mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
153 lines
5.9 KiB
JSON
153 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2024-50130",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2024-11-05T18:15:15.850",
|
|
"lastModified": "2025-03-06T17:15:18.953",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: must hold reference on net namespace\n\nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0\nRead of size 8 at addr ffff8880106fe400 by task repro/72=\nbpf_nf_link_release+0xda/0x1e0\nbpf_link_free+0x139/0x2d0\nbpf_link_release+0x68/0x80\n__fput+0x414/0xb60\n\nEric says:\n It seems that bpf was able to defer the __nf_unregister_net_hook()\n after exit()/close() time.\n Perhaps a netns reference is missing, because the netns has been\n dismantled/freed already.\n bpf_nf_link_attach() does :\n link->net = net;\n But I do not see a reference being taken on net.\n\nAdd such a reference and release it after hook unreg.\nNote that I was unable to get syzbot reproducer to work, so I\ndo not know if this resolves this splat."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: bpf: debe contener referencia en el espacio de nombres net ERROR: KASAN: slab-use-after-free en __nf_unregister_net_hook+0x640/0x6b0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880106fe400 por la tarea repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric dice: Parece que bpf pudo diferir __nf_unregister_net_hook() despu\u00e9s del tiempo de exit()/close(). Quiz\u00e1s falta una referencia a netns, porque netns ya se ha desmantelado/liberado. bpf_nf_link_attach() hace: link->net = net; Pero no veo que se tome ninguna referencia en net. Agregue dicha referencia y lib\u00e9rela despu\u00e9s de anular el registro. Tenga en cuenta que no pude hacer que funcionara el reproductor syzbot, por lo que no s\u00e9 si esto resuelve este problema."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.4",
|
|
"versionEndExcluding": "6.6.59",
|
|
"matchCriteriaId": "F0663E1D-0BCE-4D24-BFE4-F9C52687DD40"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.7",
|
|
"versionEndExcluding": "6.11.6",
|
|
"matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/1230fe7ad3974f7bf6c78901473e039b34d4fb1f",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/d0d7939543a1b3bb93af9a18d258a774daf8f162",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f41bd93b3e0508edc7ba820357f949071dcc0acc",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |