b3fd51f684a0711504f82de510da109ae639722d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b822644fd90992ee362c5e0c8d2556efc8856c76",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c6f3fa7f5a748bf6e5c4eb742686d6952f854e76",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More